LinuxQuestions.org - [Security] Mitigation & Patch

Page 11 of 23

Show 50 post(s) from this thread on one page

- Slackware (https://www.linuxquestions.org/questions/slackware-14/)

- - [Security] Mitigation & Patch (https://www.linuxquestions.org/questions/slackware-14/%5Bsecurity%5D-mitigation-and-patch-4175708118/)

marav

11-13-2022 09:09 AM

ffmpeg

CVE-2022-3964

Code:

A vulnerability classified as problematic has been found in ffmpeg. 

This affects an unknown part of the file libavcodec/rpzaenc.c of the 

component QuickTime RPZA Video Encoder. 

The manipulation of the argument y_size leads to out-of-bounds read. 

It is possible to initiate the attack remotely. 

The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. 

It is recommended to apply a patch to fix this issue. 

The associated identifier of this vulnerability is VDB-213543.

https://nvd.nist.gov/vuln/detail/CVE-2022-3964

Patch:
https://git.ffmpeg.org/gitweb/ffmpeg...a16c146bdaf984

CVE-2022-3965

Code:

A vulnerability classified as problematic was found in ffmpeg. 

This vulnerability affects the function smc_encode_stream of the file 

libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. 

The manipulation of the argument y_size leads to out-of-bounds read. 

The attack can be initiated remotely. 

The name of the patch is 13c13109759090b7f7182480d075e13b36ed8edd. 

It is recommended to apply a patch to fix this issue. 

The identifier of this vulnerability is VDB-213544.

https://nvd.nist.gov/vuln/detail/CVE-2022-3965

Patch:
https://git.ffmpeg.org/gitweb/ffmpeg...75e13b36ed8edd

marav

11-13-2022 04:27 PM

apr

CVE-2021-35940

Code:

An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 

release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence 

version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue.

https://www.cve.org/CVERecord?id=CVE-2021-35940

Patch:
https://svn.apache.org/viewvc?view=r...vision=1891198

marav

11-13-2022 04:39 PM

Quote:

Originally Posted by marav (Post 6377813)

libvncclient

CVE-2020-29260

Code:

libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup().

https://nvd.nist.gov/vuln/detail/CVE-2020-29260

[PATCH] libvncclient: free vncRec memory in rfbClientCleanup()
https://github.com/LibVNC/libvncserv...fbd757ec.patch

This one is still unfixed

marav

11-14-2022 05:19 AM

python-pillow

CVE-2022-45198

Code:

Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).

https://www.cve.org/CVERecord?id=CVE-2022-45198

CVE-2022-45199

Code:

Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.

https://www.cve.org/CVERecord?id=CVE-2022-45199

marav

11-14-2022 05:34 PM

CURL

Regression in 7.86.0

https://github.com/curl/curl/issues/9813
https://github.com/curl/curl/issues/9821

Patches:

noproxy: fix tail-matching

Code:

Also ignore trailing dots in both host name and comparison pattern.

Regression in 7.86.0 (from 1e9a538)

Extended test 1614 to verify better.

Reported-by: Henning Schild

Fixes #9821

Closes #9822

https://github.com/curl/curl/commit/...ff679fa888838b

noproxy: also match with adjacent comma

Code:

If the host name is an IP address and the noproxy string contained that

IP address with a following comma, it would erroneously not match.

Extended test 1614 to verify this combo as well.

Reported-by: Henning Schild

Fixes #9813

Closes #9814

https://github.com/curl/curl/commit/...791c9955182128

lazardo

11-15-2022 01:22 AM

Quote:

Originally Posted by Daedra (Post 6386400)

Understood, Your kernel SlackBuilds makes adding this patch a piece of cake anyway for us DIY'ers, so this is a non-issue for me personally. I am also slightly perplexed on why they haven't backported this yet given its simplicity and it does make a noticeable improvement under the right conditions.

Thanks for the consideration.

note: patch included in 6.0.8

5.15.63v3 is with processor_idle.c patch, 63v2 without, no other changes
kernel compile == 92.8 seconds vs 105, almost 15% gain.

