ALT-BU-2022-7534-1
Branch c9f2 update bulletin.
Closed vulnerabilities
BDU:2022-01453
Уязвимость файла valid.c библиотеки анализа XML-документов libxml2, связанная с использованием памяти после освобождения, позволяющая нарушителю выполнить произвольный код
BDU:2022-03033
Уязвимость компонентов buf.c и tree.c библиотеки libxml2, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
BDU:2022-06700
Уязвимость функции очистки объекта XML библиотеки анализа XML-документов libxml2, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2022-06701
Уязвимость функции xmlParseNameComplex() библиотеки анализа XML-документов libxml2, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2022-23308
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.
- 20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina
- 20220516 APPLE-SA-2022-05-16-4 Security Update 2022-004 Catalina
- 20220516 APPLE-SA-2022-05-16-1 iOS 15.5 and iPadOS 15.5
- 20220516 APPLE-SA-2022-05-16-1 iOS 15.5 and iPadOS 15.5
- 20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6
- 20220516 APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6
- 20220516 APPLE-SA-2022-05-16-5 watchOS 8.6
- 20220516 APPLE-SA-2022-05-16-5 watchOS 8.6
- 20220516 APPLE-SA-2022-05-16-6 tvOS 15.5
- 20220516 APPLE-SA-2022-05-16-6 tvOS 15.5
- 20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4
- 20220516 APPLE-SA-2022-05-16-2 macOS Monterey 12.4
- https://github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e
- https://github.com/GNOME/libxml2/commit/652dd12a858989b14eed4e84e453059cd3ba340e
- https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWS
- https://gitlab.gnome.org/GNOME/libxml2/-/blob/v2.9.13/NEWS
- [debian-lts-announce] 20220408 [SECURITY] [DLA 2972-1] libxml2 security update
- [debian-lts-announce] 20220408 [SECURITY] [DLA 2972-1] libxml2 security update
- FEDORA-2022-050c712ed7
- FEDORA-2022-050c712ed7
- GLSA-202210-03
- GLSA-202210-03
- https://security.netapp.com/advisory/ntap-20220331-0008/
- https://security.netapp.com/advisory/ntap-20220331-0008/
- https://support.apple.com/kb/HT213253
- https://support.apple.com/kb/HT213253
- https://support.apple.com/kb/HT213254
- https://support.apple.com/kb/HT213254
- https://support.apple.com/kb/HT213255
- https://support.apple.com/kb/HT213255
- https://support.apple.com/kb/HT213256
- https://support.apple.com/kb/HT213256
- https://support.apple.com/kb/HT213257
- https://support.apple.com/kb/HT213257
- https://support.apple.com/kb/HT213258
- https://support.apple.com/kb/HT213258
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
Modified: 2024-11-21
CVE-2022-29824
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.
- http://packetstormsecurity.com/files/167345/libxml2-xmlBufAdd-Heap-Buffer-Overflow.html
- http://packetstormsecurity.com/files/167345/libxml2-xmlBufAdd-Heap-Buffer-Overflow.html
- http://packetstormsecurity.com/files/169825/libxml2-xmlParseNameComplex-Integer-Overflow.html
- http://packetstormsecurity.com/files/169825/libxml2-xmlParseNameComplex-Integer-Overflow.html
- https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab
- https://gitlab.gnome.org/GNOME/libxml2/-/commit/2554a2408e09f13652049e5ffb0d26196b02ebab
- https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd
- https://gitlab.gnome.org/GNOME/libxml2/-/commit/6c283d83eccd940bcde15634ac8c7f100e3caefd
- https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14
- https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.9.14
- https://gitlab.gnome.org/GNOME/libxslt/-/tags
- https://gitlab.gnome.org/GNOME/libxslt/-/tags
- [debian-lts-announce] 20220516 [SECURITY] [DLA 3012-1] libxml2 security update
- [debian-lts-announce] 20220516 [SECURITY] [DLA 3012-1] libxml2 security update
- FEDORA-2022-9136d646e4
- FEDORA-2022-9136d646e4
- FEDORA-2022-f624aad735
- FEDORA-2022-f624aad735
- FEDORA-2022-be6d83642a
- FEDORA-2022-be6d83642a
- GLSA-202210-03
- GLSA-202210-03
- https://security.netapp.com/advisory/ntap-20220715-0006/
- https://security.netapp.com/advisory/ntap-20220715-0006/
- DSA-5142
- DSA-5142
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
Modified: 2024-11-21
CVE-2022-40303
An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault.
