Adélie Package Tree issueshttps://git.adelielinux.org/adelie/packages/-/issues2024-03-19T22:02:05Zhttps://git.adelielinux.org/adelie/packages/-/issues/1161user/minizip: CVE-2023-45853: MiniZip in zlib through 1.3 has an integer over...2024-03-19T22:02:05ZZach van Rijnuser/minizip: CVE-2023-45853: MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64As of writing, we are at `1.2.13` in `1.0-BETA5`. Latest is `1.3` but still has a vulnerability:
| Name | Description ...As of writing, we are at `1.2.13` in `1.0-BETA5`. Latest is `1.3` but still has a vulnerability:
| Name | Description |
|----------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| CVE-2023-45853 | MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename, comment, or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version, and exposes the applicable MiniZip code through its compress API. |
Upstream patch:
* https://github.com/madler/zlib/commit/73331a6a0481067628f065ffe87bb1d8f787d10c.patchhttps://git.adelielinux.org/adelie/packages/-/issues/1160user/aspell: multiple vulnerabilities2024-01-09T13:37:37ZZach van Rijnuser/aspell: multiple vulnerabilitiesWe are at `0.60.8` as of the `1.0-BETA5` tag. Latest available is `0.60.8.1`:
| Name | Description ...We are at `0.60.8` as of the `1.0-BETA5` tag. Latest available is `0.60.8.1`:
| Name | Description |
|----------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| CVE-2019-25051 | objstack in GNU Aspell 0.60.8 has a heap-based buffer overflow in acommon::ObjStack::dup_top (called from acommon::StringMap::add and acommon::Config::lookup_list). |
| CVE-2019-20433 | libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELL_CONF environment variable. |
| CVE-2019-17544 | libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in acommon::unescape in common/getdata.cpp via an isolated \ character. |
The release notes look like there's a typo (`0.68.8` vs. `0.60.8`):
```
From: Kevin Atkinson
Date: Tue, 19 Dec 2023
Subject: Aspell 0.60.8.1 Now Available
GNU Aspell 0.60.8.1 is now available at:
ftp://ftp.gnu.org/gnu/aspell/aspell-0.60.8.1.tar.gz
Changes from 0.68.8 to 0.68.8.1:
* Fix memory leak in suggestion code introduced in 0.60.8.
* Various documentation fixes.
* Fix various warnings when compiling with -Wall.
* Fix two buffer overflows found by Google’s OSS-Fuzz.
* Other minor updates.
```https://git.adelielinux.org/adelie/packages/-/issues/1159user/apr-util: CVE-2022-25147: Integer Overflow or Wraparound vulnerability i...2024-01-09T13:37:37ZZach van Rijnuser/apr-util: CVE-2022-25147: Integer Overflow or Wraparound vulnerability in apr_base64 functionsWe are at `1.6.1` as of the `1.0-BETA5` tag, latest is `1.6.3`:
| Name | Description |
|----------------|------------------------------------------------------------------...We are at `1.6.1` as of the `1.0-BETA5` tag, latest is `1.6.3`:
| Name | Description |
|----------------|--------------------------------------------------------------------|
| CVE-2022-25147 | Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions. |
Reference: https://downloads.apache.org/apr/CHANGES-APR-UTIL-1.6
```
Changes with APR-util 1.6.2
*) SECURITY: CVE-2022-25147 (cve.mitre.org)
Integer Overflow or Wraparound vulnerability in apr_base64 functions
of Apache Portable Runtime Utility (APR-util) allows an attacker to
write beyond bounds of a buffer.
```https://git.adelielinux.org/adelie/packages/-/issues/1158user/apr: multiple vulnerabilities2024-01-09T13:37:37ZZach van Rijnuser/apr: multiple vulnerabilitiesWe are at `1.7.0` as of `1.0-BETA5` tag. Latest available is `1.7.4`.
| Name | Description ...We are at `1.7.0` as of `1.0-BETA5` tag. Latest available is `1.7.4`.
| Name | Description |
|----------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| CVE-2022-24963 | Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime (APR) version 1.7.0. |
| CVE-2021-35940 | An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue. |
The third CVE is Windows-specific.
Reference: https://downloads.apache.org/apr/CHANGES-APR-1.7
```
Changes for APR 1.7.1
*) SECURITY: CVE-2022-24963 (cve.mitre.org)
Integer Overflow or Wraparound vulnerability in apr_encode functions of
Apache Portable Runtime (APR) allows an attacker to write beyond bounds
of a buffer.
