Vulnerabilities |
24 via 56 paths |
---|---|
Dependencies |
134 |
Source |
Docker |
Target OS |
ubuntu:21.10 |
medium severity
- Vulnerable module: curl
- Introduced through: curl@7.74.0-1.3ubuntu2.2 and curl/libcurl4@7.74.0-1.3ubuntu2.2
- Fixed in: 7.74.0-1.3ubuntu2.3
Detailed paths
-
Introduced through: buildpack-deps@21.10-curl › curl@7.74.0-1.3ubuntu2.2
-
Introduced through: buildpack-deps@21.10-curl › curl/libcurl4@7.74.0-1.3ubuntu2.2
NVD Description
Note: Versions mentioned in the description apply only to the upstream curl
package and not the curl
package as distributed by Ubuntu
.
See How to fix?
for Ubuntu:21.10
relevant fixed versions and status.
When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally widen the permissions for the target file, leaving the updated file accessible to more users than intended.
Remediation
Upgrade Ubuntu:21.10
curl
to version 7.74.0-1.3ubuntu2.3 or higher.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-32207
- https://hackerone.com/reports/1573634
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/
- https://www.debian.org/security/2022/dsa-5197
- https://security.netapp.com/advisory/ntap-20220915-0003/
- https://support.apple.com/kb/HT213488
- http://seclists.org/fulldisclosure/2022/Oct/41
- http://seclists.org/fulldisclosure/2022/Oct/28
- https://security.gentoo.org/glsa/202212-01
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/
medium severity
- Vulnerable module: openssl
- Introduced through: openssl@1.1.1l-1ubuntu1.3 and openssl/libssl1.1@1.1.1l-1ubuntu1.3
- Fixed in: 1.1.1l-1ubuntu1.5
Detailed paths
-
Introduced through: buildpack-deps@21.10-curl › openssl@1.1.1l-1ubuntu1.3
-
Introduced through: buildpack-deps@21.10-curl › openssl/libssl1.1@1.1.1l-1ubuntu1.3
NVD Description
Note: Versions mentioned in the description apply only to the upstream openssl
package and not the openssl
package as distributed by Ubuntu
.
See How to fix?
for Ubuntu:21.10
relevant fixed versions and status.
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).
Remediation
Upgrade Ubuntu:21.10
openssl
to version 1.1.1l-1ubuntu1.5 or higher.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-2068
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9639817dac8bbbaa64d09efad7464ccc405527c7
- https://www.openssl.org/news/secadv/20220621.txt
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c9c35870601b4a44d86ddbf512b38df38285cfa
- https://www.debian.org/security/2022/dsa-5169
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/
- https://security.netapp.com/advisory/ntap-20220707-0008/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/
- https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2c9c35870601b4a44d86ddbf512b38df38285cfa
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9639817dac8bbbaa64d09efad7464ccc405527c7
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/
medium severity
- Vulnerable module: sqlite3/libsqlite3-0
- Introduced through: sqlite3/libsqlite3-0@3.35.5-1ubuntu0.1
Detailed paths
-
Introduced through: buildpack-deps@21.10-curl › sqlite3/libsqlite3-0@3.35.5-1ubuntu0.1
NVD Description
Note: Versions mentioned in the description apply only to the upstream sqlite3
package and not the sqlite3
package as distributed by Ubuntu
.
See How to fix?
for Ubuntu:21.10
relevant fixed versions and status.
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A malicious application may cause a denial of service or potentially disclose memory contents.
