FS#70137 - [elasticsearch] [Security] information disclosure (CVE-2021-22137 CVE-2021-22135 CVE-2021-22134)
Attached to Project:
Community Packages
Opened by Jonas Witschel (diabonas) - Tuesday, 23 March 2021, 18:49 GMT
Last edited by T.J. Townsend (blakkheim) - Saturday, 29 October 2022, 20:48 GMT
Opened by Jonas Witschel (diabonas) - Tuesday, 23 March 2021, 18:49 GMT
Last edited by T.J. Townsend (blakkheim) - Saturday, 29 October 2022, 20:48 GMT
|
Details
Summary
======= The package elasticsearch is vulnerable to information disclosure via CVE-2021-22137, CVE-2021-22135 and CVE-2021-22134. Guidance ======== Upgrading Elasticsearch to version 7.12.0 fixes the issues. References ========== https://security.archlinux.org/AVG-1638 https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125 https://discuss.elastic.co/t/elastic-stack-7-11-0-security-update/265835 |
This task depends upon
Closed by T.J. Townsend (blakkheim)
Saturday, 29 October 2022, 20:48 GMT
Reason for closing: Won't fix
Additional comments about closing: elasticsearch was dropped to the AUR some time ago.
Saturday, 29 October 2022, 20:48 GMT
Reason for closing: Won't fix
Additional comments about closing: elasticsearch was dropped to the AUR some time ago.
If
FS#70388is fixed so that Arch Linux distributes the OSS release of 7.10.x, then these CVEs would not be a problem.