FS#68723 : [consul] [Security] privilege escalation (CVE-2020-28053)

FS#68723 - [consul] [Security] privilege escalation (CVE-2020-28053)

Attached to Project: Community Packages
Opened by Jonas Witschel (diabonas) - Monday, 23 November 2020, 17:49 GMT
Last edited by Thore Bödecker (foxxx0) - Thursday, 17 December 2020, 13:43 GMT

Task Type	Bug Report
Category	Security
Status	Closed
Assigned To	Levente Polyak (anthraxx) Thore Bödecker (foxxx0)
Architecture	All
Severity	Medium
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Summary
=======

The package consul is vulnerable to privilege escalation via CVE-2020-28053.

Guidance
========

Upgrading consul to the latest version 1.8.6 (or at least to 1.7.10 from the previous series) fixes the issue.

References
==========

https://security.archlinux.org/AVG-1294
https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#186-november-19-2020
https://github.com/hashicorp/consul/issues/9240
https://github.com/hashicorp/consul/commit/fd5928fa4ef21f935f4331a422504eecb89d0af5

This task depends upon

Closed by Thore Bödecker (foxxx0)
Thursday, 17 December 2020, 13:43 GMT
Reason for closing: Fixed
Additional comments about closing: fixed as of consul-1.9.1-1

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#68723 - [consul] [Security] privilege escalation (CVE-2020-28053)

Details

Loading...