Adélie Linux issueshttps://git.adelielinux.org/groups/adelie/-/issues2020-09-23T03:13:42Zhttps://git.adelielinux.org/adelie/packages/-/issues/349user/xorg-server: multiple vulnerabilities2020-09-23T03:13:42ZEmilyuser/xorg-server: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 349 |
| Alias(es) | CVE-2020-14345, CVE-2020-14346, CVE-2020-14361, CVE-2020-14362 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-09-04 16:28:33 -0500 |
| M...| | |
| --- | --- |
| Bugzilla ID | 349 |
| Alias(es) | CVE-2020-14345, CVE-2020-14346, CVE-2020-14361, CVE-2020-14362 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-09-04 16:28:33 -0500 |
| Modified | 2020-09-22 22:13:42 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/xorg-server |
| URL | https://www.openwall.com/lists/oss-security/2020/08/25/3 |
## Description
The following are fixed in >= 1.20.9:
CVE-2020-14345
CVE-2020-14346
CVE-2020-14361
CVE-2020-14362
See https://www.openwall.com/lists/oss-security/2020/08/25/31.0-RC2https://git.adelielinux.org/adelie/packages/-/issues/348user/chrony: CVE-2020-14367: PID file symlink attack2021-11-04T02:40:34ZEmilyuser/chrony: CVE-2020-14367: PID file symlink attack| | |
| --- | --- |
| Bugzilla ID | 348 |
| Alias(es) | CVE-2020-14367 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-09-04 16:19:29 -0500 |
| Modified | 2020-09-04 16:19:29 -0500 |
| Status |...| | |
| --- | --- |
| Bugzilla ID | 348 |
| Alias(es) | CVE-2020-14367 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-09-04 16:19:29 -0500 |
| Modified | 2020-09-04 16:19:29 -0500 |
| Status | UNCONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/chrony |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2020-14367 |
## Description
> A flaw was found in chrony versions before 3.5.1 when creating the PID
> file under the /var/run/chrony folder. The file is created during
> chronyd startup while still running as the root user, and when it's
> opened for writing, chronyd does not check for an existing symbolic
> link with the same file name. This flaw allows an attacker with
> privileged access to create a symlink with the default PID file name
> pointing to any destination file in the system, resulting in data loss
> and a denial of service due to the path traversal.
Fixed in >= 3.5.1 https://git.tuxfamily.org/chrony/chrony.git/commit/?id=f00fed20092b6a42283f29c6ee1f58244d74b545
Note that Adélie in its default configuration is not affected, since the pidfile defaults to /var/run/chronyd.pid in both /etc/init.d/chronyd and /etc/chrony/chrony.conf. /etc/conf.d/chronyd does not specify it.1.0-RC2https://git.adelielinux.org/adelie/packages/-/issues/347user/claws-mail: CVE-2020-16094: imap_scan_tree_recursive stack overflow2022-02-02T01:56:56ZEmilyuser/claws-mail: CVE-2020-16094: imap_scan_tree_recursive stack overflow| | |
| --- | --- |
| Bugzilla ID | 347 |
| Alias(es) | CVE-2020-16094 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-08-13 17:03:01 -0500 |
| Modified | 2020-10-30 22:39:10 -0500 |
| Status |...| | |
| --- | --- |
| Bugzilla ID | 347 |
| Alias(es) | CVE-2020-16094 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-08-13 17:03:01 -0500 |
| Modified | 2020-10-30 22:39:10 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/claws-mail |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2020-16094 |
## Description
> In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious
> IMAP server can trigger stack consumption because of unlimited
> recursion into subdirectories during a rebuild of the folder tree.