Remediation
There is no fixed version for Ubuntu:21.10
sqlite3
.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-9794
- https://security-tracker.debian.org/tracker/CVE-2020-9794
- https://support.apple.com/HT211168
- https://support.apple.com/HT211170
- https://support.apple.com/HT211171
- https://support.apple.com/HT211175
- https://support.apple.com/HT211178
- https://support.apple.com/HT211179
- https://support.apple.com/HT211181
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
medium severity
- Vulnerable module: e2fsprogs
- Introduced through: e2fsprogs@1.46.3-1ubuntu3, e2fsprogs/libcom-err2@1.46.3-1ubuntu3 and others
- Fixed in: 1.46.3-1ubuntu3.1
Detailed paths
-
Introduced through: buildpack-deps@21.10-curl › e2fsprogs@1.46.3-1ubuntu3
-
Introduced through: buildpack-deps@21.10-curl › e2fsprogs/libcom-err2@1.46.3-1ubuntu3
-
Introduced through: buildpack-deps@21.10-curl › e2fsprogs/libext2fs2@1.46.3-1ubuntu3
-
Introduced through: buildpack-deps@21.10-curl › e2fsprogs/libss2@1.46.3-1ubuntu3
-
Introduced through: buildpack-deps@21.10-curl › e2fsprogs/logsave@1.46.3-1ubuntu3
NVD Description
Note: Versions mentioned in the description apply only to the upstream e2fsprogs
package and not the e2fsprogs
package as distributed by Ubuntu
.
See How to fix?
for Ubuntu:21.10
relevant fixed versions and status.
An out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.
Remediation
Upgrade Ubuntu:21.10
e2fsprogs
to version 1.46.3-1ubuntu3.1 or higher.
References
medium severity
- Vulnerable module: perl/perl-base
- Introduced through: perl/perl-base@5.32.1-3ubuntu3
Detailed paths
-
Introduced through: buildpack-deps@21.10-curl › perl/perl-base@5.32.1-3ubuntu3
NVD Description
Note: Versions mentioned in the description apply only to the upstream perl
package and not the perl
package as distributed by Ubuntu
.
See How to fix?
for Ubuntu:21.10
relevant fixed versions and status.
CPAN 2.28 allows Signature Verification Bypass.
Remediation
There is no fixed version for Ubuntu:21.10
perl
.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-16156
- https://metacpan.org/pod/distribution/CPAN/scripts/cpan
- https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/
- http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SZ32AJIV4RHJMLWLU5QULGKMMIHYOMDC/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SD6RYOJII7HRJ6WVORFNVTYNOFY5JDXN/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SD6RYOJII7HRJ6WVORFNVTYNOFY5JDXN/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZ32AJIV4RHJMLWLU5QULGKMMIHYOMDC/
medium severity
- Vulnerable module: curl
- Introduced through: curl@7.74.0-1.3ubuntu2.2 and curl/libcurl4@7.74.0-1.3ubuntu2.2
- Fixed in: 7.74.0-1.3ubuntu2.3
Detailed paths
-
Introduced through: buildpack-deps@21.10-curl › curl@7.74.0-1.3ubuntu2.2
-
Introduced through: buildpack-deps@21.10-curl › curl/libcurl4@7.74.0-1.3ubuntu2.2
NVD Description
Note: Versions mentioned in the description apply only to the upstream curl
package and not the curl
package as distributed by Ubuntu
.
See How to fix?
for Ubuntu:21.10
relevant fixed versions and status.
curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.
