Docker humio/humio:1.0.67

Overview

In all versions of AppArmor mount rules are accidentally widened when compiled.

References

• Debian Security Tracker
• MISC
• MLIST
• Ubuntu CVE Tracker

Overview

Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files.

References

• Debian Security Tracker
• FEDORA
• GitHub Issue
• MISC
• MISC
• MISC
• MISC
• UBUNTU
• Ubuntu CVE Tracker
• Ubuntu Security Advisory

Overview

Affected versions of this package are vulnerable to Integer Overflow or Wraparound. APT had several integer overflows and underflows while parsing .deb packages, aka GHSL-2020-168 GHSL-2020-169, in files apt-pkg/contrib/extracttar.cc, apt-pkg/deb/debfile.cc, and apt-pkg/contrib/arfile.cc. This issue affects: apt 1.2.32ubuntu0 versions prior to 1.2.32ubuntu0.2; 1.6.12ubuntu0 versions prior to 1.6.12ubuntu0.2; 2.0.2ubuntu0 versions prior to 2.0.2ubuntu0.2; 2.1.10ubuntu0 versions prior to 2.1.10ubuntu0.1;

Remediation

Upgrade apt to version or higher.

References

• ADVISORY
• CONFIRM
• CONFIRM
• DEBIAN
• UBUNTU

Overview

BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.

References

• BUGTRAQ
• BUGTRAQ
• CONFIRM
• CVE Details
• Debian Security Announcement
• Debian Security Tracker
• FREEBSD
• MISC
• MISC
• MISC
• MISC
• MLIST
• MLIST
• MLIST
• MLIST
• SUSE
• SUSE
• SUSE
• SUSE
• UBUNTU
• UBUNTU
• Ubuntu CVE Tracker
• Ubuntu Security Advisory
• Ubuntu Security Advisory

Overview

Affected versions of this package are vulnerable to Arbitrary Code Injection curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.

Remediation

Upgrade curl to version or higher.

References

• ADVISORY
• ADVISORY
• MISC
• MISC

Overview

Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.

References

• ADVISORY
• BUGTRAQ
• CONFIRM
• CONFIRM
• CONFIRM
• DEBIAN
• Debian Security Tracker
• FEDORA
• Fedora Security Update
• Fedora Security Update
• GENTOO
• MISC
• MISC
• N/A
• OpenSuse Security Announcement
• OpenSuse Security Announcement
• Ubuntu CVE Tracker

Overview

Affected versions of this package are vulnerable to Improper Certificate Validation curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.

Remediation

Upgrade curl to version or higher.

References

• ADVISORY
• CONFIRM
• FEDORA
• FEDORA
• GENTOO
• MISC
• MISC
• MLIST

Overview

curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)

References

• CONFIRM
• CONFIRM
• CONFIRM
• CVE Details
• Debian Security Advisory
• Debian Security Tracker
• Gentoo Security Advisory
• REDHAT
• RHSA Security Advisory
• RedHat Bugzilla Bug
• Security Tracker
• Ubuntu CVE Tracker
• Ubuntu Security Advisory
• Ubuntu Security Advisory

Overview

Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.

References

• Apache Security Advisory
• CVE Details
• Debian Security Advisory
• Debian Security Announcement
• Debian Security Tracker
• Gentoo Security Advisory
• GitHub Commit
• MISC
• RedHat Bugzilla Bug
• Security Tracker
• Ubuntu CVE Tracker
• Ubuntu Security Advisory

Overview

libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (lib/vauth/ntlm.c:ntlm_decode_type2_target) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.

References

• Apache Security Advisory
• CONFIRM
• CONFIRM
• CVE Details
• Debian Security Advisory
• Debian Security Tracker
• MISC
• Netapp Security Advisory
• Oracle Security Advisory
• Oracle Security Advisory
• REDHAT
• RedHat Bugzilla Bug
• Security Focus
• Ubuntu CVE Tracker
• Ubuntu Security Advisory

Overview

Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.

References

• CVE Details
• Debian Security Advisory
• Debian Security Announcement
• Debian Security Tracker
• Gentoo Security Advisory
• GitHub Commit
• MISC
• MISC
• RHSA Security Advisory
• RedHat Bugzilla Bug
• Security Tracker
• Ubuntu CVE Tracker
• Ubuntu Security Advisory
• Ubuntu Security Advisory

Overview

Affected versions of this package are vulnerable to Out-of-bounds Write curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.

Remediation

Upgrade curl to version or higher.

References

• ADVISORY
• CONFIRM
• FEDORA
• FEDORA
• GENTOO
• MISC
• MISC
• MISC
• MLIST

Overview

libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header.

References

• Apache Security Advisory
• CONFIRM
• CONFIRM
• CONFIRM
• CVE Details
• Debian Security Advisory
• Debian Security Tracker
• Gentoo Security Advisory
• MISC
• Netapp Security Advisory
• Netapp Security Advisory
• Oracle Security Advisory
• Oracle Security Advisory
• REDHAT
• RedHat Bugzilla Bug
• Security Focus
• Ubuntu CVE Tracker
• Ubuntu Security Advisory

Overview

A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.

References

• BUGTRAQ
• CONFIRM
• CONFIRM
• CONFIRM
• CVE Details
• DEBIAN
• Debian Security Tracker
• Fedora Security Update
• GENTOO
• MISC
• MISC
• MLIST
• N/A
• Netapp Security Advisory
• OpenSuse Security Announcement
• OpenSuse Security Announcement
• Ubuntu CVE Tracker

Overview

cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.

References

• ADVISORY
• Bugtraq Mailing List
• CONFIRM
• CONFIRM
• Debian Security Advisory
• Debian Security Announcement
• Debian Security Tracker
• FEDORA
• FEDORA
• FULLDISC
• FULLDISC
• GitHub Issue
• MISC
• Ubuntu CVE Tracker
• Ubuntu Security Advisory

Overview

SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.

References

• CVE Details
• Debian Security Tracker
• Fedora Security Update
• Fedora Security Update
• MISC
• MISC
• MISC
• MISC
• N/A
• Netapp Security Advisory
• OpenSuse Security Announcement
• Oracle Security Advisory
• Ubuntu CVE Tracker
• Ubuntu Security Advisory
• Ubuntu Security Advisory
• Ubuntu Security Advisory
• Ubuntu Security Advisory

Overview

An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.