Waiting on upstream https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=43131.0-RC2https://git.adelielinux.org/adelie/packages/-/issues/346user/postgresql: multiple vulnerabilities2022-10-21T23:49:30ZEmilyuser/postgresql: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 346 |
| Alias(es) | CVE-2020-10733, CVE-2020-14349, CVE-2020-14350, CVE-2020-1720, CVE-2020-25694, CVE-2020-25695, CVE-2020-25696 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle)...| | |
| --- | --- |
| Bugzilla ID | 346 |
| Alias(es) | CVE-2020-10733, CVE-2020-14349, CVE-2020-14350, CVE-2020-1720, CVE-2020-25694, CVE-2020-25695, CVE-2020-25696 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-08-13 16:49:55 -0500 |
| Modified | 2020-11-21 22:46:40 -0600 |
| Status | UNCONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/postgresql |
| URL | https://www.postgresql.org/about/news/2060/ |
## Description
https://www.postgresql.org/about/news/2060/
> CVE-2020-14349: Uncontrolled search path element in logical replication.
> CVE-2020-14350: Uncontrolled search path element in CREATE EXTENSION.
Both fixed in >= 10.141.0-RC2https://git.adelielinux.org/adelie/packages/-/issues/345user/net-snmp: multiple vulnerabilities2020-10-26T02:27:54ZEmilyuser/net-snmp: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 345 |
| Alias(es) | CVE-2020-15861, CVE-2020-15862 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-08-13 16:41:45 -0500 |
| Modified | 2020-10-25 21:27:54 -0...| | |
| --- | --- |
| Bugzilla ID | 345 |
| Alias(es) | CVE-2020-15861, CVE-2020-15862 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-08-13 16:41:45 -0500 |
| Modified | 2020-10-25 21:27:54 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/net-snmp |
## Description
CVE-2020-15861: https://security-tracker.debian.org/tracker/CVE-2020-15861
https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602
https://github.com/net-snmp/net-snmp/issues/145
CVE-2020-15862: https://security-tracker.debian.org/tracker/CVE-2020-15862
https://github.com/net-snmp/net-snmp/commit/77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d2051.0-RC2https://git.adelielinux.org/adelie/packages/-/issues/344user/dovecot: multiple vulnerabilities2020-09-17T03:18:39ZEmilyuser/dovecot: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 344 |
| Alias(es) | CVE-2020-12100, CVE-2020-12673, CVE-2020-12674 |
| Reporter | Max Rees (sroracle) |
| Assignee | Lee Starnes |
| Reported | 2020-08-13 16:21:45 -0500 |
| Modified | 2020-09-16 22:...| | |
| --- | --- |
| Bugzilla ID | 344 |
| Alias(es) | CVE-2020-12100, CVE-2020-12673, CVE-2020-12674 |
| Reporter | Max Rees (sroracle) |
| Assignee | Lee Starnes |
| Reported | 2020-08-13 16:21:45 -0500 |
| Modified | 2020-09-16 22:18:39 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/dovecot |
## Description
CVE-2020-12100: https://www.openwall.com/lists/oss-security/2020/08/12/1
> Vulnerability Details:
> Receiving mail with deeply nested MIME parts leads to resource
> exhaustion as Dovecot attempts to
> parse it.
>
> Risk:
> Malicious actor can cause denial of service to mail delivery by
> repeatedly sending mails with bad
> content.
Fixed in >= 2.3.11.3
CVE-2020-12673: https://www.openwall.com/lists/oss-security/2020/08/12/2
> Vulnerability Details:
> Dovecot's NTLM implementation does not correctly check message buffer
> size, which leads to reading past allocation which can lead to crash.
>
> Risk:
> An adversary can use this vulnerability to crash dovecot auth process
> repeatedly, preventing login.
Fixed in >= 2.3.11.3
CVE-2020-12674: https://www.openwall.com/lists/oss-security/2020/08/12/3
> Vulnerability Details:
> Dovecot's RPA mechanism implementation accepts zero-length message,
> which leads to assert-crash later on
>
> Risk:
> An adversary can use this vulnerability to crash dovecot auth process
> repeatedly, preventing login.
