Vulnerabilities |
2 via 5 paths |
---|---|
Dependencies |
173 |
Source |
Docker |
Target OS |
ubuntu:19.04 |
medium severity
- Vulnerable module: libbsd/libbsd0
- Introduced through: libbsd/libbsd0@0.9.1-2
- Fixed in: 0.9.1-2ubuntu0.1
Detailed paths
-
Introduced through: buildpack-deps@disco-scm › libbsd/libbsd0@0.9.1-2
NVD Description
Note: Versions mentioned in the description apply only to the upstream libbsd
package and not the libbsd
package as distributed by Ubuntu
.
See How to fix?
for Ubuntu:19.04
relevant fixed versions and status.
nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab).
Remediation
Upgrade Ubuntu:19.04
libbsd
to version 0.9.1-2ubuntu0.1 or higher.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-20367
- https://security-tracker.debian.org/tracker/CVE-2019-20367
- https://gitlab.freedesktop.org/libbsd/libbsd/commit/9d917aad37778a9f4a96ba358415f077f3f36f3b
- https://lists.freedesktop.org/archives/libbsd/2019-August/000229.html
- https://lists.apache.org/thread.html/r0e913668380f59bcbd14fdd8ae8d24f95f99995e290cd18a7822c6e5@%3Cdev.tomee.apache.org%3E
- https://lists.apache.org/thread.html/ra781e51cf1ec40381c98cddc073b3576fb56c3978f4564d2fa431550@%3Cdev.tomee.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2021/02/msg00027.html
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00043.html
- https://usn.ubuntu.com/4243-1/
- https://lists.apache.org/thread.html/r0e913668380f59bcbd14fdd8ae8d24f95f99995e290cd18a7822c6e5%40%3Cdev.tomee.apache.org%3E
- https://lists.apache.org/thread.html/ra781e51cf1ec40381c98cddc073b3576fb56c3978f4564d2fa431550%40%3Cdev.tomee.apache.org%3E
medium severity
- Vulnerable module: e2fsprogs
- Introduced through: e2fsprogs@1.44.6-1ubuntu0.1, e2fsprogs/libcom-err2@1.44.6-1ubuntu0.1 and others
- Fixed in: 1.44.6-1ubuntu0.2
Detailed paths
-
Introduced through: buildpack-deps@disco-scm › e2fsprogs@1.44.6-1ubuntu0.1
-
Introduced through: buildpack-deps@disco-scm › e2fsprogs/libcom-err2@1.44.6-1ubuntu0.1
-
Introduced through: buildpack-deps@disco-scm › e2fsprogs/libext2fs2@1.44.6-1ubuntu0.1
-
Introduced through: buildpack-deps@disco-scm › e2fsprogs/libss2@1.44.6-1ubuntu0.1
NVD Description
Note: Versions mentioned in the description apply only to the upstream e2fsprogs
package and not the e2fsprogs
package as distributed by Ubuntu
.
See How to fix?
for Ubuntu:19.04
relevant fixed versions and status.
A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.
Remediation
Upgrade Ubuntu:19.04
e2fsprogs
to version 1.44.6-1ubuntu0.2 or higher.
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2019-5188
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5188
- https://security-tracker.debian.org/tracker/CVE-2019-5188
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/
- https://lists.debian.org/debian-lts-announce/2020/03/msg00030.html
- https://lists.debian.org/debian-lts-announce/2020/07/msg00021.html
- http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00004.html
- https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973
- https://usn.ubuntu.com/4249-1/
- https://security.netapp.com/advisory/ntap-20220506-0001/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AKETJ6BREDUHRWQTV35SPGG5C6H7KSI/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6DOBCYQKCTTWXBLMUPJ5TX3FY7JNCOKY/