Description
This release of Teleport contains one security fix, and various other updates
Security Fixes
[Critical] Privilege escalation through RecursiveChown
When using automatic Linux user creation, an attacker could exploit a race condition in the user creation functionality to chown arbitrary files on the system.
Users who aren't using automatic Linux host user creation aren’t affected by this vulnerability.
Other Fixes
- Fixed multiple discovery install attempts on Azure & GCP VMs #32570
- Fixed Access List caching & eventing issues #32651
- Teleport client now uses gRPC when creating tracing client #32664
- Fixed a corner case of privilege tokens where MFA devices disabled by cluster settings were still counted against the user #32668
- Fixed spurious timeouts in Database Access Sessions Fixed spurious timeouts in Database Access Sessions
- Added connection information to multiplexer logs #32739
- Fixed panic on
tsh device enroll --current-device#32757 - Added Discover flow for enrolling EC2 Instances with Instance Connect Endpoint #32766
- The Teleport
etcdbackend will now start if some nodes are unreachable #32778 - Adds Audit Review recurrence presets #32961
- Fixed issue causing keys to be incorrectly removed in tsh and Teleport Connect on Windows #32964
- Added cost optimized pagination search for athena #33006
- Allow "auth unreachable" error message to be configurable #33037
- Fixed user session tracking across trusted clusters #32996
- Fixed issue when playing back a session recorded on a leaf cluster #33104
- Teleport now reports initial command to session moderators #33113
- OneOff install script now installs enterprise Teleport when generated by an enterprise cluster #33147
- Fixed self-signed certificate issue on macOS #33157
- Discovery EC2 instance listing now shows instance name #33178
- Improved error messaging in
tsh kube credentialswhen root cluster roles don't allow Kube access #33211
Download
Download the current and previous releases of Teleport at https://goteleport.com/download.