Fixed in >= 2.3.11.3Post 1.0https://git.adelielinux.org/adelie/packages/-/issues/343user/gcompat: Need wrapper for pthread_yield2021-11-04T02:39:06ZEmilyuser/gcompat: Need wrapper for pthread_yield| | |
| --- | --- |
| Bugzilla ID | 343 |
| Reporter | Hal G |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2020-08-08 21:10:17 -0500 |
| Modified | 2020-09-22 22:49:55 -0500 |
| Status | IN_PROGRESS |
| Version | 1.0-RC1 |
| Hardw...| | |
| --- | --- |
| Bugzilla ID | 343 |
| Reporter | Hal G |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2020-08-08 21:10:17 -0500 |
| Modified | 2020-09-22 22:49:55 -0500 |
| Status | IN_PROGRESS |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / Intel x86 (64-bit) |
| Importance | --- / major |
| Package(s) | gcompat |
## Description
OVERVIEW
Since pthread_yield is not supported in the standard library, some programs do not link or fail at runtime.
BACKGROUND
This was discovered when trying to run the VirtualBox service script.
SOLUTION
sched_yield() appears to be compatible with pthread_yield(), so a wrapper in the gcompat library might be sensible.1.0-RELEASEhttps://git.adelielinux.org/adelie/packages/-/issues/342user/mariadb: server setup fails2022-11-13T01:03:11ZEmilyuser/mariadb: server setup fails| | |
| --- | --- |
| Bugzilla ID | 342 |
| Reporter | Hal G |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2020-08-08 08:22:32 -0500 |
| Modified | 2020-09-22 22:48:21 -0500 |
| Status | IN_PROGRESS |
| Version | 1.0-RC1 |
| Hardw...| | |
| --- | --- |
| Bugzilla ID | 342 |
| Reporter | Hal G |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2020-08-08 08:22:32 -0500 |
| Modified | 2020-09-22 22:48:21 -0500 |
| Status | IN_PROGRESS |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / Intel x86 (64-bit) |
| Importance | --- / major |
| Package(s) | mariadb-server |
## Description
OVERVIEW
mariadb dbms must be initialized prior to performing any further steps, such as creating databases. This is done by running "/etc/init.d/mariadb setup"
SAMPLE OUTPUT
# /etc/init.d/mariadb setup
* /run/mariadb: correcting mode
* Creating a new MySQL database in /var/lib/mariadb ...Installing MariaDB/MySQL system tables in '/var/lib/mariadb' ...
2020-08-08 5:33:18 0 [ERROR] InnoDB: The Auto-extending innodb_system data file './ibdata1' is of a different size 0 pages than specified in the .cnf file: initial 768 pages, max 0 (relevant if non-zero) pages!
2020-08-08 5:33:18 0 [ERROR] InnoDB: Plugin initialization aborted with error Generic error
2020-08-08 5:33:19 0 [ERROR] Plugin 'InnoDB' init function returned error.
2020-08-08 5:33:19 0 [ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed.
2020-08-08 5:33:19 0 [ERROR] Unknown/unsupported storage engine: InnoDB
2020-08-08 5:33:19 0 [ERROR] Aborting
cat: write error: Broken pipe
cat: write error: Broken pipe
cat: write error: Broken pipe
Installation of system tables failed! Examine the logs in
/var/lib/mariadb for more information.
The problem could be conflicting information in an external
my.cnf files. You can ignore these by doing:
shell> /usr/bin/mysql_install_db --defaults-file=~/.my.cnf
You can also try to start the mysqld daemon with:
shell> /usr/sbin/mysqld --skip-grant-tables --general-log &
and use the command line tool /usr/bin/mysql
to connect to the mysql database and look at the grant tables:
shell> /usr/bin/mysql -u root mysql
mysql> show tables;
Try 'mysqld --help' if you have problems with paths. Using
--general-log gives you a log in /var/lib/mariadb that may be helpful.