References

• ADVISORY
• Bugtraq Mailing List
• CONFIRM
• Debian Security Advisory
• Debian Security Announcement
• Debian Security Tracker
• FEDORA
• FEDORA
• GENTOO
• Talos Vulnerability Report
• UBUNTU
• Ubuntu CVE Tracker
• Ubuntu Security Advisory

Overview

A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.

References

• ADVISORY
• Debian Security Tracker
• Fedora Security Update
• Fedora Security Update
• MLIST
• MLIST
• OpenSuse Security Announcement
• Talos Vulnerability Report
• Ubuntu CVE Tracker
• Ubuntu Security Advisory

Overview

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.

References

• ADVISORY
• BUGTRAQ
• BUGTRAQ
• BUGTRAQ
• BUGTRAQ
• BUGTRAQ
• BUGTRAQ
• BUGTRAQ
• Bugtraq Mailing List
• CONFIRM
• CONFIRM
• CONFIRM
• CONFIRM
• CONFIRM
• CONFIRM
• CONFIRM
• CONFIRM
• DEBIAN
• DEBIAN
• DEBIAN
• Debian Security Tracker
• FEDORA
• FEDORA
• FEDORA
• FULLDISC
• FULLDISC
• FULLDISC
• FULLDISC
• GENTOO
• GitHub Commit
• GitHub Issue
• GitHub Issue
• GitHub PR
• MISC
• MISC
• MISC
• MISC
• MLIST
• MLIST
• N/A
• REDHAT
• REDHAT
• REDHAT
• SUSE
• SUSE
• SUSE
• SUSE
• SUSE
• SUSE
• SUSE
• SUSE
• SUSE
• SUSE
• SUSE
• SUSE
• UBUNTU
• UBUNTU
• UBUNTU
• Ubuntu CVE Tracker
• Ubuntu Security Advisory
• Ubuntu Security Advisory

Overview

do_core_note in readelf.c in libmagic.a in file 5.35 allows remote attackers to cause a denial of service (stack corruption and application crash) or possibly have unspecified other impact.

References

• CVE Details
• Debian Security Announcement
• Debian Security Tracker
• MISC
• OpenSuse Security Announcement
• OpenSuse Security Announcement
• Ubuntu CVE Tracker
• Ubuntu Security Advisory

Overview

cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).

References

• ADVISORY
• CONFIRM
• Debian Security Advisory
• Debian Security Announcement
• Debian Security Tracker
• FEDORA
• Fedora Security Update
• Fedora Security Update
• GENTOO
• GitHub Commit
• MISC
• SUSE
• Ubuntu CVE Tracker
• Ubuntu Security Advisory
• Ubuntu Security Advisory

Overview

FreeType before 2.6.2 has a heap-based buffer over-read in tt_cmap14_validate in sfnt/ttcmap.c.

References

• Debian Security Announcement
• Debian Security Tracker
• MISC
• MISC
• Ubuntu CVE Tracker
• Ubuntu Security Advisory
• Ubuntu Security Advisory

Overview

Affected versions of this package are vulnerable to Information Exposure. Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka "straight-line speculation."

Remediation

There is no fixed version for gcc-5.

References

• ADVISORY
• CONFIRM
• CONFIRM
• CONFIRM
• CONFIRM
• MISC
• SUSE
• SUSE

Overview

Affected versions of this package are vulnerable to Information Exposure. Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka "straight-line speculation."

Remediation

There is no fixed version for gccgo-6.

References

• ADVISORY
• CONFIRM
• CONFIRM
• CONFIRM
• CONFIRM
• MISC
• SUSE
• SUSE

Overview

An SSE2-optimized memmove implementation for i386 in sysdeps/i386/i686/multiarch/memcpy-sse2-unaligned.S in the GNU C Library (aka glibc or libc6) 2.21 through 2.27 does not correctly perform the overlapping memory check if the source memory range spans the middle of the address space, resulting in corrupt data being produced by the copy operation. This may disclose information to context-dependent attackers, or result in a denial of service, or, possibly, code execution.

References

• Debian Security Tracker
• MISC
• MISC
• MISC
• Netapp Security Advisory
• Netapp Security Advisory
• UBUNTU
• Ubuntu CVE Tracker

Overview

An integer overflow in the implementation of the posix_memalign in memalign functions in the GNU C Library (aka glibc or libc6) 2.26 and earlier could cause these functions to return a pointer to a heap area that is too small, potentially leading to heap corruption.

References

• CONFIRM
• Debian Bug Report
• Debian Security Tracker
• Netapp Security Advisory
• Oracle Security Advisory
• REDHAT
• RHSA Security Advisory
• Security Focus
• UBUNTU
• Ubuntu CVE Tracker
• Ubuntu Security Advisory

Overview

stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.

References

• Debian Security Tracker
• MISC
• MISC
• Netapp Security Advisory
• Netapp Security Advisory
• Oracle Security Advisory
• REDHAT
• RHSA Security Advisory
• Security Focus
• UBUNTU
• Ubuntu CVE Tracker

Overview

An AVX-512-optimized implementation of the mempcpy function in the GNU C Library (aka glibc or libc6) 2.27 and earlier may write data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper.

References

• Debian Security Tracker
• Exploit DB
• MISC
• Netapp Security Advisory
• Netapp Security Advisory
• Oracle Security Advisory
• REDHAT
• RHSA Security Advisory
• Security Focus
• UBUNTU
• Ubuntu CVE Tracker

Overview

Affected versions of this package are vulnerable to Out-of-bounds Write. An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability.

Remediation

Upgrade glibc to version or higher.

References

• ADVISORY
• Debian Security Tracker
• GENTOO
• MISC
• Netapp Security Advisory
• RedHat Bugzilla Bug
• UBUNTU

Overview

libgcrypt before version 1.7.8 is vulnerable to a cache side-channel attack resulting into a complete break of RSA-1024 while using the left-to-right method for computing the sliding-window expansion. The same attack is believed to work on RSA-2048 with moderately more computation. This side-channel requires that attacker can run arbitrary software on the hardware where the private RSA key is used.

References

• CONFIRM
• CONFIRM
• CONFIRM
• CVE Details
• Debian Security Advisory
• Debian Security Advisory
• Debian Security Tracker
• MISC
• MLIST
• RedHat Bugzilla Bug
• Security Focus
• Security Tracker
• Ubuntu CVE Tracker
• Ubuntu Security Advisory
• Ubuntu Security Advisory

Overview

mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and verification actions, which allows remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the "--status-fd 2" option. For example, the OpenPGP data might represent an original filename that contains line feed characters in conjunction with GOODSIG or VALIDSIG status codes.

