Docker debian:jessie-20190506

Overview

An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support "saved UID" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected.

References

• CONFIRM
• Debian Security Tracker
• GitHub Commit
• MISC
• MISC
• Ubuntu CVE Tracker

Overview

BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.

References

• BUGTRAQ
• BUGTRAQ
• CONFIRM
• CVE Details
• Debian Security Announcement
• Debian Security Tracker
• FREEBSD
• MISC
• MISC
• MISC
• MISC
• MLIST
• MLIST
• MLIST
• MLIST
• SUSE
• SUSE
• SUSE
• SUSE
• UBUNTU
• UBUNTU
• Ubuntu CVE Tracker
• Ubuntu Security Advisory
• Ubuntu Security Advisory

Overview

dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.

References

• Debian Security Tracker
• OSS security Advisory
• Security Focus
• Ubuntu CVE Tracker

Overview

stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.

References

• CONFIRM
• Debian Security Tracker
• MISC

Overview

stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in function.c in GNU Compiler Collection (GCC) 4.1 through 8 (under certain circumstances) generate instruction sequences when targeting ARM targets that spill the address of the stack protector guard, which allows an attacker to bypass the protection of -fstack-protector, -fstack-protector-all, -fstack-protector-strong, and -fstack-protector-explicit against stack overflow by controlling what the stack canary is compared against.

References

• CONFIRM
• Debian Security Tracker
• MISC

Overview

** DISPUTED ** GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is: In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it. ldd execute code. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."

References

• CONFIRM
• Debian Security Tracker
• MISC
• Security Focus
• UBUNTU

Overview

In the GNU C Library (aka glibc or libc6) before 2.28, parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service (assertion failure and application exit) or trigger an incorrect result by attempting a regular-expression match.

References

• CONFIRM
• CONFIRM
• Debian Security Tracker
• MISC
• MISC
• MISC
• MISC
• MISC
• MISC
• MISC
• Netapp Security Advisory
• Ubuntu CVE Tracker

Overview

The string component in the GNU C Library (aka glibc or libc6) through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for size_t in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as demonstrated by a crash in __memmove_avx_unaligned_erms in sysdeps/x86_64/multiarch/memmove-vec-unaligned-erms.S during a memcpy.

References

• Debian Security Tracker
• GENTOO
• MISC
• Security Focus

Overview

A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached and amplified through the LD_HWCAP_MASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.

References

• Debian Security Tracker
• Exploit DB
• Netapp Security Advisory
• OSS security Advisory
• OSS security Advisory
• OSS security Advisory
• Oss-Sec Mailing List
• Ubuntu CVE Tracker

Overview

res_query in libresolv in glibc before 2.25 allows remote attackers to cause a denial of service (NULL pointer dereference and process crash).

References

• Debian Security Tracker
• Gentoo Security Advisory
• MISC
• RHSA Security Advisory
• RedHat Bugzilla Bug
• Security Focus
• Ubuntu CVE Tracker
• Ubuntu Security Advisory
• Ubuntu Security Advisory
• https://sourceware.org/bugzilla/attachment.cgi?id=8492
• https://sourceware.org/bugzilla/show_bug.cgi?id=18784
• https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=fc82b0a2dfe7dbd35671c10510a8da1043d746a5
• https://sourceware.org/ml/libc-alpha/2017-02/msg00079.html

Overview

The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27 contains a buffer overflow during unescaping of user names with the ~ operator.

References

• CONFIRM
• CONFIRM
• Debian Security Tracker
• RHSA Security Advisory
• RHSA Security Advisory
• Security Focus
• Ubuntu CVE Tracker

Overview

A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.

References

• Debian Security Tracker
• Exploit DB
• Netapp Security Advisory
• Oss-Sec Mailing List
• Ubuntu CVE Tracker

Overview

The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error leading to a heap-based buffer overflow in the glob function in glob.c, related to the processing of home directories using the ~ operator followed by a long string.

References

• CONFIRM
• Debian Security Tracker
• RHSA Security Advisory
• RHSA Security Advisory
• Security Focus
• Ubuntu CVE Tracker

Overview

Multiple stack-based buffer overflows in the GNU C Library (aka glibc or libc6) before 2.23 allow context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long argument to the (1) nan, (2) nanf, or (3) nanl function.