The latest information about mysql_install_db is available at
https://mariadb.com/kb/en/installing-system-tables-mysql_install_db
You can find the latest source at https://downloads.mariadb.org and
the maria-discuss email list at https://launchpad.net/~maria-discuss
Please check all of the above before submitting a bug report
at http://mariadb.org/jira
[ !! ]
BACKGROUND
This problem was discovered when trying to launch bareos-director (if mysql/mariadb is chosen as the bareos dbms):
# service bareos-director start
* Data directory '/var/lib/mariadb' is empty or invalid.
* Run '/etc/init.d/mariadb setup' to create new database.
* ERROR: mariadb failed to start
* Starting Bareos Director daemon ... [ ok ]
ADDITIONAL INFO
This is a known issue; see e.g.: https://jira.mariadb.org/browse/MDEV-16015
This problem apparently appeared somewhere in mariadb 10.2.x - 10.3.x per the link. Although that report was for docker environments, it turns out this has been a problem outside of those as well.
For comparison, I set up a mariadb install on devuan beowulf, which is at version 10.3.23 and the mariadb server runs without issues. Since my example is running inside a VirtualBox VM, I can confirm this bug is not virtualization-specific (though this was suspect originally; see link for more).
This could be related to musl.1.0-RELEASEhttps://git.adelielinux.org/adelie/packages/-/issues/340user/ark: multiple vulnerabilities2020-09-23T03:35:24ZEmilyuser/ark: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 340 |
| Alias(es) | CVE-2020-16116, CVE-2020-24654 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-08-03 18:13:43 -0500 |
| Modified | 2020-09-22 22:35:24 -0...| | |
| --- | --- |
| Bugzilla ID | 340 |
| Alias(es) | CVE-2020-16116, CVE-2020-24654 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-08-03 18:13:43 -0500 |
| Modified | 2020-09-22 22:35:24 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/ark |
| URL | https://kde.org/info/security/advisory-20200730-1.txt |
## Description
https://kde.org/info/security/advisory-20200730-1.txt
Fixed in >= 20.07.90 https://invent.kde.org/utilities/ark/-/commit/0df592524fed305d6fbe74ddf8a196bc9ffdb92f1.0-RC2https://git.adelielinux.org/adelie/packages/-/issues/339user/xorg-server: CVE-2020-14347: AllocatePixmap information disclosure via u...2022-02-02T01:57:52ZEmilyuser/xorg-server: CVE-2020-14347: AllocatePixmap information disclosure via uninitialized memory| | |
| --- | --- |
| Bugzilla ID | 339 |
| Alias(es) | CVE-2020-14347 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-08-03 18:10:32 -0500 |
| Modified | 2020-09-22 22:44:39 -0500 |
| Status |...| | |
| --- | --- |
| Bugzilla ID | 339 |
| Alias(es) | CVE-2020-14347 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-08-03 18:10:32 -0500 |
| Modified | 2020-09-22 22:44:39 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/xorg-server |
| URL | https://www.openwall.com/lists/oss-security/2020/07/31/2 |
## Description
https://www.openwall.com/lists/oss-security/2020/07/31/2
Unreleased fix https://gitlab.freedesktop.org/xorg/xserver/-/commit/aac28e162e5108510065ad4c323affd6deffd8161.0-RELEASEhttps://git.adelielinux.org/adelie/packages/-/issues/338user/libx11: CVE-2020-14344: heap corruption in XIM2021-11-04T02:35:03ZEmilyuser/libx11: CVE-2020-14344: heap corruption in XIM| | |
| --- | --- |
| Bugzilla ID | 338 |
| Alias(es) | CVE-2020-14344 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-08-03 18:07:07 -0500 |
| Modified | 2020-08-03 18:07:07 -0500 |
| Status |...| | |
| --- | --- |
| Bugzilla ID | 338 |
| Alias(es) | CVE-2020-14344 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-08-03 18:07:07 -0500 |
| Modified | 2020-08-03 18:07:07 -0500 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/libx11 |
