ArchLinux: 201902-28: logstash: information disclosure

    Date26 Feb 2019
    CategoryArchLinux
    363
    Posted ByLinuxSecurity Advisories
    The package logstash before version 6.6.1-1 is vulnerable to information disclosure.
    Arch Linux Security Advisory ASA-201902-28
    ==========================================
    
    Severity: High
    Date    : 2019-02-25
    CVE-ID  : CVE-2019-7612
    Package : logstash
    Type    : information disclosure
    Remote  : No
    Link    : https://security.archlinux.org/AVG-913
    
    Summary
    =======
    
    The package logstash before version 6.6.1-1 is vulnerable to
    information disclosure.
    
    Resolution
    ==========
    
    Upgrade to 6.6.1-1.
    
    # pacman -Syu "logstash>=6.6.1-1"
    
    The problem has been fixed upstream in version 6.6.1.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    A sensitive data disclosure flaw was found in the way Logstash logs
    malformed URLs. If a malformed URL is specified as part of the Logstash
    configuration, the credentials for the URL could be inadvertently
    logged as part of the error message.
    
    Impact
    ======
    
    A local attacker is able to obtain URL credentials by reading the error
    log.
    
    References
    ==========
    
    https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077
    https://security.archlinux.org/CVE-2019-7612
    
    You are not authorised to post comments.

    LinuxSecurity Poll

    What is your favorite LinuxSecurity.com feature?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote&format=json
    17
    radio
    [{"id":"65","title":"Feature articles","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"66","title":"News","votes":"1","type":"x","order":"2","pct":33.33,"resources":[]},{"id":"67","title":"HOWTOs","votes":"2","type":"x","order":"3","pct":66.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.