Docker buildpack-deps:14.04-curl

Vulnerabilities

174 via 415 paths

Dependencies

209

Source

Group 6 Copy Created with Sketch. Docker

Target OS

ubuntu:14.04
Test your Docker Hub image against our market leading vulnerability database Sign up for free
Severity
  • 2
  • 74
  • 98
Status
  • 174
  • 0
  • 0

high severity

NULL Pointer Dereference

  • Vulnerable module: openssl
  • Introduced through: openssl@1.0.1f-1ubuntu2.27 and openssl/libssl1.0.0@1.0.1f-1ubuntu2.27
  • Fixed in: 1.0.1f-1ubuntu2.27+esm2

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* openssl@1.0.1f-1ubuntu2.27
  • Introduced through: buildpack-deps:14.04-curl@* openssl/libssl1.0.0@1.0.1f-1ubuntu2.27

NVD Description

Note: Versions mentioned in the description apply to the upstream openssl package. See Remediation section below for Ubuntu:14.04 relevant versions.

The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).

Remediation

Upgrade Ubuntu:14.04 openssl to version 1.0.1f-1ubuntu2.27+esm2 or higher.

References

high severity

Off-by-one Error

  • Vulnerable module: sudo
  • Introduced through: sudo@1.8.9p5-1ubuntu1.4
  • Fixed in: 1.8.9p5-1ubuntu1.5+esm6

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* sudo@1.8.9p5-1ubuntu1.4

NVD Description

Note: Versions mentioned in the description apply to the upstream sudo package. See Remediation section below for Ubuntu:14.04 relevant versions.

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.

Remediation

Upgrade Ubuntu:14.04 sudo to version 1.8.9p5-1ubuntu1.5+esm6 or higher.

References

medium severity

Improper Input Validation

  • Vulnerable module: apt
  • Introduced through: apt@1.0.1ubuntu2.23, apt/apt-utils@1.0.1ubuntu2.23 and others
  • Fixed in: 1.0.1ubuntu2.24+esm1

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* apt@1.0.1ubuntu2.23
  • Introduced through: buildpack-deps:14.04-curl@* apt/apt-utils@1.0.1ubuntu2.23
  • Introduced through: buildpack-deps:14.04-curl@* apt/libapt-inst1.5@1.0.1ubuntu2.23
  • Introduced through: buildpack-deps:14.04-curl@* apt/libapt-pkg4.12@1.0.1ubuntu2.23

NVD Description

Note: Versions mentioned in the description apply to the upstream apt package. See Remediation section below for Ubuntu:14.04 relevant versions.

Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files.

Remediation

Upgrade Ubuntu:14.04 apt to version 1.0.1ubuntu2.24+esm1 or higher.

References

medium severity

Integer Overflow or Wraparound

  • Vulnerable module: apt
  • Introduced through: apt@1.0.1ubuntu2.23, apt/apt-utils@1.0.1ubuntu2.23 and others
  • Fixed in: 1.0.1ubuntu2.24+esm3

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* apt@1.0.1ubuntu2.23
  • Introduced through: buildpack-deps:14.04-curl@* apt/apt-utils@1.0.1ubuntu2.23
  • Introduced through: buildpack-deps:14.04-curl@* apt/libapt-inst1.5@1.0.1ubuntu2.23
  • Introduced through: buildpack-deps:14.04-curl@* apt/libapt-pkg4.12@1.0.1ubuntu2.23

NVD Description

Note: Versions mentioned in the description apply to the upstream apt package. See Remediation section below for Ubuntu:14.04 relevant versions.

APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0.1;

Remediation

Upgrade Ubuntu:14.04 apt to version 1.0.1ubuntu2.24+esm3 or higher.

References

medium severity

Out-of-bounds Write

  • Vulnerable module: bzip2
  • Introduced through: bzip2@1.0.6-5 and bzip2/libbz2-1.0@1.0.6-5
  • Fixed in: 1.0.6-5ubuntu0.1~esm2

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* bzip2@1.0.6-5
  • Introduced through: buildpack-deps:14.04-curl@* bzip2/libbz2-1.0@1.0.6-5

NVD Description

Note: Versions mentioned in the description apply to the upstream bzip2 package. See Remediation section below for Ubuntu:14.04 relevant versions.

BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.

Remediation

Upgrade Ubuntu:14.04 bzip2 to version 1.0.6-5ubuntu0.1~esm2 or higher.

References

medium severity

Improper Input Validation

  • Vulnerable module: cpio
  • Introduced through: cpio@2.11+dfsg-1ubuntu1.2
  • Fixed in: 2.11+dfsg-1ubuntu1.2+esm1

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* cpio@2.11+dfsg-1ubuntu1.2

NVD Description

Note: Versions mentioned in the description apply to the upstream cpio package. See Remediation section below for Ubuntu:14.04 relevant versions.

In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have access to. Extracting those archives from a high-privilege user without carefully reviewing them may lead to the compromise of the system.

Remediation

Upgrade Ubuntu:14.04 cpio to version 2.11+dfsg-1ubuntu1.2+esm1 or higher.

References

medium severity

Arbitrary Code Injection

  • Vulnerable module: curl
  • Introduced through: curl@7.35.0-1ubuntu2.20 and curl/libcurl3@7.35.0-1ubuntu2.20
  • Fixed in: 7.35.0-1ubuntu2.20+esm4

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* curl@7.35.0-1ubuntu2.20
  • Introduced through: buildpack-deps:14.04-curl@* curl/libcurl3@7.35.0-1ubuntu2.20

NVD Description

Note: Versions mentioned in the description apply to the upstream curl package. See Remediation section below for Ubuntu:14.04 relevant versions.

curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.

Remediation

Upgrade Ubuntu:14.04 curl to version 7.35.0-1ubuntu2.20+esm4 or higher.

References

medium severity

Buffer Overflow

  • Vulnerable module: curl
  • Introduced through: curl@7.35.0-1ubuntu2.20 and curl/libcurl3@7.35.0-1ubuntu2.20
  • Fixed in: 7.35.0-1ubuntu2.20+esm3

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* curl@7.35.0-1ubuntu2.20
  • Introduced through: buildpack-deps:14.04-curl@* curl/libcurl3@7.35.0-1ubuntu2.20

NVD Description

Note: Versions mentioned in the description apply to the upstream curl package. See Remediation section below for Ubuntu:14.04 relevant versions.

Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.

Remediation

Upgrade Ubuntu:14.04 curl to version 7.35.0-1ubuntu2.20+esm3 or higher.

References

medium severity

Information Exposure

  • Vulnerable module: curl
  • Introduced through: curl@7.35.0-1ubuntu2.20 and curl/libcurl3@7.35.0-1ubuntu2.20
  • Fixed in: 7.35.0-1ubuntu2.20+esm7

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* curl@7.35.0-1ubuntu2.20
  • Introduced through: buildpack-deps:14.04-curl@* curl/libcurl3@7.35.0-1ubuntu2.20

NVD Description

Note: Versions mentioned in the description apply to the upstream curl package. See Remediation section below for Ubuntu:14.04 relevant versions.

curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.

Remediation

Upgrade Ubuntu:14.04 curl to version 7.35.0-1ubuntu2.20+esm7 or higher.

References

medium severity

Out-of-bounds Write

  • Vulnerable module: curl
  • Introduced through: curl@7.35.0-1ubuntu2.20 and curl/libcurl3@7.35.0-1ubuntu2.20
  • Fixed in: 7.35.0-1ubuntu2.20+esm6

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* curl@7.35.0-1ubuntu2.20
  • Introduced through: buildpack-deps:14.04-curl@* curl/libcurl3@7.35.0-1ubuntu2.20

NVD Description

Note: Versions mentioned in the description apply to the upstream curl package. See Remediation section below for Ubuntu:14.04 relevant versions.

curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.

Remediation

Upgrade Ubuntu:14.04 curl to version 7.35.0-1ubuntu2.20+esm6 or higher.

References

medium severity

Out-of-bounds Write

  • Vulnerable module: curl
  • Introduced through: curl@7.35.0-1ubuntu2.20 and curl/libcurl3@7.35.0-1ubuntu2.20
  • Fixed in: 7.35.0-1ubuntu2.20+esm2

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* curl@7.35.0-1ubuntu2.20
  • Introduced through: buildpack-deps:14.04-curl@* curl/libcurl3@7.35.0-1ubuntu2.20

NVD Description

Note: Versions mentioned in the description apply to the upstream curl package. See Remediation section below for Ubuntu:14.04 relevant versions.

A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.

Remediation

Upgrade Ubuntu:14.04 curl to version 7.35.0-1ubuntu2.20+esm2 or higher.

References

medium severity

Out-of-bounds Write

  • Vulnerable module: cyrus-sasl2/libsasl2-2
  • Introduced through: cyrus-sasl2/libsasl2-2@2.1.25.dfsg1-17build1 and cyrus-sasl2/libsasl2-modules-db@2.1.25.dfsg1-17build1
  • Fixed in: 2.1.25.dfsg1-17ubuntu0.1~esm1

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* cyrus-sasl2/libsasl2-2@2.1.25.dfsg1-17build1
  • Introduced through: buildpack-deps:14.04-curl@* cyrus-sasl2/libsasl2-modules-db@2.1.25.dfsg1-17build1

NVD Description

Note: Versions mentioned in the description apply to the upstream cyrus-sasl2 package. See Remediation section below for Ubuntu:14.04 relevant versions.

cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.

Remediation

Upgrade Ubuntu:14.04 cyrus-sasl2 to version 2.1.25.dfsg1-17ubuntu0.1~esm1 or higher.

References

medium severity

Out-of-bounds Read

  • Vulnerable module: db5.3/libdb5.3
  • Introduced through: db5.3/libdb5.3@5.3.28-3ubuntu3.1
  • Fixed in: 5.3.28-3ubuntu3.1+esm1

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* db5.3/libdb5.3@5.3.28-3ubuntu3.1

NVD Description

Note: Versions mentioned in the description apply to the upstream db5.3 package. See Remediation section below for Ubuntu:14.04 relevant versions.

SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.

Remediation

Upgrade Ubuntu:14.04 db5.3 to version 5.3.28-3ubuntu3.1+esm1 or higher.

References

medium severity

Improper Resource Shutdown or Release

  • Vulnerable module: dbus/libdbus-1-3
  • Introduced through: dbus/libdbus-1-3@1.6.18-0ubuntu4.5
  • Fixed in: 1.6.18-0ubuntu4.5+esm2

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* dbus/libdbus-1-3@1.6.18-0ubuntu4.5

NVD Description

Note: Versions mentioned in the description apply to the upstream dbus package. See Remediation section below for Ubuntu:14.04 relevant versions.

An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service's private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients.

Remediation

Upgrade Ubuntu:14.04 dbus to version 1.6.18-0ubuntu4.5+esm2 or higher.

References

medium severity

Link Following

  • Vulnerable module: dbus/libdbus-1-3
  • Introduced through: dbus/libdbus-1-3@1.6.18-0ubuntu4.5
  • Fixed in: 1.6.18-0ubuntu4.5+esm1

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* dbus/libdbus-1-3@1.6.18-0ubuntu4.5

NVD Description

Note: Versions mentioned in the description apply to the upstream dbus package. See Remediation section below for Ubuntu:14.04 relevant versions.

dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.

Remediation

Upgrade Ubuntu:14.04 dbus to version 1.6.18-0ubuntu4.5+esm1 or higher.

References

medium severity

Out-of-bounds Write

  • Vulnerable module: e2fsprogs
  • Introduced through: e2fsprogs@1.42.9-3ubuntu1.3, e2fsprogs/e2fslibs@1.42.9-3ubuntu1.3 and others
  • Fixed in: 1.42.9-3ubuntu1.3+esm1

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* e2fsprogs@1.42.9-3ubuntu1.3
  • Introduced through: buildpack-deps:14.04-curl@* e2fsprogs/e2fslibs@1.42.9-3ubuntu1.3
  • Introduced through: buildpack-deps:14.04-curl@* e2fsprogs/libcomerr2@1.42.9-3ubuntu1.3
  • Introduced through: buildpack-deps:14.04-curl@* e2fsprogs/libss2@1.42.9-3ubuntu1.3

NVD Description

Note: Versions mentioned in the description apply to the upstream e2fsprogs package. See Remediation section below for Ubuntu:14.04 relevant versions.

An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.

Remediation

Upgrade Ubuntu:14.04 e2fsprogs to version 1.42.9-3ubuntu1.3+esm1 or higher.

References

medium severity

Out-of-bounds Write

  • Vulnerable module: e2fsprogs
  • Introduced through: e2fsprogs@1.42.9-3ubuntu1.3, e2fsprogs/e2fslibs@1.42.9-3ubuntu1.3 and others
  • Fixed in: 1.42.9-3ubuntu1.3+esm2

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* e2fsprogs@1.42.9-3ubuntu1.3
  • Introduced through: buildpack-deps:14.04-curl@* e2fsprogs/e2fslibs@1.42.9-3ubuntu1.3
  • Introduced through: buildpack-deps:14.04-curl@* e2fsprogs/libcomerr2@1.42.9-3ubuntu1.3
  • Introduced through: buildpack-deps:14.04-curl@* e2fsprogs/libss2@1.42.9-3ubuntu1.3

NVD Description

Note: Versions mentioned in the description apply to the upstream e2fsprogs package. See Remediation section below for Ubuntu:14.04 relevant versions.

A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.

Remediation

Upgrade Ubuntu:14.04 e2fsprogs to version 1.42.9-3ubuntu1.3+esm2 or higher.

References

medium severity

Out-of-Bounds

  • Vulnerable module: eglibc/libc-bin
  • Introduced through: eglibc/libc-bin@2.19-0ubuntu6.15, eglibc/libc6@2.19-0ubuntu6.15 and others

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* eglibc/libc-bin@2.19-0ubuntu6.15
  • Introduced through: buildpack-deps:14.04-curl@* eglibc/libc6@2.19-0ubuntu6.15
  • Introduced through: buildpack-deps:14.04-curl@* eglibc/multiarch-support@2.19-0ubuntu6.15

NVD Description

Note: Versions mentioned in the description apply to the upstream eglibc package.

nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does not correctly compute the size of an internal buffer when processing netgroup requests, possibly leading to an nscd daemon crash or code execution as the user running nscd.

Remediation

There is no fixed version for Ubuntu:14.04 eglibc.

References

medium severity

Out-of-bounds Write

  • Vulnerable module: eglibc/libc-bin
  • Introduced through: eglibc/libc-bin@2.19-0ubuntu6.15, eglibc/libc6@2.19-0ubuntu6.15 and others
  • Fixed in: 2.19-0ubuntu6.15+esm1

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* eglibc/libc-bin@2.19-0ubuntu6.15
  • Introduced through: buildpack-deps:14.04-curl@* eglibc/libc6@2.19-0ubuntu6.15
  • Introduced through: buildpack-deps:14.04-curl@* eglibc/multiarch-support@2.19-0ubuntu6.15

NVD Description

Note: Versions mentioned in the description apply to the upstream eglibc package. See Remediation section below for Ubuntu:14.04 relevant versions.

An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.

Remediation

Upgrade Ubuntu:14.04 eglibc to version 2.19-0ubuntu6.15+esm1 or higher.