Remediation
Upgrade Ubuntu:21.10
curl
to version 7.74.0-1.3ubuntu2.3 or higher.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-32206
- https://hackerone.com/reports/1570651
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/
- https://www.debian.org/security/2022/dsa-5197
- https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html
- https://security.netapp.com/advisory/ntap-20220915-0003/
- https://support.apple.com/kb/HT213488
- http://seclists.org/fulldisclosure/2022/Oct/41
- http://seclists.org/fulldisclosure/2022/Oct/28
- https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf
- https://security.gentoo.org/glsa/202212-01
- http://www.openwall.com/lists/oss-security/2023/02/15/3
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/
medium severity
- Vulnerable module: gnupg2/dirmngr
- Introduced through: gnupg2/dirmngr@2.2.20-1ubuntu4, gnupg2/gnupg@2.2.20-1ubuntu4 and others
- Fixed in: 2.2.20-1ubuntu4.1
Detailed paths
-
Introduced through: buildpack-deps@21.10-curl › gnupg2/dirmngr@2.2.20-1ubuntu4
-
Introduced through: buildpack-deps@21.10-curl › gnupg2/gnupg@2.2.20-1ubuntu4
-
Introduced through: buildpack-deps@21.10-curl › gnupg2/gnupg-l10n@2.2.20-1ubuntu4
-
Introduced through: buildpack-deps@21.10-curl › gnupg2/gnupg-utils@2.2.20-1ubuntu4
-
Introduced through: buildpack-deps@21.10-curl › gnupg2/gpg@2.2.20-1ubuntu4
-
Introduced through: buildpack-deps@21.10-curl › gnupg2/gpg-agent@2.2.20-1ubuntu4
-
Introduced through: buildpack-deps@21.10-curl › gnupg2/gpg-wks-client@2.2.20-1ubuntu4
-
Introduced through: buildpack-deps@21.10-curl › gnupg2/gpg-wks-server@2.2.20-1ubuntu4
-
Introduced through: buildpack-deps@21.10-curl › gnupg2/gpgconf@2.2.20-1ubuntu4
-
Introduced through: buildpack-deps@21.10-curl › gnupg2/gpgsm@2.2.20-1ubuntu4
-
Introduced through: buildpack-deps@21.10-curl › gnupg2/gpgv@2.2.20-1ubuntu4
NVD Description
Note: Versions mentioned in the description apply only to the upstream gnupg2
package and not the gnupg2
package as distributed by Ubuntu
.
See How to fix?
for Ubuntu:21.10
relevant fixed versions and status.
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.
Remediation
Upgrade Ubuntu:21.10
gnupg2
to version 2.2.20-1ubuntu4.1 or higher.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-34903
- https://dev.gnupg.org/T6027
- https://bugs.debian.org/1014157
- https://www.openwall.com/lists/oss-security/2022/06/30/1
- http://www.openwall.com/lists/oss-security/2022/07/02/1
- https://www.debian.org/security/2022/dsa-5174
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NPTAR76EIZY7NQFENSOZO7U473257OVZ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VN63GBTMRWO36Y7BKA2WQHROAKCXKCBL/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FRLWJQ76A4UKHI3Q36BKSJKS4LFLQO33/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VU64FUVG2PRZBSHFOQRSP7KDVEIZ23OS/
- https://security.netapp.com/advisory/ntap-20220826-0005/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRLWJQ76A4UKHI3Q36BKSJKS4LFLQO33/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NPTAR76EIZY7NQFENSOZO7U473257OVZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VN63GBTMRWO36Y7BKA2WQHROAKCXKCBL/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU64FUVG2PRZBSHFOQRSP7KDVEIZ23OS/
medium severity
- Vulnerable module: krb5/libgssapi-krb5-2
- Introduced through: krb5/libgssapi-krb5-2@1.18.3-6, krb5/libk5crypto3@1.18.3-6 and others
Detailed paths
-
Introduced through: buildpack-deps@21.10-curl › krb5/libgssapi-krb5-2@1.18.3-6
-
Introduced through: buildpack-deps@21.10-curl › krb5/libk5crypto3@1.18.3-6
-
Introduced through: buildpack-deps@21.10-curl › krb5/libkrb5-3@1.18.3-6
-
Introduced through: buildpack-deps@21.10-curl › krb5/libkrb5support0@1.18.3-6
NVD Description
Note: Versions mentioned in the description apply only to the upstream krb5
package and not the krb5
package as distributed by Ubuntu
.
See How to fix?
for Ubuntu:21.10
relevant fixed versions and status.
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.5 and 1.19.x before 1.19.3 has a NULL pointer dereference in kdc/do_tgs_req.c via a FAST inner body that lacks a server field.