*) SECURITY: CVE-2022-28331 (cve.mitre.org)
On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond
the end of a stack based buffer in apr_socket_sendv(). This is a result
of integer overflow.
*) SECURITY: CVE-2021-35940 (cve.mitre.org)
Restore fix for out-of-bounds array dereference in apr_time_exp*() functions.
(This issue was addressed as CVE-2017-12613 in APR 1.6.3 and
later 1.6.x releases, but was missing in 1.7.0.) [Stefan Sperling]
```https://git.adelielinux.org/adelie/packages/-/issues/1157user/apache-httpd: multiple vulnerabilities2024-01-09T13:37:37ZZach van Rijnuser/apache-httpd: multiple vulnerabilitiesReference: https://downloads.apache.org/httpd/CHANGES_2.4.58
```
Changes with Apache 2.4.58
*) SECURITY: CVE-2023-45802: Apache HTTP Server: HTTP/2 stream
memory not reclaimed right away on RST (cve.mitre.org)
When a HTTP/2...Reference: https://downloads.apache.org/httpd/CHANGES_2.4.58
```
Changes with Apache 2.4.58
*) SECURITY: CVE-2023-45802: Apache HTTP Server: HTTP/2 stream
memory not reclaimed right away on RST (cve.mitre.org)
When a HTTP/2 stream was reset (RST frame) by a client, there
was a time window were the request's memory resources were not
reclaimed immediately. Instead, de-allocation was deferred to
connection close. A client could send new requests and resets,
keeping the connection busy and open and causing the memory
footprint to keep on growing. On connection close, all resources
were reclaimed, but the process might run out of memory before
that.
This was found by the reporter during testing of CVE-2023-44487
(HTTP/2 Rapid Reset Exploit) with their own test client. During
"normal" HTTP/2 use, the probability to hit this bug is very
low. The kept memory would not become noticeable before the
connection closes or times out.
Users are recommended to upgrade to version 2.4.58, which fixes
the issue.
Credits: Will Dormann of Vul Labs
*) SECURITY: CVE-2023-43622: Apache HTTP Server: DoS in HTTP/2 with
initial windows size 0 (cve.mitre.org)
An attacker, opening a HTTP/2 connection with an initial window
size of 0, was able to block handling of that connection
indefinitely in Apache HTTP Server. This could be used to
exhaust worker resources in the server, similar to the well
known "slow loris" attack pattern.
This has been fixed in version 2.4.58, so that such connection
are terminated properly after the configured connection timeout.
This issue affects Apache HTTP Server: from 2.4.55 through
2.4.57.
Users are recommended to upgrade to version 2.4.58, which fixes
the issue.
Credits: Prof. Sven Dietrich (City University of New York)
*) SECURITY: CVE-2023-31122: mod_macro buffer over-read
(cve.mitre.org)
Out-of-bounds Read vulnerability in mod_macro of Apache HTTP
Server.This issue affects Apache HTTP Server: through 2.4.57.
Credits: David Shoon (github/davidshoon)
```https://git.adelielinux.org/adelie/packages/-/issues/1120system/libarchive: CVE-2023-30571: Libarchive through 3.6.2 can cause directo...2023-11-21T00:02:51ZZach van Rijnsystem/libarchive: CVE-2023-30571: Libarchive through 3.6.2 can cause directories to have world-writable permissions.| Name | Description ...| Name | Description |
|----------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| CVE-2023-30571 | Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a race condition with another thread can lead to a permanent umask 0 setting. Such a race condition could lead to implicit directory creation with permissions 0777 (without the sticky bit), which means that any low-privileged local user can delete and rename files inside those directories. |
Additionally, non-CVE security fixes:
* https://github.com/libarchive/libarchive/commit/ee312cfd05c1d1d38f3a5dd10872b97cbc11902c (since `3.7.1`)
* https://github.com/libarchive/libarchive/commit/1b4e0d0f9d445ba3e4d0c7db7ce0b30300572fe8 (since `3.7.2`)https://git.adelielinux.org/adelie/packages/-/issues/1104user/libebml: CVE-2021-3405: heap overflow bug in libebml before 1.4.22023-12-08T02:51:21ZLeigh Arberuser/libebml: CVE-2021-3405: heap overflow bug in libebml before 1.4.2CVE-2021-3405: In libebml before 1.4.2, a heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData.CVE-2021-3405: In libebml before 1.4.2, a heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData.https://git.adelielinux.org/adelie/packages/-/issues/1080user/sddm: password for 'live' user not required (any random password accepted)2023-10-07T01:55:17ZZach van Rijnuser/sddm: password for 'live' user not required (any random password accepted)Using `20230829` media.