References

medium severity

Out-of-bounds Write

  • Vulnerable module: eglibc/libc-bin
  • Introduced through: eglibc/libc-bin@2.19-0ubuntu6.15, eglibc/libc6@2.19-0ubuntu6.15 and others

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* eglibc/libc-bin@2.19-0ubuntu6.15
  • Introduced through: buildpack-deps:14.04-curl@* eglibc/libc6@2.19-0ubuntu6.15
  • Introduced through: buildpack-deps:14.04-curl@* eglibc/multiarch-support@2.19-0ubuntu6.15

NVD Description

Note: Versions mentioned in the description apply to the upstream eglibc package.

stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.

Remediation

There is no fixed version for Ubuntu:14.04 eglibc.

References

medium severity

Out-of-bounds Read

  • Vulnerable module: expat/libexpat1
  • Introduced through: expat/libexpat1@2.1.0-4ubuntu1.4
  • Fixed in: 2.1.0-4ubuntu1.4+esm2

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* expat/libexpat1@2.1.0-4ubuntu1.4

NVD Description

Note: Versions mentioned in the description apply to the upstream expat package. See Remediation section below for Ubuntu:14.04 relevant versions.

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.

Remediation

Upgrade Ubuntu:14.04 expat to version 2.1.0-4ubuntu1.4+esm2 or higher.

References

medium severity

Out-of-bounds Write

  • Vulnerable module: file
  • Introduced through: file@1:5.14-2ubuntu3.4 and file/libmagic1@1:5.14-2ubuntu3.4
  • Fixed in: 1:5.14-2ubuntu3.4+esm1

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* file@1:5.14-2ubuntu3.4
  • Introduced through: buildpack-deps:14.04-curl@* file/libmagic1@1:5.14-2ubuntu3.4

NVD Description

Note: Versions mentioned in the description apply to the upstream file package. See Remediation section below for Ubuntu:14.04 relevant versions.

cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).

Remediation

Upgrade Ubuntu:14.04 file to version 1:5.14-2ubuntu3.4+esm1 or higher.

References

medium severity

Information Exposure

  • Vulnerable module: gcc-4.8/gcc-4.8-base
  • Introduced through: gcc-4.8/gcc-4.8-base@4.8.4-2ubuntu1~14.04.4 and gcc-4.8/libstdc++6@4.8.4-2ubuntu1~14.04.4

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* gcc-4.8/gcc-4.8-base@4.8.4-2ubuntu1~14.04.4
  • Introduced through: buildpack-deps:14.04-curl@* gcc-4.8/libstdc++6@4.8.4-2ubuntu1~14.04.4

NVD Description

Note: Versions mentioned in the description apply to the upstream gcc-4.8 package.

Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka "straight-line speculation."

Remediation

There is no fixed version for Ubuntu:14.04 gcc-4.8.

References

medium severity

Out-of-Bounds

  • Vulnerable module: isc-dhcp/isc-dhcp-client
  • Introduced through: isc-dhcp/isc-dhcp-client@4.2.4-7ubuntu12.13 and isc-dhcp/isc-dhcp-common@4.2.4-7ubuntu12.13
  • Fixed in: 4.2.4-7ubuntu12.13+esm1

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* isc-dhcp/isc-dhcp-client@4.2.4-7ubuntu12.13
  • Introduced through: buildpack-deps:14.04-curl@* isc-dhcp/isc-dhcp-common@4.2.4-7ubuntu12.13

NVD Description

Note: Versions mentioned in the description apply to the upstream isc-dhcp package. See Remediation section below for Ubuntu:14.04 relevant versions.

In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted.

Remediation

Upgrade Ubuntu:14.04 isc-dhcp to version 4.2.4-7ubuntu12.13+esm1 or higher.

References

medium severity

Out-of-bounds Write

  • Vulnerable module: json-c/libjson-c2
  • Introduced through: json-c/libjson-c2@0.11-3ubuntu1.2 and json-c/libjson0@0.11-3ubuntu1.2
  • Fixed in: 0.11-3ubuntu1.2+esm3

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* json-c/libjson-c2@0.11-3ubuntu1.2
  • Introduced through: buildpack-deps:14.04-curl@* json-c/libjson0@0.11-3ubuntu1.2

NVD Description

Note: Versions mentioned in the description apply to the upstream json-c package. See Remediation section below for Ubuntu:14.04 relevant versions.

json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.

Remediation

Upgrade Ubuntu:14.04 json-c to version 0.11-3ubuntu1.2+esm3 or higher.

References

medium severity

Reachable Assertion

  • Vulnerable module: krb5/libgssapi-krb5-2
  • Introduced through: krb5/libgssapi-krb5-2@1.12+dfsg-2ubuntu5.4, krb5/libk5crypto3@1.12+dfsg-2ubuntu5.4 and others

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* krb5/libgssapi-krb5-2@1.12+dfsg-2ubuntu5.4
  • Introduced through: buildpack-deps:14.04-curl@* krb5/libk5crypto3@1.12+dfsg-2ubuntu5.4
  • Introduced through: buildpack-deps:14.04-curl@* krb5/libkrb5-3@1.12+dfsg-2ubuntu5.4
  • Introduced through: buildpack-deps:14.04-curl@* krb5/libkrb5support0@1.12+dfsg-2ubuntu5.4

NVD Description

Note: Versions mentioned in the description apply to the upstream krb5 package.

A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.

Remediation

There is no fixed version for Ubuntu:14.04 krb5.

References

medium severity

Uncontrolled Recursion

  • Vulnerable module: krb5/libgssapi-krb5-2
  • Introduced through: krb5/libgssapi-krb5-2@1.12+dfsg-2ubuntu5.4, krb5/libk5crypto3@1.12+dfsg-2ubuntu5.4 and others
  • Fixed in: 1.12+dfsg-2ubuntu5.4+esm2

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* krb5/libgssapi-krb5-2@1.12+dfsg-2ubuntu5.4
  • Introduced through: buildpack-deps:14.04-curl@* krb5/libk5crypto3@1.12+dfsg-2ubuntu5.4
  • Introduced through: buildpack-deps:14.04-curl@* krb5/libkrb5-3@1.12+dfsg-2ubuntu5.4
  • Introduced through: buildpack-deps:14.04-curl@* krb5/libkrb5support0@1.12+dfsg-2ubuntu5.4

NVD Description

Note: Versions mentioned in the description apply to the upstream krb5 package. See Remediation section below for Ubuntu:14.04 relevant versions.

MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.

Remediation

Upgrade Ubuntu:14.04 krb5 to version 1.12+dfsg-2ubuntu5.4+esm2 or higher.

References

medium severity

Out-of-bounds Read

  • Vulnerable module: libbsd/libbsd0
  • Introduced through: libbsd/libbsd0@0.6.0-2ubuntu1
  • Fixed in: 0.6.0-2ubuntu1+esm1

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* libbsd/libbsd0@0.6.0-2ubuntu1

NVD Description

Note: Versions mentioned in the description apply to the upstream libbsd package. See Remediation section below for Ubuntu:14.04 relevant versions.

nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab).

Remediation

Upgrade Ubuntu:14.04 libbsd to version 0.6.0-2ubuntu1+esm1 or higher.

References

medium severity

Race Condition

  • Vulnerable module: libgcrypt11
  • Introduced through: libgcrypt11@1.5.3-2ubuntu4.6
  • Fixed in: 1.5.3-2ubuntu4.6+esm1

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* libgcrypt11@1.5.3-2ubuntu4.6

NVD Description

Note: Versions mentioned in the description apply to the upstream libgcrypt11 package. See Remediation section below for Ubuntu:14.04 relevant versions.

It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.

Remediation

Upgrade Ubuntu:14.04 libgcrypt11 to version 1.5.3-2ubuntu4.6+esm1 or higher.

References

medium severity

Access of Resource Using Incompatible Type ('Type Confusion')

  • Vulnerable module: openldap/libldap-2.4-2
  • Introduced through: openldap/libldap-2.4-2@2.4.31-1+nmu2ubuntu8.5

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* openldap/libldap-2.4-2@2.4.31-1+nmu2ubuntu8.5

NVD Description

Note: Versions mentioned in the description apply to the upstream openldap package.

A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service.

Remediation

There is no fixed version for Ubuntu:14.04 openldap.

References

medium severity

CVE-2020-36226

  • Vulnerable module: openldap/libldap-2.4-2
  • Introduced through: openldap/libldap-2.4-2@2.4.31-1+nmu2ubuntu8.5

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* openldap/libldap-2.4-2@2.4.31-1+nmu2ubuntu8.5

NVD Description

Note: Versions mentioned in the description apply to the upstream openldap package.

A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service.

Remediation

There is no fixed version for Ubuntu:14.04 openldap.

References

medium severity

Double Free

  • Vulnerable module: openldap/libldap-2.4-2
  • Introduced through: openldap/libldap-2.4-2@2.4.31-1+nmu2ubuntu8.5

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* openldap/libldap-2.4-2@2.4.31-1+nmu2ubuntu8.5

NVD Description

Note: Versions mentioned in the description apply to the upstream openldap package.

A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service.

Remediation

There is no fixed version for Ubuntu:14.04 openldap.

References

medium severity

Improper Authentication

  • Vulnerable module: openldap/libldap-2.4-2
  • Introduced through: openldap/libldap-2.4-2@2.4.31-1+nmu2ubuntu8.5
  • Fixed in: 2.4.31-1+nmu2ubuntu8.5+esm1

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* openldap/libldap-2.4-2@2.4.31-1+nmu2ubuntu8.5

NVD Description

Note: Versions mentioned in the description apply to the upstream openldap package. See Remediation section below for Ubuntu:14.04 relevant versions.

An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches, modifications, etc.). In other words, a successful authorization step completed by one user affects the authorization requirement for a different user.

Remediation

Upgrade Ubuntu:14.04 openldap to version 2.4.31-1+nmu2ubuntu8.5+esm1 or higher.

References

medium severity

Integer Underflow

  • Vulnerable module: openldap/libldap-2.4-2
  • Introduced through: openldap/libldap-2.4-2@2.4.31-1+nmu2ubuntu8.5

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* openldap/libldap-2.4-2@2.4.31-1+nmu2ubuntu8.5

NVD Description

Note: Versions mentioned in the description apply to the upstream openldap package.

An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service.

Remediation

There is no fixed version for Ubuntu:14.04 openldap.

References

medium severity

Integer Underflow

  • Vulnerable module: openldap/libldap-2.4-2
  • Introduced through: openldap/libldap-2.4-2@2.4.31-1+nmu2ubuntu8.5

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* openldap/libldap-2.4-2@2.4.31-1+nmu2ubuntu8.5

NVD Description

Note: Versions mentioned in the description apply to the upstream openldap package.

An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck).

Remediation

There is no fixed version for Ubuntu:14.04 openldap.

References

medium severity

Loop with Unreachable Exit Condition ('Infinite Loop')

  • Vulnerable module: openldap/libldap-2.4-2
  • Introduced through: openldap/libldap-2.4-2@2.4.31-1+nmu2ubuntu8.5

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* openldap/libldap-2.4-2@2.4.31-1+nmu2ubuntu8.5

NVD Description

Note: Versions mentioned in the description apply to the upstream openldap package.

A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service.

Remediation

There is no fixed version for Ubuntu:14.04 openldap.

References

medium severity

NULL Pointer Dereference

  • Vulnerable module: openldap/libldap-2.4-2
  • Introduced through: openldap/libldap-2.4-2@2.4.31-1+nmu2ubuntu8.5
  • Fixed in: 2.4.31-1+nmu2ubuntu8.5+esm3

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* openldap/libldap-2.4-2@2.4.31-1+nmu2ubuntu8.5

NVD Description

Note: Versions mentioned in the description apply to the upstream openldap package. See Remediation section below for Ubuntu:14.04 relevant versions.

A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service.

Remediation

Upgrade Ubuntu:14.04 openldap to version 2.4.31-1+nmu2ubuntu8.5+esm3 or higher.

References

medium severity

Out-of-bounds Read

  • Vulnerable module: openldap/libldap-2.4-2
  • Introduced through: openldap/libldap-2.4-2@2.4.31-1+nmu2ubuntu8.5

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* openldap/libldap-2.4-2@2.4.31-1+nmu2ubuntu8.5

NVD Description

Note: Versions mentioned in the description apply to the upstream openldap package.

A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read).

Remediation

There is no fixed version for Ubuntu:14.04 openldap.

References

medium severity

Reachable Assertion

  • Vulnerable module: openldap/libldap-2.4-2
  • Introduced through: openldap/libldap-2.4-2@2.4.31-1+nmu2ubuntu8.5
  • Fixed in: 2.4.31-1+nmu2ubuntu8.5+esm4

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* openldap/libldap-2.4-2@2.4.31-1+nmu2ubuntu8.5

NVD Description

Note: Versions mentioned in the description apply to the upstream openldap package. See Remediation section below for Ubuntu:14.04 relevant versions.

A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability.

Remediation

Upgrade Ubuntu:14.04 openldap to version 2.4.31-1+nmu2ubuntu8.5+esm4 or higher.

References

medium severity

Reachable Assertion

  • Vulnerable module: openldap/libldap-2.4-2
  • Introduced through: openldap/libldap-2.4-2@2.4.31-1+nmu2ubuntu8.5
  • Fixed in: 2.4.31-1+nmu2ubuntu8.5+esm4

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* openldap/libldap-2.4-2@2.4.31-1+nmu2ubuntu8.5

NVD Description

Note: Versions mentioned in the description apply to the upstream openldap package. See Remediation section below for Ubuntu:14.04 relevant versions.

A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.

Remediation

Upgrade Ubuntu:14.04 openldap to version 2.4.31-1+nmu2ubuntu8.5+esm4 or higher.

References

medium severity

Reachable Assertion

  • Vulnerable module: openldap/libldap-2.4-2
  • Introduced through: openldap/libldap-2.4-2@2.4.31-1+nmu2ubuntu8.5

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* openldap/libldap-2.4-2@2.4.31-1+nmu2ubuntu8.5

NVD Description

Note: Versions mentioned in the description apply to the upstream openldap package.

A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service.

Remediation

There is no fixed version for Ubuntu:14.04 openldap.

References

medium severity

Reachable Assertion

  • Vulnerable module: openldap/libldap-2.4-2
  • Introduced through: openldap/libldap-2.4-2@2.4.31-1+nmu2ubuntu8.5

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* openldap/libldap-2.4-2@2.4.31-1+nmu2ubuntu8.5

NVD Description

Note: Versions mentioned in the description apply to the upstream openldap package.

A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service.

Remediation

There is no fixed version for Ubuntu:14.04 openldap.

References

medium severity

Reachable Assertion

  • Vulnerable module: openldap/libldap-2.4-2
  • Introduced through: openldap/libldap-2.4-2@2.4.31-1+nmu2ubuntu8.5

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* openldap/libldap-2.4-2@2.4.31-1+nmu2ubuntu8.5

NVD Description

Note: Versions mentioned in the description apply to the upstream openldap package.

In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime.

Remediation

There is no fixed version for Ubuntu:14.04 openldap.

References

medium severity

Release of Invalid Pointer or Reference

  • Vulnerable module: openldap/libldap-2.4-2
  • Introduced through: openldap/libldap-2.4-2@2.4.31-1+nmu2ubuntu8.5

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* openldap/libldap-2.4-2@2.4.31-1+nmu2ubuntu8.5

NVD Description

Note: Versions mentioned in the description apply to the upstream openldap package.

A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service.

Remediation

There is no fixed version for Ubuntu:14.04 openldap.

