Log

ASA-202108-6 edited at 13 Aug 2021 18:08:16
ASA-202108-5 edited at 13 Aug 2021 18:08:12
ASA-202108-14 edited at 13 Aug 2021 18:03:14
Impact
- A remote attacker could execute arbitrary code or trick the user into accepting additional site permissions through crafted web content.
+ A remote attacker could execute arbitrary code or trick the user into accepting additional site permissions through maliciously crafted web content.
ASA-202108-10 edited at 13 Aug 2021 18:02:48
Impact
- Arbitrary JavaScript code could be executed when opening a crafted notebook file.
+ An attacker could perform remote code execution using a maliciously crafted notebook file.
ASA-202108-9 edited at 13 Aug 2021 18:02:10
Impact
- HTTP Basic Authentication credentials were transmitted unencrypted as part of the TLS handshake.
+ A remote attacker could retrieve HTTP Basic Authentication credentials.
CVE-2021-33574 edited at 13 Aug 2021 15:13:05
Description
The mq_notify function in the GNU C Library (aka glibc) through 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact.
+
+ NOTE: Applying commits 42d359350510506b87101cf77202fefcbfc790cb and 217b6dc298156bdb0d6aea9ea93e7e394a5ff091 fixes CVE-2021-33574, but opens up another issue CVE-2021-38604.
AVG-1920 edited at 13 Aug 2021 15:06:28
Status
- Vulnerable
+ Fixed
Fixed
+ 4.2.2-1
AVG-2293 created at 13 Aug 2021 15:04:17
Packages
+ glibc
Issues
+ CVE-2021-38604
Status
+ Not affected
Severity
+ Low
Affected
+ 2.33-5
Fixed
Ticket
Advisory qualified
+ No
References
Notes
AVG-1621 edited at 13 Aug 2021 15:04:11
Issues
CVE-2021-27645
CVE-2021-33574
CVE-2021-35942
- CVE-2021-38604
CVE-2021-38604 edited at 13 Aug 2021 15:03:57
Description
- In librt in the GNU C Library (aka glibc) through 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix.
+ In librt in the GNU C Library (aka glibc) in version 2.34, sysdeps/unix/sysv/linux/mq_notify.c mishandles certain NOTIFY_REMOVED data, leading to a NULL pointer dereference. NOTE: this vulnerability was introduced as a side effect of the CVE-2021-33574 fix.