ASA-202107-69 log generated external raw

[ASA-202107-69] consul: multiple issues
Arch Linux Security Advisory ASA-202107-69 ========================================== Severity: Medium Date : 2021-07-27 CVE-ID : CVE-2021-32574 CVE-2021-36213 Package : consul Type : multiple issues Remote : Yes Link : Summary ======= The package consul before version 1.9.8-1 is vulnerable to multiple issues including access restriction bypass and certificate verification bypass. Resolution ========== Upgrade to 1.9.8-1. # pacman -Syu "consul>=1.9.8-1" The problems have been fixed upstream in version 1.9.8. Workaround ========== None. Description =========== - CVE-2021-32574 (certificate verification bypass) HashiCorp Consul before version 1.9.8 does not validate SSL certificates correctly: xds does not ensure that the Subject Alternative Name of an upstream is validated. - CVE-2021-36213 (access restriction bypass) In HashiCorp Consul before version 1.9.8, xds can generate a situation where a single L7 deny intention (with a default deny policy) results in an allow action. Impact ====== A single L7 deny intention could erroneously result in an allow action, leading to access restriction bypass. Furthermore, a malicious upstream could present an invalid certificate. References ==========