Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
968831df by Salvatore Bonaccorso at 2023-07-21T21:35:40+02:00
Track fixes for three consul issues
Note that the version hitting unstable was 1.9.17+dfsg2-1, as the
1.9.17+dfsg1-1 never reached the archive for real.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -94445,7 +94445,7 @@ CVE-2022-29154 (An issue was discovered in rsync before
3.2.5 that allows malici
NOTE:
https://git.samba.org/?p=rsync.git;a=commit;h=3d7015afa223494e3318495c2f5de9cb49229da9
(v3.2.5pre1)
NOTE:
https://git.samba.org/?p=rsync.git;a=commit;h=2f7c583143bc6e80902139c23d9d7283f88fbc6a
(v3.2.5pre1)
CVE-2022-29153 (HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9,
and 1.11. ...)
- - consul <unfixed> (bug #1017982)
+ - consul 1.9.17+dfsg2-1 (bug #1017982)
[buster] - consul <ignored> (Intrusive to backport)
NOTE:
https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393
NOTE:
https://github.com/hashicorp/consul/commit/72e1ce6317d6a4b28c73cd15f3976eb2c362be19
(v1.9.17)
@@ -107663,7 +107663,7 @@ CVE-2022-24689 (An issue was discovered in DSK DSKNet
2.16.136.0 and 2.17.136.5.
CVE-2022-24688 (An issue was discovered in DSK DSKNet 2.16.136.0 and
2.17.136.5. The T ...)
NOT-FOR-US: DSK DSKNet
CVE-2022-24687 (HashiCorp Consul and Consul Enterprise 1.9.0 through 1.9.14,
1.10.7, a ...)
- - consul <unfixed> (bug #1006487)
+ - consul 1.9.17+dfsg2-1 (bug #1006487)
[buster] - consul <not-affected> (Vulnerable Code not present)
NOTE:
https://discuss.hashicorp.com/t/hcsec-2022-05-consul-ingress-gateway-panic-can-shutdown-servers/
NOTE:
https://github.com/hashicorp/consul/commit/d35c6a97cbdff252f5238d6b52f49786f896566a
(v1.9.15)
@@ -156761,7 +156761,7 @@ CVE-2021-32575 (HashiCorp Nomad and Nomad Enterprise
up to version 1.0.4 bridge
- nomad 0.12.10+dfsg1-3 (bug #990581)
NOTE:
https://discuss.hashicorp.com/t/hcsec-2021-14-nomad-bridge-networking-mode-allows-arp-spoofing-from-other-bridged-tasks-on-same-node/24296
CVE-2021-32574 (HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0
Envoy prox ...)
- - consul <unfixed> (bug #991719)
+ - consul 1.9.17+dfsg2-1 (bug #991719)
[bullseye] - consul <no-dsa> (Minor issue)
[buster] - consul <not-affected> (Only affects 1.3.0 and later)
NOTE:
https://discuss.hashicorp.com/t/hcsec-2021-17-consul-s-envoy-tls-configuration-did-not-validate-destination-service-subject-alternative-names/26856
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/968831dfc9a35bc6ff4db461ac30a1b3a5a54249
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/968831dfc9a35bc6ff4db461ac30a1b3a5a54249
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
