FS#70061 - [elasticsearch] [Security] information disclosure (CVE-2021-22132)
Attached to Project:
Community Packages
Opened by Jonas Witschel (diabonas) - Thursday, 18 March 2021, 12:15 GMT
Last edited by Jonas Witschel (diabonas) - Wednesday, 25 August 2021, 18:36 GMT
Opened by Jonas Witschel (diabonas) - Thursday, 18 March 2021, 12:15 GMT
Last edited by Jonas Witschel (diabonas) - Wednesday, 25 August 2021, 18:36 GMT
|
Details
Summary
======= The package elasticsearch is vulnerable to information disclosure via CVE-2021-22132. Guidance ======== Upgrading elasticsearch to version 7.10.2 fixes the issue. References ========== https://security.archlinux.org/AVG-1455 https://discuss.elastic.co/t/elasticsearch-7-10-2-security-update/261164 https://github.com/elastic/elasticsearch/pull/66365 https://github.com/elastic/elasticsearch/commit/480561dbc3fd8c2c020f9d3d3887ae6e395313e0 |
This task depends upon
Closed by Jonas Witschel (diabonas)
Wednesday, 25 August 2021, 18:36 GMT
Reason for closing: Fixed
Additional comments about closing: elasticsearch 7.10.2-1
Wednesday, 25 August 2021, 18:36 GMT
Reason for closing: Fixed
Additional comments about closing: elasticsearch 7.10.2-1
Comment by
David Ryskalczyk (david_rysk) -
Friday, 09 April 2021, 20:44 GMT
Looking at the CVE details, this bug is fixed in elasticsearch
7.10.2, which is still under the Apache 2.0 license.