Remediation
There is no fixed version for Ubuntu:21.10
krb5
.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-37750
- https://github.com/krb5/krb5/commit/d775c95af7606a51bf79547a94fa52ddd1cb7f49
- https://security.netapp.com/advisory/ntap-20210923-0002/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MFCLW7D46E4VCREKKH453T5DA4XOLHU2/
- https://github.com/krb5/krb5/releases
- https://web.mit.edu/kerberos/advisories/
- https://lists.debian.org/debian-lts-announce/2021/09/msg00019.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.starwindsoftware.com/security/sw-20220817-0004/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MFCLW7D46E4VCREKKH453T5DA4XOLHU2/
medium severity
- Vulnerable module: wget
- Introduced through: wget@1.21-1ubuntu3
Detailed paths
-
Introduced through: buildpack-deps@21.10-curl › wget@1.21-1ubuntu3
NVD Description
Note: Versions mentioned in the description apply only to the upstream wget
package and not the wget
package as distributed by Ubuntu
.
See How to fix?
for Ubuntu:21.10
relevant fixed versions and status.
GNU Wget through 1.21.1 does not omit the Authorization header upon a redirect to a different origin, a related issue to CVE-2018-1000007.
Remediation
There is no fixed version for Ubuntu:21.10
wget
.
References
medium severity
- Vulnerable module: curl
- Introduced through: curl@7.74.0-1.3ubuntu2.2 and curl/libcurl4@7.74.0-1.3ubuntu2.2
- Fixed in: 7.74.0-1.3ubuntu2.3
Detailed paths
-
Introduced through: buildpack-deps@21.10-curl › curl@7.74.0-1.3ubuntu2.2
-
Introduced through: buildpack-deps@21.10-curl › curl/libcurl4@7.74.0-1.3ubuntu2.2
NVD Description
Note: Versions mentioned in the description apply only to the upstream curl
package and not the curl
package as distributed by Ubuntu
.
See How to fix?
for Ubuntu:21.10
relevant fixed versions and status.
When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.
Remediation
Upgrade Ubuntu:21.10
curl
to version 7.74.0-1.3ubuntu2.3 or higher.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-32208
- https://hackerone.com/reports/1590071
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/
- https://www.debian.org/security/2022/dsa-5197
- https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html
- https://security.netapp.com/advisory/ntap-20220915-0003/
- https://support.apple.com/kb/HT213488
- http://seclists.org/fulldisclosure/2022/Oct/41
- http://seclists.org/fulldisclosure/2022/Oct/28
- https://security.gentoo.org/glsa/202212-01
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/
medium severity
- Vulnerable module: openssl
- Introduced through: openssl@1.1.1l-1ubuntu1.3 and openssl/libssl1.1@1.1.1l-1ubuntu1.3
- Fixed in: 1.1.1l-1ubuntu1.6
Detailed paths
-
Introduced through: buildpack-deps@21.10-curl › openssl@1.1.1l-1ubuntu1.3
-
Introduced through: buildpack-deps@21.10-curl › openssl/libssl1.1@1.1.1l-1ubuntu1.3
NVD Description
Note: Versions mentioned in the description apply only to the upstream openssl
package and not the openssl
package as distributed by Ubuntu
.
See How to fix?
for Ubuntu:21.10
relevant fixed versions and status.
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).