References

• CONFIRM
• CVE Details
• Debian Security Advisory
• Debian Security Advisory
• Debian Security Advisory
• Debian Security Tracker
• MISC
• MISC
• MISC
• MISC
• MISC
• OSS security Advisory
• OSS security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• Seclists Full Disclosure
• Security Focus
• Security Tracker
• Ubuntu CVE Tracker
• Ubuntu Security Advisory
• Ubuntu Security Advisory
• Ubuntu Security Advisory
• Ubuntu Security Advisory

Overview

It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.

References

• CONFIRM
• Debian Security Announcement
• Debian Security Tracker
• FEDORA
• FEDORA
• MISC
• RHSA Security Advisory
• RHSA Security Advisory
• RedHat Bugzilla Bug
• Security Focus
• Ubuntu CVE Tracker
• Ubuntu Security Advisory

Overview

A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets.

References

• CONFIRM
• Debian Security Announcement
• Debian Security Tracker
• FEDORA
• FEDORA
• MISC
• RHSA Security Advisory
• RHSA Security Advisory
• RedHat Bugzilla Bug
• Security Focus
• Ubuntu CVE Tracker
• Ubuntu Security Advisory

Overview

It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets.

References

• CONFIRM
• Debian Security Announcement
• Debian Security Tracker
• FEDORA
• FEDORA
• MISC
• RHSA Security Advisory
• RHSA Security Advisory
• RedHat Bugzilla Bug
• Security Focus
• Ubuntu CVE Tracker
• Ubuntu Security Advisory

Overview

The process_db_args function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) through 1.13.4 and 1.14.x through 1.14.1 mishandles the DB argument, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request to modify a principal.

References

• CVE Details
• Debian Security Announcement
• Debian Security Tracker
• GitHub Commit
• OpenSuse Security Update
• OpenSuse Security Update
• RedHat Security Advisory
• Security Focus
• Security Tracker
• Ubuntu CVE Tracker

Overview

The validate_as_request function in kdc_util.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.13.6 and 1.4.x before 1.14.3, when restrict_anonymous_to_tgt is enabled, uses an incorrect client data structure, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an S4U2Self request.

References

• CONFIRM
• CONFIRM
• CONFIRM
• CVE Details
• Debian Security Announcement
• Debian Security Tracker
• Fedora Security Update
• GitHub Commit
• OpenSuse Security Update
• RedHat Security Advisory
• Security Focus
• Security Tracker
• Ubuntu CVE Tracker

Overview

In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker can cause a KDC assertion failure by sending invalid S4U2Self or S4U2Proxy requests.

References

• Debian Security Tracker
• Fedora Security Update
• Fedora Security Update
• GitHub Commit
• RHSA Security Advisory
• Security Focus
• Ubuntu CVE Tracker

Overview

A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5 (aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket using an older encryption type (single-DES, triple-DES, or RC4), the attacker can crash the KDC by making an S4U2Self request.

References

• CONFIRM
• CVE Details
• Debian Security Announcement
• Debian Security Tracker
• Fedora Security Update
• GitHub Commit
• Netapp Security Advisory
• Ubuntu CVE Tracker

Overview

Affected versions of this package are vulnerable to Uncontrolled Recursion. MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an ASN.1-encoded Kerberos message because the lib/krb5/asn.1/asn1_encode.c support for BER indefinite lengths lacks a recursion limit.

Remediation

Upgrade krb5 to version or higher.

References

• ADVISORY
• CONFIRM
• CONFIRM
• DEBIAN
• FEDORA
• FEDORA
• FEDORA
• GENTOO
• MLIST

Overview

It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8u7.

References

• ADVISORY
• Debian Security Announcement
• Debian Security Announcement
• Debian Security Tracker
• Gentoo Security Advisory
• GitHub Release
• MISC
• OSS security Advisory
• OpenSuse Security Announcement
• OpenSuse Security Announcement
• Ubuntu CVE Tracker
• Ubuntu Security Advisory
• Ubuntu Security Advisory
• Ubuntu Security Advisory

Overview

libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and potential privilege escalations.

References

• CVE Details
• Debian Security Tracker
• Gentoo Security Advisory
• GitHub Issue
• Oss-Sec Mailing List
• REDHAT
• SUSE
• SUSE
• Ubuntu CVE Tracker
• Ubuntu Security Advisory
• Ubuntu Security Advisory

Overview

An issue was discovered in XListExtensions in ListExt.c in libX11 through 1.6.5. A malicious server can send a reply in which the first string overflows, causing a variable to be set to NULL that will be freed later on, leading to DoS (segmentation fault).

References

• CONFIRM
• CONFIRM
• CVE Details
• Debian Security Announcement
• Debian Security Tracker
• Fedora Security Update
• Gentoo Security Advisory
• MLIST
• OSS security Advisory
• RHSA Security Advisory
• Security Focus
• Security Tracker
• Ubuntu CVE Tracker
• Ubuntu Security Advisory
• Ubuntu Security Advisory

Overview

Affected versions of this package are vulnerable to Integer Overflow or Wraparound. An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As per upstream this is security relevant when setuid programs call XIM client functions while running with elevated privileges. No such programs are shipped with Red Hat Enterprise Linux.

Remediation

Upgrade libx11 to version or higher.

References

• ADVISORY
• ADVISORY
• CONFIRM
• FEDORA
• FEDORA
• FEDORA
• GENTOO
• MISC
• MISC
• SUSE
• SUSE
• SUSE
• SUSE
• UBUNTU
• UBUNTU

Overview

Affected versions of this package are vulnerable to Integer Overflow or Wraparound. An integer overflow vulnerability leading to a double-free was found in libX11. This flaw allows a local privileged attacker to cause an application compiled with libX11 to crash, or in some cases, result in arbitrary code execution. The highest threat from this flaw is to confidentiality, integrity as well as system availability.

Remediation

Upgrade libx11 to version or higher.

References

• ADVISORY
• ADVISORY
• CONFIRM
• FEDORA
• MISC
• MISC
• MISC
• UBUNTU

Overview

An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact.

References

• CONFIRM
• CONFIRM
• CVE Details
• Debian Security Announcement
• Debian Security Tracker
• Fedora Security Update
• Gentoo Security Advisory
• MLIST
• OSS security Advisory
• RHSA Security Advisory
• Security Focus
• Security Tracker
• Ubuntu CVE Tracker
• Ubuntu Security Advisory
• Ubuntu Security Advisory

Overview

An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution.

