Branch sisyphus update bulletin.

Package libvirt updated to version 5.1.0-alt1 for branch sisyphus in task 225002.

[PR] fix build without server_drivers

Package consul updated to version 1.4.3-alt1 for branch sisyphus in task 225126.

Published: 2018-12-09
Modified: 2024-11-21

CVE-2018-19653

HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the verify_outgoing setting is improperly documented. NOTE: the vendor has provided reconfiguration steps that do not require a software upgrade.

Severity: MEDIUM (5.9) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Published: 2019-03-06
Modified: 2024-11-21

CVE-2019-8336

HashiCorp Consul (and Consul Enterprise) 1.4.x before 1.4.3 allows a client to bypass intended access restrictions and obtain the privileges of one other arbitrary token within secondary datacenters, because a token with literally "" as its secret is used in unusual circumstances.

Severity: HIGH (8.1) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Package sphinx updated to version 2.2.11-alt7 for branch sisyphus in task 225131.

Ошибка в searchd.service

Init script starts searchd under root user

Recent logrotate refuses to rotate Sphinx's logs

Version: 2.1.0

Branch sisyphus update on 2019-03-17

ALT-BU-2019-3551-1

ALT-PU-2019-1445-1

Closed bugs

Bug #36248

ALT-PU-2019-1446-1

Closed vulnerabilities

CVE-2018-19653

CVE-2019-8336

ALT-PU-2019-1447-1

Closed bugs

Bug #33177

Bug #33551

Bug #33634