ALT-BU-2024-14274-1
Branch c9f2 update bulletin.
Closed vulnerabilities
BDU:2021-01447
Уязвимость функции dns_parse_callback в network/lookup_name.c библиотеки для языка Си для операционных систем на основе ядра операционных систем Linux Musl, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2021-01480
Уязвимость директории math/i386/ библиотеки языка С для операционных систем на основе ядра операционных систем Linux Musl, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
BDU:2022-05187
Уязвимость функции wcsnrtombs библиотеки для языка Си для операционных систем на основе ядра операционных систем Linux Musl, позволяющая нарушителю вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2015-1817
Stack-based buffer overflow in the inet_pton function in network/inet_pton.c in musl libc 0.9.15 through 1.0.4, and 1.1.0 through 1.1.7 allows attackers to have unspecified impact via unknown vectors.
Modified: 2024-11-21
CVE-2016-8859
Multiple integer overflows in the TRE library and musl libc allow attackers to cause memory corruption via a large number of (1) states or (2) tags, which triggers an out-of-bounds write.
- openSUSE-SU-2020:0554
- openSUSE-SU-2020:0554
- [oss-security] 20161018 CVE Request - TRE & musl libc regex integer overflows in buffer size computations
- [oss-security] 20161018 CVE Request - TRE & musl libc regex integer overflows in buffer size computations
- [oss-security] 20161029 Re: CVE Request - TRE & musl libc regex integer overflows in buffer size computations
- [oss-security] 20161029 Re: CVE Request - TRE & musl libc regex integer overflows in buffer size computations
- 93795
- 93795
- GLSA-201701-11
- GLSA-201701-11
- GLSA-202007-43
- GLSA-202007-43
Modified: 2024-11-21
CVE-2017-15650
musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query.
- http://git.musl-libc.org/cgit/musl/commit/?id=45ca5d3fcb6f874bf5ba55d0e9651cef68515395
- http://git.musl-libc.org/cgit/musl/commit/?id=45ca5d3fcb6f874bf5ba55d0e9651cef68515395
- http://git.musl-libc.org/cgit/musl/tree/WHATSNEW
- http://git.musl-libc.org/cgit/musl/tree/WHATSNEW
- http://openwall.com/lists/oss-security/2017/10/19/5
- http://openwall.com/lists/oss-security/2017/10/19/5
Modified: 2024-11-21
CVE-2019-14697
musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code.
- [oss-security] 20190806 Re: [musl] CVE request: musl libc 1.1.23 and earlier x87 float stack imbalance
- [oss-security] 20190806 Re: [musl] CVE request: musl libc 1.1.23 and earlier x87 float stack imbalance
- GLSA-202003-13
- GLSA-202003-13
- https://www.openwall.com/lists/musl/2019/08/06/1
- https://www.openwall.com/lists/musl/2019/08/06/1
Modified: 2024-11-21
CVE-2020-28928
In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow).
- http://www.openwall.com/lists/oss-security/2020/11/20/4
- http://www.openwall.com/lists/oss-security/2020/11/20/4
- [apisix-notifications] 20210428 [GitHub] [apisix-docker] starsz merged pull request #166: fix: upgrade alpine version due to CVE-2020-28928
- [apisix-notifications] 20210428 [GitHub] [apisix-docker] starsz merged pull request #166: fix: upgrade alpine version due to CVE-2020-28928
- [apisix-notifications] 20210428 [apisix-docker] branch master updated: fix: upgrade alpine version due to CVE-2020-28928 (#166)
- [apisix-notifications] 20210428 [apisix-docker] branch master updated: fix: upgrade alpine version due to CVE-2020-28928 (#166)
- [apisix-notifications] 20210428 [GitHub] [apisix-docker] tao12345666333 opened a new pull request #166: fix: upgrade alpine version due to CVE-2020-28928
- [apisix-notifications] 20210428 [GitHub] [apisix-docker] tao12345666333 opened a new pull request #166: fix: upgrade alpine version due to CVE-2020-28928
- [debian-lts-announce] 20201130 [SECURITY] [DLA 2474-1] musl security update
- [debian-lts-announce] 20201130 [SECURITY] [DLA 2474-1] musl security update
- FEDORA-2021-0cf36f9134
- FEDORA-2021-0cf36f9134
- FEDORA-2021-4892dbbf76
- FEDORA-2021-4892dbbf76
- https://musl.libc.org/releases.html
- https://musl.libc.org/releases.html
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
Closed bugs
/lib/ld-musl-x86_64.so.1 is a broken symlink on merged-usr
Closed vulnerabilities
Modified: 2024-11-21
CVE-2020-27207
Zetetic SQLCipher 4.x before 4.4.1 has a use-after-free, related to sqlcipher_codec_pragma and sqlite3Strlen30 in sqlite3.c. A remote denial of service attack can be performed. For example, a SQL injection can be used to execute the crafted SQL command sequence. After that, some unexpected RAM data is read.
- https://github.com/sqlcipher/sqlcipher/compare/v4.4.0...v4.4.1
- https://github.com/sqlcipher/sqlcipher/compare/v4.4.0...v4.4.1
- https://www.telekom.com/en/corporate-responsibility/data-protection-data-security/security/details/advisories-504842
- https://www.telekom.com/en/corporate-responsibility/data-protection-data-security/security/details/advisories-504842
- https://www.telekom.com/resource/blob/612796/9f221708832a465f03585a45d7f59b45/dl-201112-denial-of-serviceen-data.pdf
- https://www.telekom.com/resource/blob/612796/9f221708832a465f03585a45d7f59b45/dl-201112-denial-of-serviceen-data.pdf
Modified: 2024-11-21
CVE-2021-3119
Zetetic SQLCipher 4.x before 4.4.3 has a NULL pointer dereferencing issue related to sqlcipher_export in crypto.c and sqlite3StrICmp in sqlite3.c. This may allow an attacker to perform a remote denial of service attack. For example, an SQL injection can be used to execute the crafted SQL command sequence, which causes a segmentation fault.
- https://github.com/sqlcipher/sqlcipher/commit/cb71f53e8cea4802509f182fa5bead0ac6ab0e7f#diff-9305215a9a0ea69300281fc4af90bc7f3437e34a0e1745d030213152993ddae4
- https://github.com/sqlcipher/sqlcipher/commit/cb71f53e8cea4802509f182fa5bead0ac6ab0e7f#diff-9305215a9a0ea69300281fc4af90bc7f3437e34a0e1745d030213152993ddae4
- https://www.telekom.com/resource/blob/621186/3fb50ca7a4a97728be18717ed7b0062c/dl-210308-critical-dos-vulnerability-in-sqlcipher-sql-command-processing-data.pdf
- https://www.telekom.com/resource/blob/621186/3fb50ca7a4a97728be18717ed7b0062c/dl-210308-critical-dos-vulnerability-in-sqlcipher-sql-command-processing-data.pdf
Package mini_httpd updated to version 1.30-alt1 for branch c9f2 in task 359754.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2009-4490
mini_httpd 1.19 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.
- 20100110 Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection
- 20100110 Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection
- http://www.ush.it/team/ush/hack_httpd_escape/adv.txt
- http://www.ush.it/team/ush/hack_httpd_escape/adv.txt
Modified: 2024-11-21
CVE-2015-1548
mini_httpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string, which triggers an incorrect response size calculation and an out-of-bounds read.
Modified: 2024-11-21
CVE-2017-17663
The htpasswd implementation of mini_httpd before v1.28 and of thttpd before v2.28 is affected by a buffer overflow that can be exploited remotely to perform code execution.