References

• CONFIRM
• CONFIRM
• CVE Details
• Debian Security Announcement
• Debian Security Tracker
• Gentoo Security Advisory
• MLIST
• OSS security Advisory
• RHSA Security Advisory
• Security Focus
• Security Tracker
• Ubuntu CVE Tracker
• Ubuntu Security Advisory
• Ubuntu Security Advisory

Overview

Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type ('Type Confusion'). A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 leading to a slapd crash in the X.509 DN parsing in ad_keystring, resulting in denial of service.

Remediation

Upgrade openldap to version or higher.

References

• ADVISORY
• CONFIRM
• DEBIAN
• MISC
• MISC
• MISC
• MLIST

Overview

Affected versions of this package are vulnerable to CVE-2020-25709 assertion failure in Certificate List syntax validation

Remediation

Upgrade openldap to version or higher.

References

• ADVISORY

Overview

Affected versions of this package are vulnerable to CVE-2020-25710 assertion failure in CSN normalization with invalid input

Remediation

Upgrade openldap to version or higher.

References

• ADVISORY

Overview

Affected versions of this package are vulnerable to CVE-2020-36226. A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service.

Remediation

Upgrade openldap to version or higher.

References

• ADVISORY
• CONFIRM
• DEBIAN
• MISC
• MISC
• MISC
• MISC
• MISC
• MISC
• MLIST

Overview

Affected versions of this package are vulnerable to Double Free. A flaw was discovered in OpenLDAP before 2.4.57 leading to a double free and slapd crash in the saslAuthzTo processing, resulting in denial of service.

Remediation

Upgrade openldap to version or higher.

References

• ADVISORY
• CONFIRM
• DEBIAN
• MISC
• MISC
• MISC
• MISC
• MISC
• MISC
• MLIST

Overview

An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches, modifications, etc.). In other words, a successful authorization step completed by one user affects the authorization requirement for a different user.

References

• ADVISORY
• BUGTRAQ
• CONFIRM
• CONFIRM
• CONFIRM
• Debian Security Announcement
• Debian Security Tracker
• FULLDISC
• MISC
• MLIST
• N/A
• OpenSuse Security Announcement
• OpenSuse Security Announcement
• Ubuntu CVE Tracker
• Ubuntu Security Advisory
• Ubuntu Security Advisory

Overview

Affected versions of this package are vulnerable to Integer Underflow. An integer underflow was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Certificate List Exact Assertion processing, resulting in denial of service.

Remediation

Upgrade openldap to version or higher.

References

• ADVISORY
• CONFIRM
• DEBIAN
• MISC
• MISC
• MISC
• MLIST

Overview

Affected versions of this package are vulnerable to Integer Underflow. An integer underflow was discovered in OpenLDAP before 2.4.57 leading to slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck).

Remediation

Upgrade openldap to version or higher.

References

• ADVISORY
• CONFIRM
• DEBIAN
• MISC
• MISC
• MISC
• MISC
• MISC
• MLIST

Overview

Affected versions of this package are vulnerable to Loop with Unreachable Exit Condition ('Infinite Loop'). A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service.

Remediation

Upgrade openldap to version or higher.

References

• ADVISORY
• CONFIRM
• DEBIAN
• MISC
• MISC
• MISC
• MLIST

Overview

Affected versions of this package are vulnerable to NULL Pointer Dereference. A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service.

Remediation

Upgrade openldap to version or higher.

References

• ADVISORY
• CONFIRM
• CONFIRM

Overview

Affected versions of this package are vulnerable to Out-of-bounds Read. A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read).

Remediation

Upgrade openldap to version or higher.

References

• ADVISORY
• CONFIRM
• DEBIAN
• MISC
• MISC
• MISC
• MLIST

Overview

Affected versions of this package are vulnerable to Reachable Assertion. A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service.

Remediation

Upgrade openldap to version or higher.

References

• ADVISORY
• CONFIRM
• DEBIAN
• MISC
• MISC
• MISC
• MLIST

Overview

Affected versions of this package are vulnerable to Reachable Assertion. A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service.

Remediation

Upgrade openldap to version or higher.

References

• ADVISORY
• CONFIRM
• DEBIAN
• MISC
• MISC
• MISC
• MISC
• MISC
• MISC
• MLIST

Overview

Affected versions of this package are vulnerable to Reachable Assertion. In OpenLDAP through 2.4.57 and 2.5.x through 2.5.1alpha, an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime.

Remediation

Upgrade openldap to version or higher.

References

• ADVISORY
• DEBIAN
• MISC
• MISC
• MISC
• MLIST

Overview

Affected versions of this package are vulnerable to Release of Invalid Pointer or Reference. A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service.

Remediation

Upgrade openldap to version or higher.

References

• ADVISORY
• CONFIRM
• DEBIAN
• MISC
• MISC
• MISC
• MISC
• MISC
• MISC
• MLIST

Overview

In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).

References

• CONFIRM
• CONFIRM
• CONFIRM
• Debian Security Advisory
• Debian Security Announcement
• Debian Security Tracker
• MISC
• MISC
• Netapp Security Advisory
• OpenSuse Security Announcement
• Ubuntu CVE Tracker
• Ubuntu Security Advisory
• Ubuntu Security Advisory

Overview

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).

References

• CONFIRM
• CONFIRM
• CONFIRM
• CONFIRM
• CONFIRM
• CONFIRM
• CVE Details
• Debian Security Advisory
• Debian Security Announcement
• Debian Security Tracker
• FEDORA
• FEDORA
• FEDORA
• Gentoo Security Advisory
• MISC
• MISC
• MISC
• MISC
• Netapp Security Advisory
• Netapp Security Advisory
• Netapp Security Advisory
• OpenSSL Security Advisory
• OpenSuse Security Announcement
• OpenSuse Security Announcement
• OpenSuse Security Announcement
• OpenSuse Security Announcement
• OpenSuse Security Announcement
• Oracle Security Advisory
• REDHAT
• REDHAT
• REDHAT
• REDHAT
• REDHAT
• REDHAT
• SUSE
• Security Focus
• UBUNTU
• Ubuntu CVE Tracker
• Ubuntu Security Advisory

Overview

Affected versions of this package are vulnerable to Integer Overflow or Wraparound. The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). This may subsequently result in a NULL pointer deref and a crash leading to a potential denial of service attack. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).