Remediation
Upgrade Ubuntu:21.10
openssl
to version 1.1.1l-1ubuntu1.6 or higher.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-2097
- https://www.openssl.org/news/secadv/20220705.txt
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=a98f339ddd7e8f487d6e0088d4a9a42324885a93
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=919925673d6c9cfed3c1085497f5dfbbed5fc431
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/
- https://security.netapp.com/advisory/ntap-20220715-0011/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/
- https://security.gentoo.org/glsa/202210-02
- https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf
- https://www.debian.org/security/2023/dsa-5343
- https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html
- https://security.netapp.com/advisory/ntap-20230420-0008/
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=919925673d6c9cfed3c1085497f5dfbbed5fc431
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=a98f339ddd7e8f487d6e0088d4a9a42324885a93
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R6CK57NBQFTPUMXAPJURCGXUYT76NQAK/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6567JERRHHJW2GNGJGKDRNHR7SNPZK7/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/
medium severity
- Vulnerable module: curl
- Introduced through: curl@7.74.0-1.3ubuntu2.2 and curl/libcurl4@7.74.0-1.3ubuntu2.2
- Fixed in: 7.74.0-1.3ubuntu2.3
Detailed paths
-
Introduced through: buildpack-deps@21.10-curl › curl@7.74.0-1.3ubuntu2.2
-
Introduced through: buildpack-deps@21.10-curl › curl/libcurl4@7.74.0-1.3ubuntu2.2
NVD Description
Note: Versions mentioned in the description apply only to the upstream curl
package and not the curl
package as distributed by Ubuntu
.
See How to fix?
for Ubuntu:21.10
relevant fixed versions and status.
A malicious server can serve excessive amounts of Set-Cookie:
headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on foo.example.com
can set cookies that also would match for bar.example.com
, making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method.
Remediation
Upgrade Ubuntu:21.10
curl
to version 7.74.0-1.3ubuntu2.3 or higher.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-32205
- https://hackerone.com/reports/1569946
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/
- https://www.debian.org/security/2022/dsa-5197
- https://security.netapp.com/advisory/ntap-20220915-0003/
- https://support.apple.com/kb/HT213488
- http://seclists.org/fulldisclosure/2022/Oct/41
- http://seclists.org/fulldisclosure/2022/Oct/28
- https://cert-portal.siemens.com/productcert/pdf/ssa-333517.pdf
- https://security.gentoo.org/glsa/202212-01
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BEV6BR4MTI3CEWK2YU2HQZUW5FAS3FEY/
low severity
- Vulnerable module: pcre2/libpcre2-8-0
- Introduced through: pcre2/libpcre2-8-0@10.37-0ubuntu2
Detailed paths
-
Introduced through: buildpack-deps@21.10-curl › pcre2/libpcre2-8-0@10.37-0ubuntu2
NVD Description
Note: Versions mentioned in the description apply only to the upstream pcre2
package and not the pcre2
package as distributed by Ubuntu
.
See How to fix?
for Ubuntu:21.10
relevant fixed versions and status.
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the get_recurse_data_length() function of the pcre2_jit_compile.c file. This issue affects recursions in JIT-compiled regular expressions caused by duplicate data transfers.
Remediation
There is no fixed version for Ubuntu:21.10
pcre2
.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-1587
- https://github.com/PCRE2Project/pcre2/commit/03654e751e7f0700693526b67dfcadda6b42c9d0
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M2GLQQUEY5VFM57CFYXVIFOXN2HUZPDM/
- https://bugzilla.redhat.com/show_bug.cgi?id=2077983,
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KAX7767BCUFC7JMDGP7GOQ5GIZCAUGBB/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ/
- https://security.netapp.com/advisory/ntap-20221028-0009/
- https://lists.debian.org/debian-lts-announce/2023/03/msg00014.html
- https://bugzilla.redhat.com/show_bug.cgi?id=2077983%2C
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAX7767BCUFC7JMDGP7GOQ5GIZCAUGBB/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2GLQQUEY5VFM57CFYXVIFOXN2HUZPDM/
low severity
- Vulnerable module: pcre2/libpcre2-8-0
- Introduced through: pcre2/libpcre2-8-0@10.37-0ubuntu2
Detailed paths
-
Introduced through: buildpack-deps@21.10-curl › pcre2/libpcre2-8-0@10.37-0ubuntu2
NVD Description
Note: Versions mentioned in the description apply only to the upstream pcre2
package and not the pcre2
package as distributed by Ubuntu
.
