LinuxQuestions.org
Page 13 of 23 « First 31112 13 1415 Last »
Show 50 post(s) from this thread on one page

LinuxQuestions.org (/questions/)
-   Slackware (https://www.linuxquestions.org/questions/slackware-14/)
-   -   [Security] Mitigation & Patch (https://www.linuxquestions.org/questions/slackware-14/%5Bsecurity%5D-mitigation-and-patch-4175708118/)

GazL 12-08-2022 12:01 PM
Quote:
Originally Posted by volkerdi (Post 6396575)
Yes, and given that this is the offending code,
Code:
struct archive_write_filter *f;
f = calloc(1, sizeof(*f));
f->archive = _a;
... I seriously doubt that calloc() would fail to find the space for a single structure, and if it does, then I'd suggest your system health has far bigger issues to worry about than a NULL pointer deref that will trigger a SEGFAULT.

Always best to check your return values, but this really doesn't look CVE worthy.

marav 12-12-2022 02:39 AM
Pipewire 0.3.62

[PATCH] audioconvert: fix distorted audio on AVX2
https://gitlab.freedesktop.org/pipew...d17a4ad6.patch

marav 12-12-2022 06:36 AM
SQLite

CVE-2022-46908
Code:
SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly
implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.
https://www.cve.org/CVERecord?id=CVE-2022-46908

marav 12-14-2022 05:21 AM
Xorg & Xwayland

Code:
X.Org Server 21.1.5 was released overnight for a new batch of security vulnerabilities:
CVE-2022-46340, CVE-2022-46341, CVE-2022-46342, CVE-2022-46343, CVE-2022-46344, and CVE-2022-4283.

Similarly, XWayland 22.1.6 is out for mitigating much of the same security issues:
CVE-2022-46340, CVE-2022-46341, CVE-2022-46342, CVE-2022-46343, CVE-2022-46344, and CVE-2022-4283.
https://www.phoronix.com/news/X.Org-Server-Holiday-2022

marav 12-16-2022 06:21 PM
SDL 1.2

CVE-2021-33657
Code:
There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions.
By crafting a malicious .BMP file, an attacker can cause the application using this library to crash,
denial of service or Code execution.
https://www.cve.org/CVERecord?id=CVE-2021-33657

Code:
Always create a full 256-entry map in case color values are out of range
Fixes libsdl-org/SDL#5042

Backport of CVE-2021-33657 fix from SDL2
https://github.com/libsdl-org/SDL-1....3141e5f0481ae6

marav 12-20-2022 11:56 AM
Dolphin

Revert "portalize drag urls"
Code:
This reverts commit 8d7e600f.

While this revert unfortunately removes Dolphin's ability to copy to
sandboxed applications, the bugs being temporarily fixed by this seem
more important. See the bugs mentioned below for details.

Especially copy-pasting needs to work flawlessly for an application
like Dolphin. After the revert this will either work correctly or – in
the case of sandboxed applications – not at all.
https://invent.kde.org/system/dolphin/-/commit/c8aed8ac

volkerdi 12-20-2022 02:23 PM
Quote:
Originally Posted by marav (Post 6397412)
SQLite

CVE-2022-46908
Code:
SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly
implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.
https://www.cve.org/CVERecord?id=CVE-2022-46908
From the SQLite Forum:

Quote:
(8) By Larry Brasfield (larrybr) on 2022-12-16 01:09:04 in reply to 6 [link] [source]

Keith's prediction on the next release timing is about right, or maybe not. Releases are always dependent upon satisfactory testing, branch coverage results, and a trial period where interested users can try pre-release versions.

The fix mentioned above is on the trunk branch and will therefore appear in the next release. And, as mentioned, it is always available from the repository.

As others have mentioned, this is not considered a serious bug. The intention behind the feature, which was not quite met due to that bug, is to allow people who get CLI scripts from others, who may not fully trust those others, to run the scripts without having to study them for untoward side-effects.