References

• BUGTRAQ
• Bugtraq Mailing List
• CONFIRM
• Debian Security Tracker
• FULLDISC
• Fedora Security Announcement
• Gentoo Security Advisory
• MISC
• MISC
• MLIST
• OSS security Advisory
• OSS security Advisory
• OpenSuse Security Announcement
• OpenSuse Security Announcement
• OpenSuse Security Announcement
• OpenSuse Security Announcement
• OpenSuse Security Announcement
• RHSA Security Advisory
• RedHat Security Advisory
• Seclists Full Disclosure
• Security Focus
• Ubuntu CVE Tracker
• Ubuntu Security Advisory
• Ubuntu Security Advisory

Overview

** DISPUTED ** GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guard. NOTE: Upstream comments indicate "this is being treated as a non-security bug and no real threat."

References

• Debian Security Tracker
• MISC
• UBUNTU

Overview

In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.

References

• CONFIRM
• CONFIRM
• Debian Security Tracker
• GENTOO
• MISC
• MISC
• MISC
• MISC
• Netapp Security Advisory
• Security Focus
• UBUNTU
• Ubuntu CVE Tracker

Overview

An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.

References

• CONFIRM
• Debian Bug Report
• Debian Security Tracker
• Netapp Security Advisory
• Oracle Security Advisory
• REDHAT
• RHSA Security Advisory
• Security Focus
• UBUNTU
• Ubuntu CVE Tracker
• Ubuntu Security Advisory

Overview

stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.

References

• Debian Security Tracker
• MISC
• MISC
• Netapp Security Advisory
• Netapp Security Advisory
• Oracle Security Advisory
• REDHAT
• RHSA Security Advisory
• Security Focus
• UBUNTU
• Ubuntu CVE Tracker

Overview

In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.

References

• Debian Security Tracker
• Exploit DB
• Exploit DB
• MISC
• Netapp Security Advisory
• Oss-Sec Mailing List
• RHSA Security Advisory
• Security Focus
• Security Tracker
• Ubuntu CVE Tracker
• Ubuntu Security Advisory
• Ubuntu Security Advisory

Overview

An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.

References

• Debian Security Tracker
• Exploit DB
• MISC
• Netapp Security Advisory
• Netapp Security Advisory
• Oracle Security Advisory
• REDHAT
• RHSA Security Advisory
• Security Focus
• UBUNTU
• Ubuntu CVE Tracker

Overview

An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability.

References

• ADVISORY
• Debian Security Tracker
• GENTOO
• MISC
• Netapp Security Advisory
• RedHat Bugzilla Bug
• UBUNTU

Overview

** DISPUTED ** In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(|)(\1\1)*' in grep, a different issue than CVE-2018-20796. NOTE: the software maintainer disputes that this is a vulnerability because the behavior occurs only with a crafted pattern.

References

• CONFIRM
• Debian Security Tracker
• MISC
• Ubuntu CVE Tracker

Overview

In the GNU C Library (aka glibc or libc6) through 2.29, check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion, as demonstrated by '(\227|)(\1\1|t1|\\2537)+' in grep.

References

• CONFIRM
• Debian Security Tracker
• MISC
• MISC
• Netapp Security Advisory
• Security Focus
• Ubuntu CVE Tracker

Overview

elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.

References

• CONFIRM
• CONFIRM
• Debian Bug Report
• Debian Security Tracker
• REDHAT
• RHSA Security Advisory
• Security Focus
• Ubuntu CVE Tracker

Overview

A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that, when processed by the glob function, would potentially lead to arbitrary code execution. This was fixed in version 2.32.

References

• CONFIRM
• CONFIRM
• Debian Security Tracker
• Netapp Security Advisory
• RedHat Bugzilla Bug
• UBUNTU
• Ubuntu CVE Tracker

Overview

cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.

References

• Debian Security Tracker
• MISC
• MISC
• MISC
• MISC

Overview

A flaw was found in the way certificate signatures could be forged using collisions found in the SHA-1 algorithm. An attacker could use this weakness to create forged certificate signatures. This issue affects GnuPG versions before 2.2.18.

References

• ADVISORY
• Debian Security Tracker
• MISC
• MISC
• MISC
• RedHat Bugzilla Bug
• UBUNTU
• Ubuntu CVE Tracker

Overview

cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.

References

• Debian Security Tracker
• MISC
• MISC
• MISC
• MISC

Overview

The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack.