See How to fix?
for Ubuntu:21.10
relevant fixed versions and status.
An out-of-bounds read vulnerability was discovered in the PCRE2 library in the compile_xclass_matchingpath() function of the pcre2_jit_compile.c file. This involves a unicode property matching issue in JIT-compiled regular expressions. The issue occurs because the character was not fully read in case-less matching within JIT.
Remediation
There is no fixed version for Ubuntu:21.10
pcre2
.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-1586
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M2GLQQUEY5VFM57CFYXVIFOXN2HUZPDM/
- https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a,
- https://bugzilla.redhat.com/show_bug.cgi?id=2077976,
- https://github.com/PCRE2Project/pcre2/commit/d4fa336fbcc388f89095b184ba6d99422cfc676c
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KAX7767BCUFC7JMDGP7GOQ5GIZCAUGBB/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ/
- https://security.netapp.com/advisory/ntap-20221028-0009/
- https://lists.debian.org/debian-lts-announce/2023/03/msg00014.html
- https://bugzilla.redhat.com/show_bug.cgi?id=2077976%2C
- https://github.com/PCRE2Project/pcre2/commit/50a51cb7e67268e6ad417eb07c9de9bfea5cc55a%2C
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DWNG2NS3GINO6LQYUVC4BZLUQPJ3DYHA/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXINO3KKI5DICQ45E2FKD6MKVMGJLEKJ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAX7767BCUFC7JMDGP7GOQ5GIZCAUGBB/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2GLQQUEY5VFM57CFYXVIFOXN2HUZPDM/
low severity
- Vulnerable module: glibc/libc-bin
- Introduced through: glibc/libc-bin@2.34-0ubuntu3.2 and glibc/libc6@2.34-0ubuntu3.2
Detailed paths
-
Introduced through: buildpack-deps@21.10-curl › glibc/libc-bin@2.34-0ubuntu3.2
-
Introduced through: buildpack-deps@21.10-curl › glibc/libc6@2.34-0ubuntu3.2
NVD Description
Note: Versions mentioned in the description apply only to the upstream glibc
package and not the glibc
package as distributed by Ubuntu
.
See How to fix?
for Ubuntu:21.10
relevant fixed versions and status.
sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.
Remediation
There is no fixed version for Ubuntu:21.10
glibc
.
References
low severity
- Vulnerable module: gmp/libgmp10
- Introduced through: gmp/libgmp10@2:6.2.1+dfsg-1ubuntu2
Detailed paths
-
Introduced through: buildpack-deps@21.10-curl › gmp/libgmp10@2:6.2.1+dfsg-1ubuntu2
NVD Description
Note: Versions mentioned in the description apply only to the upstream gmp
package and not the gmp
package as distributed by Ubuntu
.
See How to fix?
for Ubuntu:21.10
relevant fixed versions and status.
GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.
Remediation
There is no fixed version for Ubuntu:21.10
gmp
.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2021-43618
- https://bugs.debian.org/994405
- https://gmplib.org/list-archives/gmp-bugs/2021-September/005077.html
- https://gmplib.org/repo/gmp-6.2/rev/561a9c25298e
- https://lists.debian.org/debian-lts-announce/2021/12/msg00001.html
- http://www.openwall.com/lists/oss-security/2022/10/13/3
- http://seclists.org/fulldisclosure/2022/Oct/8
- https://security.netapp.com/advisory/ntap-20221111-0001/
- https://security.gentoo.org/glsa/202309-13
low severity
- Vulnerable module: krb5/libgssapi-krb5-2
- Introduced through: krb5/libgssapi-krb5-2@1.18.3-6, krb5/libk5crypto3@1.18.3-6 and others
Detailed paths
-
Introduced through: buildpack-deps@21.10-curl › krb5/libgssapi-krb5-2@1.18.3-6
-
Introduced through: buildpack-deps@21.10-curl › krb5/libk5crypto3@1.18.3-6
-
Introduced through: buildpack-deps@21.10-curl › krb5/libkrb5-3@1.18.3-6
-
Introduced through: buildpack-deps@21.10-curl › krb5/libkrb5support0@1.18.3-6
NVD Description
Note: Versions mentioned in the description apply only to the upstream krb5
package and not the krb5
package as distributed by Ubuntu
.
