Gentoo Developer

William Hubbs

Security Bug Reports

• dev-lang/lua: Multiple vulnerabilities (CVE-2019-6706, CVE-2020-{15945,15888,15889,24342,24369,24370,24371})

  717780 - Assigned to Gentoo Security
• sys-cluster/kube-apiserver: webhook redirect vulnerability

  813645 - Assigned to Gentoo Security
• <app-containers/docker-20.10.9: multiple vulnerabilities

  816273 - Assigned to Gentoo Security
• <app-containers/docker-cli-20.10.9: May send credentials to non-chosen registry (CVE-2021-41092)

  816321 - Assigned to Gentoo Security
• <mail-mta/postfix-3.6.3: queue file corruption

  822753 - Assigned to Gentoo Security
• <app-containers/runc-1.0.2-r1: Access restriction bypass (CVE-2021-43784)

  828471 - Assigned to Gentoo Security
• <sys-cluster/kubect-1.26.0: lacks escape/meta/control sequence filtering in terminal output

  830714 - Assigned to Gentoo Security
• dev-lang/lua: UAF leading to sandbox escape

  835340 - Assigned to Gentoo Security
• <net-vpn/openvpn-2.5.6: potential authentication by-pass with multiple deferred authentication plug-ins

  835514 - Assigned to Gentoo Security
• <app-containers/containerd-1.5.11: Default inheritable capabilities for linux container should be empty

  835917 - Assigned to Gentoo Security
• <app-containers/runc-1.1.2: incorrect handling of inheritable capabilities

  844085 - Assigned to Gentoo Security
• <app-containers/containerd-1.6.8: malicious container memory exhaustion

  850124 - Assigned to Gentoo Security
• <dev-lang/lua-5.4.6: heap buffer overflow in recursive errors

  856463 - Assigned to Gentoo Security
• dev-util/wasmer: 'cargo audit' reports one or more bundled CRATES as vulnerable

  864079 - Assigned to Gentoo Security
• app-containers/docker: supplementary groups mishandling

  869407 - Assigned to Gentoo Security
• <sys-cluster/kube-apiserver-1.22.14,1.23.11,1.24.5,1.25.1}: SSRF

  871741 - Assigned to Gentoo Security
• app-containers/docker: Git vulnerability mitigations

  877653 - Assigned to Gentoo Security
• app-admin/fluentd: remote code execution via crafted JSON payloads

  879181 - Assigned to Gentoo Security
• <app-metrics/prometheus-2.40.4 app-metrics/prometheus-bin: basic authentication bypass

  883637 - Assigned to Gentoo Security
• <app-metrics/snmp_exporter-0.24.1: basic authentication bypass

  883649 - Assigned to Gentoo Security
• <app-metrics/blackbox_exporter-0.24.0: basic authentication bypass

  883651 - Assigned to Gentoo Security
• <app-metrics/node_exporter-1.5.0: basic authentication bypass

  883653 - Assigned to Gentoo Security
• <app-containers/containerd-1.6.14: host memory exhaustion

  884803 - Assigned to Gentoo Security
• <app-metrics/prometheus-2.43.0: security fixes in bundled code

  885109 - Assigned to Gentoo Security
• <app-containers/docker-20.10.22: multiple vulnerabilities

  886509 - Assigned to Gentoo Security
• app-metrics/consul_exporter: basic authentication bypass

  890162 - Assigned to Gentoo Security
• dev-util/gitlab-runner: user jumping vulnerability

  891253 - Assigned to Gentoo Security
• app-containers/containerd: multiple vulnerabilities

  897960 - Assigned to Gentoo Security
• <app-containers/runc-1.1.5: Privilege escalation bug

  903079 - Assigned to Gentoo Security
• app-containers/docker: multiple vulnerabilities

  903804 - Assigned to Gentoo Security
• dev-lang/lua: heap buffer overread

  905319 - Assigned to Gentoo Security
• app-containers/docker: vulnerability in bundled buildkit

  905336 - Assigned to Gentoo Security
• <dev-python/MechanicalSoup-1.3.0: Malicious web server can read arbitrary files on client using file input inside HTML form

  909723 - Assigned to Gentoo Security
• <dev-lang/go-{1.20.10,1.21.3}: rapid stream resets can cause excessive work

  915555 - Assigned to Gentoo Security
• <net-vpn/openvpn-2.6.7: Multiple vulnerabilities

  917272 - Assigned to Gentoo Security
• sys-cluster/kubelet: privilege escalation in windows nodes

  918665 - Assigned to Gentoo Security
• net-vpn/openvpn: DoS via crafted reset packet

  918673 - Assigned to Gentoo Security