There are few, if any, people outside of the SQLite development team who have reason to be running strange CLI scripts. The -safe feature arose for their convenience. It was nearly an unpublished feature. Those who run strange CLI scripts, or any other kind of code from outside, non-vetted sources, assume the risk flowing from do so. This is a very different sort of risk than is presented by exploitable malfunctions in the core SQLite library. Calling this one a "CVE" is yet another degradation of the CVE system's value.

marav 12-27-2022 10:57 AM
Pipewire 0.3.63

Issue:
Pipewire or wireplumber not remember last routing
https://gitlab.freedesktop.org/pipew.../-/issues/2893
Patch:
alsa: don´t set -1 as node.target
Code:
Leave the target unset when -1, just like what pw-stream does.
https://gitlab.freedesktop.org/pipew...724c4fa968f75c


Issue:
No HSP/HFP profiles detected on a specific bluetooth device, after a recent update
https://gitlab.freedesktop.org/pipew.../-/issues/2898
Patch:
bluez5: backend-native: fix missing brace in CIND reply
Code:
It should look like ...,("battchg,(0-5)) not ...,"battchg",(0-5))
https://gitlab.freedesktop.org/pipew...60bebcb628e298

marav 12-29-2022 12:33 PM
KScreen

Issue:
Code:
Crash after reverting display settings
https://bugs.kde.org/show_bug.cgi?id=463485

Patch:
Fix kcm crash after revert timer reaches timeout
Code:
load() was called twice and cause use-after-free.
https://invent.kde.org/plasma/kscree...64a0c9af2e9ac4

marav 01-04-2023 02:39 PM
Vim

CVE-2023-0049
Code:
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143.
https://www.cve.org/CVERecord?id=CVE-2023-0049

CVE-2023-0051
Code:
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144.
https://www.cve.org/CVERecord?id=CVE-2023-0051

volkerdi 01-04-2023 03:43 PM
Quote:
Originally Posted by marav (Post 6402234)
Vim

CVE-2023-0049
Code:
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143.
https://www.cve.org/CVERecord?id=CVE-2023-0049

CVE-2023-0051
Code:
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144.
https://www.cve.org/CVERecord?id=CVE-2023-0051
Not to go off on a rant here, but this first one is, in my humble opinion, a bug rather than a security issue.

The second one is described in the CVE as a "Heap-based Buffer Overflow" but looking at the commit is another (similar) pedestrian out of bounds read, and also is not a security issue.

It's hard to know what to do with things like this. Guess that's what happens when you pay CVE bounties and people fuzz the heck out of something looking for the low hanging fruit.

marav 01-04-2023 03:53 PM
Quote:
Originally Posted by volkerdi (Post 6402244)
Not to go off on a rant here, but this first one is, in my humble opinion, a bug rather than a security issue.

The second one is described in the CVE as a "Heap-based Buffer Overflow" but looking at the commit is another (similar) pedestrian out of bounds read, and also is not a security issue.

It's hard to know what to do with things like this. Guess that's what happens when you pay CVE bounties and people fuzz the heck out of something looking for the low hanging fruit.
As it's not the first not, and probably not the last
The best thing to do, then, is to leave the Vim CVEs aside, and let you upgrade from time to time

marav 01-05-2023 06:59 PM
php 7.4.33

CVE-2022-31631

Others seem to have applied this patch on 7.x because there will be no other release
https://gitweb.gentoo.org/repo/gento...6fc8531576f32e

Patch:
Fix #81740: PDO::quote() may return unquoted string
https://github.com/php/php-src/commi...3f46ae3d8bacba

marav 01-06-2023 07:18 PM
libX11 1.8.3

Revert "Update XPutBackEvent() to support clients that put back unpadded events"
Code:
This reverts commit d6d6cba9.

The reverted commit intended to fix the problem where an unpadded X
event struct is passed into XPutBackEvent, by creating a padded struct
with _XEventToWire and _XWireToEvent. However, _XWireToEvent updates the
last sequence number in Display, which may cause xlib to complain about
lost sequence numbers.

IMO, the problem that commit tried to solve is a bug in the client
library, and workaround it inside Xlib is bad practice, especially given
the problem it caused. Plus, the offender cited in the original commit
message, freeglut, has already fixed this problem.

Fixes: #176 #174
https://gitlab.freedesktop.org/xorg/...fe2c47f0e56dee

marav 01-09-2023 05:24 AM
KIO 5.101.0

Bug:
Code:
Filter field in save dialog after kio 5.101 is empty
https://bugs.kde.org/show_bug.cgi?id=463309

Patch:
Code:
Restore old behavior for KFileFilterCombo::setFilter
https://invent.kde.org/frameworks/ki...c801571f.patch


All times are GMT -5. The time now is 10:27 PM.
Page 13 of 23 « First 31112 13 1415 Last »
Show 50 post(s) from this thread on one page