| URL | https://www.openwall.com/lists/oss-security/2020/07/31/1 |
## Description
https://www.openwall.com/lists/oss-security/2020/07/31/1
Fixed and released in 1.6.101.0-RELEASEhttps://git.adelielinux.org/adelie/packages/-/issues/337user/grub: multiple vulnerabilities2023-10-31T05:57:49ZEmilyuser/grub: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 337 |
| Alias(es) | CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15705, CVE-2020-15706, CVE-2020-15707, boothole |
| Reporter | Max Rees (sroracle) |
| Ass...| | |
| --- | --- |
| Bugzilla ID | 337 |
| Alias(es) | CVE-2020-10713, CVE-2020-14308, CVE-2020-14309, CVE-2020-14310, CVE-2020-14311, CVE-2020-15705, CVE-2020-15706, CVE-2020-15707, boothole |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-07-30 17:06:40 -0500 |
| Modified | 2020-07-30 17:06:40 -0500 |
| Status | UNCONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/grub |
| URL | https://www.openwall.com/lists/oss-security/2020/07/29/3 |
## Description
CVE-2020-10713: https://nvd.nist.gov/vuln/detail/CVE-2020-10713
> A flaw was found in grub2, prior to version 2.06. An attacker may use
> the GRUB 2 flaw to hijack and tamper the GRUB verification process.
> This flaw also allows the bypass of Secure Boot protections. In order
> to load an untrusted or modified kernel, an attacker would first need
> to establish access to the system such as gaining physical access,
> obtain the ability to alter a pxe-boot network, or have remote access
> to a networked system with root access. With this access, an attacker
> could then craft a string to cause a buffer overflow by injecting a
> malicious payload that leads to arbitrary code execution within GRUB.
> The highest threat from this vulnerability is to data confidentiality
> and integrity as well as system availability.
Unreleased fix https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commitdiff;h=a4d3fbdff1e3ca8f87642af2ac8752c30c617a3e
CVE-2020-14308: https://nvd.nist.gov/vuln/detail/CVE-2020-14308
> In grub2 versions before 2.06 the grub memory allocator doesn't check
> for possible arithmetic overflows on the requested allocation size.
> This leads the function to return invalid memory allocations which can
> be further used to cause possible integrity, confidentiality and
> availability impacts during the boot process.
Unreleased fix https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commitdiff;h=f725fa7cb2ece547c5af01eeeecfe8d95802ed41
CVE-2020-14309: https://nvd.nist.gov/vuln/detail/CVE-2020-14309
> There's an issue with grub2 in all versions before 2.06 when handling
> squashfs filesystems containing a symbolic link with name length of
> UINT32 bytes in size. The name size leads to an arithmetic overflow
> leading to a zero-size allocation further causing a heap-based buffer
> overflow with attacker controlled data.
Unreleased fix https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commitdiff;h=3f05d693d1274965ffbe4ba99080dc2c570944c6
CVE-2020-14310: https://www.openwall.com/lists/oss-security/2020/07/29/3
> Integer overflow read_section_from_string may lead to heap based
> overflow.
same as previous
CVE-2020-14311: https://www.openwall.com/lists/oss-security/2020/07/29/3
> Integer overflow in grub_ext2_read_link leads to heap based buffer
> overflow.
same as previous
CVE-2020-15705: https://nvd.nist.gov/vuln/detail/CVE-2020-15705
> GRUB2 fails to validate kernel signature when booted directly without
> shim, allowing secure boot to be bypassed. This only affects systems
> where the kernel signing certificate has been imported directly into
> the secure boot database and the GRUB image is booted directly without
> the use of shim. This issue affects GRUB2 version 2.04 and prior
> versions.
There doesn't seem to be an official fix for this.