'make clean; /usr/bin/time make -j16 bzImage'

recent zenbook pro (laptop), performance governor, mitigations=off

Code:

###

Kernel: arch/x86/boot/bzImage is ready  (#17)

1149.70user 116.45system 1:33.26elapsed 1357%CPU (0avgtext+0avgdata 337928maxresident)k

199296inputs+1139240outputs (1630major+39558843minor)pagefaults 0swaps

Linux zen 5.15.63v3 #16 SMP PREEMPT Mon Nov 14 20:35:58 PST 2022 x86_64 AMD Ryzen 9 5900HX with Radeon Graphics AuthenticAMD GNU/Linux



Kernel: arch/x86/boot/bzImage is ready  (#19)

1130.75user 112.22system 1:31.10elapsed 1364%CPU (0avgtext+0avgdata 338044maxresident)k

128424inputs+1139208outputs (1560major+39560793minor)pagefaults 0swaps

Linux zen 5.15.63v3 #16 SMP PREEMPT Mon Nov 14 20:35:58 PST 2022 x86_64 AMD Ryzen 9 5900HX with Radeon Graphics AuthenticAMD GNU/Linux



Kernel: arch/x86/boot/bzImage is ready  (#20)

1129.37user 112.11system 1:31.04elapsed 1363%CPU (0avgtext+0avgdata 337964maxresident)k

0inputs+1139240outputs (1434major+39553868minor)pagefaults 0swaps

Linux zen 5.15.63v3 #16 SMP PREEMPT Mon Nov 14 20:35:58 PST 2022 x86_64 AMD Ryzen 9 5900HX with Radeon Graphics AuthenticAMD GNU/Linux



###

Kernel: arch/x86/boot/bzImage is ready  (#18)

1213.51user 118.30system 1:42.06elapsed 1304%CPU (0avgtext+0avgdata 337916maxresident)k

99216inputs+1139232outputs (1374major+39553967minor)pagefaults 0swaps

Linux zen 5.15.63v2 #15 SMP PREEMPT Mon Nov 14 11:00:16 PST 2022 x86_64 AMD Ryzen 9 5900HX with Radeon Graphics AuthenticAMD GNU/Linux



Kernel: arch/x86/boot/bzImage is ready  (#21)

1199.79user 115.20system 1:47.08elapsed 1228%CPU (0avgtext+0avgdata 337904maxresident)k

201960inputs+1139240outputs (1546major+39553843minor)pagefaults 0swaps

Linux zen 5.15.63v2 #15 SMP PREEMPT Mon Nov 14 11:00:16 PST 2022 x86_64 AMD Ryzen 9 5900HX with Radeon Graphics AuthenticAMD GNU/Linux



Kernel: arch/x86/boot/bzImage is ready  (#22)

1195.48user 115.14system 1:46.02elapsed 1236%CPU (0avgtext+0avgdata 338056maxresident)k

0inputs+1139232outputs (1342major+39553005minor)pagefaults 0swaps

Linux zen 5.15.63v2 #15 SMP PREEMPT Mon Nov 14 11:00:16 PST 2022 x86_64 AMD Ryzen 9 5900HX with Radeon Graphics AuthenticAMD GNU/Linux

marav

11-15-2022 01:23 PM

Quote:

Originally Posted by marav (Post 6391217)

python3

Code:

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists

in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, 

unreasonably long name being presented to the decoder could lead to a CPU denial of service. 

