---

Log

AVG-2235 edited at 28 Jul 2021 20:32:41
Status	- Testing + Fixed

AVG-2237 edited at 28 Jul 2021 18:47:08
Ticket	+ 71641

AVG-2237 edited at 28 Jul 2021 18:45:15
Severity	- Unknown + Medium

CVE-2021-37601 edited at 28 Jul 2021 18:45:15
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Information disclosure
Description	+ It was discovered that Prosody 0.11.0 up to 0.11.9 exposes the list of entities (Jabber/XMPP addresses) affiliated (part of) a Multi-User chat to any user, even if they are currently not part of the chat or if their affiliation would not let them become part of the chat, if the whois room configuration was set to anyone. This allows any entity to access the list of admins, members, owners and banned entities of any federated XMPP group chat of which they know the address if it is hosted on a vulnerable Prosody server.
References	+ https://prosody.im/security/advisory_20210722/ + https://prosody.im/security/advisory_20210722/1.patch
Notes

AVG-2237 created at 28 Jul 2021 18:40:37
Packages	+ prosody
Issues	+ CVE-2021-37601
Status	+ Vulnerable
Severity	+ Unknown
Affected	+ 1:0.11.9-2
Fixed
Ticket
Advisory qualified	+ Yes
References
Notes

CVE-2021-37601 created at 28 Jul 2021 18:40:37

ASA-202107-74 edited at 28 Jul 2021 18:39:46
Impact	+ A remote attacker could execute arbitrary code or spoof content through a crafted web page.

ASA-202107-74 created at 28 Jul 2021 18:39:29

AVG-2236 edited at 28 Jul 2021 18:36:50
Severity	- Unknown + Medium

CVE-2021-37600 edited at 28 Jul 2021 18:36:50
Severity	- Unknown + Medium
Remote	- Unknown + Local
Type	- Unknown + Arbitrary code execution
Description	+ An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file.
References	+ https://github.com/karelzak/util-linux/issues/1395 + https://github.com/karelzak/util-linux/commit/1c9143d0c1f979c3daf10e1c37b5b1e916c22a1c
Notes

AVG-2236 created at 28 Jul 2021 18:35:24
Packages	+ util-linux
Issues	+ CVE-2021-37600
Status	+ Vulnerable
Severity	+ Unknown
Affected	+ 2.37.1-1
Fixed
Ticket
Advisory qualified	+ Yes
References
Notes

CVE-2021-37600 created at 28 Jul 2021 18:35:24

AVG-2202 edited at 28 Jul 2021 18:33:41
Status	- Vulnerable + Fixed
Fixed	+ 4.1.2369.11-1

AVG-2235 created at 28 Jul 2021 18:32:19
Packages	+ linux-lts
Issues	+ CVE-2021-37159
Status	+ Testing
Severity	+ Medium
Affected	+ 5.10.53-1
Fixed	+ 5.10.54-1
Ticket
Advisory qualified	+ Yes
References
Notes