* Debian is ignoring it (not affected)
* Ubuntu & SUSE: https://git.launchpad.net/~ubuntu-core-dev/grub/+git/ubuntu/plain/debian/patches/0097-linuxefi-fail-kernel-validation-without-shim-protoco.patch?h=focal&id=62887dc0030652f9bc20f3d558565ca3e37ef5a6 https://bugzilla.suse.com/attachment.cgi?id=839944&action=diff
CVE-2020-15706: https://nvd.nist.gov/vuln/detail/CVE-2020-15706
> GRUB2 contains a race condition in grub_script_function_create()
> leading to a use-after-free vulnerability which can be triggered by
> redefining a function whilst the same function is already executing,
> leading to arbitrary code execution and secure boot restriction
> bypass. This issue affects GRUB2 version 2.04 and prior versions.
Unreleased fix https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commitdiff;h=426f57383d647406ae9c628c472059c27cd6e040
CVE-2020-15707: https://nvd.nist.gov/vuln/detail/CVE-2020-15707
> Integer overflows were discovered in the functions grub_cmd_initrd and
> grub_initrd_init in the efilinux component of GRUB2, as shipped in
> Debian, Red Hat, and Ubuntu (the functionality is not included in
> GRUB2 upstream), leading to a heap-based buffer overflow. These could
> be triggered by an extremely large number of arguments to the initrd
> command on 32-bit architectures, or a crafted filesystem with very
> large files on any architecture. An attacker could use this to execute
> arbitrary code and bypass UEFI Secure Boot restrictions. This issue
> affects GRUB2 version 2.04 and prior versions.
Unreleased fix https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commitdiff;h=e7b8856f8be3292afdb38d2e8c70ad8d62a61e10
There are reports that these changes were making systems unbootable, but
at least for RedHat that appears to have been a problem with their
signed shim. However, given the extensive changes these entail (and the
fact that they will probably not apply cleanly to 2.04, and that we
don't really support secure boot right now anyway) means we should sit
on this for the time being.
https://lwn.net/Articles/827573/
https://bugzilla.redhat.com/show_bug.cgi?id=18619771.0-RC2https://git.adelielinux.org/adelie/packages/-/issues/336user/libetpan: CVE-2020-15953: STARTTLS response injection2022-02-02T01:58:01ZEmilyuser/libetpan: CVE-2020-15953: STARTTLS response injection| | |
| --- | --- |
| Bugzilla ID | 336 |
| Alias(es) | CVE-2020-15953 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-07-29 16:33:12 -0500 |
| Modified | 2020-09-22 23:30:35 -0500 |
| Status |...| | |
| --- | --- |
| Bugzilla ID | 336 |
| Alias(es) | CVE-2020-15953 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-07-29 16:33:12 -0500 |
| Modified | 2020-09-22 23:30:35 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/libetpan |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2020-15953 |
## Description
> LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other
> products, has a STARTTLS buffering issue that affects IMAP, SMTP, and
> POP3. When a server sends a "begin TLS" response, the client reads
> additional data (e.g., from a meddler-in-the-middle attacker) and
> evaluates it in a TLS context, aka "response injection."
Unrelease fixes:
https://github.com/dinhvh/libetpan/pull/387
https://github.com/dinhvh/libetpan/pull/388
See https://github.com/dinhvh/libetpan/issues/3861.0-RC2https://git.adelielinux.org/adelie/packages/-/issues/332user/libraw: CVE-2020-15503: lack of size range check for thumbnails2022-02-02T01:58:10ZEmilyuser/libraw: CVE-2020-15503: lack of size range check for thumbnails| | |
| --- | --- |
| Bugzilla ID | 332 |
| Alias(es) | CVE-2020-15503 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-07-10 16:29:46 -0500 |
| Modified | 2020-09-22 23:16:38 -0500 |
| Status |...| | |
| --- | --- |
| Bugzilla ID | 332 |
| Alias(es) | CVE-2020-15503 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-07-10 16:29:46 -0500 |
| Modified | 2020-09-22 23:16:38 -0500 |
| Status | RESOLVED FIXED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/libraw |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2020-15503 |
## Description
> LibRaw before 0.20-RC1 lacks a thumbnail size range check. This
> affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and
> utils/thumb_utils.cpp. For example,
> malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without
> validating T.tlength.