References

medium severity

Resource Exhaustion

  • Vulnerable module: openldap/libldap-2.4-2
  • Introduced through: openldap/libldap-2.4-2@2.4.31-1+nmu2ubuntu8.5
  • Fixed in: 2.4.31-1+nmu2ubuntu8.5+esm2

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* openldap/libldap-2.4-2@2.4.31-1+nmu2ubuntu8.5

NVD Description

Note: Versions mentioned in the description apply to the upstream openldap package. See Remediation section below for Ubuntu:14.04 relevant versions.

In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).

Remediation

Upgrade Ubuntu:14.04 openldap to version 2.4.31-1+nmu2ubuntu8.5+esm2 or higher.

References

medium severity

Information Exposure

  • Vulnerable module: openssl
  • Introduced through: openssl@1.0.1f-1ubuntu2.27 and openssl/libssl1.0.0@1.0.1f-1ubuntu2.27
  • Fixed in: 1.0.1f-1ubuntu2.27+esm1

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* openssl@1.0.1f-1ubuntu2.27
  • Introduced through: buildpack-deps:14.04-curl@* openssl/libssl1.0.0@1.0.1f-1ubuntu2.27

NVD Description

Note: Versions mentioned in the description apply to the upstream openssl package. See Remediation section below for Ubuntu:14.04 relevant versions.

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).

Remediation

Upgrade Ubuntu:14.04 openssl to version 1.0.1f-1ubuntu2.27+esm1 or higher.

References

medium severity

Integer Overflow or Wraparound

  • Vulnerable module: openssl
  • Introduced through: openssl@1.0.1f-1ubuntu2.27 and openssl/libssl1.0.0@1.0.1f-1ubuntu2.27
  • Fixed in: 1.0.1f-1ubuntu2.27+esm2

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* openssl@1.0.1f-1ubuntu2.27
  • Introduced through: buildpack-deps:14.04-curl@* openssl/libssl1.0.0@1.0.1f-1ubuntu2.27

NVD Description

Note: Versions mentioned in the description apply to the upstream openssl package. See Remediation section below for Ubuntu:14.04 relevant versions.

The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).

Remediation

Upgrade Ubuntu:14.04 openssl to version 1.0.1f-1ubuntu2.27+esm2 or higher.

References

medium severity

Integer Overflow or Wraparound

  • Vulnerable module: p11-kit/libp11-kit0
  • Introduced through: p11-kit/libp11-kit0@0.20.2-2ubuntu2
  • Fixed in: 0.20.2-2ubuntu2+esm1

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* p11-kit/libp11-kit0@0.20.2-2ubuntu2

NVD Description

Note: Versions mentioned in the description apply to the upstream p11-kit package. See Remediation section below for Ubuntu:14.04 relevant versions.

An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc.

Remediation

Upgrade Ubuntu:14.04 p11-kit to version 0.20.2-2ubuntu2+esm1 or higher.

References

medium severity

Out-of-bounds Read

  • Vulnerable module: p11-kit/libp11-kit0
  • Introduced through: p11-kit/libp11-kit0@0.20.2-2ubuntu2

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* p11-kit/libp11-kit0@0.20.2-2ubuntu2

NVD Description

Note: Versions mentioned in the description apply to the upstream p11-kit package.

An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-based buffer over-read has been discovered in the RPC protocol used by thep11-kit server/remote commands and the client library. When the remote entity supplies a byte array through a serialized PKCS#11 function call, the receiving entity may allow the reading of up to 4 bytes of memory past the heap allocation.

Remediation

There is no fixed version for Ubuntu:14.04 p11-kit.

References

medium severity

Arbitrary Code Injection

  • Vulnerable module: python3.4
  • Introduced through: python3.4@3.4.3-1ubuntu1~14.04.7, python3.4/libpython3.4-minimal@3.4.3-1ubuntu1~14.04.7 and others
  • Fixed in: 3.4.3-1ubuntu1~14.04.7+esm6

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* python3.4@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/libpython3.4-minimal@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/libpython3.4-stdlib@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/python3.4-minimal@3.4.3-1ubuntu1~14.04.7

NVD Description

Note: Versions mentioned in the description apply to the upstream python3.4 package. See Remediation section below for Ubuntu:14.04 relevant versions.

An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.). This is fixed in: v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1; v3.6.11, v3.6.11rc1, v3.6.12; v3.7.8, v3.7.8rc1, v3.7.9; v3.8.3, v3.8.3rc1, v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1.

Remediation

Upgrade Ubuntu:14.04 python3.4 to version 3.4.3-1ubuntu1~14.04.7+esm6 or higher.

References

medium severity

Buffer Overflow

  • Vulnerable module: python3.4
  • Introduced through: python3.4@3.4.3-1ubuntu1~14.04.7, python3.4/libpython3.4-minimal@3.4.3-1ubuntu1~14.04.7 and others
  • Fixed in: 3.4.3-1ubuntu1~14.04.7+esm10

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* python3.4@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/libpython3.4-minimal@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/libpython3.4-stdlib@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/python3.4-minimal@3.4.3-1ubuntu1~14.04.7

NVD Description

Note: Versions mentioned in the description apply to the upstream python3.4 package. See Remediation section below for Ubuntu:14.04 relevant versions.

Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.

Remediation

Upgrade Ubuntu:14.04 python3.4 to version 3.4.3-1ubuntu1~14.04.7+esm10 or higher.

References

medium severity

Credentials Management

  • Vulnerable module: python3.4
  • Introduced through: python3.4@3.4.3-1ubuntu1~14.04.7, python3.4/libpython3.4-minimal@3.4.3-1ubuntu1~14.04.7 and others
  • Fixed in: 3.4.3-1ubuntu1~14.04.7+esm2

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* python3.4@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/libpython3.4-minimal@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/libpython3.4-stdlib@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/python3.4-minimal@3.4.3-1ubuntu1~14.04.7

NVD Description

Note: Versions mentioned in the description apply to the upstream python3.4 package. See Remediation section below for Ubuntu:14.04 relevant versions.

Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.

Remediation

Upgrade Ubuntu:14.04 python3.4 to version 3.4.3-1ubuntu1~14.04.7+esm2 or higher.

References

medium severity

Credentials Management

  • Vulnerable module: python3.4
  • Introduced through: python3.4@3.4.3-1ubuntu1~14.04.7, python3.4/libpython3.4-minimal@3.4.3-1ubuntu1~14.04.7 and others
  • Fixed in: 3.4.3-1ubuntu1~14.04.7+esm2

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* python3.4@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/libpython3.4-minimal@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/libpython3.4-stdlib@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/python3.4-minimal@3.4.3-1ubuntu1~14.04.7

NVD Description

Note: Versions mentioned in the description apply to the upstream python3.4 package. See Remediation section below for Ubuntu:14.04 relevant versions.

A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.

Remediation

Upgrade Ubuntu:14.04 python3.4 to version 3.4.3-1ubuntu1~14.04.7+esm2 or higher.

References

medium severity

CRLF Injection

  • Vulnerable module: python3.4
  • Introduced through: python3.4@3.4.3-1ubuntu1~14.04.7, python3.4/libpython3.4-minimal@3.4.3-1ubuntu1~14.04.7 and others
  • Fixed in: 3.4.3-1ubuntu1~14.04.7+esm2

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* python3.4@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/libpython3.4-minimal@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/libpython3.4-stdlib@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/python3.4-minimal@3.4.3-1ubuntu1~14.04.7

NVD Description

Note: Versions mentioned in the description apply to the upstream python3.4 package. See Remediation section below for Ubuntu:14.04 relevant versions.

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.

Remediation

Upgrade Ubuntu:14.04 python3.4 to version 3.4.3-1ubuntu1~14.04.7+esm2 or higher.

References

medium severity

CRLF Injection

  • Vulnerable module: python3.4
  • Introduced through: python3.4@3.4.3-1ubuntu1~14.04.7, python3.4/libpython3.4-minimal@3.4.3-1ubuntu1~14.04.7 and others
  • Fixed in: 3.4.3-1ubuntu1~14.04.7+esm2

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* python3.4@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/libpython3.4-minimal@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/libpython3.4-stdlib@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/python3.4-minimal@3.4.3-1ubuntu1~14.04.7

NVD Description

Note: Versions mentioned in the description apply to the upstream python3.4 package. See Remediation section below for Ubuntu:14.04 relevant versions.

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.

Remediation

Upgrade Ubuntu:14.04 python3.4 to version 3.4.3-1ubuntu1~14.04.7+esm2 or higher.

References

medium severity

Directory Traversal

  • Vulnerable module: python3.4
  • Introduced through: python3.4@3.4.3-1ubuntu1~14.04.7, python3.4/libpython3.4-minimal@3.4.3-1ubuntu1~14.04.7 and others
  • Fixed in: 3.4.3-1ubuntu1~14.04.7+esm2

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* python3.4@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/libpython3.4-minimal@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/libpython3.4-stdlib@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/python3.4-minimal@3.4.3-1ubuntu1~14.04.7

NVD Description

Note: Versions mentioned in the description apply to the upstream python3.4 package. See Remediation section below for Ubuntu:14.04 relevant versions.

urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.

Remediation

Upgrade Ubuntu:14.04 python3.4 to version 3.4.3-1ubuntu1~14.04.7+esm2 or higher.

References

medium severity

Improper Encoding or Escaping of Output

  • Vulnerable module: python3.4
  • Introduced through: python3.4@3.4.3-1ubuntu1~14.04.7, python3.4/libpython3.4-minimal@3.4.3-1ubuntu1~14.04.7 and others
  • Fixed in: 3.4.3-1ubuntu1~14.04.7+esm8

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* python3.4@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/libpython3.4-minimal@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/libpython3.4-stdlib@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/python3.4-minimal@3.4.3-1ubuntu1~14.04.7

NVD Description

Note: Versions mentioned in the description apply to the upstream python3.4 package. See Remediation section below for Ubuntu:14.04 relevant versions.

http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.

Remediation

Upgrade Ubuntu:14.04 python3.4 to version 3.4.3-1ubuntu1~14.04.7+esm8 or higher.

References

medium severity

Improper Input Validation

  • Vulnerable module: python3.4
  • Introduced through: python3.4@3.4.3-1ubuntu1~14.04.7, python3.4/libpython3.4-minimal@3.4.3-1ubuntu1~14.04.7 and others
  • Fixed in: 3.4.3-1ubuntu1~14.04.7+esm2

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* python3.4@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/libpython3.4-minimal@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/libpython3.4-stdlib@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/python3.4-minimal@3.4.3-1ubuntu1~14.04.7

NVD Description

Note: Versions mentioned in the description apply to the upstream python3.4 package. See Remediation section below for Ubuntu:14.04 relevant versions.

http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.

Remediation

Upgrade Ubuntu:14.04 python3.4 to version 3.4.3-1ubuntu1~14.04.7+esm2 or higher.

References

medium severity

Improper Input Validation

  • Vulnerable module: python3.4
  • Introduced through: python3.4@3.4.3-1ubuntu1~14.04.7, python3.4/libpython3.4-minimal@3.4.3-1ubuntu1~14.04.7 and others
  • Fixed in: 3.4.3-1ubuntu1~14.04.7+esm4

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* python3.4@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/libpython3.4-minimal@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/libpython3.4-stdlib@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/python3.4-minimal@3.4.3-1ubuntu1~14.04.7

NVD Description

Note: Versions mentioned in the description apply to the upstream python3.4 package. See Remediation section below for Ubuntu:14.04 relevant versions.

An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.

Remediation

Upgrade Ubuntu:14.04 python3.4 to version 3.4.3-1ubuntu1~14.04.7+esm4 or higher.

References

medium severity

Improper Input Validation

  • Vulnerable module: python3.4
  • Introduced through: python3.4@3.4.3-1ubuntu1~14.04.7, python3.4/libpython3.4-minimal@3.4.3-1ubuntu1~14.04.7 and others
  • Fixed in: 3.4.3-1ubuntu1~14.04.7+esm7

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* python3.4@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/libpython3.4-minimal@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/libpython3.4-stdlib@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/python3.4-minimal@3.4.3-1ubuntu1~14.04.7

NVD Description

Note: Versions mentioned in the description apply to the upstream python3.4 package. See Remediation section below for Ubuntu:14.04 relevant versions.

In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.

Remediation

Upgrade Ubuntu:14.04 python3.4 to version 3.4.3-1ubuntu1~14.04.7+esm7 or higher.

References

medium severity

Improper Input Validation

  • Vulnerable module: sqlite3/libsqlite3-0
  • Introduced through: sqlite3/libsqlite3-0@3.8.2-1ubuntu2.2
  • Fixed in: 3.8.2-1ubuntu2.2+esm2

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* sqlite3/libsqlite3-0@3.8.2-1ubuntu2.2

NVD Description

Note: Versions mentioned in the description apply to the upstream sqlite3 package. See Remediation section below for Ubuntu:14.04 relevant versions.

Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page.

Remediation

Upgrade Ubuntu:14.04 sqlite3 to version 3.8.2-1ubuntu2.2+esm2 or higher.

References

medium severity

Integer Overflow or Wraparound

  • Vulnerable module: sqlite3/libsqlite3-0
  • Introduced through: sqlite3/libsqlite3-0@3.8.2-1ubuntu2.2
  • Fixed in: 3.8.2-1ubuntu2.2+esm1

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* sqlite3/libsqlite3-0@3.8.2-1ubuntu2.2

NVD Description

Note: Versions mentioned in the description apply to the upstream sqlite3 package. See Remediation section below for Ubuntu:14.04 relevant versions.

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.

Remediation

Upgrade Ubuntu:14.04 sqlite3 to version 3.8.2-1ubuntu2.2+esm1 or higher.

References

medium severity

Integer Overflow or Wraparound

  • Vulnerable module: sqlite3/libsqlite3-0
  • Introduced through: sqlite3/libsqlite3-0@3.8.2-1ubuntu2.2
  • Fixed in: 3.8.2-1ubuntu2.2+esm1

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* sqlite3/libsqlite3-0@3.8.2-1ubuntu2.2

NVD Description

Note: Versions mentioned in the description apply to the upstream sqlite3 package. See Remediation section below for Ubuntu:14.04 relevant versions.

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.

Remediation

Upgrade Ubuntu:14.04 sqlite3 to version 3.8.2-1ubuntu2.2+esm1 or higher.

References

medium severity

NULL Pointer Dereference

  • Vulnerable module: sqlite3/libsqlite3-0
  • Introduced through: sqlite3/libsqlite3-0@3.8.2-1ubuntu2.2
  • Fixed in: 3.8.2-1ubuntu2.2+esm2

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* sqlite3/libsqlite3-0@3.8.2-1ubuntu2.2

NVD Description

Note: Versions mentioned in the description apply to the upstream sqlite3 package. See Remediation section below for Ubuntu:14.04 relevant versions.

multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.

Remediation

Upgrade Ubuntu:14.04 sqlite3 to version 3.8.2-1ubuntu2.2+esm2 or higher.

References

medium severity

Out-of-bounds Read

  • Vulnerable module: sqlite3/libsqlite3-0
  • Introduced through: sqlite3/libsqlite3-0@3.8.2-1ubuntu2.2
  • Fixed in: 3.8.2-1ubuntu2.2+esm1

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* sqlite3/libsqlite3-0@3.8.2-1ubuntu2.2

NVD Description

Note: Versions mentioned in the description apply to the upstream sqlite3 package. See Remediation section below for Ubuntu:14.04 relevant versions.

SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.

Remediation

Upgrade Ubuntu:14.04 sqlite3 to version 3.8.2-1ubuntu2.2+esm1 or higher.

References

medium severity

Out-of-bounds Read

  • Vulnerable module: sqlite3/libsqlite3-0
  • Introduced through: sqlite3/libsqlite3-0@3.8.2-1ubuntu2.2

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* sqlite3/libsqlite3-0@3.8.2-1ubuntu2.2

NVD Description

Note: Versions mentioned in the description apply to the upstream sqlite3 package.

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A malicious application may cause a denial of service or potentially disclose memory contents.

Remediation

There is no fixed version for Ubuntu:14.04 sqlite3.

References

medium severity

Out-of-bounds Read

  • Vulnerable module: sqlite3/libsqlite3-0
  • Introduced through: sqlite3/libsqlite3-0@3.8.2-1ubuntu2.2
  • Fixed in: 3.8.2-1ubuntu2.2+esm2

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* sqlite3/libsqlite3-0@3.8.2-1ubuntu2.2

NVD Description

Note: Versions mentioned in the description apply to the upstream sqlite3 package. See Remediation section below for Ubuntu:14.04 relevant versions.

Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

Remediation

Upgrade Ubuntu:14.04 sqlite3 to version 3.8.2-1ubuntu2.2+esm2 or higher.

References

medium severity

Out-of-bounds Read

  • Vulnerable module: sqlite3/libsqlite3-0
  • Introduced through: sqlite3/libsqlite3-0@3.8.2-1ubuntu2.2
  • Fixed in: 3.8.2-1ubuntu2.2+esm2

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* sqlite3/libsqlite3-0@3.8.2-1ubuntu2.2

NVD Description

Note: Versions mentioned in the description apply to the upstream sqlite3 package. See Remediation section below for Ubuntu:14.04 relevant versions.

Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

Remediation

Upgrade Ubuntu:14.04 sqlite3 to version 3.8.2-1ubuntu2.2+esm2 or higher.

References

medium severity

Out-of-bounds Write

  • Vulnerable module: sqlite3/libsqlite3-0
  • Introduced through: sqlite3/libsqlite3-0@3.8.2-1ubuntu2.2
  • Fixed in: 3.8.2-1ubuntu2.2+esm2

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* sqlite3/libsqlite3-0@3.8.2-1ubuntu2.2

NVD Description

Note: Versions mentioned in the description apply to the upstream sqlite3 package. See Remediation section below for Ubuntu:14.04 relevant versions.

Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Remediation

Upgrade Ubuntu:14.04 sqlite3 to version 3.8.2-1ubuntu2.2+esm2 or higher.

References

medium severity

Use of Uninitialized Resource

  • Vulnerable module: sqlite3/libsqlite3-0
  • Introduced through: sqlite3/libsqlite3-0@3.8.2-1ubuntu2.2
  • Fixed in: 3.8.2-1ubuntu2.2+esm2

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* sqlite3/libsqlite3-0@3.8.2-1ubuntu2.2

NVD Description

Note: Versions mentioned in the description apply to the upstream sqlite3 package. See Remediation section below for Ubuntu:14.04 relevant versions.

Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

Remediation

Upgrade Ubuntu:14.04 sqlite3 to version 3.8.2-1ubuntu2.2+esm2 or higher.

References

medium severity

Access Restriction Bypass

  • Vulnerable module: sudo
  • Introduced through: sudo@1.8.9p5-1ubuntu1.4

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* sudo@1.8.9p5-1ubuntu1.4

NVD Description

Note: Versions mentioned in the description apply to the upstream sudo package.

sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home///file.txt."

Remediation

There is no fixed version for Ubuntu:14.04 sudo.

References

medium severity

Arbitrary Command Injection

  • Vulnerable module: sudo
  • Introduced through: sudo@1.8.9p5-1ubuntu1.4
  • Fixed in: 1.8.9p5-1ubuntu1.5+esm5

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* sudo@1.8.9p5-1ubuntu1.4

NVD Description

Note: Versions mentioned in the description apply to the upstream sudo package. See Remediation section below for Ubuntu:14.04 relevant versions.

sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges.

Remediation

Upgrade Ubuntu:14.04 sudo to version 1.8.9p5-1ubuntu1.5+esm5 or higher.

References

medium severity

Improper Handling of Exceptional Conditions

  • Vulnerable module: sudo
  • Introduced through: sudo@1.8.9p5-1ubuntu1.4
  • Fixed in: 1.8.9p5-1ubuntu1.5+esm2

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* sudo@1.8.9p5-1ubuntu1.4

NVD Description

Note: Versions mentioned in the description apply to the upstream sudo package. See Remediation section below for Ubuntu:14.04 relevant versions.

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u #$((0xffffffff))" command.

Remediation

Upgrade Ubuntu:14.04 sudo to version 1.8.9p5-1ubuntu1.5+esm2 or higher.

References

medium severity

Improper Input Validation

  • Vulnerable module: sudo
  • Introduced through: sudo@1.8.9p5-1ubuntu1.4
  • Fixed in: 1.8.9p5-1ubuntu1.5+esm1

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* sudo@1.8.9p5-1ubuntu1.4

NVD Description

Note: Versions mentioned in the description apply to the upstream sudo package. See Remediation section below for Ubuntu:14.04 relevant versions.

Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.

Remediation

Upgrade Ubuntu:14.04 sudo to version 1.8.9p5-1ubuntu1.5+esm1 or higher.

References

medium severity

Information Exposure

  • Vulnerable module: systemd/libudev1
  • Introduced through: systemd/libudev1@204-5ubuntu20.31 and systemd/udev@204-5ubuntu20.31

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* systemd/libudev1@204-5ubuntu20.31
  • Introduced through: buildpack-deps:14.04-curl@* systemd/udev@204-5ubuntu20.31

NVD Description

Note: Versions mentioned in the description apply to the upstream systemd package.

systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.

Remediation

There is no fixed version for Ubuntu:14.04 systemd.

References

medium severity

Open Redirect

  • Vulnerable module: wget
  • Introduced through: wget@1.15-1ubuntu1.14.04.5

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* wget@1.15-1ubuntu1.14.04.5

NVD Description

Note: Versions mentioned in the description apply to the upstream wget package.

GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.

Remediation

There is no fixed version for Ubuntu:14.04 wget.

References

low severity

Improper Input Validation

  • Vulnerable module: audit/libaudit-common
  • Introduced through: audit/libaudit-common@1:2.3.2-2ubuntu1 and audit/libaudit1@1:2.3.2-2ubuntu1

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* audit/libaudit-common@1:2.3.2-2ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* audit/libaudit1@1:2.3.2-2ubuntu1

NVD Description

Note: Versions mentioned in the description apply to the upstream audit package.

Audit before 2.4.4 in Linux does not sanitize escape characters in filenames.

Remediation

There is no fixed version for Ubuntu:14.04 audit.

References

low severity

Improper Check for Dropped Privileges

  • Vulnerable module: bash
  • Introduced through: bash@4.3-7ubuntu1.7

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* bash@4.3-7ubuntu1.7

NVD Description

Note: Versions mentioned in the description apply to the upstream bash package.

An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support "saved UID" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.

Remediation

There is no fixed version for Ubuntu:14.04 bash.

References

low severity

Improper Input Validation

  • Vulnerable module: bash
  • Introduced through: bash@4.3-7ubuntu1.7
  • Fixed in: 4.3-7ubuntu1.8+esm1

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* bash@4.3-7ubuntu1.7

NVD Description

Note: Versions mentioned in the description apply to the upstream bash package. See Remediation section below for Ubuntu:14.04 relevant versions.

rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell.

Remediation

Upgrade Ubuntu:14.04 bash to version 4.3-7ubuntu1.8+esm1 or higher.

References

low severity

CVE-2016-3189

  • Vulnerable module: bzip2
  • Introduced through: bzip2@1.0.6-5 and bzip2/libbz2-1.0@1.0.6-5
  • Fixed in: 1.0.6-5ubuntu0.1~esm1

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* bzip2@1.0.6-5
  • Introduced through: buildpack-deps:14.04-curl@* bzip2/libbz2-1.0@1.0.6-5

NVD Description

Note: Versions mentioned in the description apply to the upstream bzip2 package. See Remediation section below for Ubuntu:14.04 relevant versions.

Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.

Remediation

Upgrade Ubuntu:14.04 bzip2 to version 1.0.6-5ubuntu0.1~esm1 or higher.

References

low severity

Improper Input Validation

  • Vulnerable module: coreutils
  • Introduced through: coreutils@8.21-1ubuntu5.4

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* coreutils@8.21-1ubuntu5.4

NVD Description

Note: Versions mentioned in the description apply to the upstream coreutils package.

chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

Remediation

There is no fixed version for Ubuntu:14.04 coreutils.

References

low severity

Link Following

  • Vulnerable module: cron
  • Introduced through: cron@3.0pl1-124ubuntu2

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* cron@3.0pl1-124ubuntu2

NVD Description

Note: Versions mentioned in the description apply to the upstream cron package.

In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs.

Remediation

There is no fixed version for Ubuntu:14.04 cron.

References

low severity

Improper Input Validation

  • Vulnerable module: curl
  • Introduced through: curl@7.35.0-1ubuntu2.20 and curl/libcurl3@7.35.0-1ubuntu2.20

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* curl@7.35.0-1ubuntu2.20
  • Introduced through: buildpack-deps:14.04-curl@* curl/libcurl3@7.35.0-1ubuntu2.20

NVD Description

Note: Versions mentioned in the description apply to the upstream curl package.

curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.

Remediation

There is no fixed version for Ubuntu:14.04 curl.

References

low severity

Information Exposure

  • Vulnerable module: curl
  • Introduced through: curl@7.35.0-1ubuntu2.20 and curl/libcurl3@7.35.0-1ubuntu2.20
  • Fixed in: 7.35.0-1ubuntu2.20+esm6

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* curl@7.35.0-1ubuntu2.20
  • Introduced through: buildpack-deps:14.04-curl@* curl/libcurl3@7.35.0-1ubuntu2.20

NVD Description

Note: Versions mentioned in the description apply to the upstream curl package. See Remediation section below for Ubuntu:14.04 relevant versions.

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.

Remediation

Upgrade Ubuntu:14.04 curl to version 7.35.0-1ubuntu2.20+esm6 or higher.

References

low severity

Missing Initialization of Resource

  • Vulnerable module: curl
  • Introduced through: curl@7.35.0-1ubuntu2.20 and curl/libcurl3@7.35.0-1ubuntu2.20

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* curl@7.35.0-1ubuntu2.20
  • Introduced through: buildpack-deps:14.04-curl@* curl/libcurl3@7.35.0-1ubuntu2.20

NVD Description

Note: Versions mentioned in the description apply to the upstream curl package.

curl 7.7 through 7.76.1 suffers from an information disclosure when the -t command line option, known as CURLOPT_TELNETOPTIONS in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.

Remediation

There is no fixed version for Ubuntu:14.04 curl.

References

low severity

Use After Free

  • Vulnerable module: curl
  • Introduced through: curl@7.35.0-1ubuntu2.20 and curl/libcurl3@7.35.0-1ubuntu2.20
  • Fixed in: 7.35.0-1ubuntu2.20+esm5

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* curl@7.35.0-1ubuntu2.20
  • Introduced through: buildpack-deps:14.04-curl@* curl/libcurl3@7.35.0-1ubuntu2.20

NVD Description

Note: Versions mentioned in the description apply to the upstream curl package. See Remediation section below for Ubuntu:14.04 relevant versions.

Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.

Remediation

Upgrade Ubuntu:14.04 curl to version 7.35.0-1ubuntu2.20+esm5 or higher.

References

low severity

Use After Free

  • Vulnerable module: dbus/libdbus-1-3
  • Introduced through: dbus/libdbus-1-3@1.6.18-0ubuntu4.5

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* dbus/libdbus-1-3@1.6.18-0ubuntu4.5

NVD Description

Note: Versions mentioned in the description apply to the upstream dbus package.

A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors

Remediation

There is no fixed version for Ubuntu:14.04 dbus.

References

low severity

Directory Traversal

  • Vulnerable module: dpkg
  • Introduced through: dpkg@1.17.5ubuntu5.8

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* dpkg@1.17.5ubuntu5.8

NVD Description

Note: Versions mentioned in the description apply to the upstream dpkg package.

dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.

Remediation

There is no fixed version for Ubuntu:14.04 dpkg.

References

low severity

Use of Externally-Controlled Format String

  • Vulnerable module: dpkg
  • Introduced through: dpkg@1.17.5ubuntu5.8

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* dpkg@1.17.5ubuntu5.8

NVD Description

Note: Versions mentioned in the description apply to the upstream dpkg package.

Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name.

Remediation

There is no fixed version for Ubuntu:14.04 dpkg.

References

low severity

Allocation of Resources Without Limits or Throttling

  • Vulnerable module: eglibc/libc-bin
  • Introduced through: eglibc/libc-bin@2.19-0ubuntu6.15, eglibc/libc6@2.19-0ubuntu6.15 and others

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* eglibc/libc-bin@2.19-0ubuntu6.15
  • Introduced through: buildpack-deps:14.04-curl@* eglibc/libc6@2.19-0ubuntu6.15
  • Introduced through: buildpack-deps:14.04-curl@* eglibc/multiarch-support@2.19-0ubuntu6.15

NVD Description

Note: Versions mentioned in the description apply to the upstream eglibc package.

The DNS stub resolver in the GNU C Library (aka glibc or libc6) before version 2.26, when EDNS support is enabled, will solicit large UDP responses from name servers, potentially simplifying off-path DNS spoofing attacks due to IP fragmentation.

Remediation

There is no fixed version for Ubuntu:14.04 eglibc.

References

low severity

Improper Data Handling

  • Vulnerable module: eglibc/libc-bin
  • Introduced through: eglibc/libc-bin@2.19-0ubuntu6.15, eglibc/libc6@2.19-0ubuntu6.15 and others

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* eglibc/libc-bin@2.19-0ubuntu6.15
  • Introduced through: buildpack-deps:14.04-curl@* eglibc/libc6@2.19-0ubuntu6.15
  • Introduced through: buildpack-deps:14.04-curl@* eglibc/multiarch-support@2.19-0ubuntu6.15

NVD Description

Note: Versions mentioned in the description apply to the upstream eglibc package.

In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.

Remediation

There is no fixed version for Ubuntu:14.04 eglibc.

References

low severity

Improper Input Validation

  • Vulnerable module: eglibc/libc-bin
  • Introduced through: eglibc/libc-bin@2.19-0ubuntu6.15, eglibc/libc6@2.19-0ubuntu6.15 and others

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* eglibc/libc-bin@2.19-0ubuntu6.15
  • Introduced through: buildpack-deps:14.04-curl@* eglibc/libc6@2.19-0ubuntu6.15
  • Introduced through: buildpack-deps:14.04-curl@* eglibc/multiarch-support@2.19-0ubuntu6.15

NVD Description

Note: Versions mentioned in the description apply to the upstream eglibc package.

The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and earlier, when invoked with multiple suffixes in the destination encoding (TRANSLATE or IGNORE) along with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.

Remediation

There is no fixed version for Ubuntu:14.04 eglibc.

