FS#68723 - [consul] [Security] privilege escalation (CVE-2020-28053)

Attached to Project: Community Packages
Opened by Jonas Witschel (diabonas) - Monday, 23 November 2020, 17:49 GMT
Last edited by Thore Bödecker (foxxx0) - Thursday, 17 December 2020, 13:43 GMT
Task Type Bug Report
Category Security
Status Closed
Assigned To Levente Polyak (anthraxx)
Thore Bödecker (foxxx0)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Summary
=======

The package consul is vulnerable to privilege escalation via CVE-2020-28053.

Guidance
========

Upgrading consul to the latest version 1.8.6 (or at least to 1.7.10 from the previous series) fixes the issue.

References
==========

https://security.archlinux.org/AVG-1294
https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#186-november-19-2020
https://github.com/hashicorp/consul/issues/9240
https://github.com/hashicorp/consul/commit/fd5928fa4ef21f935f4331a422504eecb89d0af5
This task depends upon

Closed by  Thore Bödecker (foxxx0)
Thursday, 17 December 2020, 13:43 GMT
Reason for closing:  Fixed
Additional comments about closing:  fixed as of consul-1.9.1-1

Loading...