- 20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2
- 20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2
- 20221220 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2
- 20221220 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2
- 20221220 APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2
- 20221220 APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2
- 20221220 APPLE-SA-2022-12-13-7 tvOS 16.2
- 20221220 APPLE-SA-2022-12-13-7 tvOS 16.2
- 20221220 APPLE-SA-2022-12-13-8 watchOS 9.2
- 20221220 APPLE-SA-2022-12-13-8 watchOS 9.2
- https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0
- https://gitlab.gnome.org/GNOME/libxml2/-/commit/c846986356fc149915a74972bf198abc266bc2c0
- https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3
- https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3
- https://security.netapp.com/advisory/ntap-20221209-0003/
- https://security.netapp.com/advisory/ntap-20221209-0003/
- https://support.apple.com/kb/HT213531
- https://support.apple.com/kb/HT213531
- https://support.apple.com/kb/HT213533
- https://support.apple.com/kb/HT213533
- https://support.apple.com/kb/HT213534
- https://support.apple.com/kb/HT213534
- https://support.apple.com/kb/HT213535
- https://support.apple.com/kb/HT213535
- https://support.apple.com/kb/HT213536
- https://support.apple.com/kb/HT213536
Modified: 2024-11-21
CVE-2022-40304
An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked.
- 20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2
- 20221220 APPLE-SA-2022-12-13-2 iOS 15.7.2 and iPadOS 15.7.2
- 20221220 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2
- 20221220 APPLE-SA-2022-12-13-5 macOS Monterey 12.6.2
- 20221220 APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2
- 20221220 APPLE-SA-2022-12-13-6 macOS Big Sur 11.7.2
- 20221220 APPLE-SA-2022-12-13-7 tvOS 16.2
- 20221220 APPLE-SA-2022-12-13-7 tvOS 16.2
- 20221220 APPLE-SA-2022-12-13-8 watchOS 9.2
- 20221220 APPLE-SA-2022-12-13-8 watchOS 9.2
- https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b
- https://gitlab.gnome.org/GNOME/libxml2/-/commit/1b41ec4e9433b05bb0376be4725804c54ef1d80b
- https://gitlab.gnome.org/GNOME/libxml2/-/tags
- https://gitlab.gnome.org/GNOME/libxml2/-/tags
- https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3
- https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3
- https://security.netapp.com/advisory/ntap-20221209-0003/
- https://security.netapp.com/advisory/ntap-20221209-0003/
- https://support.apple.com/kb/HT213531
- https://support.apple.com/kb/HT213531
- https://support.apple.com/kb/HT213533
- https://support.apple.com/kb/HT213533
- https://support.apple.com/kb/HT213534
- https://support.apple.com/kb/HT213534
- https://support.apple.com/kb/HT213535
- https://support.apple.com/kb/HT213535
- https://support.apple.com/kb/HT213536
- https://support.apple.com/kb/HT213536
Closed vulnerabilities
BDU:2021-03716
Уязвимость модуля DBI языка программирования Perl, связанная с непроверенным возвращаемым значением, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-03727
Уязвимость функции dbd_db_login6_sv() интерпретатора языка программирования Perl, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-03728
Уязвимость компонента DBI интерпретатора языка программирования Perl, связанная с записью за границами буфера, позволяющая нарушителю нарушить целостность данных, а также вызвать отказ в обслуживании
BDU:2022-05974
Уязвимость модуля DBI интерфейса базы данных Perl DBI, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2014-10401
An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute.