This may be the intended/expected behavior, but you can enter any random password here and it will log you in. Lock screen or if you log out fully first.
![VirtualBox_test1_06_10_2023_13_18_03](/uploads/07d6d2a8...Using `20230829` media.
This may be the intended/expected behavior, but you can enter any random password here and it will log you in. Lock screen or if you log out fully first.
![VirtualBox_test1_06_10_2023_13_18_03](/uploads/07d6d2a8e52a5b3fc889cbc121a2f093/VirtualBox_test1_06_10_2023_13_18_03.png)https://git.adelielinux.org/adelie/packages/-/issues/1077user/faad2: multiple vulnerabilities2023-10-30T22:58:33ZZach van Rijnuser/faad2: multiple vulnerabilities| Name | Description |
|----------------|-------------...| Name | Description |
|----------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| CVE-2021-32278 | An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function lt_prediction located in lt_predict.c. It allows an attacker to cause code Execution. |
| CVE-2021-32277 | An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_qmf_analysis_32 located in sbr_qmf.c. It allows an attacker to cause code Execution. |
| CVE-2021-32276 | An issue was discovered in faad2 through 2.10.0. A NULL pointer dereference exists in the function get_sample() located in output.c. It allows an attacker to cause Denial of Service. |
| CVE-2021-32274 | An issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbr_qmf_synthesis_64 located in sbr_qmf.c. It allows an attacker to cause code Execution. |
| CVE-2021-32273 | An issue was discovered in faad2 through 2.10.0. A stack-buffer-overflow exists in the function ftypin located in mp4read.c. It allows an attacker to cause Code Execution. |
Fixed in `2.10.1`.https://git.adelielinux.org/adelie/packages/-/issues/1041system/openssl: multiple vulnerabilities2023-09-22T11:16:33ZZach van Rijnsystem/openssl: multiple vulnerabilities* https://www.openssl.org/news/secadv/20230322.txt
* Excessive Resource Usage Verifying X.509 Policy Constraints (CVE-2023-0464)
* https://www.openssl.org/news/secadv/20230328.txt
* Invalid certificate policies in leaf certificates a...* https://www.openssl.org/news/secadv/20230322.txt
* Excessive Resource Usage Verifying X.509 Policy Constraints (CVE-2023-0464)
* https://www.openssl.org/news/secadv/20230328.txt
* Invalid certificate policies in leaf certificates are silently ignored (CVE-2023-0465)
* Certificate policy check not enabled (CVE-2023-0466)
* https://www.openssl.org/news/secadv/20230420.txt
* Input buffer over-read in AES-XTS implementation on 64 bit ARM (CVE-2023-1255)
* https://www.openssl.org/news/secadv/20230530.txt
* Possible DoS translating ASN.1 object identifiers (CVE-2023-2650)https://git.adelielinux.org/adelie/packages/-/issues/1034system/curl: multiple vulnerabilities2023-09-22T11:16:35ZZach van Rijnsystem/curl: multiple vulnerabilitiesWe are at `8.0.1` as of writing (7c97598cf01499e2c2082b3f61a9ad060b536277), and `8.1.0` fixes:
| # | S | Vulnerability | Date | First | Last |
|-----|---|----------------------------------...We are at `8.0.1` as of writing (7c97598cf01499e2c2082b3f61a9ad060b536277), and `8.1.0` fixes:
| # | S | Vulnerability | Date | First | Last |
|-----|---|-----------------------------------------------------|-----------|--------|-------|
| 145 | ● | CVE-2023-28322: more POST-after-PUT confusion | 5/17/2023 | 7.7 | 8.0.1 |
| 144 | ● | CVE-2023-28321: IDN wildcard match | 5/17/2023 | 7.12.0 | 8.0.1 |
| 143 | ● | CVE-2023-28320: siglongjmp race condition | 5/17/2023 | 7.9.8 | 8.0.1 |
| 142 | ● | CVE-2023-28319: UAF in SSH sha256 fingerprint check | 5/17/2023 | 7.81.0 | 8.0.1 |
See also:
* https://curl.se/docs/security.htmlhttps://git.adelielinux.org/adelie/packages/-/issues/843user/freetype: multiple vulnerabilities2023-10-04T15:01:39ZZach van Rijnuser/freetype: multiple vulnerabilities| # | CVE ID | CWE ID | Publish Date | Update Date | Score | Gained Access Level | Access | Complexity | Authentication | Conf. | Integ. | Avail. | Desc. |