Hostnames are often supplied by remote servers that could be controlled by a malicious actor; 

in such a scenario, they could trigger excessive CPU consumption on the client attempting to 

make use of an attacker-supplied supposed hostname. For example, the attack payload could be 

placed in the Location header of an HTTP response with status code 302.

https://www.cve.org/CVERecord?id=CVE-2022-45061

A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.

patch for 3.9 serie:
https://github.com/python/cpython/co...8f71b46806605c

Didier Spaier

11-15-2022 02:57 PM

GRUB

Quoting https://lists.gnu.org/archive/html/g.../msg00059.html below:

Quote:

From: Daniel Kiper
Subject: [SECURITY PATCH 00/13] Multiple GRUB2 vulnerabilities - 2022/11/15
Date: Tue, 15 Nov 2022 19:00:20 +0100

Hi all, This patch set contains a bundle of fixes for various security flaws discovered in the GRUB2 font code during last few months. The most severe ones, i.e. potentially exploitable, have CVEs assigned and are listed at the end of this email. Details of exactly what needs updating will be provided by the respective distros and vendors when updates become available. Here [1] we are listing at least some links to the messaging known at the time of this posting.

If/how to apply this patch set is is up to Patrick. For Slint I have put this in the SlackBuild:

Code:

COMMIT="15146788"

...

rm -rf grub

git clone https://git.savannah.gnu.org/git/grub.git

cd grub

git checkout $COMMIT || exit 1

The last commit of the patch set being: https://git.savannah.gnu.org/gitweb/...b7ff769edd1e9c

Please note that for people allowing installation with Secure Boot enabled reading the full message from Daniel Kiper is necessary.

PS. The source for the package I have built is available in https://slackware.uk/slint/x86_64/sl...0/source/grub/ and the package in https://slackware.uk/slint/x86_64/slint-15.0/slint/

marav

11-16-2022 12:20 PM

Plasma-framework 5.100

Code:

Some plasma elements are drawn way too big after upgrade to Frameworks 5.100

https://bugs.kde.org/show_bug.cgi?id=461682

Patch:

Code:

svgitem: do not upscale svg when using fractional scaling



BUG: 461682

FIXED-IN: 5.101

https://invent.kde.org/frameworks/pl...3fce7c47e3d8b2

marav

11-17-2022 02:05 PM

Pipewire 0.3.60

alsa: force playback start when buffer is full

Code:

When we try to play data but the ringbuffer is full, we need to start

the device or else we will stay in this situation forever and stay

silent.

Patch:
https://gitlab.freedesktop.org/pipew...68da95bf59b59e

audioadapter: perform setup again after a PortConfig

Code:

After the ports are reconfigured, we need to perform the setup again so

that buffers and processing can happen with the right settings.



This fixes an issue when autoswitching between A2DP and HFP with

bluetooth headsets when there is also a stereo capture device available.

The input stream of the browser is quickly reconfigured between stereo

and mono with only a Pause command in between, clearing the setup state

is enough to redo the setup when going back to Playing.

Patch:
https://gitlab.freedesktop.org/pipew...53f23964178897

marav

11-18-2022 02:40 PM

Quote:

Originally Posted by marav (Post 6391218)

qt: wayland

The issue (for which I am also concerned)

Code:

plasmashell crashes when hovering or clicking items on the Panel

The full story:
https://bugs.kde.org/show_bug.cgi?id=447717

[PATCH] Client: Ensure that wl_surface lives as long as qtquick render thread needs it

Code:

wl_surface can be destroyed while qtquick render thread still uses it.

That can end up in eglSwapBuffers() using defunct wl_surface, which will

eventually lead to a crash due to the compositor posting an error.

https://invent.kde.org/qt/qt/qtwayla...e203daae044d81

Code:

Nate Graham <nate@kde.org> changed:



          What    |Removed                    |Added

----------------------------------------------------------------------------

  Version Fixed In|                            |5.26.4

shell: Use the basic scene graph rendering loop on wayland

Code:

This avoids crashing Plasma when a surface gets destroyed too early

while still in use by the threaded loop. To avoid leaking things into

child processes, we clear the environment variable again after we've

created the initial views for the shell.

Commit:
https://invent.kde.org/plasma/plasma...4c8e238c935dc2

marav

11-21-2022 07:34 AM

xdg-utils

CVE-2022-4055

Code:

When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead 

to additional headers being passed to thunderbird that should not be included per RFC 2368. 