- https://github.com/perl5-dbi/dbi/commit/caedc0d7d602f5b2ae5efc1b00f39efeafb7b05a
- https://github.com/perl5-dbi/dbi/commit/caedc0d7d602f5b2ae5efc1b00f39efeafb7b05a
- https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.632-9th-Nov-2014
- https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.632-9th-Nov-2014
- https://rt.cpan.org/Public/Bug/Display.html?id=99508
- https://rt.cpan.org/Public/Bug/Display.html?id=99508
- USN-4509-1
- USN-4509-1
Modified: 2024-11-21
CVE-2014-10402
An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401.
Modified: 2024-11-21
CVE-2019-20919
An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference.
- openSUSE-SU-2020:1620
- openSUSE-SU-2020:1620
- openSUSE-SU-2020:1628
- openSUSE-SU-2020:1628
- https://github.com/perl5-dbi/dbi/commit/eca7d7c8f43d96f6277e86d1000e842eb4cc67ff
- https://github.com/perl5-dbi/dbi/commit/eca7d7c8f43d96f6277e86d1000e842eb4cc67ff
- [debian-lts-announce] 20200928 [SECURITY] [DLA 2386-1] libdbi-perl security update
- [debian-lts-announce] 20200928 [SECURITY] [DLA 2386-1] libdbi-perl security update
- FEDORA-2020-f30298614a
- FEDORA-2020-f30298614a
- https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.643-...
- https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.643-...
- USN-4534-1
- USN-4534-1
Modified: 2024-11-21
CVE-2020-14392
An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability.
- openSUSE-SU-2020:1483
- openSUSE-SU-2020:1483
- openSUSE-SU-2020:1502
- openSUSE-SU-2020:1502
- https://bugzilla.redhat.com/show_bug.cgi?id=1877402
- https://bugzilla.redhat.com/show_bug.cgi?id=1877402
- [debian-lts-announce] 20200928 [SECURITY] [DLA 2386-1] libdbi-perl security update
- [debian-lts-announce] 20200928 [SECURITY] [DLA 2386-1] libdbi-perl security update
- FEDORA-2020-f30298614a
- FEDORA-2020-f30298614a
- https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.643
- https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.643
- USN-4503-1
- USN-4503-1
Modified: 2024-11-21
CVE-2020-14393
A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data.
- openSUSE-SU-2020:1483
- openSUSE-SU-2020:1483
- openSUSE-SU-2020:1502
- openSUSE-SU-2020:1502
- https://bugzilla.redhat.com/show_bug.cgi?id=1877409
- https://bugzilla.redhat.com/show_bug.cgi?id=1877409
- [debian-lts-announce] 20200928 [SECURITY] [DLA 2386-1] libdbi-perl security update
- [debian-lts-announce] 20200928 [SECURITY] [DLA 2386-1] libdbi-perl security update
- FEDORA-2020-f30298614a
- FEDORA-2020-f30298614a
- https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.643
- https://metacpan.org/pod/distribution/DBI/Changes#Changes-in-DBI-1.643
Package multipath-tools updated to version 0.9.3-alt2 for branch c9f2 in task 311773.
Closed vulnerabilities
BDU:2022-06669
Уязвимость программного обеспечения управления драйверами для организации многопутевого доступа multipath-tools, связанная с ошибками при управлении привилегиями, позволяющая нарушителю повысить свои привилегии до root-пользователя
Modified: 2024-11-21
CVE-2022-41973
multipath-tools 0.7.7 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited in conjunction with CVE-2022-41974. Local users able to access /dev/shm can change symlinks in multipathd due to incorrect symlink handling, which could lead to controlled file writes outside of the /dev/shm directory. This could be used indirectly for local privilege escalation to root.