|---|--------|--------|--------------|-------------|-------|---------------------...| # | CVE ID | CWE ID | Publish Date | Update Date | Score | Gained Access Level | Access | Complexity | Authentication | Conf. | Integ. | Avail. | Desc. |
|---|--------|--------|--------------|-------------|-------|---------------------|--------|------------|----------------|-------|--------|--------|-------|
| 1 | CVE-2022-27406 | 125 | 2022-04-22 | 2022-07-27 | 5.0 | None | Remote | Low | Not required | None | None | Partial | FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size. | | | | | | | | | | | | | | |
| 2 | CVE-2022-27405 | 125 | 2022-04-22 | 2022-07-27 | 5.0 | None | Remote | Low | Not required | None | None | Partial | FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request. | | | | | | | | | | | | | | |
| 3 | CVE-2022-27404 | 787 | 2022-04-22 | 2022-07-27 | 7.5 | None | Remote | Low | Not required | Partial | Partial | Partial | FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face. | | | | | | | | | | | | | | |
For reference:
* CVE-2022-27404 / 1e2eb65048f75c64b68708efed6ce904c31f3b2f fixed in `2.12.1` + issue https://gitlab.freedesktop.org/freetype/freetype/-/issues/1152
* CVE-2022-27405 / 53dfdcd8198d2b3201a23c4bad9190519ba918db fixed in `2.12.1` + issue https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138, fixed by https://gitlab.freedesktop.org/freetype/freetype/-/commit/53dfdcd8198d2b3201a23c4bad9190519ba918db
* CVE-2022-27406 / 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 fixed in `2.12.1` + issue https://gitlab.freedesktop.org/freetype/freetype/-/issues/1139, fixed by https://gitlab.freedesktop.org/freetype/freetype/-/commit/22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5https://git.adelielinux.org/adelie/packages/-/issues/842user/poppler: CVE-2022-38784: integer overflow in the JBIG2 decoder ... could...2022-11-13T06:54:43ZZach van Rijnuser/poppler: CVE-2022-38784: integer overflow in the JBIG2 decoder ... could lead to a crash or the execution of arbitrary code.| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|-----------------|-----------------------...| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|-----------------|----------------------------------------------------------------------------------------------------------------------------------|-----------|---------------|---------------|
| CVE-2022-38784 | Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf. | 7.8 - HIGH | 2022-08-30 | 2022-10-20 |https://git.adelielinux.org/adelie/packages/-/issues/841user/fastjar: fastjar corrupts last file in archive if updated2022-11-13T06:54:43ZZach van Rijnuser/fastjar: fastjar corrupts last file in archive if updated| Item ID | Summary | Status | Assigned to | Submitted |
|--|--|--|--|--|
| #45982 | fastjar corrupts last file in archive if updated | | | 2015-09-16 |
> If you have an archive and you update it and the update includes the last file in...| Item ID | Summary | Status | Assigned to | Submitted |
|--|--|--|--|--|
| #45982 | fastjar corrupts last file in archive if updated | | | 2015-09-16 |
> If you have an archive and you update it and the update includes the last file in the archive, then that file is corrupted in the resulting archive.
See also:
* https://savannah.nongnu.org/bugs/?45982
* https://savannah.nongnu.org/bugs/download.php?file_id=34904https://git.adelielinux.org/adelie/packages/-/issues/840user/mcpp: heap-use-after-free in substitute() causes segfault2022-11-11T22:50:41ZZach van Rijnuser/mcpp: heap-use-after-free in substitute() causes segfaultAs of writing, no patch is immediately available.
| # | Summary▾ | Milestone▾ | Status▾ | Owner▾ | Created▾ | Updated▾ | Priority▾ | |
|-----|---------------------------------...As of writing, no patch is immediately available.