References

• CVE Details
• Debian Security Advisory
• Debian Security Tracker
• Gentoo Security Advisory
• MLIST
• RedHat Bugzilla Bug
• Ubuntu CVE Tracker
• Ubuntu Security Advisory

Overview

In ncurses before 6.1.20180414, there is a NULL Pointer Dereference in the _nc_parse_entry function of tinfo/parse_entry.c. It could lead to a remote denial of service if the terminfo library code is used to process untrusted terminfo data in which a use-name is invalid syntax. The product proceeds to the dereference code path even after a "dubious character `[' in name or alias field" detection.

References

• CVE Details
• Debian Security Tracker
• MISC
• MISC
• RedHat Bugzilla Bug

Overview

Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.

References

• CVE Details
• Debian Security Tracker
• Gentoo Security Advisory
• MISC
• RHSA Security Advisory
• Security Focus
• Ubuntu CVE Tracker

Overview

Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.

References

• CVE Details
• Debian Security Tracker
• Gentoo Security Advisory
• MISC
• RHSA Security Advisory
• Security Focus
• Ubuntu CVE Tracker

Overview

libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.

References

• CONFIRM
• CONFIRM
• CONFIRM
• CONFIRM
• CONFIRM
• CVE Details
• Debian Security Tracker
• Gentoo Security Advisory
• Gentoo Security Advisory
• MISC
• RHSA Security Advisory
• Security Focus
• Ubuntu CVE Tracker

Overview

PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\.|([^\\W_])?)+)+$/.

References

• CONFIRM
• CONFIRM
• Debian Security Tracker
• IBM Security Bulletin
• OSS security Advisory
• Oracle Security Bulletin
• RHSA Security Advisory
• RedHat Bugzilla Bug
• RedHat Security Advisory
• RedHat Security Advisory
• Security Focus

Overview

Affected versions of this package are vulnerable to Out-of-bounds Read libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.

Remediation

There is no fixed version for pcre3.

References

• ADVISORY
• ADVISORY
• CONFIRM
• FULLDISC
• MISC
• MISC

Overview

In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.

References

• CVE Details
• Debian Security Tracker
• OSS security Advisory
• Security Focus
• Ubuntu CVE Tracker

Overview

Affected versions of this package are vulnerable to Buffer Overflow regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.

Remediation

There is no fixed version for perl.

References

• CONFIRM
• CONFIRM
• CONFIRM
• CONFIRM
• Debian Security Tracker
• FEDORA
• GENTOO
• MISC
• MISC
• MISC
• SUSE
• Ubuntu CVE Tracker

Overview

Affected versions of this package are vulnerable to Integer Overflow or Wraparound. Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.

Remediation

There is no fixed version for perl.

References

• CONFIRM
• CONFIRM
• CONFIRM
• CONFIRM
• CONFIRM
• Debian Security Tracker
• FEDORA
• GENTOO
• MISC
• SUSE
• Ubuntu CVE Tracker

Overview

_is_safe in the File::Temp module for Perl does not properly handle symlinks.

References

• Debian Security Tracker
• GitHub Issue
• MISC
• OSS security Advisory
• OSS security Advisory
• Oss-Sec Mailing List

Overview

An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.

References

• CONFIRM
• CVE Details
• Debian Security Advisory
• Debian Security Tracker
• Gentoo Security Advisory
• MISC
• RHSA Security Advisory
• Security Tracker
• Security Tracker
• Ubuntu CVE Tracker
• Ubuntu Security Advisory

Overview

Affected versions of this package are vulnerable to Out-of-bounds Write. Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.

Remediation

There is no fixed version for perl.

References

• CONFIRM
• CONFIRM
• CONFIRM
• CONFIRM
• Debian Security Tracker
• FEDORA
• GENTOO
• MISC
• SUSE
• Ubuntu CVE Tracker

Overview

shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affects shadow 4.8 when compiled using --with-libpam but without explicitly passing --disable-account-tools-setuid, and without a PAM configuration suitable for use with setuid account management tools. This combination leads to account management tools (groupadd, groupdel, groupmod, useradd, userdel, usermod) that can easily be used by unprivileged local users to escalate privileges to root in multiple ways. This issue became much more relevant in approximately December 2019 when an unrelated bug was fixed (i.e., the chmod calls to suidusbins were fixed in the upstream Makefile which is now included in the release version 4.8).

