Log - Arch Linux

Log - Arch Linux

AVG-2282 edited at 14 Aug 2021 14:34:54

Affected

-	5.15.2+kde+r215-1
+	5.15.2+kde+r215-2

AVG-2294 edited at 13 Aug 2021 18:25:44

Severity

-	Low
+	Medium

CVE-2021-38554 edited at 13 Aug 2021 18:25:44

Severity

-	Unknown
+	Medium

Remote

-	Unknown
+	Local

Type

-	Unknown
+	Information disclosure

Description

+	HashiCorp Vault's UI up to version 1.7.3 erroneously cached and exposed user-viewed secrets between sessions in a single shared browser.

References

+	https://discuss.hashicorp.com/t/hcsec-2021-19-vault-s-ui-cached-user-viewed-secrets-between-shared-browser-sessions/28166

Notes

CVE-2021-38553 edited at 13 Aug 2021 18:19:33

Description

-	HashiCorp Vault 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0.
+	HashiCorp Vault 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions.

AVG-2294 edited at 13 Aug 2021 18:19:23

Severity

-	Unknown
+	Low

CVE-2021-38553 edited at 13 Aug 2021 18:19:23

Severity

-	Unknown
+	Low

Remote

-	Unknown
+	Local

Type

-	Unknown
+	Denial of service

Description

+	HashiCorp Vault 1.4.0 through 1.7.3 initialized an underlying database file associated with the Integrated Storage feature with excessively broad filesystem permissions. Fixed in Vault and Vault Enterprise 1.8.0.

References

+	https://discuss.hashicorp.com/t/hcsec-2021-20-vault-s-integrated-storage-backend-database-file-may-have-excessively-broad-permissions/28168

Notes

AVG-2294 created at 13 Aug 2021 18:14:58

Packages

+

vault

Issues

+	CVE-2021-38553
+	CVE-2021-38554

Status

+	Vulnerable

Severity

+

Unknown

Affected

+

1.7.3-1

Fixed

Ticket

Advisory qualified

+

Yes

References

Notes

CVE-2021-38553 created at 13 Aug 2021 18:14:58

AVG-2294 created at 13 Aug 2021 18:14:58

Packages

+

vault

Issues

+	CVE-2021-38553
+	CVE-2021-38554

Status

+	Vulnerable

Severity

+

Unknown

Affected

+

1.7.3-1

Fixed

Ticket

Advisory qualified

+

Yes

References

Notes

CVE-2021-38554 created at 13 Aug 2021 18:14:58

AVG-1516 edited at 13 Aug 2021 18:10:42

Affected

-	3.40.3-1
+	3.40.4-1

ASA-202108-14 edited at 13 Aug 2021 18:09:25

ASA-202108-13 edited at 13 Aug 2021 18:09:20

ASA-202108-12 edited at 13 Aug 2021 18:09:11