Log

AVG-1201 edited at 16 Sep 2020 00:06:40
Status
- Vulnerable
+ Unknown
AVG-1232 edited at 15 Sep 2020 19:39:19
Status
- Testing
+ Fixed
AVG-1210 edited at 15 Sep 2020 19:23:30
Status
- Vulnerable
+ Fixed
Fixed
+ 7.9.1-1
ASA-202009-7 edited at 15 Sep 2020 19:23:02
Impact
+ An attacker can trick the user to run code with a malicious gradle project.
CVE-2020-14339 edited at 15 Sep 2020 19:14:33
References
+ https://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=22494556542c676d1b9e7f1c1f2ea13ac17e1e3e;hp=b8ebbe05451fde7ce541564f73437a29ffd5db0d
AVG-1232 edited at 15 Sep 2020 19:14:16
Status
- Unknown
+ Testing
AVG-1232 edited at 15 Sep 2020 19:14:08
Severity
- Unknown
+ High
CVE-2020-14339 edited at 15 Sep 2020 19:14:08
Severity
- Unknown
+ High
Remote
- Unknown
+ Local
Type
- Unknown
+ Privilege escalation
Description
+ A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform operations outside of their standard permissions, potentially causing serious damage to the host operating system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
References
Notes
AVG-1232 created at 15 Sep 2020 19:13:07
Packages
+ libvirt
Issues
+ CVE-2020-14339
Status
+ Unknown
Severity
+ Unknown
Affected
+ 6.5.0-1
Fixed
+ 6.5.0-2
Ticket
+ 67807
Advisory qualified
+ Yes
References
Notes
CVE-2020-14339 created at 15 Sep 2020 19:13:07
CVE-2020-8927 edited at 15 Sep 2020 13:18:18
References
+ https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6
CVE-2020-8927 edited at 15 Sep 2020 13:17:28
Description
- A buffer overflow exists in the Brotli library <= 1.0.8, where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.9 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.
+ A buffer overflow exists in the Brotli library < 1.0.8, where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.
Notes
+ Note that 1.0.9 was a re-release after fixing a build issue.