github gravitational/teleport v14.0.3
Teleport 14.0.3
on GitHub

latest releases: v17.0.0-dev.algorithms.1, api/v17.0.0-dev.algorithms.1, v16.4.0-dev.capnspacehook.iam-fips.1...
11 months ago

Description

This release of Teleport contains one security fix, and various other updates.

Security Fixes

[Critical] Privilege escalation through RecursiveChown

When using automatic Linux user creation, an attacker could exploit a race condition in the user creation functionality to chown arbitrary files on the system.

Users who aren't using automatic Linux host user creation aren’t affected by this vulnerability.

#33248

Other Fixes

  • Fixed spurious timeouts in Database Access Sessions #32720
  • Azure VM auto-discovery can now find VMs with multiple managed identities #32800
  • Fixed improperly set Kubernetes impersonation headers #32848
  • tsh puttyconfig now uses Validity format for WinSCP compatibility #32856
  • Teleport client now uses gRPC when connecting to the root cluster #32662
  • Teleport client now uses gRPC when creating tracing client #32663
  • Fixed panic on tsh device enroll --current-device #32756
  • The Teleport etcd backend will now start if some nodes are unreachable #32779
  • Fixed certificate verification issues when using kubectl exec #32768
  • Added Discover flow for enrolling EC2 Instances with EICE #32760
  • Added connection information to multiplexer logs #32738
  • Fixed issue causing keys to be incorrectly removed in tsh and Teleport Connect on Windows #32963
  • Improved Unified Resource Cache performance #33027
  • Adds Audit Review recurrence presets #32960
  • Fixed multiple discovery install attempts on Azure & GCP VMs #32569
  • Fixed a corner case of privilege tokens where MFA devices disabled by cluster settings were still counted against the user #32430
  • Fixed Access List caching & eventing issues #32649
  • Fixed user session tracking across trusted clusters #32967
  • Added cost optimized pagination search for athena #33007
  • Teleport now reports initial command to session moderators #33112
  • OneOff install script now installs enterprise Teleport when generated by an enterprise cluster #33148
  • Fixed issue when playing back a session recorded on a leaf cluster #33102
  • Fixed self-signed certificate issue on macOS #33156
  • Discovery EC2 instance listing now shows instance name #33179
  • Fixed HTTP connection hijack issue when using tsh proxy kube #33172
  • Improved error messaging in tsh kube credentials when root cluster roles don't allow Kube access #33210

Download

Download the current and previous releases of Teleport at https://goteleport.com/download.

Check out latest releases or
releases around gravitational/teleport v14.0.3

Don't miss a new teleport release

NewReleases is sending notifications on new releases.

Get notifications