| # | Summary▾ | Milestone▾ | Status▾ | Owner▾ | Created▾ | Updated▾ | Priority▾ | |
|-----|------------------------------------------------------|-----------------|----------|---------|-------------|-------------|------------|--|
| 14 | heap-use-after-free in substitute() causes segfault | v1.0 (example) | open | | 2021-11-24 | 2021-11-24 | 5 | |
quick test, with all the latest patches applied, shows this is reproducible:
```
(gdb) bt
#0 0xf7f601a4 in ?? () from /lib/ld-musl-powerpc.so.1
#1 0xf7f605b4 in __uflow () from /lib/ld-musl-powerpc.so.1
#2 0xf7f605b4 in __uflow () from /lib/ld-musl-powerpc.so.1
#3 0xf7f614ec in fgets_unlocked () from /lib/ld-musl-powerpc.so.1
#4 0xf7e545ec in mcpp_fgets (stream=<optimized out>, size=65536, s=0xf7dd0020 "\n") at support.c:1909
#5 get_line (in_comment=in_comment@entry=0) at support.c:1938
#6 0xf7e560fc in parse_line () at support.c:1657
#7 0xf7e55324 in get_ch () at support.c:1580
#8 0xf7e442cc in mcpp_main () at main.c:623
#9 mcpp_lib_main (argc=-134340444, argv=0xfffef518) at main.c:423
#10 0x0040045c in ?? ()
#11 0xf7f1566c in ?? () from /lib/ld-musl-powerpc.so.1
#12 0xf7f156d8 in __libc_start_main () from /lib/ld-musl-powerpc.so.1
#13 0x004004ec in ?? ()
#14 0x004004a8 in ?? ()
```
See also: https://sourceforge.net/p/mcpp/bugs/14/https://git.adelielinux.org/adelie/packages/-/issues/839user/audiofile: CVE-2022-24599: memory leak vulnerability in printfileinfo, i...2022-11-11T20:50:33ZZach van Rijnuser/audiofile: CVE-2022-24599: memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file.| Name | Description | Issue | Patch |
|------|-------------|-------|-------|
| CVE-2022-24599 | In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker...| Name | Description | Issue | Patch |
|------|-------------|-------|-------|
| CVE-2022-24599 | In autofile Audio File Library 0.3.6, there exists one memory leak vulnerability in printfileinfo, in printinfo.c, which allows an attacker to leak sensitive information via a crafted file. The printfileinfo function calls the copyrightstring function to get data, however, it dosn't use zero bytes to truncate the data. | [#60](https://github.com/mpruett/audiofile/issues/60) | (n/a) |https://git.adelielinux.org/adelie/packages/-/issues/838user/audiofile: CVE-2019-13147: NULL pointer dereference bug in ulaw2linear_b...2022-11-11T20:50:24ZZach van Rijnuser/audiofile: CVE-2019-13147: NULL pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a crafted file.| Name | Description | Issue | Patch |
|------|-------------|-------|-------|
| CVE-2019-13147 | In Audio File Library (aka audiofile) 0.3.6, there exists one NULL pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a t...| Name | Description | Issue | Patch |
|------|-------------|-------|-------|
| CVE-2019-13147 | In Audio File Library (aka audiofile) 0.3.6, there exists one NULL pointer dereference bug in ulaw2linear_buf in G711.cpp in libmodules.a that allows an attacker to cause a denial of service via a crafted file. | [#54](https://github.com/mpruett/audiofile/issues/54) | (n/a) |https://git.adelielinux.org/adelie/packages/-/issues/660system/sqlite: multiple vulnerabilities2022-11-12T03:25:32ZZach van Rijnsystem/sqlite: multiple vulnerabilities| Name | Description |
|-------|-------------|
| CVE-2020-9327 | In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations. |
| CVE...| Name | Description |
|-------|-------------|
| CVE-2020-9327 | In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations. |
| CVE-2020-11656 | In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement. |
| CVE-2020-11655 | SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled. |
| CVE-2020-15358 | In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. |
| CVE-2020-13632 | ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query. |
| CVE-2020-13631 | SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. |
| CVE-2020-13630 | ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature. |
| CVE-2020-13435 | SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarget in expr.c. |
| CVE-2020-13434 | SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. |https://git.adelielinux.org/adelie/packages/-/issues/652system/binutils: multiple vulnerabilities2023-10-04T04:10:22ZZach van Rijnsystem/binutils: multiple vulnerabilitiesSee #214 to start.
| Name | Description |
|-------|-------------|
| CVE-2021-20197 | There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When...See #214 to start.
