Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 813702 (CVE-2021-41393, CVE-2021-41394, CVE-2021-41395)

Summary: sys-cluster/teleport: multiple vulnerabilities
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: trivial CC: graemelawes, proxy-maint
Priority: Normal Keywords: PMASKED
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: ~3 [ebuild]
Package list:
Runtime testing required: ---
Bug Depends on: 951417    
Bug Blocks:    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-09-18 19:43:17 UTC 
CVE-2021-41393:

Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows forgery of SSH host certificates in some situations.

Please bump.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-09-18 19:45:19 UTC 
Oops, a couple more:

CVE-2021-31494:

Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows alteration of build artifacts in some situations.

CVE-2021-41395:

Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to control a database connection string, in some situations, via a crafted database name or username.