References

• Debian Security Tracker
• GENTOO
• GitHub Commit
• GitHub PR
• GitHub PR
• MISC
• MISC

Overview

In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This crosses a privilege boundary in, for example, certain web-hosting environments in which a Control Panel allows an unprivileged user account to create subaccounts.

References

• CVE Details
• Debian Bug Report
• Debian Security Tracker
• Gentoo Security Advisory
• GitHub Commit
• Ubuntu CVE Tracker
• https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1266675

Overview

systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.

References

• Debian Security Tracker
• GitHub Issue
• OpenSuse Security Announcement
• Ubuntu CVE Tracker
• Ubuntu Security Advisory
• Ubuntu Security Advisory

Overview

systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.

References

• Debian Security Tracker
• GitHub Commit
• GitHub PR
• MISC
• Netapp Security Advisory
• Security Focus
• Ubuntu CVE Tracker

Overview

Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.

This is considered intended behaviour, as tar is an archiving tool and one needs to give -p as a command line flag

References

• Debian Security Tracker
• HP Security Bulletin

Overview

pax_decode_header in sparse.c in GNU Tar before 1.32 had a NULL pointer dereference when parsing certain archives that have malformed extended headers.

References

• Debian Security Tracker
• MISC
• MISC
• MISC
• OpenSuse Security Announcement
• Ubuntu CVE Tracker

Overview

runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

References

• Debian Bug Report
• Debian Security Tracker
• OSS security Advisory
• OSS security Advisory
• Ubuntu CVE Tracker

Overview

The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and possibly other attacks.

References

• Debian Security Tracker
• GitHub Commit
• OSS security Advisory
• RedHat Bugzilla Bug
• Security Focus

Overview

inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

References

• Apple Security Advisory
• Apple Security Advisory
• Apple Security Advisory
• Apple Security Advisory
• CVE Details
• Debian Security Announcement
• Debian Security Tracker
• GENTOO
• Gentoo Security Advisory
• GitHub Commit
• MISC
• MISC
• MISC
• MLIST
• Netapp Security Advisory
• OSS security Advisory
• OpenSuse Security Update
• OpenSuse Security Update
• OpenSuse Security Update
• Oracle Security Advisory
• Oracle Security Advisory
• Oracle Security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• RedHat Bugzilla Bug
• Security Focus
• Security Tracker
• Security Tracker
• UBUNTU
• UBUNTU
• Ubuntu CVE Tracker

Overview

The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.

References

• Apple Security Advisory
• Apple Security Advisory
• Apple Security Advisory
• Apple Security Advisory
• CVE Details
• Debian Security Announcement
• Debian Security Tracker
• GENTOO
• Gentoo Security Advisory
• GitHub Commit
• MISC
• MISC
• MISC
• MLIST
• Netapp Security Advisory
• OSS security Advisory
• OpenSuse Security Update
• OpenSuse Security Update
• OpenSuse Security Update
• Oracle Security Advisory
• Oracle Security Advisory
• Oracle Security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• RedHat Bugzilla Bug
• Security Focus
• Security Tracker
• Security Tracker
• UBUNTU
• UBUNTU
• Ubuntu CVE Tracker

Overview

The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.

References

• Apple Security Advisory
• Apple Security Advisory
• Apple Security Advisory
• Apple Security Advisory
• CVE Details
• Debian Security Announcement
• Debian Security Tracker
• GENTOO
• Gentoo Security Advisory
• GitHub Commit
• MISC
• MISC
• MISC
• MLIST
• OSS security Advisory
• OpenSuse Security Update
• OpenSuse Security Update
• OpenSuse Security Update
• Oracle Security Advisory
• Oracle Security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• RedHat Bugzilla Bug
• Security Focus
• Security Tracker
• UBUNTU
• UBUNTU
• Ubuntu CVE Tracker

Overview

inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.

References

• Apple Security Advisory
• Apple Security Advisory
• Apple Security Advisory
• Apple Security Advisory
• CVE Details
• Debian Security Announcement
• Debian Security Tracker
• GENTOO
• Gentoo Security Advisory
• GitHub Commit
• MISC
• MISC
• MISC
• MLIST
• OSS security Advisory
• OpenSuse Security Update
• OpenSuse Security Update
• OpenSuse Security Update
• Oracle Security Advisory
• Oracle Security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• RedHat Bugzilla Bug
• Security Focus
• Security Tracker
• UBUNTU
• UBUNTU
• Ubuntu CVE Tracker