CVE-2022-23708 (https://discuss.elastic.co/t/elastic-stack-7-17-1-security-update/298447): A flaw was discovered in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated users with “*” index permissions access to this index. Fix is in 7.17.1, 6.8 is unaffected.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d91cb4520de0ee761dec3955df064f4c035af3c1 commit d91cb4520de0ee761dec3955df064f4c035af3c1 Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2022-03-15 18:54:02 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-03-16 22:33:37 +0000 app-misc/elasticsearch: bump to 7.17.1 Bug: https://bugs.gentoo.org/834544 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Signed-off-by: Sam James <sam@gentoo.org> app-misc/elasticsearch/Manifest | 1 + app-misc/elasticsearch/elasticsearch-7.17.1.ebuild | 83 ++++++++++++++++++++++ 2 files changed, 84 insertions(+)
Tree clean
Thanks!