Summary: | <app-admin/consul-{1.8.14,1.9.8}: multiple vulnerabilities (CVE-2021-{32574,36213}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | ultrabug, zmedico |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B4 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 783483 |
Description
John Helmert III
2021-07-17 00:46:24 UTC
It says version 1.3.0 and up are affected here: https://discuss.hashicorp.com/t/hcsec-2021-17-consul-s-envoy-tls-configuration-did-not-validate-destination-service-subject-alternative-names/26856 The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=01fe78974a8b063728f48015885caa9eea4a9c24 commit 01fe78974a8b063728f48015885caa9eea4a9c24 Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2021-07-17 04:36:20 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2021-07-17 04:39:10 +0000 app-admin/consul: Bump to version 1.9.8 Bug: https://bugs.gentoo.org/802522 Package-Manager: Portage-3.0.20, Repoman-3.0.3 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-admin/consul/Manifest | 4 + app-admin/consul/consul-1.9.8.ebuild | 781 +++++++++++++++++++++++++++++++++++ 2 files changed, 785 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ad2710df823a1333cb8b70e2157cd90abe13da6d commit ad2710df823a1333cb8b70e2157cd90abe13da6d Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2021-07-17 04:24:57 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2021-07-17 04:39:10 +0000 app-admin/consul: Bump to version 1.8.14 Bug: https://bugs.gentoo.org/802522 Package-Manager: Portage-3.0.20, Repoman-3.0.3 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-admin/consul/Manifest | 8 + app-admin/consul/consul-1.8.14.ebuild | 767 ++++++++++++++++++++++++++++++++++ 2 files changed, 775 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=34f3981f6e9fc4e2c339cc0f19a74527050bd3d5 commit 34f3981f6e9fc4e2c339cc0f19a74527050bd3d5 Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2021-07-17 04:41:03 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2021-07-17 04:44:12 +0000 app-admin/consul: Remove vulnerable versions except 1.7.11 Keep 1.7.11 since it has a stable keyword. Bug: https://bugs.gentoo.org/802522 Package-Manager: Portage-3.0.20, Repoman-3.0.3 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-admin/consul/Manifest | 24 - app-admin/consul/consul-1.7.14.ebuild | 586 ------------------------- app-admin/consul/consul-1.8.12.ebuild | 801 ---------------------------------- app-admin/consul/consul-1.9.6.ebuild | 773 -------------------------------- 4 files changed, 2184 deletions(-) Thank you! Please stabilize a fixed version The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=51d8b2030e2b909683ff8b529f7cefc043a97e9b commit 51d8b2030e2b909683ff8b529f7cefc043a97e9b Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2021-07-17 16:30:33 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2021-07-17 16:31:15 +0000 app-admin/consul: Drop vulnerable version 1.7.11 Bug: https://bugs.gentoo.org/802522 Package-Manager: Portage-3.0.20, Repoman-3.0.3 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-admin/consul/Manifest | 126 -------- app-admin/consul/consul-1.7.11.ebuild | 581 ---------------------------------- 2 files changed, 707 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4ec1ff5fe6382f6647310c215323964b456e287c commit 4ec1ff5fe6382f6647310c215323964b456e287c Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2021-07-17 16:29:17 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2021-07-17 16:29:26 +0000 app-admin/consul: Stabilize 1.8.14 for amd64 Bug: https://bugs.gentoo.org/802522 Package-Manager: Portage-3.0.20, Repoman-3.0.3 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-admin/consul/consul-1.8.14.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Thank you! Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=f7375fcfd657cfc3887863e562d7feab296947e9 commit f7375fcfd657cfc3887863e562d7feab296947e9 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-08-10 04:07:00 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-08-10 04:17:29 +0000 [ GLSA 202208-09 ] HashiCorp Consul: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/760696 Bug: https://bugs.gentoo.org/783483 Bug: https://bugs.gentoo.org/802522 Bug: https://bugs.gentoo.org/812497 Bug: https://bugs.gentoo.org/834006 Bug: https://bugs.gentoo.org/838328 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202208-09.xml | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) GLSA released, all done! |