Summary: | <app-admin/vault-1.8.4: user access confusion (CVE-2021-41802) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | zmedico |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://discuss.hashicorp.com/t/hcsec-2021-27-vault-merging-multiple-entity-aliases-for-the-same-mount-may-allow-privilege-escalation | ||
Whiteboard: | B4 [glsa+] | ||
Package list: |
app-admin/vault-1.8.4 amd64
|
Runtime testing required: | --- |
Description
John Helmert III
2021-10-09 19:59:03 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=59132e7f66ea56403edd90f64989b6e0366ced49 commit 59132e7f66ea56403edd90f64989b6e0366ced49 Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2021-10-10 05:18:26 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2021-10-10 05:21:02 +0000 app-admin/vault: 1.8.4 bump Bug: https://bugs.gentoo.org/817269 Package-Manager: Portage-3.0.28, Repoman-3.0.3 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-admin/vault/Manifest | 26 +++++++++++++++-- .../{vault-1.8.3.ebuild => vault-1.8.4.ebuild} | 34 ++++++++++++++-------- 2 files changed, 46 insertions(+), 14 deletions(-) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5927a8d4398844e2b6beecff6d667b9a824bac83 commit 5927a8d4398844e2b6beecff6d667b9a824bac83 Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2021-10-10 05:27:09 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2021-10-10 05:27:20 +0000 app-admin/vault: Remove vulnerable version 1.8.2 Bug: https://bugs.gentoo.org/817269 Package-Manager: Portage-3.0.28, Repoman-3.0.3 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-admin/vault/Manifest | 16 - app-admin/vault/vault-1.8.2.ebuild | 1827 ------------------------------------ 2 files changed, 1843 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a8da5b190763ea6b9ee15e791312c00ac92d685a commit a8da5b190763ea6b9ee15e791312c00ac92d685a Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2021-10-10 05:25:44 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2021-10-10 05:26:10 +0000 app-admin/vault: stable 1.8.4 for amd64, bug #817269 Bug: https://bugs.gentoo.org/817269 Package-Manager: Portage-3.0.28, Repoman-3.0.3 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-admin/vault/vault-1.8.4.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Unable to check for sanity:
> no match for package: app-admin/vault-1.8.4
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=254c716d0dd35a6846f281fd4a3eaf970dc0bede commit 254c716d0dd35a6846f281fd4a3eaf970dc0bede Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-07-29 21:22:59 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-08-01 18:05:08 +0000 [ GLSA-202207-01 ] HashiCorp Vault: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/768312 Bug: https://bugs.gentoo.org/797244 Bug: https://bugs.gentoo.org/808093 Bug: https://bugs.gentoo.org/817269 Bug: https://bugs.gentoo.org/827945 Bug: https://bugs.gentoo.org/829493 Bug: https://bugs.gentoo.org/835070 Bug: https://bugs.gentoo.org/845405 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202207-01.xml | 61 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) GLSA released, all done! |