Remediation

Upgrade openssl to version or higher.

References

• ADVISORY
• CONFIRM
• CONFIRM
• CONFIRM
• CONFIRM
• CONFIRM
• CONFIRM
• CONFIRM
• DEBIAN

Overview

Affected versions of this package are vulnerable to Integer Overflow or Wraparound. An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc.

Remediation

Upgrade p11-kit to version or higher.

References

• ADVISORY
• DEBIAN
• MISC
• MISC
• MLIST

Overview

Affected versions of this package are vulnerable to Out-of-bounds Read. An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-based buffer over-read has been discovered in the RPC protocol used by thep11-kit server/remote commands and the client library. When the remote entity supplies a byte array through a serialized PKCS#11 function call, the receiving entity may allow the reading of up to 4 bytes of memory past the heap allocation.

Remediation

Upgrade p11-kit to version or higher.

References

• ADVISORY
• DEBIAN
• MISC
• MISC
• MLIST

Overview

In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.

References

• Apple Security Advisory
• Bugtraq Mailing List
• CVE Details
• Debian Bug Report
• Debian Security Advisory
• Debian Security Tracker
• MISC
• Netapp Security Advisory
• RHSA Security Advisory
• Seclists Full Disclosure
• Security Focus
• Security Tracker
• Ubuntu CVE Tracker
• Ubuntu Security Advisory
• Ubuntu Security Advisory

Overview

Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

References

• CONFIRM
• CONFIRM
• CONFIRM
• CVE Details
• Debian Security Advisory
• Debian Security Tracker
• Fedora Security Update
• Gentoo Security Advisory
• MISC
• Netapp Security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• RedHat Bugzilla Bug
• Security Focus
• Security Tracker
• Ubuntu CVE Tracker
• Ubuntu Security Advisory

Overview

Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

References

• CONFIRM
• CONFIRM
• CVE Details
• Debian Security Advisory
• Debian Security Tracker
• Fedora Security Update
• Gentoo Security Advisory
• GitHub Commit
• MISC
• Netapp Security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• RedHat Bugzilla Bug
• Security Focus
• Security Tracker
• Ubuntu CVE Tracker
• Ubuntu Security Advisory

Overview

Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.

References

• Apple Security Advisory
• Bugtraq Mailing List
• CONFIRM
• CONFIRM
• CVE Details
• Debian Security Advisory
• Debian Security Tracker
• Fedora Security Update
• Gentoo Security Advisory
• GitHub Commit
• MISC
• Netapp Security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• RedHat Bugzilla Bug
• Seclists Full Disclosure
• Security Tracker
• Ubuntu CVE Tracker
• Ubuntu Security Advisory
• Ubuntu Security Advisory

Overview

Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

References

• Apple Security Advisory
• Bugtraq Mailing List
• CONFIRM
• CONFIRM
• CONFIRM
• CONFIRM
• CVE Details
• Debian Security Advisory
• Debian Security Announcement
• Debian Security Tracker
• Fedora Security Update
• GENTOO
• GitHub Commit
• MISC
• MISC
• N/A
• Netapp Security Advisory
• REDHAT
• REDHAT
• REDHAT
• RHSA Security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• RedHat Bugzilla Bug
• Seclists Full Disclosure
• Security Focus
• Security Tracker
• Ubuntu CVE Tracker
• Ubuntu Security Advisory
• Ubuntu Security Advisory

Overview

procps-ng before version 3.3.15 is vulnerable to a local privilege escalation in top. If a user runs top with HOME unset in an attacker-controlled directory, the attacker could achieve privilege escalation by exploiting one of several vulnerabilities in the config_file() function.

References

• Debian Security Advisory
• Debian Security Announcement
• Debian Security Tracker
• Exploit DB
• Gentoo Security Advisory
• MISC
• Oss-Sec Mailing List
• REDHAT
• RHSA Security Advisory
• RedHat Bugzilla Bug
• SUSE
• SUSE
• Security Focus
• Ubuntu CVE Tracker
• Ubuntu Security Advisory
• Ubuntu Security Advisory

Overview

procps-ng before version 3.3.15 is vulnerable to an incorrect integer size in proc/alloc.* leading to truncation/integer overflow issues. This flaw is related to CVE-2018-1124.

References

• CONFIRM
• Debian Security Advisory
• Debian Security Announcement
• Debian Security Tracker
• MISC
• Oss-Sec Mailing List
• RHSA Security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• RedHat Bugzilla Bug
• SUSE
• SUSE
• Security Focus
• Security Tracker
• Ubuntu CVE Tracker
• Ubuntu Security Advisory
• Ubuntu Security Advisory

Overview

procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service).

References

• Debian Security Advisory
• Debian Security Announcement
• Debian Security Tracker
• Exploit DB
• Gentoo Security Advisory
• MISC
• Oss-Sec Mailing List
• RedHat Bugzilla Bug
• SUSE
• SUSE
• Security Focus
• Ubuntu CVE Tracker
• Ubuntu Security Advisory
• Ubuntu Security Advisory

Overview

procps-ng before version 3.3.15 is vulnerable to a stack buffer overflow in pgrep. This vulnerability is mitigated by FORTIFY, as it involves strncat() to a stack-allocated string. When pgrep is compiled with FORTIFY (as on Red Hat Enterprise Linux and Fedora), the impact is limited to a crash.

References

• Debian Security Advisory
• Debian Security Announcement
• Debian Security Tracker
• MISC
• Oss-Sec Mailing List
• RedHat Bugzilla Bug
• SUSE
• SUSE
• Security Focus
• Ubuntu CVE Tracker
• Ubuntu Security Advisory
• Ubuntu Security Advisory

Overview

procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users.

References

• CONFIRM
• CONFIRM
• Debian Security Advisory
• Debian Security Announcement
• Debian Security Tracker
• Exploit DB
• Gentoo Security Advisory
• MISC
• Oss-Sec Mailing List
• RHSA Security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• RedHat Bugzilla Bug
• SUSE
• SUSE
• Security Focus
• Security Tracker
• Ubuntu CVE Tracker
• Ubuntu Security Advisory
• Ubuntu Security Advisory

Overview

An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.). This is fixed in: v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1; v3.6.11, v3.6.11rc1, v3.6.12; v3.7.8, v3.7.8rc1, v3.7.9; v3.8.3, v3.8.3rc1, v3.8.4, v3.8.4rc1, v3.8.5, v3.8.6, v3.8.6rc1.