References

low severity

Integer Underflow

  • Vulnerable module: eglibc/libc-bin
  • Introduced through: eglibc/libc-bin@2.19-0ubuntu6.15, eglibc/libc6@2.19-0ubuntu6.15 and others

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* eglibc/libc-bin@2.19-0ubuntu6.15
  • Introduced through: buildpack-deps:14.04-curl@* eglibc/libc6@2.19-0ubuntu6.15
  • Introduced through: buildpack-deps:14.04-curl@* eglibc/multiarch-support@2.19-0ubuntu6.15

NVD Description

Note: Versions mentioned in the description apply to the upstream eglibc package.

An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data.

Remediation

There is no fixed version for Ubuntu:14.04 eglibc.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: eglibc/libc-bin
  • Introduced through: eglibc/libc-bin@2.19-0ubuntu6.15, eglibc/libc6@2.19-0ubuntu6.15 and others

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* eglibc/libc-bin@2.19-0ubuntu6.15
  • Introduced through: buildpack-deps:14.04-curl@* eglibc/libc6@2.19-0ubuntu6.15
  • Introduced through: buildpack-deps:14.04-curl@* eglibc/multiarch-support@2.19-0ubuntu6.15

NVD Description

Note: Versions mentioned in the description apply to the upstream eglibc package.

res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).

Remediation

There is no fixed version for Ubuntu:14.04 eglibc.

References

low severity

Out-of-Bounds

  • Vulnerable module: eglibc/libc-bin
  • Introduced through: eglibc/libc-bin@2.19-0ubuntu6.15, eglibc/libc6@2.19-0ubuntu6.15 and others

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* eglibc/libc-bin@2.19-0ubuntu6.15
  • Introduced through: buildpack-deps:14.04-curl@* eglibc/libc6@2.19-0ubuntu6.15
  • Introduced through: buildpack-deps:14.04-curl@* eglibc/multiarch-support@2.19-0ubuntu6.15

NVD Description

Note: Versions mentioned in the description apply to the upstream eglibc package.

Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.

Remediation

There is no fixed version for Ubuntu:14.04 eglibc.

References

low severity

Out-of-Bounds

  • Vulnerable module: eglibc/libc-bin
  • Introduced through: eglibc/libc-bin@2.19-0ubuntu6.15, eglibc/libc6@2.19-0ubuntu6.15 and others

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* eglibc/libc-bin@2.19-0ubuntu6.15
  • Introduced through: buildpack-deps:14.04-curl@* eglibc/libc6@2.19-0ubuntu6.15
  • Introduced through: buildpack-deps:14.04-curl@* eglibc/multiarch-support@2.19-0ubuntu6.15

NVD Description

Note: Versions mentioned in the description apply to the upstream eglibc package.

In the GNU C Library (aka glibc or libc6) through 2.29, the memcmp function for the x32 architecture can incorrectly return zero (indicating that the inputs are equal) because the RDX most significant bit is mishandled.

Remediation

There is no fixed version for Ubuntu:14.04 eglibc.

References

low severity

Reachable Assertion

  • Vulnerable module: eglibc/libc-bin
  • Introduced through: eglibc/libc-bin@2.19-0ubuntu6.15, eglibc/libc6@2.19-0ubuntu6.15 and others

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* eglibc/libc-bin@2.19-0ubuntu6.15
  • Introduced through: buildpack-deps:14.04-curl@* eglibc/libc6@2.19-0ubuntu6.15
  • Introduced through: buildpack-deps:14.04-curl@* eglibc/multiarch-support@2.19-0ubuntu6.15

NVD Description

Note: Versions mentioned in the description apply to the upstream eglibc package.

The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.

Remediation

There is no fixed version for Ubuntu:14.04 eglibc.

References

low severity

Uncontrolled Recursion

  • Vulnerable module: eglibc/libc-bin
  • Introduced through: eglibc/libc-bin@2.19-0ubuntu6.15, eglibc/libc6@2.19-0ubuntu6.15 and others

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* eglibc/libc-bin@2.19-0ubuntu6.15
  • Introduced through: buildpack-deps:14.04-curl@* eglibc/libc6@2.19-0ubuntu6.15
  • Introduced through: buildpack-deps:14.04-curl@* eglibc/multiarch-support@2.19-0ubuntu6.15

NVD Description

Note: Versions mentioned in the description apply to the upstream eglibc package.

In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\1\1|t1|\\2537)+' in grep.

Remediation

There is no fixed version for Ubuntu:14.04 eglibc.

References

low severity

Use After Free

  • Vulnerable module: eglibc/libc-bin
  • Introduced through: eglibc/libc-bin@2.19-0ubuntu6.15, eglibc/libc6@2.19-0ubuntu6.15 and others

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* eglibc/libc-bin@2.19-0ubuntu6.15
  • Introduced through: buildpack-deps:14.04-curl@* eglibc/libc6@2.19-0ubuntu6.15
  • Introduced through: buildpack-deps:14.04-curl@* eglibc/multiarch-support@2.19-0ubuntu6.15

NVD Description

Note: Versions mentioned in the description apply to the upstream eglibc package.

Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors related to error path.

Remediation

There is no fixed version for Ubuntu:14.04 eglibc.

References

low severity

Use After Free

  • Vulnerable module: eglibc/libc-bin
  • Introduced through: eglibc/libc-bin@2.19-0ubuntu6.15, eglibc/libc6@2.19-0ubuntu6.15 and others

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* eglibc/libc-bin@2.19-0ubuntu6.15
  • Introduced through: buildpack-deps:14.04-curl@* eglibc/libc6@2.19-0ubuntu6.15
  • Introduced through: buildpack-deps:14.04-curl@* eglibc/multiarch-support@2.19-0ubuntu6.15

NVD Description

Note: Versions mentioned in the description apply to the upstream eglibc package.

A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32.

Remediation

There is no fixed version for Ubuntu:14.04 eglibc.

References

low severity

XML External Entity (XXE) Injection

  • Vulnerable module: expat/libexpat1
  • Introduced through: expat/libexpat1@2.1.0-4ubuntu1.4
  • Fixed in: 2.1.0-4ubuntu1.4+esm1

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* expat/libexpat1@2.1.0-4ubuntu1.4

NVD Description

Note: Versions mentioned in the description apply to the upstream expat package. See Remediation section below for Ubuntu:14.04 relevant versions.

In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).

Remediation

Upgrade Ubuntu:14.04 expat to version 2.1.0-4ubuntu1.4+esm1 or higher.

References

low severity

Information Exposure

  • Vulnerable module: gcc-4.8/gcc-4.8-base
  • Introduced through: gcc-4.8/gcc-4.8-base@4.8.4-2ubuntu1~14.04.4 and gcc-4.8/libstdc++6@4.8.4-2ubuntu1~14.04.4

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* gcc-4.8/gcc-4.8-base@4.8.4-2ubuntu1~14.04.4
  • Introduced through: buildpack-deps:14.04-curl@* gcc-4.8/libstdc++6@4.8.4-2ubuntu1~14.04.4

NVD Description

Note: Versions mentioned in the description apply to the upstream gcc-4.8 package.

The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.

Remediation

There is no fixed version for Ubuntu:14.04 gcc-4.8.

References

low severity

Improper Certificate Validation

  • Vulnerable module: gnupg
  • Introduced through: gnupg@1.4.16-1ubuntu2.6 and gnupg/gpgv@1.4.16-1ubuntu2.6

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* gnupg@1.4.16-1ubuntu2.6
  • Introduced through: buildpack-deps:14.04-curl@* gnupg/gpgv@1.4.16-1ubuntu2.6

NVD Description

Note: Versions mentioned in the description apply to the upstream gnupg package.

Interaction between the sks-keyserver code through 1.2.0 of the SKS keyserver network, and GnuPG through 2.2.16, makes it risky to have a GnuPG keyserver configuration line referring to a host on the SKS keyserver network. Retrieving data from this network may cause a persistent denial of service, because of a Certificate Spamming Attack.

Remediation

There is no fixed version for Ubuntu:14.04 gnupg.

References

low severity

Improper Certificate Validation

  • Vulnerable module: heimdal/libasn1-8-heimdal
  • Introduced through: heimdal/libasn1-8-heimdal@1.6~git20131207+dfsg-1ubuntu1.2, heimdal/libgssapi3-heimdal@1.6~git20131207+dfsg-1ubuntu1.2 and others

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* heimdal/libasn1-8-heimdal@1.6~git20131207+dfsg-1ubuntu1.2
  • Introduced through: buildpack-deps:14.04-curl@* heimdal/libgssapi3-heimdal@1.6~git20131207+dfsg-1ubuntu1.2
  • Introduced through: buildpack-deps:14.04-curl@* heimdal/libhcrypto4-heimdal@1.6~git20131207+dfsg-1ubuntu1.2
  • Introduced through: buildpack-deps:14.04-curl@* heimdal/libheimbase1-heimdal@1.6~git20131207+dfsg-1ubuntu1.2
  • Introduced through: buildpack-deps:14.04-curl@* heimdal/libheimntlm0-heimdal@1.6~git20131207+dfsg-1ubuntu1.2
  • Introduced through: buildpack-deps:14.04-curl@* heimdal/libhx509-5-heimdal@1.6~git20131207+dfsg-1ubuntu1.2
  • Introduced through: buildpack-deps:14.04-curl@* heimdal/libkrb5-26-heimdal@1.6~git20131207+dfsg-1ubuntu1.2
  • Introduced through: buildpack-deps:14.04-curl@* heimdal/libroken18-heimdal@1.6~git20131207+dfsg-1ubuntu1.2
  • Introduced through: buildpack-deps:14.04-curl@* heimdal/libwind0-heimdal@1.6~git20131207+dfsg-1ubuntu1.2

NVD Description

Note: Versions mentioned in the description apply to the upstream heimdal package.

The transit path validation code in Heimdal before 7.3 might allow attackers to bypass the capath policy protection mechanism by leveraging failure to add the previous hop realm to the transit path of issued tickets.

Remediation

There is no fixed version for Ubuntu:14.04 heimdal.

References

low severity

Key Management Errors

  • Vulnerable module: heimdal/libasn1-8-heimdal
  • Introduced through: heimdal/libasn1-8-heimdal@1.6~git20131207+dfsg-1ubuntu1.2, heimdal/libgssapi3-heimdal@1.6~git20131207+dfsg-1ubuntu1.2 and others

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* heimdal/libasn1-8-heimdal@1.6~git20131207+dfsg-1ubuntu1.2
  • Introduced through: buildpack-deps:14.04-curl@* heimdal/libgssapi3-heimdal@1.6~git20131207+dfsg-1ubuntu1.2
  • Introduced through: buildpack-deps:14.04-curl@* heimdal/libhcrypto4-heimdal@1.6~git20131207+dfsg-1ubuntu1.2
  • Introduced through: buildpack-deps:14.04-curl@* heimdal/libheimbase1-heimdal@1.6~git20131207+dfsg-1ubuntu1.2
  • Introduced through: buildpack-deps:14.04-curl@* heimdal/libheimntlm0-heimdal@1.6~git20131207+dfsg-1ubuntu1.2
  • Introduced through: buildpack-deps:14.04-curl@* heimdal/libhx509-5-heimdal@1.6~git20131207+dfsg-1ubuntu1.2
  • Introduced through: buildpack-deps:14.04-curl@* heimdal/libkrb5-26-heimdal@1.6~git20131207+dfsg-1ubuntu1.2
  • Introduced through: buildpack-deps:14.04-curl@* heimdal/libroken18-heimdal@1.6~git20131207+dfsg-1ubuntu1.2
  • Introduced through: buildpack-deps:14.04-curl@* heimdal/libwind0-heimdal@1.6~git20131207+dfsg-1ubuntu1.2

NVD Description

Note: Versions mentioned in the description apply to the upstream heimdal package.

In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c.

Remediation

There is no fixed version for Ubuntu:14.04 heimdal.

References

low severity

Integer Overflow or Wraparound

  • Vulnerable module: krb5/libgssapi-krb5-2
  • Introduced through: krb5/libgssapi-krb5-2@1.12+dfsg-2ubuntu5.4, krb5/libk5crypto3@1.12+dfsg-2ubuntu5.4 and others

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* krb5/libgssapi-krb5-2@1.12+dfsg-2ubuntu5.4
  • Introduced through: buildpack-deps:14.04-curl@* krb5/libk5crypto3@1.12+dfsg-2ubuntu5.4
  • Introduced through: buildpack-deps:14.04-curl@* krb5/libkrb5-3@1.12+dfsg-2ubuntu5.4
  • Introduced through: buildpack-deps:14.04-curl@* krb5/libkrb5support0@1.12+dfsg-2ubuntu5.4

NVD Description

Note: Versions mentioned in the description apply to the upstream krb5 package.

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

Remediation

There is no fixed version for Ubuntu:14.04 krb5.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: krb5/libgssapi-krb5-2
  • Introduced through: krb5/libgssapi-krb5-2@1.12+dfsg-2ubuntu5.4, krb5/libk5crypto3@1.12+dfsg-2ubuntu5.4 and others

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* krb5/libgssapi-krb5-2@1.12+dfsg-2ubuntu5.4
  • Introduced through: buildpack-deps:14.04-curl@* krb5/libk5crypto3@1.12+dfsg-2ubuntu5.4
  • Introduced through: buildpack-deps:14.04-curl@* krb5/libkrb5-3@1.12+dfsg-2ubuntu5.4
  • Introduced through: buildpack-deps:14.04-curl@* krb5/libkrb5support0@1.12+dfsg-2ubuntu5.4

NVD Description

Note: Versions mentioned in the description apply to the upstream krb5 package.

An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function "strlen" is getting a "NULL" string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client.

Remediation

There is no fixed version for Ubuntu:14.04 krb5.

References

low severity

Out-of-Bounds

  • Vulnerable module: krb5/libgssapi-krb5-2
  • Introduced through: krb5/libgssapi-krb5-2@1.12+dfsg-2ubuntu5.4, krb5/libk5crypto3@1.12+dfsg-2ubuntu5.4 and others

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* krb5/libgssapi-krb5-2@1.12+dfsg-2ubuntu5.4
  • Introduced through: buildpack-deps:14.04-curl@* krb5/libk5crypto3@1.12+dfsg-2ubuntu5.4
  • Introduced through: buildpack-deps:14.04-curl@* krb5/libkrb5-3@1.12+dfsg-2ubuntu5.4
  • Introduced through: buildpack-deps:14.04-curl@* krb5/libkrb5support0@1.12+dfsg-2ubuntu5.4

NVD Description

Note: Versions mentioned in the description apply to the upstream krb5 package.

plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations involving untrusted X.509 data, related to the get_matching_data and X509_NAME_oneline_ex functions. NOTE: this has security relevance only in use cases outside of the MIT Kerberos distribution, e.g., the use of get_matching_data in KDC certauth plugin code that is specific to Red Hat.

Remediation

There is no fixed version for Ubuntu:14.04 krb5.

References

low severity

Out-of-Bounds

  • Vulnerable module: libbsd/libbsd0
  • Introduced through: libbsd/libbsd0@0.6.0-2ubuntu1
  • Fixed in: 0.6.0-2ubuntu1+esm1

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* libbsd/libbsd0@0.6.0-2ubuntu1

NVD Description

Note: Versions mentioned in the description apply to the upstream libbsd package. See Remediation section below for Ubuntu:14.04 relevant versions.

Off-by-one vulnerability in the fgetwln function in libbsd before 0.8.2 allows attackers to have unspecified impact via unknown vectors, which trigger a heap-based buffer overflow.