Upstream patch https://github.com/LibRaw/LibRaw/commit/20ad21c0d87ca80217aee47533d91e633ce1864d
RedHat backport https://bugzilla.redhat.com/attachment.cgi?id=1699874&action=diff1.0-RC2https://git.adelielinux.org/adelie/packages/-/issues/331user/ffmpeg: multiple vulnerabilities2022-10-21T23:49:31ZEmilyuser/ffmpeg: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 331 |
| Alias(es) | CVE-2020-13904, CVE-2020-14212 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-07-09 14:16:44 -0500 |
| Modified | 2020-07-29 16:30:59 -0...| | |
| --- | --- |
| Bugzilla ID | 331 |
| Alias(es) | CVE-2020-13904, CVE-2020-14212 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-07-09 14:16:44 -0500 |
| Modified | 2020-07-29 16:30:59 -0500 |
| Status | IN_PROGRESS |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/ffmpeg |
## Description
CVE-2020-13904: https://nvd.nist.gov/vuln/detail/CVE-2020-13904
> FFmpeg 4.2.3 has a use-after-free via a crafted EXTINF duration in an
> m3u8 file because parse_playlist in libavformat/hls.c frees a pointer,
> and later that pointer is accessed in av_probe_input_format3 in
> libavformat/format.c.
Unreleased fix https://github.com/FFmpeg/FFmpeg/commit/9dfb19baeb86a8bb02c53a441682c6e9a6e104cc1.0-RELEASEhttps://git.adelielinux.org/adelie/packages/-/issues/330user/libslirp: CVE-2020-10756: icmp6_send_echoreply host memory disclosure2023-05-03T18:28:02ZEmilyuser/libslirp: CVE-2020-10756: icmp6_send_echoreply host memory disclosure| | |
| --- | --- |
| Bugzilla ID | 330 |
| Alias(es) | CVE-2020-10756, CVE-2020-29129, CVE-2020-29130 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-07-09 03:16:49 -0500 |
| Modified | 2020-1...| | |
| --- | --- |
| Bugzilla ID | 330 |
| Alias(es) | CVE-2020-10756, CVE-2020-29129, CVE-2020-29130 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-07-09 03:16:49 -0500 |
| Modified | 2020-12-03 23:03:47 -0600 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/libslirp |
## Description
CVE-2020-10756: https://bugzilla.redhat.com/show_bug.cgi?id=1835986#c11
> While processing an incoming ICMPv6 echo request, function
> icmp6_send_echoreply() does not validate the IPv6 payload length
> (ip->ip_pl) which is then used as the size of memcpy() to create the
> destination packet. A malicious user could be able to trick memcpy()
> into copying more data than allowed, thus potentially leaking the
> contents of the host memory.
Fixed in >= 4.3.1 https://gitlab.freedesktop.org/slirp/libslirp/-/releases/v4.3.11.0-RELEASEhttps://git.adelielinux.org/adelie/packages/-/issues/329user/openjpeg: multiple vulnerabilities2022-11-13T06:54:43ZEmilyuser/openjpeg: multiple vulnerabilities| | |
| --- | --- |
| Bugzilla ID | 329 |
| Alias(es) | CVE-2020-15389, CVE-2020-27814 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-07-08 13:28:12 -0500 |
| Modified | 2020-12-13 00:20:13 -0...| | |
| --- | --- |
| Bugzilla ID | 329 |
| Alias(es) | CVE-2020-15389, CVE-2020-27814 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-07-08 13:28:12 -0500 |
| Modified | 2020-12-13 00:20:13 -0600 |
| Status | IN_PROGRESS |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/openjpeg |
| URL | https://nvd.nist.gov/vuln/detail/CVE-2020-15389 |
## Description
> jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free
> that can be triggered if there is a mix of valid and invalid files in
> a directory operated on by the decompressor. Triggering a double-free
> may also be possible. This is related to calling opj_image_destroy
> twice.