References

• Debian Security Tracker
• FEDORA
• FEDORA
• Fedora Security Update
• Fedora Security Update
• Fedora Security Update
• MISC
• MISC
• MLIST
• Netapp Security Advisory
• RedHat Bugzilla Bug
• SUSE
• UBUNTU
• UBUNTU
• Ubuntu CVE Tracker

Overview

Python Software Foundation Python (CPython) version 2.7 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in shutil module (make_archive function) that can result in Denial of service, Information gain via injection of arbitrary files on the system or entire drive. This attack appear to be exploitable via Passage of unfiltered user input to the function. This vulnerability appears to have been fixed in after commit add531a1e55b0a739b0f42582f1c9747e5649ace.

References

• CONFIRM
• Debian Security Advisory
• Debian Security Announcement
• Debian Security Announcement
• Debian Security Tracker
• GitHub Commit
• GitHub PR
• MISC
• OpenSuse Security Announcement
• Ubuntu CVE Tracker
• Ubuntu Security Advisory
• Ubuntu Security Advisory

Overview

Affected versions of this package are vulnerable to Buffer Overflow. Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.

Remediation

Upgrade python2.7 to version or higher.

References

• ADVISORY
• CONFIRM
• FEDORA
• FEDORA
• FEDORA
• FEDORA
• FEDORA
• FEDORA
• FEDORA
• FEDORA
• FEDORA
• FEDORA
• FEDORA
• FEDORA
• FEDORA
• FEDORA
• GENTOO
• MISC
• MISC
• MISC
• MISC
• MLIST

Overview

Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding (with an incorrect netloc) during NFKC normalization. The impact is: Information disclosure (credentials, cookies, etc. that are cached against a given hostname). The components are: urllib.parse.urlsplit, urllib.parse.urlparse. The attack vector is: A specially crafted URL could be incorrectly parsed to locate cookies or authentication data and send that information to a different host than when parsed correctly. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.7, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.3, v3.7.3rc1, v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.

References

• CVE Details
• Debian Security Tracker
• FEDORA
• FEDORA
• FEDORA
• FEDORA
• FEDORA
• FEDORA
• FEDORA
• FEDORA
• FEDORA
• Fedora Security Update
• Fedora Security Update
• Fedora Security Update
• Fedora Security Update
• Fedora Security Update
• Fedora Security Update
• Fedora Security Update
• Fedora Security Update
• Fedora Security Update
• Fedora Security Update
• Fedora Security Update
• GENTOO
• GitHub PR
• MISC
• MISC
• MISC
• MLIST
• MLIST
• MLIST
• MLIST
• Netapp Security Advisory
• OpenSuse Security Announcement
• OpenSuse Security Announcement
• OpenSuse Security Announcement
• OpenSuse Security Announcement
• REDHAT
• REDHAT
• REDHAT
• REDHAT
• REDHAT
• RHSA Security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• SUSE
• SUSE
• Security Focus
• UBUNTU
• UBUNTU
• Ubuntu CVE Tracker

Overview

A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which still allows an attacker to exploit CVE-2019-9636 by abusing the user and password parts of a URL. When an application parses user-supplied URLs to store cookies, authentication credentials, or other kind of information, it is possible for an attacker to provide specially crafted URLs to make the application locate host-related information (e.g. cookies, authentication data) and send them to a different host than where it should, unlike if the URLs had been correctly parsed. The result of an attack may vary based on the application.

References

• Debian Security Announcement
• Debian Security Tracker
• FEDORA
• FEDORA
• FEDORA
• Fedora Security Update
• Fedora Security Update
• Fedora Security Update
• Fedora Security Update
• Fedora Security Update
• Fedora Security Update
• Fedora Security Update
• GitHub Commit
• GitHub Commit
• GitHub Commit
• GitHub Commit
• MISC
• MLIST
• MLIST
• MLIST
• Netapp Security Advisory
• OpenSuse Security Announcement
• RHSA Security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• RedHat Bugzilla Bug
• SUSE
• Ubuntu CVE Tracker
• Ubuntu Security Advisory
• Ubuntu Security Advisory

Overview

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.

References

• Debian Security Tracker
• Fedora Security Update
• Fedora Security Update
• GENTOO
• MISC
• MLIST
• MLIST
• MLIST
• MLIST
• MLIST
• MLIST
• Netapp Security Advisory
• REDHAT
• REDHAT
• REDHAT
• REDHAT
• RHSA Security Advisory
• SUSE
• SUSE
• SUSE
• UBUNTU
• UBUNTU
• Ubuntu CVE Tracker

Overview

An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command. This is fixed in: v2.7.17, v2.7.17rc1, v2.7.18, v2.7.18rc1; v3.5.10, v3.5.10rc1, v3.5.8, v3.5.8rc1, v3.5.8rc2, v3.5.9; v3.6.10, v3.6.10rc1, v3.6.11, v3.6.11rc1, v3.6.12, v3.6.9, v3.6.9rc1; v3.7.4, v3.7.4rc1, v3.7.4rc2, v3.7.5, v3.7.5rc1, v3.7.6, v3.7.6rc1, v3.7.7, v3.7.7rc1, v3.7.8, v3.7.8rc1, v3.7.9.

References

• BUGTRAQ
• CONFIRM
• Debian Security Tracker
• FEDORA
• FEDORA
• FEDORA
• FEDORA
• FEDORA
• Fedora Security Update
• Fedora Security Update
• GENTOO
• MISC
• MISC
• MLIST
• MLIST
• MLIST
• MLIST
• MLIST
• MLIST
• REDHAT
• REDHAT
• REDHAT
• REDHAT
• RHSA Security Advisory
• SUSE
• SUSE
• Security Focus
• UBUNTU
• UBUNTU
• Ubuntu CVE Tracker

Overview

urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen('local_file:///etc/passwd') call.

References

• BUGTRAQ
• CVE Details
• Debian Security Announcement
• Debian Security Tracker
• FEDORA
• FEDORA
• GENTOO
• GitHub PR
• MISC
• MISC
• MLIST
• MLIST
• MLIST
• MLIST
• Netapp Security Advisory
• OpenSuse Security Announcement
• OpenSuse Security Announcement
• REDHAT
• REDHAT
• REDHAT
• REDHAT
• Security Focus
• UBUNTU
• UBUNTU
• Ubuntu CVE Tracker

Overview

Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.

Remediation

Upgrade python2.7 to version or higher.