See How to fix?
for Ubuntu:21.10
relevant fixed versions and status.
An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.
Remediation
There is no fixed version for Ubuntu:21.10
krb5
.
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5709
- https://security-tracker.debian.org/tracker/CVE-2018-5709
- https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2018-5709
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
low severity
- Vulnerable module: pcre3/libpcre3
- Introduced through: pcre3/libpcre3@2:8.39-13ubuntu0.21.10.1
Detailed paths
-
Introduced through: buildpack-deps@21.10-curl › pcre3/libpcre3@2:8.39-13ubuntu0.21.10.1
NVD Description
Note: Versions mentioned in the description apply only to the upstream pcre3
package and not the pcre3
package as distributed by Ubuntu
.
See How to fix?
for Ubuntu:21.10
relevant fixed versions and status.
In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.
Remediation
There is no fixed version for Ubuntu:21.10
pcre3
.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-11164
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11164
- https://security-tracker.debian.org/tracker/CVE-2017-11164
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
- http://openwall.com/lists/oss-security/2017/07/11/3
- http://www.securityfocus.com/bid/99575
- http://www.openwall.com/lists/oss-security/2023/04/11/1
- http://www.openwall.com/lists/oss-security/2023/04/12/1
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
low severity
- Vulnerable module: sqlite3/libsqlite3-0
- Introduced through: sqlite3/libsqlite3-0@3.35.5-1ubuntu0.1
Detailed paths
-
Introduced through: buildpack-deps@21.10-curl › sqlite3/libsqlite3-0@3.35.5-1ubuntu0.1
NVD Description
Note: Versions mentioned in the description apply only to the upstream sqlite3
package and not the sqlite3
package as distributed by Ubuntu
.
See How to fix?
for Ubuntu:21.10
relevant fixed versions and status.
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iCloud for Windows 7.21, tvOS 14.0. A remote attacker may be able to cause a denial of service.
Remediation
There is no fixed version for Ubuntu:21.10
sqlite3
.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-9991
- https://support.apple.com/kb/HT211846
- http://seclists.org/fulldisclosure/2020/Dec/32
- https://support.apple.com/en-us/HT211843
- https://support.apple.com/en-us/HT211844
- https://support.apple.com/en-us/HT211847
- https://support.apple.com/en-us/HT211850
- https://support.apple.com/en-us/HT211931
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
low severity
- Vulnerable module: tar
- Introduced through: tar@1.34+dfsg-1build1
Detailed paths
-
Introduced through: buildpack-deps@21.10-curl › tar@1.34+dfsg-1build1
NVD Description
Note: Versions mentioned in the description apply only to the upstream tar
package and not the tar
package as distributed by Ubuntu
.
See How to fix?
for Ubuntu:21.10
relevant fixed versions and status.
pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.
Remediation
There is no fixed version for Ubuntu:21.10
tar
.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-9923
- https://security-tracker.debian.org/tracker/CVE-2019-9923
- http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120
- http://savannah.gnu.org/bugs/?55369
- https://bugs.launchpad.net/ubuntu/+source/tar/+bug/1810241
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00077.html
- https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E
low severity
- Vulnerable module: ncurses/libncurses6
- Introduced through: ncurses/libncurses6@6.2+20201114-2build1, ncurses/libncursesw6@6.2+20201114-2build1 and others
Detailed paths
-
Introduced through: buildpack-deps@21.10-curl › ncurses/libncurses6@6.2+20201114-2build1
-
Introduced through: buildpack-deps@21.10-curl › ncurses/libncursesw6@6.2+20201114-2build1
-
Introduced through: buildpack-deps@21.10-curl › ncurses/libtinfo6@6.2+20201114-2build1
-
Introduced through: buildpack-deps@21.10-curl › ncurses/ncurses-base@6.2+20201114-2build1
-
Introduced through: buildpack-deps@21.10-curl › ncurses/ncurses-bin@6.2+20201114-2build1
NVD Description
Note: Versions mentioned in the description apply only to the upstream ncurses
package and not the ncurses
package as distributed by Ubuntu
.
