ALT-BU-2020-3988-1
Branch p9 update bulletin.
Package libnghttp2 updated to version 1.41.0-alt1 for branch p9 in task 256449.
Closed vulnerabilities
BDU:2020-04461
Уязвимость библиотеки nghttp2, связанная с ошибками при использовании выделенной памяти при обработке пакетов HTTP/2 SETTINGS, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2020-11080
In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection.
- openSUSE-SU-2020:0802
- https://github.com/nghttp2/nghttp2/commit/336a98feb0d56b9ac54e12736b18785c27f75090
- https://github.com/nghttp2/nghttp2/commit/f8da73bd042f810f34d19f9eae02b46d870af394
- https://github.com/nghttp2/nghttp2/security/advisories/GHSA-q5wr-xfw9-q7xr
- [debian-lts-announce] 20211017 [SECURITY] [DLA 2786-1] nghttp2 security update
- [debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update
- FEDORA-2020-43d5a372fc
- FEDORA-2020-f7d15c8b77
- DSA-4696
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
- openSUSE-SU-2020:0802
- https://www.oracle.com/security-alerts/cpuoct2020.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com//security-alerts/cpujul2021.html
- DSA-4696
- FEDORA-2020-f7d15c8b77
- FEDORA-2020-43d5a372fc
- [debian-lts-announce] 20231016 [SECURITY] [DLA 3621-1] nghttp2 security update
- [debian-lts-announce] 20211017 [SECURITY] [DLA 2786-1] nghttp2 security update
- https://github.com/nghttp2/nghttp2/security/advisories/GHSA-q5wr-xfw9-q7xr
- https://github.com/nghttp2/nghttp2/commit/f8da73bd042f810f34d19f9eae02b46d870af394
- https://github.com/nghttp2/nghttp2/commit/336a98feb0d56b9ac54e12736b18785c27f75090
Closed bugs
Собрать версию v1.41.0, устраняющую CVE-2020-11080
Closed vulnerabilities
BDU:2021-01718
Уязвимость функции check_output из output.c SUID изолированной программной среды Firejail, связанная с отсутствием мер по нейтрализации специальных элементов, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2021-01721
Уязвимость функции check_output из output.c SUID изолированной программной среды Firejail, связанная с отсутствием мер по нейтрализации специальных элементов, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2019-12499
Firejail before 0.9.60 allows truncation (resizing to length 0) of the firejail binary on the host by running exploit code inside a firejail sandbox and having the sandbox terminated. To succeed, certain conditions need to be fulfilled: The jail (with the exploit code inside) needs to be started as root, and it also needs to be terminated as root from the host (either by stopping it ungracefully (e.g., SIGKILL), or by using the --shutdown control command). This is similar to CVE-2019-5736.
Modified: 2024-11-21
CVE-2019-12589
In Firejail before 0.9.60, seccomp filters are writable inside the jail, leading to a lack of intended seccomp restrictions for a process that is joined to the jail after a filter has been modified by an attacker.
- https://github.com/netblue30/firejail/commit/eecf35c2f8249489a1d3e512bb07f0d427183134
- https://github.com/netblue30/firejail/commit/eecf35c2f8249489a1d3e512bb07f0d427183134
- https://github.com/netblue30/firejail/issues/2718
- https://github.com/netblue30/firejail/issues/2718
- https://github.com/netblue30/firejail/releases/tag/0.9.60
- https://github.com/netblue30/firejail/releases/tag/0.9.60
- FEDORA-2020-0fb484d7f7
- FEDORA-2020-0fb484d7f7
- FEDORA-2020-7f6e0e6e00
- FEDORA-2020-7f6e0e6e00
Modified: 2024-11-21
CVE-2020-17367
Firejail through 0.9.62 does not honor the -- end-of-options indicator after the --output option, which may lead to command injection.
- openSUSE-SU-2020:1208
- openSUSE-SU-2020:1208
- https://github.com/netblue30/firejail
- https://github.com/netblue30/firejail
- [debian-lts-announce] 20200822 [SECURITY] [DLA 2336-1] firejail security update
- [debian-lts-announce] 20200822 [SECURITY] [DLA 2336-1] firejail security update
- FEDORA-2020-80a6d7e7e0
- FEDORA-2020-80a6d7e7e0
- FEDORA-2020-45fc8559d5
- FEDORA-2020-45fc8559d5
- GLSA-202101-02
- GLSA-202101-02
- https://www.debian.org/security/2020/dsa-4742
- https://www.debian.org/security/2020/dsa-4742
- DSA-4743
- DSA-4743
Modified: 2024-11-21
CVE-2020-17368
Firejail through 0.9.62 mishandles shell metacharacters during use of the --output or --output-stderr option, which may lead to command injection.
- openSUSE-SU-2020:1208
- openSUSE-SU-2020:1208
- https://github.com/netblue30/firejail/
- https://github.com/netblue30/firejail/
- [debian-lts-announce] 20200822 [SECURITY] [DLA 2336-1] firejail security update
- [debian-lts-announce] 20200822 [SECURITY] [DLA 2336-1] firejail security update
- FEDORA-2020-80a6d7e7e0
- FEDORA-2020-80a6d7e7e0
- FEDORA-2020-45fc8559d5
- FEDORA-2020-45fc8559d5
- GLSA-202101-02
- GLSA-202101-02
- DSA-4742
- DSA-4742
- DSA-4743
- DSA-4743