An attacker can use this method to create a mailto URL that looks safe to users, but will actually attach

files when clicked.

https://www.cve.org/CVERecord?id=CVE-2022-4055

marav

11-22-2022 11:54 AM

libarchive

CVE-2022-36227

Code:

In libarchive 3.6.1, the software does not check for an error after calling calloc function 

that can return with a NULL pointer if the function fails, which leads to a resultant NULL 

pointer dereference or, in some cases, even arbitrary code execution.

https://www.cve.org/CVERecord?id=CVE-2022-36227

Patch:
https://github.com/libarchive/libarc...732a10ad8cd024

marav

11-23-2022 02:57 AM

libxml2

CVE-2022-40303

Code:

An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML 

document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. 

This results in an attempt to access an array at a negative 2GB offset, typically leading to 

a segmentation fault.

https://www.cve.org/CVERecord?id=CVE-2022-40303

Patch:
https://gitlab.gnome.org/GNOME/libxm...198abc266bc2c0

CVE-2022-40304

Code:

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity 

definitions can corrupt a hash table key, potentially leading to subsequent 

logic errors. In one case, a double-free can be provoked.

https://www.cve.org/CVERecord?id=CVE-2022-40304

Patch:
https://gitlab.gnome.org/GNOME/libxm...5804c54ef1d80b

https://gitlab.gnome.org/GNOME/libxml2/-/tags/v2.10.3

nobodino

11-24-2022 01:21 AM

make

make-4.4 is affected by a bug see: https://savannah.gnu.org/bugs/?63307

solved in LFS, see https://www.linuxfromscratch.org/lfs...#ch-tools-make

Code:

sed -e '/ifdef SIGPIPE/,+2 d' \

    -e '/undef  FATAL_SIG/i FATAL_SIG (SIGPIPE);' \

    -i src/main.c

either by a patch:

Code:

commit 0370a7a40fe9523ea334dcb8a2a60f1418595b49

Author: Dmitry Goncharov <dgoncharov@users.sf.net>

Date:  Sun Nov 6 07:36:26 2022 -0500



    [SV 63307] Spawn children with the default disposition of sigpipe.

    

    * src/main.c (main): Set sigpipe disposition to a handler, rather than

    SIG_IGN, in order for children to have the default sigpipe disposition.

    * tests/scripts/misc/sigpipe: Add sigpipe tests.



diff --git a/src/main.c b/src/main.c

index eec93656..d8857696 100644

--- a/src/main.c

+++ b/src/main.c

@@ -1152,6 +1152,15 @@ temp_stdin_unlink ()

    }

 }

 

+#ifdef SIGPIPE

+static void

+handle_sigpipe (int sig)

+{

+  /* Suppress unused variable warning.  */

+  sig = sig;

+}

+#endif

+

 #ifdef _AMIGA

 int

 main (int argc, char **argv)

@@ -1182,9 +1191,15 @@ main (int argc, char **argv, char **envp)

  /* Useful for attaching debuggers, etc.  */

  SPIN ("main-entry");

 

-  /* Don't die if our stdout sends us SIGPIPE.  */

+  /* Don't die if our stdout sends us SIGPIPE to get temporary files removed.

+  * If make has inherited SIG_IGN, keep running with SIG_IGN to let make's

+  * children inherit SIG_IGN.

+  * Othwerwise, set sigpipe disposition to a handler, in order for children to

+  * have the default sigpipe disposition.  */

+

 #ifdef SIGPIPE

-  bsd_signal (SIGPIPE, SIG_IGN);

+  if (bsd_signal (SIGPIPE, handle_sigpipe) == SIG_IGN)

+    bsd_signal (SIGPIPE, SIG_IGN);

 #endif

 

 #ifdef HAVE_ATEXIT

All times are GMT -5. The time now is 10:33 AM.

Page 11 of 23

« First

Last »

Show 50 post(s) from this thread on one page