See How to fix?
for Ubuntu:21.10
relevant fixed versions and status.
ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.
Remediation
There is no fixed version for Ubuntu:21.10
ncurses
.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-29458
- https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html
- https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html
- https://support.apple.com/kb/HT213488
- https://lists.debian.org/debian-lts-announce/2022/10/msg00037.html
- http://seclists.org/fulldisclosure/2022/Oct/41
- http://seclists.org/fulldisclosure/2022/Oct/28
low severity
- Vulnerable module: coreutils
- Introduced through: coreutils@8.32-4ubuntu2
Detailed paths
-
Introduced through: buildpack-deps@21.10-curl › coreutils@8.32-4ubuntu2
NVD Description
Note: Versions mentioned in the description apply only to the upstream coreutils
package and not the coreutils
package as distributed by Ubuntu
.
See How to fix?
for Ubuntu:21.10
relevant fixed versions and status.
chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.
Remediation
There is no fixed version for Ubuntu:21.10
coreutils
.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2781
- https://security-tracker.debian.org/tracker/CVE-2016-2781
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
- http://www.openwall.com/lists/oss-security/2016/02/28/2
- http://www.openwall.com/lists/oss-security/2016/02/28/3
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
low severity
- Vulnerable module: sqlite3/libsqlite3-0
- Introduced through: sqlite3/libsqlite3-0@3.35.5-1ubuntu0.1
Detailed paths
-
Introduced through: buildpack-deps@21.10-curl › sqlite3/libsqlite3-0@3.35.5-1ubuntu0.1
NVD Description
Note: Versions mentioned in the description apply only to the upstream sqlite3
package and not the sqlite3
package as distributed by Ubuntu
.
See How to fix?
for Ubuntu:21.10
relevant fixed versions and status.
An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0. A remote attacker may be able to leak memory.
Remediation
There is no fixed version for Ubuntu:21.10
sqlite3
.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2020-9849
- http://seclists.org/fulldisclosure/2020/Dec/32
- https://support.apple.com/en-us/HT211843
- https://support.apple.com/en-us/HT211844
- https://support.apple.com/en-us/HT211850
- https://support.apple.com/en-us/HT211931
- https://support.apple.com/en-us/HT211935
- https://support.apple.com/en-us/HT211952
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E
low severity
- Vulnerable module: shadow/login
- Introduced through: shadow/login@1:4.8.1-1ubuntu9 and shadow/passwd@1:4.8.1-1ubuntu9
Detailed paths
-
Introduced through: buildpack-deps@21.10-curl › shadow/login@1:4.8.1-1ubuntu9
-
Introduced through: buildpack-deps@21.10-curl › shadow/passwd@1:4.8.1-1ubuntu9
NVD Description
Note: Versions mentioned in the description apply only to the upstream shadow
package and not the shadow
package as distributed by Ubuntu
.
See How to fix?
for Ubuntu:21.10
relevant fixed versions and status.
shadow: TOCTOU (time-of-check time-of-use) race condition when copying and removing directory trees
Remediation
There is no fixed version for Ubuntu:21.10
shadow
.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2013-4235
- https://security-tracker.debian.org/tracker/CVE-2013-4235
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235
- https://access.redhat.com/security/cve/cve-2013-4235
- https://security.gentoo.org/glsa/202210-26
- https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E