References

• ADVISORY
• CONFIRM
• FEDORA
• FEDORA
• FEDORA
• FEDORA
• FEDORA
• GENTOO
• MISC
• MISC
• MLIST
• SUSE
• UBUNTU

Overview

http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py in Python before 3.7.3 does not correctly validate the domain: it can be tricked into sending existing cookies to the wrong server. An attacker may abuse this flaw by using a server with a hostname that has another valid hostname as a suffix (e.g., pythonicexample.com to steal cookies for example.com). When a program uses http.cookiejar.DefaultPolicy and tries to do an HTTP connection to an attacker-controlled server, existing cookies can be leaked to the attacker. This affects 2.x through 2.7.16, 3.x before 3.4.10, 3.5.x before 3.5.7, 3.6.x before 3.6.9, and 3.7.x before 3.7.3.

References

• Debian Security Announcement
• Debian Security Tracker
• FEDORA
• FEDORA
• FEDORA
• GENTOO
• MISC
• MISC
• MLIST
• MLIST
• MLIST
• N/A
• OpenSuse Security Announcement
• OpenSuse Security Announcement
• REDHAT
• REDHAT
• SUSE
• UBUNTU
• UBUNTU
• Ubuntu CVE Tracker

Overview

An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied. An attack may be the same as in CVE-2019-11340; however, this CVE applies to Python more generally.

References

• ADVISORY
• CONFIRM
• Debian Security Announcement
• Debian Security Announcement
• Debian Security Tracker
• FEDORA
• FEDORA
• FEDORA
• FEDORA
• FEDORA
• FEDORA
• FEDORA
• FEDORA
• FEDORA
• FEDORA
• FEDORA
• Fedora Security Update
• Fedora Security Update
• Fedora Security Update
• Fedora Security Update
• GitHub Commit
• MISC
• MISC
• MLIST
• MLIST
• MLIST
• N/A
• REDHAT
• REDHAT
• SUSE
• SUSE
• SUSE
• SUSE
• SUSE
• UBUNTU
• UBUNTU
• Ubuntu CVE Tracker

Overview

Affected versions of this package are vulnerable to Improper Input Validation. In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.

Remediation

Upgrade python2.7 to version or higher.

References

• ADVISORY
• ADVISORY
• CONFIRM
• CONFIRM
• CONFIRM
• FEDORA
• FEDORA
• FEDORA
• FEDORA
• FEDORA
• FEDORA
• FEDORA
• FEDORA
• FEDORA
• FEDORA
• FEDORA
• FEDORA
• FEDORA
• FEDORA
• GENTOO
• MISC
• MLIST
• MLIST
• SUSE
• SUSE
• SUSE
• SUSE
• UBUNTU

Overview

Python's elementtree C accelerator failed to initialise Expat's hash salt during initialization. This could make it easy to conduct denial of service attacks against Expat by constructing an XML document that would cause pathological hash collisions in Expat's internal data structures, consuming large amounts CPU and RAM. The vulnerability exists in Python versions 3.7.0, 3.6.0 through 3.6.6, 3.5.0 through 3.5.6, 3.4.0 through 3.4.9, 2.7.0 through 2.7.15.

References

• CVE Details
• Debian Security Advisory
• Debian Security Advisory
• Debian Security Announcement
• Debian Security Announcement
• Debian Security Tracker
• Fedora Security Update
• MISC
• MLIST
• REDHAT
• RHSA Security Advisory
• RHSA Security Advisory
• RedHat Bugzilla Bug
• SUSE
• Security Focus
• Security Tracker
• Ubuntu CVE Tracker
• Ubuntu Security Advisory
• Ubuntu Security Advisory

Overview

Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a crafted HTML page.

References

• BUGTRAQ
• Chromium Issue
• DEBIAN
• Debian Security Tracker
• FEDORA
• Fedora Security Update
• GENTOO
• MISC
• OpenSuse Security Announcement
• OpenSuse Security Announcement
• RHSA Security Advisory
• UBUNTU
• UBUNTU
• Ubuntu CVE Tracker

Overview

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.

References

• Apple Security Advisory
• Apple Security Advisory
• Apple Security Advisory
• Apple Security Advisory
• Apple Security Advisory
• Apple Security Advisory
• CONFIRM
• CVE Details
• Chromium Issue
• Debian Security Announcement
• Debian Security Tracker
• FREEBSD
• Fedora Security Update
• Gentoo Security Advisory
• MISC
• MISC
• MISC
• MISC
• MISC
• MISC
• MISC
• MISC
• MISC
• MISC
• MISC
• MLIST
• N/A
• OpenSuse Security Announcement
• OpenSuse Security Announcement
• RedHat Bugzilla Bug
• RedHat Bugzilla Bug
• Security Focus
• Ubuntu CVE Tracker
• Ubuntu Security Advisory
• Ubuntu Security Advisory

Overview

SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.

References

• Apple Security Advisory
• Apple Security Advisory
• Apple Security Advisory
• Apple Security Advisory
• Apple Security Advisory
• Apple Security Advisory
• Bugtraq Mailing List
• Bugtraq Mailing List
• Bugtraq Mailing List
• Bugtraq Mailing List
• Bugtraq Mailing List
• Bugtraq Mailing List
• Debian Security Tracker
• MISC
• MLIST
• N/A
• Netapp Security Advisory
• OpenSuse Security Announcement
• Seclists Full Disclosure
• Seclists Full Disclosure
• Seclists Full Disclosure
• Seclists Full Disclosure
• Seclists Full Disclosure
• Seclists Full Disclosure
• Security Focus
• Ubuntu CVE Tracker
• Ubuntu Security Advisory
• Ubuntu Security Advisory

Overview

Affected versions of this package are vulnerable to Integer Overflow or Wraparound. SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.

Remediation

Upgrade sqlite3 to version or higher.

References

• ADVISORY
• CONFIRM
• CONFIRM
• CONFIRM
• CONFIRM
• CONFIRM
• CONFIRM
• CONFIRM
• Debian Security Tracker
• FEDORA
• FREEBSD
• FULLDISC
• FULLDISC
• FULLDISC
• FULLDISC
• GENTOO
• MISC
• MISC
• MISC
• MLIST
• MLIST
• UBUNTU

Overview

multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.

References

• DEBIAN
• Debian Security Tracker
• GitHub Commit
• N/A
• Netapp Security Advisory
• REDHAT
• SUSE
• SUSE
• SUSE
• UBUNTU
• UBUNTU
• Ubuntu CVE Tracker

Overview

Affected versions of this package are vulnerable to NULL Pointer Dereference ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.

