Summary: | <app-admin/consul-{1.9.17,1.10.10,1.11.5}: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | ultrabug, zmedico |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B4 [glsa+] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
2022-04-14 13:52:24 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fea1f1badc78c65ff5f840284058a5b44c0d60d7 commit fea1f1badc78c65ff5f840284058a5b44c0d60d7 Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2022-04-15 03:39:10 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2022-04-15 03:41:46 +0000 app-admin/consul: add 1.9.17 Bug: https://bugs.gentoo.org/838328 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-admin/consul/Manifest | 1 + app-admin/consul/consul-1.9.17.ebuild | 795 ++++++++++++++++++++++++++++++++++ 2 files changed, 796 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=576de6cde0f63cbed8b2bad198485b03b4ead2b2 commit 576de6cde0f63cbed8b2bad198485b03b4ead2b2 Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2022-04-15 03:44:53 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2022-04-15 03:44:58 +0000 app-admin/consul: drop vulnerable versions Bug: https://bugs.gentoo.org/838328 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-admin/consul/Manifest | 8 - app-admin/consul/consul-1.10.9.ebuild | 797 --------------------------------- app-admin/consul/consul-1.11.4.ebuild | 812 ---------------------------------- app-admin/consul/consul-1.9.15.ebuild | 793 --------------------------------- app-admin/consul/consul-1.9.16.ebuild | 793 --------------------------------- 5 files changed, 3203 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=68be82ed111c6486e30433fd8727da6837f0b7e4 commit 68be82ed111c6486e30433fd8727da6837f0b7e4 Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2022-04-15 03:43:45 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2022-04-15 03:44:06 +0000 app-admin/consul: stabilize 1.9.17 for amd64 Bug: https://bugs.gentoo.org/838328 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-admin/consul/consul-1.9.17.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Thanks! CVE-2022-29153 (https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393): HashiCorp Consul and Consul Enterprise through 2022-04-12 allow SSRF. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=f7375fcfd657cfc3887863e562d7feab296947e9 commit f7375fcfd657cfc3887863e562d7feab296947e9 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-08-10 04:07:00 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-08-10 04:17:29 +0000 [ GLSA 202208-09 ] HashiCorp Consul: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/760696 Bug: https://bugs.gentoo.org/783483 Bug: https://bugs.gentoo.org/802522 Bug: https://bugs.gentoo.org/812497 Bug: https://bugs.gentoo.org/834006 Bug: https://bugs.gentoo.org/838328 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202208-09.xml | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) GLSA released, all done! |