Log

AVG-1065 created at 07 Nov 2019 10:52:07
Packages
+ linux-lts
Issues
+ CVE-2019-17666
Status
+ Testing
Severity
+ Critical
Affected
+ 4.19.81-1
Fixed
+ 4.19.82-1
Ticket
Advisory qualified
+ Yes
References
Notes
AVG-1064 created at 07 Nov 2019 10:51:35
Packages
+ linux
Issues
+ CVE-2019-17666
Status
+ Testing
Severity
+ Critical
Affected
+ 5.3.8.1-1
Fixed
+ 5.3.9.1-1
Ticket
Advisory qualified
+ Yes
References
Notes
AVG-1063 created at 07 Nov 2019 10:51:00
Packages
+ linux-hardened
Issues
+ CVE-2019-17666
Status
+ Fixed
Severity
+ Critical
Affected
+ 5.3.7.a-1
Fixed
+ 5.3.8.a-1
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2019-17666 edited at 07 Nov 2019 10:50:26
Description
- rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel before 5.3.9, 4.19.82, 4.14.152, 4.9.199, 4.4.199 lacks a certain upper-bound check, leading to a buffer overflow. An attacker is able to trigger the overflow remotely through Wi-Fi when the Realtek (RTLWIFI) driver is used leading to arbitrary code execution on the affected host.
+ rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel before 5.3.9, 4.19.82, 4.14.152, 4.9.199, 4.4.199 lacks a certain upper-bound check, leading to a buffer overflow. An attacker is able to trigger the overflow remotely through Wi-Fi by using a power-saving feature known as a Notice of Absence when the Realtek (RTLWIFI) driver is being used on the affected host leading to arbitrary code execution.
CVE-2019-17666 created at 07 Nov 2019 10:44:46
Severity
+ Critical
Remote
+ Remote
Type
+ Arbitrary code execution
Description
+ rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel before 5.3.9, 4.19.82, 4.14.152, 4.9.199, 4.4.199 lacks a certain upper-bound check, leading to a buffer overflow. An attacker is able to trigger the overflow remotely through Wi-Fi when the Realtek (RTLWIFI) driver is used leading to arbitrary code execution on the affected host.
References
+ https://lkml.org/lkml/2019/10/16/1226
+ https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8c55dedb795be8ec0cf488f98c03a1c2176f7fb1
Notes
ASA-201911-8 edited at 07 Nov 2019 09:46:44
Workaround
For CVE-2019-12526:
- Deny urn: protocol URI being proxied to all clients:
+ Deny urn: protocol URI being proxied to all clients:
- acl URN proto URN
+ acl URN proto URN
- http_access deny URN
+ http_access deny URN
For CVE-2019-18678:
- There are no workarounds for this vulnerability.
+ There are no workarounds for this vulnerability.
For CVE-2019-18679:
- Digest authentication can be disabled by removing all 'auth_param digest ...' configuration settings from squid.conf.
+ Digest authentication can be disabled by removing all 'auth_param digest ...' configuration settings from squid.conf.
ASA-201911-8 edited at 07 Nov 2019 09:46:08
Workaround
+ For CVE-2019-12526:
+ Deny urn: protocol URI being proxied to all clients:
+
+ acl URN proto URN
+ http_access deny URN
+
+ For CVE-2019-18678:
+ There are no workarounds for this vulnerability.
+
+ For CVE-2019-18679:
+ Digest authentication can be disabled by removing all 'auth_param digest ...' configuration settings from squid.conf.
Impact
+ A remote attacker might access sensitive information, corrupt the content of arbitrary URLs in the caches or execute arbitrary code.
ASA-201911-8 created at 07 Nov 2019 09:41:37
AVG-1062 edited at 07 Nov 2019 09:40:17
Severity
- High
+ Critical
CVE-2019-12526 edited at 07 Nov 2019 09:40:17
Severity
- Unknown
+ Critical
Remote
- Unknown
+ Remote
Type
- Unknown
+ Arbitrary code execution
Description
+ A heap-based buffer overflow has been found in Squid before 4.9, when processing URN.
References
+ http://www.squid-cache.org/Advisories/SQUID-2019_7.txt
+ http://www.squid-cache.org/Versions/v4/changesets/squid-4-7aa0184a720fd216191474e079f4fe87de7c4f5a.patch
Notes
AVG-1062 edited at 07 Nov 2019 09:38:48
Severity
- Medium
+ High
CVE-2019-18678 edited at 07 Nov 2019 09:38:48
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Content spoofing
Description
+ A HTTP request splitting issue has been found in Squid before 4.9. This issue allows attackers to smuggle HTTP requests through frontend software to a Squid which splits the HTTP Request pipeline differently. The resulting Response messages corrupt caches between client and Squid with attacker controlled content at arbitrary URLs.
References
+ http://www.squid-cache.org/Advisories/SQUID-2019_10.txt
+ http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch
Notes