Remediation

Upgrade Ubuntu:14.04 libbsd to version 0.6.0-2ubuntu1+esm1 or higher.

References

low severity

Memory Leak

  • Vulnerable module: libpng/libpng12-0
  • Introduced through: libpng/libpng12-0@1.2.50-1ubuntu2.14.04.3

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* libpng/libpng12-0@1.2.50-1ubuntu2.14.04.3

NVD Description

Note: Versions mentioned in the description apply to the upstream libpng package.

** DISPUTED ** png_create_info_struct in png.c in libpng 1.6.36 has a memory leak, as demonstrated by pngcp. NOTE: a third party has stated "I don't think it is libpng's job to free this buffer."

Remediation

There is no fixed version for Ubuntu:14.04 libpng.

References

low severity

Resource Management Errors

  • Vulnerable module: libpng/libpng12-0
  • Introduced through: libpng/libpng12-0@1.2.50-1ubuntu2.14.04.3

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* libpng/libpng12-0@1.2.50-1ubuntu2.14.04.3

NVD Description

Note: Versions mentioned in the description apply to the upstream libpng package.

An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image.

Remediation

There is no fixed version for Ubuntu:14.04 libpng.

References

low severity

Resource Management Errors

  • Vulnerable module: libtasn1-6
  • Introduced through: libtasn1-6@3.4-3ubuntu0.6

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* libtasn1-6@3.4-3ubuntu0.6

NVD Description

Note: Versions mentioned in the description apply to the upstream libtasn1-6 package.

GNU Libtasn1-4.13 libtasn1-4.13 version libtasn1-4.13, libtasn1-4.12 contains a DoS, specifically CPU usage will reach 100% when running asn1Paser against the POC due to an issue in _asn1_expand_object_id(p_tree), after a long time, the program will be killed. This attack appears to be exploitable via parsing a crafted file.

Remediation

There is no fixed version for Ubuntu:14.04 libtasn1-6.

References

low severity

Improper Input Validation

  • Vulnerable module: ncurses/libncurses5
  • Introduced through: ncurses/libncurses5@5.9+20140118-1ubuntu1, ncurses/libncursesw5@5.9+20140118-1ubuntu1 and others

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* ncurses/libncurses5@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/libncursesw5@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/libtinfo5@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/ncurses-base@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/ncurses-bin@5.9+20140118-1ubuntu1

NVD Description

Note: Versions mentioned in the description apply to the upstream ncurses package.

In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the append_acs function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.

Remediation

There is no fixed version for Ubuntu:14.04 ncurses.

References

low severity

Loop with Unreachable Exit Condition ('Infinite Loop')

  • Vulnerable module: ncurses/libncurses5
  • Introduced through: ncurses/libncurses5@5.9+20140118-1ubuntu1, ncurses/libncursesw5@5.9+20140118-1ubuntu1 and others

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* ncurses/libncurses5@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/libncursesw5@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/libtinfo5@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/ncurses-base@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/ncurses-bin@5.9+20140118-1ubuntu1

NVD Description

Note: Versions mentioned in the description apply to the upstream ncurses package.

There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.

Remediation

There is no fixed version for Ubuntu:14.04 ncurses.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: ncurses/libncurses5
  • Introduced through: ncurses/libncurses5@5.9+20140118-1ubuntu1, ncurses/libncursesw5@5.9+20140118-1ubuntu1 and others

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* ncurses/libncurses5@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/libncursesw5@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/libtinfo5@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/ncurses-base@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/ncurses-bin@5.9+20140118-1ubuntu1

NVD Description

Note: Versions mentioned in the description apply to the upstream ncurses package.

In ncurses 6.0, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service attack if the terminfo library code is used to process untrusted terminfo data.

Remediation

There is no fixed version for Ubuntu:14.04 ncurses.

References

low severity

Out-of-Bounds

  • Vulnerable module: ncurses/libncurses5
  • Introduced through: ncurses/libncurses5@5.9+20140118-1ubuntu1, ncurses/libncursesw5@5.9+20140118-1ubuntu1 and others

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* ncurses/libncurses5@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/libncursesw5@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/libtinfo5@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/ncurses-base@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/ncurses-bin@5.9+20140118-1ubuntu1

NVD Description

Note: Versions mentioned in the description apply to the upstream ncurses package.

In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.

Remediation

There is no fixed version for Ubuntu:14.04 ncurses.

References

low severity

Out-of-Bounds

  • Vulnerable module: ncurses/libncurses5
  • Introduced through: ncurses/libncurses5@5.9+20140118-1ubuntu1, ncurses/libncursesw5@5.9+20140118-1ubuntu1 and others

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* ncurses/libncurses5@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/libncursesw5@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/libtinfo5@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/ncurses-base@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/ncurses-bin@5.9+20140118-1ubuntu1

NVD Description

Note: Versions mentioned in the description apply to the upstream ncurses package.

There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.

Remediation

There is no fixed version for Ubuntu:14.04 ncurses.

References

low severity

Out-of-Bounds

  • Vulnerable module: ncurses/libncurses5
  • Introduced through: ncurses/libncurses5@5.9+20140118-1ubuntu1, ncurses/libncursesw5@5.9+20140118-1ubuntu1 and others

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* ncurses/libncurses5@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/libncursesw5@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/libtinfo5@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/ncurses-base@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/ncurses-bin@5.9+20140118-1ubuntu1

NVD Description

Note: Versions mentioned in the description apply to the upstream ncurses package.

There is an illegal address access in the function _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.

Remediation

There is no fixed version for Ubuntu:14.04 ncurses.

References

low severity

Out-of-Bounds

  • Vulnerable module: ncurses/libncurses5
  • Introduced through: ncurses/libncurses5@5.9+20140118-1ubuntu1, ncurses/libncursesw5@5.9+20140118-1ubuntu1 and others

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* ncurses/libncurses5@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/libncursesw5@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/libtinfo5@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/ncurses-base@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/ncurses-bin@5.9+20140118-1ubuntu1

NVD Description

Note: Versions mentioned in the description apply to the upstream ncurses package.

There is an illegal address access in the _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.

Remediation

There is no fixed version for Ubuntu:14.04 ncurses.

References

low severity

Out-of-Bounds

  • Vulnerable module: ncurses/libncurses5
  • Introduced through: ncurses/libncurses5@5.9+20140118-1ubuntu1, ncurses/libncursesw5@5.9+20140118-1ubuntu1 and others

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* ncurses/libncurses5@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/libncursesw5@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/libtinfo5@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/ncurses-base@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/ncurses-bin@5.9+20140118-1ubuntu1

NVD Description

Note: Versions mentioned in the description apply to the upstream ncurses package.

There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.

Remediation

There is no fixed version for Ubuntu:14.04 ncurses.

References

low severity

Out-of-Bounds

  • Vulnerable module: ncurses/libncurses5
  • Introduced through: ncurses/libncurses5@5.9+20140118-1ubuntu1, ncurses/libncursesw5@5.9+20140118-1ubuntu1 and others

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* ncurses/libncurses5@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/libncursesw5@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/libtinfo5@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/ncurses-base@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/ncurses-bin@5.9+20140118-1ubuntu1

NVD Description

Note: Versions mentioned in the description apply to the upstream ncurses package.

There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.

Remediation

There is no fixed version for Ubuntu:14.04 ncurses.

References

low severity

Out-of-Bounds

  • Vulnerable module: ncurses/libncurses5
  • Introduced through: ncurses/libncurses5@5.9+20140118-1ubuntu1, ncurses/libncursesw5@5.9+20140118-1ubuntu1 and others

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* ncurses/libncurses5@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/libncursesw5@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/libtinfo5@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/ncurses-base@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/ncurses-bin@5.9+20140118-1ubuntu1

NVD Description

Note: Versions mentioned in the description apply to the upstream ncurses package.

There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.

Remediation

There is no fixed version for Ubuntu:14.04 ncurses.

References

low severity

Out-of-bounds Read

  • Vulnerable module: ncurses/libncurses5
  • Introduced through: ncurses/libncurses5@5.9+20140118-1ubuntu1, ncurses/libncursesw5@5.9+20140118-1ubuntu1 and others

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* ncurses/libncurses5@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/libncursesw5@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/libtinfo5@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/ncurses-base@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/ncurses-bin@5.9+20140118-1ubuntu1

NVD Description

Note: Versions mentioned in the description apply to the upstream ncurses package.

There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.

Remediation

There is no fixed version for Ubuntu:14.04 ncurses.

References

low severity

Out-of-bounds Read

  • Vulnerable module: ncurses/libncurses5
  • Introduced through: ncurses/libncurses5@5.9+20140118-1ubuntu1, ncurses/libncursesw5@5.9+20140118-1ubuntu1 and others

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* ncurses/libncurses5@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/libncursesw5@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/libtinfo5@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/ncurses-base@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/ncurses-bin@5.9+20140118-1ubuntu1

NVD Description

Note: Versions mentioned in the description apply to the upstream ncurses package.

There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.

Remediation

There is no fixed version for Ubuntu:14.04 ncurses.

References

low severity

Out-of-bounds Write

  • Vulnerable module: ncurses/libncurses5
  • Introduced through: ncurses/libncurses5@5.9+20140118-1ubuntu1, ncurses/libncursesw5@5.9+20140118-1ubuntu1 and others

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* ncurses/libncurses5@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/libncursesw5@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/libtinfo5@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/ncurses-base@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/ncurses-bin@5.9+20140118-1ubuntu1

NVD Description

Note: Versions mentioned in the description apply to the upstream ncurses package.

Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic.

Remediation

There is no fixed version for Ubuntu:14.04 ncurses.

References

low severity

Use of Externally-Controlled Format String

  • Vulnerable module: ncurses/libncurses5
  • Introduced through: ncurses/libncurses5@5.9+20140118-1ubuntu1, ncurses/libncursesw5@5.9+20140118-1ubuntu1 and others

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* ncurses/libncurses5@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/libncursesw5@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/libtinfo5@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/ncurses-base@5.9+20140118-1ubuntu1
  • Introduced through: buildpack-deps:14.04-curl@* ncurses/ncurses-bin@5.9+20140118-1ubuntu1

NVD Description

Note: Versions mentioned in the description apply to the upstream ncurses package.

In ncurses 6.0, there is a format string vulnerability in the fmt_entry function. A crafted input will lead to a remote arbitrary code execution attack.

Remediation

There is no fixed version for Ubuntu:14.04 ncurses.

References

low severity

CVE-2018-7170

  • Vulnerable module: ntp/ntpdate
  • Introduced through: ntp/ntpdate@1:4.2.6.p5+dfsg-3ubuntu2.14.04.13

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* ntp/ntpdate@1:4.2.6.p5+dfsg-3ubuntu2.14.04.13

NVD Description

Note: Versions mentioned in the description apply to the upstream ntp package.

ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549.

Remediation

There is no fixed version for Ubuntu:14.04 ntp.

References

low severity

Out-of-bounds Write

  • Vulnerable module: ntp/ntpdate
  • Introduced through: ntp/ntpdate@1:4.2.6.p5+dfsg-3ubuntu2.14.04.13
  • Fixed in: 1:4.2.6.p5+dfsg-3ubuntu2.14.04.13+esm1

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* ntp/ntpdate@1:4.2.6.p5+dfsg-3ubuntu2.14.04.13

NVD Description

Note: Versions mentioned in the description apply to the upstream ntp package. See Remediation section below for Ubuntu:14.04 relevant versions.

Stack-based buffer overflow in ntpq and ntpdc of NTP version 4.2.8p11 allows an attacker to achieve code execution or escalate to higher privileges via a long string as the argument for an IPv4 or IPv6 command-line parameter. NOTE: It is unclear whether there are any common situations in which ntpq or ntpdc is used with a command line from an untrusted source.

Remediation

Upgrade Ubuntu:14.04 ntp to version 1:4.2.6.p5+dfsg-3ubuntu2.14.04.13+esm1 or higher.

References

low severity

Improper Authentication

  • Vulnerable module: openldap/libldap-2.4-2
  • Introduced through: openldap/libldap-2.4-2@2.4.31-1+nmu2ubuntu8.5
  • Fixed in: 2.4.31-1+nmu2ubuntu8.5+esm1

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* openldap/libldap-2.4-2@2.4.31-1+nmu2ubuntu8.5

NVD Description

Note: Versions mentioned in the description apply to the upstream openldap package. See Remediation section below for Ubuntu:14.04 relevant versions.

An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.)

Remediation

Upgrade Ubuntu:14.04 openldap to version 2.4.31-1+nmu2ubuntu8.5+esm1 or higher.

References

low severity

CVE-2021-3601

  • Vulnerable module: openssl
  • Introduced through: openssl@1.0.1f-1ubuntu2.27 and openssl/libssl1.0.0@1.0.1f-1ubuntu2.27

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* openssl@1.0.1f-1ubuntu2.27
  • Introduced through: buildpack-deps:14.04-curl@* openssl/libssl1.0.0@1.0.1f-1ubuntu2.27

NVD Description

Note: Versions mentioned in the description apply to the upstream openssl package.

Cert signed by CA with constraint 'CA:FALSE' are considered valid

Remediation

There is no fixed version for Ubuntu:14.04 openssl.

References

low severity

Missing Encryption of Sensitive Data

  • Vulnerable module: openssl
  • Introduced through: openssl@1.0.1f-1ubuntu2.27 and openssl/libssl1.0.0@1.0.1f-1ubuntu2.27
  • Fixed in: 1.0.1f-1ubuntu2.27+esm1

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* openssl@1.0.1f-1ubuntu2.27
  • Introduced through: buildpack-deps:14.04-curl@* openssl/libssl1.0.0@1.0.1f-1ubuntu2.27

NVD Description

Note: Versions mentioned in the description apply to the upstream openssl package. See Remediation section below for Ubuntu:14.04 relevant versions.

Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).

Remediation

Upgrade Ubuntu:14.04 openssl to version 1.0.1f-1ubuntu2.27+esm1 or higher.

References

low severity

Use of a Broken or Risky Cryptographic Algorithm

  • Vulnerable module: openssl
  • Introduced through: openssl@1.0.1f-1ubuntu2.27 and openssl/libssl1.0.0@1.0.1f-1ubuntu2.27
  • Fixed in: 1.0.1f-1ubuntu2.27+esm1

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* openssl@1.0.1f-1ubuntu2.27
  • Introduced through: buildpack-deps:14.04-curl@* openssl/libssl1.0.0@1.0.1f-1ubuntu2.27

NVD Description

Note: Versions mentioned in the description apply to the upstream openssl package. See Remediation section below for Ubuntu:14.04 relevant versions.

In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).

Remediation

Upgrade Ubuntu:14.04 openssl to version 1.0.1f-1ubuntu2.27+esm1 or higher.

References

low severity

Integer Overflow or Wraparound

  • Vulnerable module: pcre3/libpcre3
  • Introduced through: pcre3/libpcre3@1:8.31-2ubuntu2.3

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* pcre3/libpcre3@1:8.31-2ubuntu2.3

NVD Description

Note: Versions mentioned in the description apply to the upstream pcre3 package.

libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.

Remediation

There is no fixed version for Ubuntu:14.04 pcre3.

References

low severity

Out-of-bounds Read

  • Vulnerable module: pcre3/libpcre3
  • Introduced through: pcre3/libpcre3@1:8.31-2ubuntu2.3

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* pcre3/libpcre3@1:8.31-2ubuntu2.3

NVD Description

Note: Versions mentioned in the description apply to the upstream pcre3 package.

libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.