- http://packetstormsecurity.com/files/169611/Leeloo-Multipath-Authorization-Bypass-Symlink-Attack.html
- http://packetstormsecurity.com/files/169611/Leeloo-Multipath-Authorization-Bypass-Symlink-Attack.html
- http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_with_perms-Race-Condition.html
- http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_with_perms-Race-Condition.html
- 20221208 Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328)
- 20221208 Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328)
- 20221030 Authorization bypass and symlink attack in multipathd (CVE-2022-41974 and CVE-2022-41973)
- 20221030 Authorization bypass and symlink attack in multipathd (CVE-2022-41974 and CVE-2022-41973)
- http://www.openwall.com/lists/oss-security/2022/10/24/2
- http://www.openwall.com/lists/oss-security/2022/10/24/2
- [oss-security] 20221130 Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328)
- [oss-security] 20221130 Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328)
- https://bugzilla.suse.com/show_bug.cgi?id=1202739
- https://bugzilla.suse.com/show_bug.cgi?id=1202739
- https://github.com/opensvc/multipath-tools/releases/tag/0.9.2
- https://github.com/opensvc/multipath-tools/releases/tag/0.9.2
- [debian-lts-announce] 20221229 [SECURITY] [DLA 3250-1] multipath-tools security update
- [debian-lts-announce] 20221229 [SECURITY] [DLA 3250-1] multipath-tools security update
- FEDORA-2022-6ec78b2586
- FEDORA-2022-6ec78b2586
- GLSA-202311-06
- GLSA-202311-06
- DSA-5366
- DSA-5366
- https://www.qualys.com/2022/10/24/leeloo-multipath/leeloo-multipath.txt
- https://www.qualys.com/2022/10/24/leeloo-multipath/leeloo-multipath.txt
Modified: 2024-11-21
CVE-2022-41974
multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root. This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR.
- http://packetstormsecurity.com/files/169611/Leeloo-Multipath-Authorization-Bypass-Symlink-Attack.html
- http://packetstormsecurity.com/files/169611/Leeloo-Multipath-Authorization-Bypass-Symlink-Attack.html
- http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_with_perms-Race-Condition.html
- http://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_with_perms-Race-Condition.html
- 20221208 Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328)
- 20221208 Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328)
- 20221030 Authorization bypass and symlink attack in multipathd (CVE-2022-41974 and CVE-2022-41973)
- 20221030 Authorization bypass and symlink attack in multipathd (CVE-2022-41974 and CVE-2022-41973)
- http://www.openwall.com/lists/oss-security/2022/10/24/2
- http://www.openwall.com/lists/oss-security/2022/10/24/2
- [oss-security] 20221130 Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328)
- [oss-security] 20221130 Race condition in snap-confine's must_mkdir_and_open_with_perms() (CVE-2022-3328)
- https://bugzilla.suse.com/show_bug.cgi?id=1202739
- https://bugzilla.suse.com/show_bug.cgi?id=1202739
- https://github.com/opensvc/multipath-tools/releases/tag/0.9.2
- https://github.com/opensvc/multipath-tools/releases/tag/0.9.2
- [debian-lts-announce] 20221229 [SECURITY] [DLA 3250-1] multipath-tools security update
- [debian-lts-announce] 20221229 [SECURITY] [DLA 3250-1] multipath-tools security update
- FEDORA-2022-6ec78b2586
- FEDORA-2022-6ec78b2586
- GLSA-202311-06
- GLSA-202311-06
- DSA-5366
- DSA-5366
- https://www.qualys.com/2022/10/24/leeloo-multipath/leeloo-multipath.txt
- https://www.qualys.com/2022/10/24/leeloo-multipath/leeloo-multipath.txt
Closed bugs
Обновление multipath-tools 0.9.3
Checker 'tur' not found in /usr/lib64/multipath
Closed bugs
libsgutils-devel: add libsgutils2.so for compatibility