ArchLinux: 201902-28: logstash: information disclosure
Summary
A sensitive data disclosure flaw was found in the way Logstash logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message.
Resolution
Upgrade to 6.6.1-1.
# pacman -Syu "logstash>=6.6.1-1"
The problem has been fixed upstream in version 6.6.1.
References
https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077 https://security.archlinux.org/CVE-2019-7612
Workaround
None.