From nobody Mon Dec 13 05:28:55 2021 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4DEA418E736C; Mon, 13 Dec 2021 05:28:56 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4JC96J0Grlz4vF2; Mon, 13 Dec 2021 05:28:56 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id DDE057098; Mon, 13 Dec 2021 05:28:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 1BD5StYd060646; Mon, 13 Dec 2021 05:28:55 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 1BD5StHn060645; Mon, 13 Dec 2021 05:28:55 GMT (envelope-from git) Date: Mon, 13 Dec 2021 05:28:55 GMT Message-Id: <202112130528.1BD5StHn060645@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: =?utf-8?Q?Romain Tarti=C3=A8re?= Subject: git: 4486ff8b90ca - main - security/vuxml: Document OpenSearch might be vulnerable to Log4Shell List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: romain X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 4486ff8b90caad5c8ac9f91fc9eebce4d0085152 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1639373336; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=EdeqUmvLX7355bfAe4/PCvfnZAOfGp1tDRLLTwQp2BI=; b=FHcfv+L8UOoH+VCXpGhMgs8QpSnTr3cuZoBHEnMz5lxaOjaXG5E4/gUlZfbFHc/9z4BE/q X8bkiohJ+f3gAha31Bhgm6jCSu2Ya2hLFGE0MK9ymbsu9r3SugiNDKepKWFVR2+9i+YvBg lUDsPTsHlY9Y1hxcBL/5waT/58L2MTZPwCgr+kbw82p5l9F99ldZYsANRZBnkhQs6Wf64x 2WSNXYA+fhcGFPjlL2Y6MRB999l+kgDf4AkEWMpSFhlSqFQiigfislJXQjk6GFuBesIq3c DfW8Dm+SXFj8kftvEcxlYBwENST/mssWNaigeN9RyNY8b6FoAjxAvRm29kBFtw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1639373336; a=rsa-sha256; cv=none; b=SZUWFWZHBws+5iv0GSIHAWYqF0CmLkuc78oLtqJkPC8V7n6IQViUDBeIoDQfmRB/SBnfZY 4LvtmJrbkhdOKbruwDP+yjOYRmGeIdDTqMA7K+2xCofSX9QzrpehMfIuvuk7o47xG9qpqK Hz/9dxY9v4l8V1iTLspPrYNQ8pS37x5s9xWk1IRnLPrj7edj7vQFzPlmH6PdXLqOfKrgHv KJea2JnM6UWKkVEifwxQ/4VzkfjZMd3q6e8S+AW2sg5FRPHO3594NdwW88u2BwZIVOiaa2 oMNPFFM/FeyYK0UgwXKUfH2riTx4dabqM3+37nRei7NXL2PaK6ks3DrFRzbPAw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by romain: URL: https://cgit.FreeBSD.org/ports/commit/?id=4486ff8b90caad5c8ac9f91fc9eebce4d0085152 commit 4486ff8b90caad5c8ac9f91fc9eebce4d0085152 Author: Romain Tartière AuthorDate: 2021-12-13 05:27:19 +0000 Commit: Romain Tartière CommitDate: 2021-12-13 05:28:28 +0000 security/vuxml: Document OpenSearch might be vulnerable to Log4Shell With hat: opensearch --- security/vuxml/vuln-2021.xml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/security/vuxml/vuln-2021.xml b/security/vuxml/vuln-2021.xml index 974ff512b823..0fac60980d21 100644 --- a/security/vuxml/vuln-2021.xml +++ b/security/vuxml/vuln-2021.xml @@ -1,3 +1,29 @@ + + OpenSearch -- Log4Shell + + + opensearch + 1.2.1 + + + + +

OpenSearch reports:

+
+

A recently published security issue (CVE-2021-44228) affects several versions of the broadly-used Apache Log4j library. Some software in the OpenSearch project includes versions of Log4j referenced in this CVE. While, at time of writing, the team has not found a reproduceable example in OpenSearch of remote code execution (RCE) described in this issue, its severity is such that all users should take mitigation measures. As recommended by the advisory, the team has released OpenSearch 1.2.1, which updates Log4j to version 2.15.0. For those who cannot upgrade to 1.2.1, the Log4j website outlines additional measures to mitigate the issue. This patch release also addresses CVE-2021-4352 in t he OpenSearch Docker distributions..

+
+ +
+ + CVE-2021-44228 + https://opensearch.org/blog/releases/2021/12/update-to-1-2-1/ + + + 2021-12-11 + 2021-12-13 + +
+ Grafana -- Path Traversal