Remediation

There is no fixed version for Ubuntu:14.04 pcre3.

References

low severity

Uncontrolled Recursion

  • Vulnerable module: pcre3/libpcre3
  • Introduced through: pcre3/libpcre3@1:8.31-2ubuntu2.3

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* pcre3/libpcre3@1:8.31-2ubuntu2.3

NVD Description

Note: Versions mentioned in the description apply to the upstream pcre3 package.

In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.

Remediation

There is no fixed version for Ubuntu:14.04 pcre3.

References

low severity

Buffer Overflow

  • Vulnerable module: perl
  • Introduced through: perl@5.18.2-2ubuntu1.7, perl/perl-base@5.18.2-2ubuntu1.7 and others
  • Fixed in: 5.18.2-2ubuntu1.7+esm3

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* perl@5.18.2-2ubuntu1.7
  • Introduced through: buildpack-deps:14.04-curl@* perl/perl-base@5.18.2-2ubuntu1.7
  • Introduced through: buildpack-deps:14.04-curl@* perl/perl-modules@5.18.2-2ubuntu1.7

NVD Description

Note: Versions mentioned in the description apply to the upstream perl package. See Remediation section below for Ubuntu:14.04 relevant versions.

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. An application written in Perl would only be vulnerable to this flaw if it evaluates regular expressions supplied by the attacker. Evaluating regular expressions in this fashion is known to be dangerous since the regular expression engine does not protect against denial of service attacks in this usage scenario.]

Remediation

Upgrade Ubuntu:14.04 perl to version 5.18.2-2ubuntu1.7+esm3 or higher.

References

low severity

Integer Overflow or Wraparound

  • Vulnerable module: perl
  • Introduced through: perl@5.18.2-2ubuntu1.7, perl/perl-base@5.18.2-2ubuntu1.7 and others
  • Fixed in: 5.18.2-2ubuntu1.7+esm3

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* perl@5.18.2-2ubuntu1.7
  • Introduced through: buildpack-deps:14.04-curl@* perl/perl-base@5.18.2-2ubuntu1.7
  • Introduced through: buildpack-deps:14.04-curl@* perl/perl-modules@5.18.2-2ubuntu1.7

NVD Description

Note: Versions mentioned in the description apply to the upstream perl package. See Remediation section below for Ubuntu:14.04 relevant versions.

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection. An application written in Perl would only be vulnerable to this flaw if it evaluates regular expressions supplied by the attacker. Evaluating regular expressions in this fashion is known to be dangerous since the regular expression engine does not protect against denial of service attacks in this usage scenario.]

Remediation

Upgrade Ubuntu:14.04 perl to version 5.18.2-2ubuntu1.7+esm3 or higher.

References

low severity

Out-of-bounds Write

  • Vulnerable module: perl
  • Introduced through: perl@5.18.2-2ubuntu1.7, perl/perl-base@5.18.2-2ubuntu1.7 and others
  • Fixed in: 5.18.2-2ubuntu1.7+esm3

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* perl@5.18.2-2ubuntu1.7
  • Introduced through: buildpack-deps:14.04-curl@* perl/perl-base@5.18.2-2ubuntu1.7
  • Introduced through: buildpack-deps:14.04-curl@* perl/perl-modules@5.18.2-2ubuntu1.7

NVD Description

Note: Versions mentioned in the description apply to the upstream perl package. See Remediation section below for Ubuntu:14.04 relevant versions.

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. An application written in Perl would only be vulnerable to this flaw if it evaluates regular expressions supplied by the attacker. Evaluating regular expressions in this fashion is known to be dangerous since the regular expression engine does not protect against denial of service attacks in this usage scenario. Additionally, the target system needs a sufficient amount of memory to allocate partial expansions of the nested quantifiers prior to the overflow occurring. This requirement is unlikely to be met on 64bit systems.]

Remediation

Upgrade Ubuntu:14.04 perl to version 5.18.2-2ubuntu1.7+esm3 or higher.

References

low severity

Cross-site Scripting (XSS)

  • Vulnerable module: python3.4
  • Introduced through: python3.4@3.4.3-1ubuntu1~14.04.7, python3.4/libpython3.4-minimal@3.4.3-1ubuntu1~14.04.7 and others
  • Fixed in: 3.4.3-1ubuntu1~14.04.7+esm4

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* python3.4@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/libpython3.4-minimal@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/libpython3.4-stdlib@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/python3.4-minimal@3.4.3-1ubuntu1~14.04.7

NVD Description

Note: Versions mentioned in the description apply to the upstream python3.4 package. See Remediation section below for Ubuntu:14.04 relevant versions.

The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.

Remediation

Upgrade Ubuntu:14.04 python3.4 to version 3.4.3-1ubuntu1~14.04.7+esm4 or higher.

References

low severity

CVE-2020-27619

  • Vulnerable module: python3.4
  • Introduced through: python3.4@3.4.3-1ubuntu1~14.04.7, python3.4/libpython3.4-minimal@3.4.3-1ubuntu1~14.04.7 and others
  • Fixed in: 3.4.3-1ubuntu1~14.04.7+esm10

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* python3.4@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/libpython3.4-minimal@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/libpython3.4-stdlib@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/python3.4-minimal@3.4.3-1ubuntu1~14.04.7

NVD Description

Note: Versions mentioned in the description apply to the upstream python3.4 package. See Remediation section below for Ubuntu:14.04 relevant versions.

In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP.

Remediation

Upgrade Ubuntu:14.04 python3.4 to version 3.4.3-1ubuntu1~14.04.7+esm10 or higher.

References

low severity

Incorrect Calculation

  • Vulnerable module: python3.4
  • Introduced through: python3.4@3.4.3-1ubuntu1~14.04.7, python3.4/libpython3.4-minimal@3.4.3-1ubuntu1~14.04.7 and others
  • Fixed in: 3.4.3-1ubuntu1~14.04.7+esm7

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* python3.4@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/libpython3.4-minimal@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/libpython3.4-stdlib@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/python3.4-minimal@3.4.3-1ubuntu1~14.04.7

NVD Description

Note: Versions mentioned in the description apply to the upstream python3.4 package. See Remediation section below for Ubuntu:14.04 relevant versions.

library/glob.html in the Python 2 and 3 documentation before 2016 has potentially misleading information about whether sorting occurs, as demonstrated by irreproducible cancer-research results. NOTE: the effects of this documentation cross application domains, and thus it is likely that security-relevant code elsewhere is affected. This issue is not a Python implementation bug, and there are no reports that NMR researchers were specifically relying on library/glob.html. In other words, because the older documentation stated "finds all the pathnames matching a specified pattern according to the rules used by the Unix shell," one might have incorrectly inferred that the sorting that occurs in a Unix shell also occurred for glob.glob. There is a workaround in newer versions of Willoughby nmr-data_compilation-p2.py and nmr-data_compilation-p3.py, which call sort() directly.

Remediation

Upgrade Ubuntu:14.04 python3.4 to version 3.4.3-1ubuntu1~14.04.7+esm7 or higher.

References

low severity

Integer Overflow or Wraparound

  • Vulnerable module: python3.4
  • Introduced through: python3.4@3.4.3-1ubuntu1~14.04.7, python3.4/libpython3.4-minimal@3.4.3-1ubuntu1~14.04.7 and others
  • Fixed in: 3.4.3-1ubuntu1~14.04.7+esm2

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* python3.4@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/libpython3.4-minimal@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/libpython3.4-stdlib@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/python3.4-minimal@3.4.3-1ubuntu1~14.04.7

NVD Description

Note: Versions mentioned in the description apply to the upstream python3.4 package. See Remediation section below for Ubuntu:14.04 relevant versions.

Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a large LONG_BINPUT value that is mishandled during a "resize to twice the size" attempt. This issue might cause memory exhaustion, but is only relevant if the pickle format is used for serializing tens or hundreds of gigabytes of data. This issue is fixed in: v3.4.10, v3.4.10rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.7rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.7, v3.6.7rc1, v3.6.7rc2, v3.6.8, v3.6.8rc1, v3.6.9, v3.6.9rc1; v3.7.1, v3.7.1rc1, v3.7.1rc2, v3.7.2, v3.7.2rc1, v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.

Remediation

Upgrade Ubuntu:14.04 python3.4 to version 3.4.3-1ubuntu1~14.04.7+esm2 or higher.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: python3.4
  • Introduced through: python3.4@3.4.3-1ubuntu1~14.04.7, python3.4/libpython3.4-minimal@3.4.3-1ubuntu1~14.04.7 and others
  • Fixed in: 3.4.3-1ubuntu1~14.04.7+esm2

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* python3.4@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/libpython3.4-minimal@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/libpython3.4-stdlib@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/python3.4-minimal@3.4.3-1ubuntu1~14.04.7

NVD Description

Note: Versions mentioned in the description apply to the upstream python3.4 package. See Remediation section below for Ubuntu:14.04 relevant versions.

An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability.

Remediation

Upgrade Ubuntu:14.04 python3.4 to version 3.4.3-1ubuntu1~14.04.7+esm2 or higher.

References

low severity

Resource Exhaustion

  • Vulnerable module: python3.4
  • Introduced through: python3.4@3.4.3-1ubuntu1~14.04.7, python3.4/libpython3.4-minimal@3.4.3-1ubuntu1~14.04.7 and others
  • Fixed in: 3.4.3-1ubuntu1~14.04.7+esm7

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* python3.4@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/libpython3.4-minimal@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/libpython3.4-stdlib@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/python3.4-minimal@3.4.3-1ubuntu1~14.04.7

NVD Description

Note: Versions mentioned in the description apply to the upstream python3.4 package. See Remediation section below for Ubuntu:14.04 relevant versions.

Lib/zipfile.py in Python through 3.7.2 allows remote attackers to cause a denial of service (resource consumption) via a ZIP bomb.

Remediation

Upgrade Ubuntu:14.04 python3.4 to version 3.4.3-1ubuntu1~14.04.7+esm7 or higher.

References

low severity

Resource Exhaustion

  • Vulnerable module: python3.4
  • Introduced through: python3.4@3.4.3-1ubuntu1~14.04.7, python3.4/libpython3.4-minimal@3.4.3-1ubuntu1~14.04.7 and others
  • Fixed in: 3.4.3-1ubuntu1~14.04.7+esm6

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* python3.4@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/libpython3.4-minimal@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/libpython3.4-stdlib@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/python3.4-minimal@3.4.3-1ubuntu1~14.04.7

NVD Description

Note: Versions mentioned in the description apply to the upstream python3.4 package. See Remediation section below for Ubuntu:14.04 relevant versions.

Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.

Remediation

Upgrade Ubuntu:14.04 python3.4 to version 3.4.3-1ubuntu1~14.04.7+esm6 or higher.

References

low severity

Resource Exhaustion

  • Vulnerable module: python3.4
  • Introduced through: python3.4@3.4.3-1ubuntu1~14.04.7, python3.4/libpython3.4-minimal@3.4.3-1ubuntu1~14.04.7 and others
  • Fixed in: 3.4.3-1ubuntu1~14.04.7+esm7

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* python3.4@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/libpython3.4-minimal@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/libpython3.4-stdlib@3.4.3-1ubuntu1~14.04.7
  • Introduced through: buildpack-deps:14.04-curl@* python3.4/python3.4-minimal@3.4.3-1ubuntu1~14.04.7

NVD Description

Note: Versions mentioned in the description apply to the upstream python3.4 package. See Remediation section below for Ubuntu:14.04 relevant versions.

Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created. This is fixed in: v3.5.10, v3.5.10rc1; v3.6.12; v3.7.9; v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1; v3.9.0, v3.9.0b4, v3.9.0b5, v3.9.0rc1, v3.9.0rc2.

Remediation

Upgrade Ubuntu:14.04 python3.4 to version 3.4.3-1ubuntu1~14.04.7+esm7 or higher.

References

low severity

Incorrect Permission Assignment for Critical Resource

  • Vulnerable module: shadow/login
  • Introduced through: shadow/login@1:4.1.5.1-1ubuntu9.5 and shadow/passwd@1:4.1.5.1-1ubuntu9.5

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* shadow/login@1:4.1.5.1-1ubuntu9.5
  • Introduced through: buildpack-deps:14.04-curl@* shadow/passwd@1:4.1.5.1-1ubuntu9.5

NVD Description

Note: Versions mentioned in the description apply to the upstream shadow package.

An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used "group blacklisting" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.

Remediation

There is no fixed version for Ubuntu:14.04 shadow.

References

low severity

Out-of-Bounds

  • Vulnerable module: shadow/login
  • Introduced through: shadow/login@1:4.1.5.1-1ubuntu9.5 and shadow/passwd@1:4.1.5.1-1ubuntu9.5

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* shadow/login@1:4.1.5.1-1ubuntu9.5
  • Introduced through: buildpack-deps:14.04-curl@* shadow/passwd@1:4.1.5.1-1ubuntu9.5

NVD Description

Note: Versions mentioned in the description apply to the upstream shadow package.

In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.

Remediation

There is no fixed version for Ubuntu:14.04 shadow.

References

low severity

Time-of-check Time-of-use (TOCTOU)

  • Vulnerable module: shadow/login
  • Introduced through: shadow/login@1:4.1.5.1-1ubuntu9.5 and shadow/passwd@1:4.1.5.1-1ubuntu9.5

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* shadow/login@1:4.1.5.1-1ubuntu9.5
  • Introduced through: buildpack-deps:14.04-curl@* shadow/passwd@1:4.1.5.1-1ubuntu9.5

NVD Description

Note: Versions mentioned in the description apply to the upstream shadow package.

shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees

Remediation

There is no fixed version for Ubuntu:14.04 shadow.

References

low severity

CVE-2020-9991

  • Vulnerable module: sqlite3/libsqlite3-0
  • Introduced through: sqlite3/libsqlite3-0@3.8.2-1ubuntu2.2

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* sqlite3/libsqlite3-0@3.8.2-1ubuntu2.2

NVD Description

Note: Versions mentioned in the description apply to the upstream sqlite3 package.

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iCloud for Windows 7.21, tvOS 14.0. A remote attacker may be able to cause a denial of service.

Remediation

There is no fixed version for Ubuntu:14.04 sqlite3.

References

low severity

Improper Input Validation

  • Vulnerable module: sqlite3/libsqlite3-0
  • Introduced through: sqlite3/libsqlite3-0@3.8.2-1ubuntu2.2
  • Fixed in: 3.8.2-1ubuntu2.2+esm1

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* sqlite3/libsqlite3-0@3.8.2-1ubuntu2.2

NVD Description

Note: Versions mentioned in the description apply to the upstream sqlite3 package. See Remediation section below for Ubuntu:14.04 relevant versions.

os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.

Remediation

Upgrade Ubuntu:14.04 sqlite3 to version 3.8.2-1ubuntu2.2+esm1 or higher.

References

low severity

Improper Input Validation

  • Vulnerable module: sqlite3/libsqlite3-0
  • Introduced through: sqlite3/libsqlite3-0@3.8.2-1ubuntu2.2
  • Fixed in: 3.8.2-1ubuntu2.2+esm1

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* sqlite3/libsqlite3-0@3.8.2-1ubuntu2.2

NVD Description

Note: Versions mentioned in the description apply to the upstream sqlite3 package. See Remediation section below for Ubuntu:14.04 relevant versions.

The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file.