Unreleased fix https://github.com/uclouvain/openjpeg/commit/e8e258ab049240c2dd1f1051b4e773b21e2d3dc01.0-RELEASEhttps://git.adelielinux.org/adelie/packages/-/issues/328user/mesa: CVE-2019-5068: mode 777 shared memory segments2022-02-02T01:58:17ZEmilyuser/mesa: CVE-2019-5068: mode 777 shared memory segments| | |
| --- | --- |
| Bugzilla ID | 328 |
| Alias(es) | CVE-2019-5068 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-07-08 13:19:50 -0500 |
| Modified | 2020-07-09 03:35:13 -0500 |
| Status | ...| | |
| --- | --- |
| Bugzilla ID | 328 |
| Alias(es) | CVE-2019-5068 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-07-08 13:19:50 -0500 |
| Modified | 2020-07-09 03:35:13 -0500 |
| Status | RESOLVED INVALID |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/mesa |
| URL | https://talosintelligence.com/vulnerability_reports/TALOS-2019-0857 |
## Description
> An exploitable shared memory permissions vulnerability exists in the
> functionality of X11 Mesa 3D Graphics Library 19.1.2. An attacker can
> access the shared memory without any specific permissions to trigger
> this vulnerability.
Not backported to 19.x (EOL) https://gitlab.freedesktop.org/mesa/mesa/commit/02c3dad0f3b4d26e0faa5cc51d06bc50d693dcdc1.0-RC2https://git.adelielinux.org/adelie/packages/-/issues/327user/openldap: CVE-2020-8023: local privesc from ldap to root2022-02-02T01:58:26ZEmilyuser/openldap: CVE-2020-8023: local privesc from ldap to root| | |
| --- | --- |
| Bugzilla ID | 327 |
| Alias(es) | CVE-2020-8023 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-07-07 12:50:16 -0500 |
| Modified | 2020-10-26 02:44:19 -0500 |
| Status | ...| | |
| --- | --- |
| Bugzilla ID | 327 |
| Alias(es) | CVE-2020-8023 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-07-07 12:50:16 -0500 |
| Modified | 2020-10-26 02:44:19 -0500 |
| Status | RESOLVED NOTABUG |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
| Package(s) | user/openldap |
| URL | https://bugzilla.suse.com/show_bug.cgi?id=CVE-2020-8023 |
## Description
This has not yet been confirmed - it seems like it might be specific to SUSE's slapd service configuration. Awaiting more information.1.0-RC2https://git.adelielinux.org/adelie/packages/-/issues/326user/cantor: segfault when loading Qalculate backend2022-02-02T01:59:21ZEmilyuser/cantor: segfault when loading Qalculate backend| | |
| --- | --- |
| Bugzilla ID | 326 |
| Reporter | A. Wilcox (awilfox) |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2020-07-04 17:06:49 -0500 |
| Modified | 2020-07-04 17:06:49 -0500 |
| Status | CONFIRMED |
| Version | 1.0-R...| | |
| --- | --- |
| Bugzilla ID | 326 |
| Reporter | A. Wilcox (awilfox) |
| Assignee | A. Wilcox (awilfox) |
| Reported | 2020-07-04 17:06:49 -0500 |
| Modified | 2020-07-04 17:06:49 -0500 |
| Status | CONFIRMED |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / PowerPC (32-bit) |
| Importance | --- / major |
| Package(s) | user/cantor |
## Description
Backtrace attached. If we had Firefox working on ppc I could upload the .txt ;)1.0-RC2