| Name | Description |
|-------|-------------|
| CVE-2021-20197 | There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink. |
| ~CVE-2019-9077~ | An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section. |
| CVE-2019-9076 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in elf_read_notes in elf.c. |
| ~CVE-2019-9075~ | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is a heap-based buffer overflow in _bfd_archive_64_bit_slurp_armap in archive64.c. |
| ~CVE-2019-9074~ | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an out-of-bounds read leading to a SEGV in bfd_getl32 in libbfd.c, when called from pex64_get_runtime_function in pei-x86_64.c. |
| ~CVE-2019-9073~ | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in _bfd_elf_slurp_version_tables in elf.c. |
| CVE-2019-9072 | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an attempted excessive memory allocation in setup_group in elf.c. |
| ~CVE-2019-9071~ | An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls. |
| ~CVE-2019-9070~ | An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls. |
| ~CVE-2019-17451~ | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. It is an integer overflow leading to a SEGV in _bfd_dwarf2_find_nearest_line in dwarf2.c, as demonstrated by nm. |
| ~CVE-2019-17450~ | find_abstract_instance in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32, allows remote attackers to cause a denial of service (infinite recursion and application crash) via a crafted ELF file. |
| ~CVE-2019-14444~ | apply_relocations in readelf.c in GNU Binutils 2.32 contains an integer overflow that allows attackers to trigger a write access violation (in byte_put_little_endian function in elfcomm.c) via an ELF file, as demonstrated by readelf. |
| ~CVE-2019-14250~ | An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. simple_object_elf_match in simple-object-elf.c does not check for a zero shstrndx value, leading to an integer overflow and resultant heap-based buffer overflow. |
| ~CVE-2019-12972~ | An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.32. There is a heap-based buffer over-read in _bfd_doprnt in bfd.c because elf_object_p in elfcode.h mishandles an e_shstrndx section of type SHT_GROUP by omitting a trailing '\0' character. |
| CVE-2018-1000876 | binutils version 2.32 and earlier contains a Integer Overflow vulnerability in objdump, bfd_get_dynamic_reloc_upper_bound,bfd_canonicalize_dynamic_reloc that can result in Integer overflow trigger heap overflow. Successful exploitation allows execution of arbitrary code.. This attack appear to be exploitable via Local. This vulnerability appears to have been fixed in after commit 3a551c7a1b80fca579461774860574eabfd7f18f. |https://git.adelielinux.org/adelie/packages/-/issues/405system/libaio: Test 18 triggers x86_64 host crash/restart2022-10-21T23:45:20ZZach van Rijnsystem/libaio: Test 18 triggers x86_64 host crash/restartWhen 64-bit Test 18 (`x86_64/packages/system/libaio/src/libaio-0.3.112/harness/cases/18.p`, [attached](/uploads/6a009dbabb5223882b77f145eca5db80/18.p)) is run, whether inside a VM or not, it can cause the x86_64 host server to crash (res...When 64-bit Test 18 (`x86_64/packages/system/libaio/src/libaio-0.3.112/harness/cases/18.p`, [attached](/uploads/6a009dbabb5223882b77f145eca5db80/18.p)) is run, whether inside a VM or not, it can cause the x86_64 host server to crash (restart) instantly with no error logs to indicate the issue.
When 32-bit Test 18 (`pmmx/packages/system/libaio/src/libaio-0.3.112/harness/cases/18.p`, [attached](/uploads/0c72f34cda588b03d5234f289b0c1d40/18.p)) is run, the test is successful on the same hardware.
The affected x86-based hardware is: `Intel(R) Xeon(R) CPU E5-2686 v4 @ 2.30GHz`.
It occurs on one of our development nodes, but not on an identical node of identical hardware, so the issue is likely a defective chip, not implementation. We do not yet know which (if not both) CPUs are affected.
We have replaced the motherboard, thoroughly cleaned the CPU contacts, disabled Hyperthreading and tested various other BIOS settings to no avail.
Note that this dynamically-linked binary will trigger the behavior on both Adélie and Alpine operating systems, indicating that multiple libc and/or kernel version(s) may be affected, or that this is purely a hardware issue.
On Larry (same x86_64 environment but AMD-based):
```
adelie ~ # ./18.p
test cases/18.t completed PASSED.
adelie ~ # ldd 18.p
/lib/ld-musl-x86_64.so.1 (0x7f5f72ddb000)
libc.musl-x86_64.so.1 => /lib/ld-musl-x86_64.so.1 (0x7f5f72ddb000)
```
On a test machine (identical hardware to the node which crashes, but different machine):
```
localhost:~$ ./18.p
test cases/18.t completed PASSED.
localhost:~$ ldd 18.p
/lib/ld-musl-x86_64.so.1 (0x7f787d616000)
libc.musl-x86_64.so.1 => /lib/ld-musl-x86_64.so.1 (0x7f787d616000)
```Zach van RijnZach van Rijn