Remediation

Upgrade sqlite3 to version or higher.

References

• ADVISORY
• CONFIRM
• Debian Security Tracker
• FEDORA
• FREEBSD
• GENTOO
• MISC
• MISC
• MISC
• MISC
• MLIST
• UBUNTU

Overview

SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.

References

• CVE Details
• Debian Security Tracker
• Fedora Security Update
• Fedora Security Update
• MISC
• MISC
• MISC
• MISC
• N/A
• Netapp Security Advisory
• OpenSuse Security Announcement
• Oracle Security Advisory
• Ubuntu CVE Tracker
• Ubuntu Security Advisory
• Ubuntu Security Advisory
• Ubuntu Security Advisory
• Ubuntu Security Advisory

Overview

In SQLite 3.27.2, running fts5 prefix queries inside a transaction could trigger a heap-based buffer over-read in fts5HashEntrySort in sqlite3.c, which may lead to an information leak. This is related to ext/fts5/fts5_hash.c.

References

• Debian Security Tracker
• Fedora Security Update
• Fedora Security Update
• GENTOO
• MISC
• MISC
• MISC
• MISC
• MISC
• MLIST
• Netapp Security Advisory
• OpenSuse Security Announcement
• Security Focus
• UBUNTU
• Ubuntu CVE Tracker

Overview

Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

References

• BUGTRAQ
• Chromium Issue
• DEBIAN
• Debian Security Tracker
• FEDORA
• Fedora Security Update
• GENTOO
• MISC
• OpenSuse Security Announcement
• OpenSuse Security Announcement
• RHSA Security Advisory
• UBUNTU
• UBUNTU
• Ubuntu CVE Tracker

Overview

Out of bounds read in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

References

• BUGTRAQ
• Chromium Issue
• DEBIAN
• Debian Security Tracker
• FEDORA
• Fedora Security Update
• GENTOO
• MISC
• OpenSuse Security Announcement
• OpenSuse Security Announcement
• RHSA Security Advisory
• UBUNTU
• UBUNTU
• Ubuntu CVE Tracker

Overview

Affected versions of this package are vulnerable to Out-of-bounds Read. An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A malicious application may cause a denial of service or potentially disclose memory contents.

Remediation

There is no fixed version for sqlite3.

References

• ADVISORY
• Debian Security Tracker
• MISC
• MISC
• MISC
• MISC
• MISC
• MISC
• MISC
• MLIST

Overview

Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

References

• BUGTRAQ
• Chromium Issue
• DEBIAN
• Debian Security Tracker
• FEDORA
• Fedora Security Update
• GENTOO
• MISC
• OpenSuse Security Announcement
• OpenSuse Security Announcement
• REDHAT
• REDHAT
• REDHAT
• REDHAT
• REDHAT
• REDHAT
• RHSA Security Advisory
• UBUNTU
• UBUNTU
• Ubuntu CVE Tracker

Overview

Affected versions of this package are vulnerable to Use After Free ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.

Remediation

Upgrade sqlite3 to version or higher.

References

• ADVISORY
• CONFIRM
• CONFIRM
• CONFIRM
• CONFIRM
• CONFIRM
• CONFIRM
• CONFIRM
• Debian Security Tracker
• FEDORA
• FREEBSD
• FULLDISC
• FULLDISC
• FULLDISC
• FULLDISC
• GENTOO
• MISC
• MISC
• MISC
• MISC
• MLIST
• UBUNTU

Overview

Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

References

• BUGTRAQ
• Chromium Issue
• DEBIAN
• Debian Security Tracker
• FEDORA
• Fedora Security Update
• GENTOO
• MISC
• OpenSuse Security Announcement
• OpenSuse Security Announcement
• RHSA Security Advisory
• UBUNTU
• UBUNTU
• Ubuntu CVE Tracker

Overview

systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on.

References

• Debian Security Tracker
• GitHub Issue
• OpenSuse Security Announcement
• Ubuntu CVE Tracker
• Ubuntu Security Advisory
• Ubuntu Security Advisory

Overview

In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the "allow_active" element rather than "allow_any".

References

• Debian Security Announcement
• Debian Security Tracker
• Exploit DB
• Fedora Security Update
• MISC
• OpenSuse Security Announcement
• RedHat Bugzilla Bug
• Ubuntu CVE Tracker

Overview

A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.

References

• Debian Security Announcement
• Debian Security Tracker
• Exploit DB
• Gentoo Security Advisory
• GitHub PR
• MLIST
• REDHAT
• REDHAT
• RHSA Security Advisory
• Security Focus
• Ubuntu CVE Tracker
• Ubuntu Security Advisory

Overview

systemd 242 changes the VT1 mode upon a logout, which allows attackers to read cleartext passwords in certain circumstances, such as watching a shutdown, or using Ctrl-Alt-F1 and Ctrl-Alt-F2. This occurs because the KDGKBMODE (aka current keyboard mode) check is mishandled.

References

• Debian Security Tracker
• GitHub Commit
• GitHub PR
• MISC
• MLIST
• Netapp Security Advisory
• Security Focus
• Ubuntu CVE Tracker

Overview

A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.

References

• Debian Security Announcement
• Debian Security Tracker
• Gentoo Security Advisory
• GitHub PR
• REDHAT
• RHSA Security Advisory
• RHSA Security Advisory
• Security Focus
• Ubuntu CVE Tracker
• Ubuntu Security Advisory
• Ubuntu Security Advisory

Overview

An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).

References

• CONFIRM
• Debian Security Advisory
• Debian Security Announcement
• Debian Security Tracker
• Fedora Security Update
• GitHub Commit
• Netapp Security Advisory
• OSS security Advisory
• OSS security Advisory
• OpenSuse Security Announcement
• OpenSuse Security Announcement
• REDHAT
• REDHAT
• RHSA Security Advisory
• RHSA Security Advisory
• RHSA Security Advisory
• Security Focus
• Ubuntu CVE Tracker
• Ubuntu Security Advisory

Overview

An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.

References

• Bugtraq Mailing List
• Debian Security Advisory
• Debian Security Tracker
• Gentoo Security Advisory
• MISC
• MISC
• Netapp Security Advisory
• OSS security Advisory
• REDHAT
• REDHAT
• REDHAT
• RedHat Bugzilla Bug
• Seclists Full Disclosure
• Security Focus
• Ubuntu CVE Tracker
• Ubuntu Security Advisory