Remediation

Upgrade Ubuntu:14.04 sqlite3 to version 3.8.2-1ubuntu2.2+esm1 or higher.

References

low severity

Information Exposure

  • Vulnerable module: sqlite3/libsqlite3-0
  • Introduced through: sqlite3/libsqlite3-0@3.8.2-1ubuntu2.2

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* sqlite3/libsqlite3-0@3.8.2-1ubuntu2.2

NVD Description

Note: Versions mentioned in the description apply to the upstream sqlite3 package.

An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0. A remote attacker may be able to leak memory.

Remediation

There is no fixed version for Ubuntu:14.04 sqlite3.

References

low severity

Out-of-bounds Read

  • Vulnerable module: sqlite3/libsqlite3-0
  • Introduced through: sqlite3/libsqlite3-0@3.8.2-1ubuntu2.2
  • Fixed in: 3.8.2-1ubuntu2.2+esm1

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* sqlite3/libsqlite3-0@3.8.2-1ubuntu2.2

NVD Description

Note: Versions mentioned in the description apply to the upstream sqlite3 package. See Remediation section below for Ubuntu:14.04 relevant versions.

The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact.

Remediation

Upgrade Ubuntu:14.04 sqlite3 to version 3.8.2-1ubuntu2.2+esm1 or higher.

References

low severity

Use After Free

  • Vulnerable module: sqlite3/libsqlite3-0
  • Introduced through: sqlite3/libsqlite3-0@3.8.2-1ubuntu2.2
  • Fixed in: 3.8.2-1ubuntu2.2+esm1

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* sqlite3/libsqlite3-0@3.8.2-1ubuntu2.2

NVD Description

Note: Versions mentioned in the description apply to the upstream sqlite3 package. See Remediation section below for Ubuntu:14.04 relevant versions.

An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement.

Remediation

Upgrade Ubuntu:14.04 sqlite3 to version 3.8.2-1ubuntu2.2+esm1 or higher.

References

low severity

Improper Access Control

  • Vulnerable module: sudo
  • Introduced through: sudo@1.8.9p5-1ubuntu1.4
  • Fixed in: 1.8.9p5-1ubuntu1.5+esm5

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* sudo@1.8.9p5-1ubuntu1.4

NVD Description

Note: Versions mentioned in the description apply to the upstream sudo package. See Remediation section below for Ubuntu:14.04 relevant versions.

sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function.

Remediation

Upgrade Ubuntu:14.04 sudo to version 1.8.9p5-1ubuntu1.5+esm5 or higher.

References

low severity

Out-of-bounds Write

  • Vulnerable module: sudo
  • Introduced through: sudo@1.8.9p5-1ubuntu1.4
  • Fixed in: 1.8.9p5-1ubuntu1.5+esm3

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* sudo@1.8.9p5-1ubuntu1.4

NVD Description

Note: Versions mentioned in the description apply to the upstream sudo package. See Remediation section below for Ubuntu:14.04 relevant versions.

In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.

Remediation

Upgrade Ubuntu:14.04 sudo to version 1.8.9p5-1ubuntu1.5+esm3 or higher.

References

low severity

Race Condition

  • Vulnerable module: sudo
  • Introduced through: sudo@1.8.9p5-1ubuntu1.4

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* sudo@1.8.9p5-1ubuntu1.4

NVD Description

Note: Versions mentioned in the description apply to the upstream sudo package.

The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed.

Remediation

There is no fixed version for Ubuntu:14.04 sudo.

References

low severity

Authentication Bypass

  • Vulnerable module: systemd/libudev1
  • Introduced through: systemd/libudev1@204-5ubuntu20.31 and systemd/udev@204-5ubuntu20.31

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* systemd/libudev1@204-5ubuntu20.31
  • Introduced through: buildpack-deps:14.04-curl@* systemd/udev@204-5ubuntu20.31

NVD Description

Note: Versions mentioned in the description apply to the upstream systemd package.

An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server.

Remediation

There is no fixed version for Ubuntu:14.04 systemd.

References

low severity

Loop with Unreachable Exit Condition ('Infinite Loop')

  • Vulnerable module: tar
  • Introduced through: tar@1.27.1-1ubuntu0.1
  • Fixed in: 1.27.1-1ubuntu0.1+esm1

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* tar@1.27.1-1ubuntu0.1

NVD Description

Note: Versions mentioned in the description apply to the upstream tar package. See Remediation section below for Ubuntu:14.04 relevant versions.

GNU Tar through 1.30, when --sparse is used, mishandles file shrinkage during read access, which allows local users to cause a denial of service (infinite read loop in sparse_dump_region in sparse.c) by modifying a file that is supposed to be archived by a different user's process (e.g., a system backup running as root).

Remediation

Upgrade Ubuntu:14.04 tar to version 1.27.1-1ubuntu0.1+esm1 or higher.

References

low severity

NULL Pointer Dereference

  • Vulnerable module: tar
  • Introduced through: tar@1.27.1-1ubuntu0.1
  • Fixed in: 1.27.1-1ubuntu0.1+esm1

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* tar@1.27.1-1ubuntu0.1

NVD Description

Note: Versions mentioned in the description apply to the upstream tar package. See Remediation section below for Ubuntu:14.04 relevant versions.

pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.

Remediation

Upgrade Ubuntu:14.04 tar to version 1.27.1-1ubuntu0.1+esm1 or higher.

References

low severity

Arbitrary Command Injection

  • Vulnerable module: util-linux
  • Introduced through: util-linux@2.20.1-5.1ubuntu20.9, util-linux/bsdutils@1:2.20.1-5.1ubuntu20.9 and others

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* util-linux@2.20.1-5.1ubuntu20.9
  • Introduced through: buildpack-deps:14.04-curl@* util-linux/bsdutils@1:2.20.1-5.1ubuntu20.9
  • Introduced through: buildpack-deps:14.04-curl@* util-linux/libblkid1@2.20.1-5.1ubuntu20.9
  • Introduced through: buildpack-deps:14.04-curl@* util-linux/libmount1@2.20.1-5.1ubuntu20.9
  • Introduced through: buildpack-deps:14.04-curl@* util-linux/libuuid1@2.20.1-5.1ubuntu20.9
  • Introduced through: buildpack-deps:14.04-curl@* util-linux/mount@2.20.1-5.1ubuntu20.9

NVD Description

Note: Versions mentioned in the description apply to the upstream util-linux package.

Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code.

Remediation

There is no fixed version for Ubuntu:14.04 util-linux.

References

low severity

Information Exposure

  • Vulnerable module: util-linux
  • Introduced through: util-linux@2.20.1-5.1ubuntu20.9, util-linux/bsdutils@1:2.20.1-5.1ubuntu20.9 and others

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* util-linux@2.20.1-5.1ubuntu20.9
  • Introduced through: buildpack-deps:14.04-curl@* util-linux/bsdutils@1:2.20.1-5.1ubuntu20.9
  • Introduced through: buildpack-deps:14.04-curl@* util-linux/libblkid1@2.20.1-5.1ubuntu20.9
  • Introduced through: buildpack-deps:14.04-curl@* util-linux/libmount1@2.20.1-5.1ubuntu20.9
  • Introduced through: buildpack-deps:14.04-curl@* util-linux/libuuid1@2.20.1-5.1ubuntu20.9
  • Introduced through: buildpack-deps:14.04-curl@* util-linux/mount@2.20.1-5.1ubuntu20.9

NVD Description

Note: Versions mentioned in the description apply to the upstream util-linux package.

(a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line option or (2) attempting to mount a non-existent device, which generates different error messages depending on whether the directory exists.

Remediation

There is no fixed version for Ubuntu:14.04 util-linux.

References

low severity

Resource Management Errors

  • Vulnerable module: util-linux
  • Introduced through: util-linux@2.20.1-5.1ubuntu20.9, util-linux/bsdutils@1:2.20.1-5.1ubuntu20.9 and others

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* util-linux@2.20.1-5.1ubuntu20.9
  • Introduced through: buildpack-deps:14.04-curl@* util-linux/bsdutils@1:2.20.1-5.1ubuntu20.9
  • Introduced through: buildpack-deps:14.04-curl@* util-linux/libblkid1@2.20.1-5.1ubuntu20.9
  • Introduced through: buildpack-deps:14.04-curl@* util-linux/libmount1@2.20.1-5.1ubuntu20.9
  • Introduced through: buildpack-deps:14.04-curl@* util-linux/libuuid1@2.20.1-5.1ubuntu20.9
  • Introduced through: buildpack-deps:14.04-curl@* util-linux/mount@2.20.1-5.1ubuntu20.9

NVD Description

Note: Versions mentioned in the description apply to the upstream util-linux package.

The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.

Remediation

There is no fixed version for Ubuntu:14.04 util-linux.

References

low severity

Information Exposure

  • Vulnerable module: vim/vim-common
  • Introduced through: vim/vim-common@2:7.4.052-1ubuntu3.1 and vim/vim-tiny@2:7.4.052-1ubuntu3.1

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* vim/vim-common@2:7.4.052-1ubuntu3.1
  • Introduced through: buildpack-deps:14.04-curl@* vim/vim-tiny@2:7.4.052-1ubuntu3.1

NVD Description

Note: Versions mentioned in the description apply to the upstream vim package.

fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local users to obtain sensitive information by leveraging an applicable group membership, as demonstrated by /etc/shadow owned by root:shadow mode 0640, but /etc/.shadow.swp owned by root:users mode 0640, a different vulnerability than CVE-2017-1000382.

Remediation

There is no fixed version for Ubuntu:14.04 vim.

References

low severity

Integer Overflow or Wraparound

  • Vulnerable module: vim/vim-common
  • Introduced through: vim/vim-common@2:7.4.052-1ubuntu3.1 and vim/vim-tiny@2:7.4.052-1ubuntu3.1
  • Fixed in: 2:7.4.052-1ubuntu3.1+esm1

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* vim/vim-common@2:7.4.052-1ubuntu3.1
  • Introduced through: buildpack-deps:14.04-curl@* vim/vim-tiny@2:7.4.052-1ubuntu3.1

NVD Description

Note: Versions mentioned in the description apply to the upstream vim package. See Remediation section below for Ubuntu:14.04 relevant versions.

An integer overflow at a u_read_undo memory allocation site would occur for vim before patch 8.0.0377, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.

Remediation

Upgrade Ubuntu:14.04 vim to version 2:7.4.052-1ubuntu3.1+esm1 or higher.

References

low severity

Integer Overflow or Wraparound

  • Vulnerable module: vim/vim-common
  • Introduced through: vim/vim-common@2:7.4.052-1ubuntu3.1 and vim/vim-tiny@2:7.4.052-1ubuntu3.1
  • Fixed in: 2:7.4.052-1ubuntu3.1+esm1

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* vim/vim-common@2:7.4.052-1ubuntu3.1
  • Introduced through: buildpack-deps:14.04-curl@* vim/vim-tiny@2:7.4.052-1ubuntu3.1

NVD Description

Note: Versions mentioned in the description apply to the upstream vim package. See Remediation section below for Ubuntu:14.04 relevant versions.

An integer overflow at an unserialize_uep memory allocation site would occur for vim before patch 8.0.0378, if it does not properly validate values for tree length when reading a corrupted undo file, which may lead to resultant buffer overflows.

Remediation

Upgrade Ubuntu:14.04 vim to version 2:7.4.052-1ubuntu3.1+esm1 or higher.

References

low severity

Integer Overflow or Wraparound

  • Vulnerable module: vim/vim-common
  • Introduced through: vim/vim-common@2:7.4.052-1ubuntu3.1 and vim/vim-tiny@2:7.4.052-1ubuntu3.1
  • Fixed in: 2:7.4.052-1ubuntu3.1+esm1

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* vim/vim-common@2:7.4.052-1ubuntu3.1
  • Introduced through: buildpack-deps:14.04-curl@* vim/vim-tiny@2:7.4.052-1ubuntu3.1

NVD Description

Note: Versions mentioned in the description apply to the upstream vim package. See Remediation section below for Ubuntu:14.04 relevant versions.

vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.

Remediation

Upgrade Ubuntu:14.04 vim to version 2:7.4.052-1ubuntu3.1+esm1 or higher.

References

low severity

OS Command Injection

  • Vulnerable module: vim/vim-common
  • Introduced through: vim/vim-common@2:7.4.052-1ubuntu3.1 and vim/vim-tiny@2:7.4.052-1ubuntu3.1

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* vim/vim-common@2:7.4.052-1ubuntu3.1
  • Introduced through: buildpack-deps:14.04-curl@* vim/vim-tiny@2:7.4.052-1ubuntu3.1

NVD Description

Note: Versions mentioned in the description apply to the upstream vim package.

In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).

Remediation

There is no fixed version for Ubuntu:14.04 vim.

References

low severity

Use After Free

  • Vulnerable module: vim/vim-common
  • Introduced through: vim/vim-common@2:7.4.052-1ubuntu3.1 and vim/vim-tiny@2:7.4.052-1ubuntu3.1
  • Fixed in: 2:7.4.052-1ubuntu3.1+esm1

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* vim/vim-common@2:7.4.052-1ubuntu3.1
  • Introduced through: buildpack-deps:14.04-curl@* vim/vim-tiny@2:7.4.052-1ubuntu3.1

NVD Description

Note: Versions mentioned in the description apply to the upstream vim package. See Remediation section below for Ubuntu:14.04 relevant versions.

Vim 8.0 allows attackers to cause a denial of service (invalid free) or possibly have unspecified other impact via a crafted source (aka -S) file. NOTE: there might be a limited number of scenarios in which this has security relevance.

Remediation

Upgrade Ubuntu:14.04 vim to version 2:7.4.052-1ubuntu3.1+esm1 or higher.

References

low severity

Numeric Errors

  • Vulnerable module: zlib/zlib1g
  • Introduced through: zlib/zlib1g@1:1.2.8.dfsg-1ubuntu1.1

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* zlib/zlib1g@1:1.2.8.dfsg-1ubuntu1.1

NVD Description

Note: Versions mentioned in the description apply to the upstream zlib package.

inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

Remediation

There is no fixed version for Ubuntu:14.04 zlib.

References

low severity

Numeric Errors

  • Vulnerable module: zlib/zlib1g
  • Introduced through: zlib/zlib1g@1:1.2.8.dfsg-1ubuntu1.1

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* zlib/zlib1g@1:1.2.8.dfsg-1ubuntu1.1

NVD Description

Note: Versions mentioned in the description apply to the upstream zlib package.

The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.

Remediation

There is no fixed version for Ubuntu:14.04 zlib.

References

low severity

Numeric Errors

  • Vulnerable module: zlib/zlib1g
  • Introduced through: zlib/zlib1g@1:1.2.8.dfsg-1ubuntu1.1

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* zlib/zlib1g@1:1.2.8.dfsg-1ubuntu1.1

NVD Description

Note: Versions mentioned in the description apply to the upstream zlib package.

The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.

Remediation

There is no fixed version for Ubuntu:14.04 zlib.

References

low severity

Numeric Errors

  • Vulnerable module: zlib/zlib1g
  • Introduced through: zlib/zlib1g@1:1.2.8.dfsg-1ubuntu1.1

Detailed paths

  • Introduced through: buildpack-deps:14.04-curl@* zlib/zlib1g@1:1.2.8.dfsg-1ubuntu1.1

NVD Description

Note: Versions mentioned in the description apply to the upstream zlib package.

inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

Remediation

There is no fixed version for Ubuntu:14.04 zlib.

References