Log

AVG-1879 edited at 23 Jun 2021 19:08:42
Issues
CVE-2020-26555
CVE-2020-26556
CVE-2020-26557
CVE-2020-26559
CVE-2020-26560
CVE-2021-3542
CVE-2021-3564
CVE-2021-3609
CVE-2021-22543
- CVE-2021-33624
- CVE-2021-34693
Affected
- 5.12.12.arch1-1
+ 5.12.13.arch1-1
AVG-1594 edited at 23 Jun 2021 19:08:14
Affected
- 5.12.12.arch1-1
+ 5.12.13.arch1-1
CVE-2021-34693 edited at 23 Jun 2021 19:06:21
Description
- net/can/bcm.c in the Linux kernel allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.
+ net/can/bcm.c in the Linux kernel before 5.12.13 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.
References
https://www.openwall.com/lists/oss-security/2021/06/15/1
https://github.com/nrb547/kernel-exploitation/tree/main/cve-2021-34693
- https://lore.kernel.org/netdev/trinity-87eaea25-2a7d-4aa9-92a5-269b822e5d95-1623609211076@3c-app-gmx-bs04/T/
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.13&id=dc6415cb5cf8ebc8b334b7d0be916a0bf4353779
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.46&id=acb755be1f7adb204dcedc4d3b204ef098628623
CVE-2021-33624 edited at 23 Jun 2021 19:04:29
Description
- The Linux kernel BPF subsystem's protection against speculative execution attacks (Spectre mitigation) can be bypassed. On affected systems, an unprivileged BPF program can exploit this vulnerability to leak the contents of arbitrary kernel memory (and therefore, of all physical memory) via a side-channel.
+ In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db.
References
https://www.openwall.com/lists/oss-security/2021/06/21/1
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d203b0fd863a2261e5d00b97f3d060c4c2a6db71
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fe9a5ca7e370e613a9a75a13008a3845ea759d6e
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9183671af6dbf60a1219371d4ed73e23f43b49db
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=973377ffe8148180b2651825b92ae91988141b05
+ https://www.usenix.org/conference/usenixsecurity21/presentation/kirzner
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.13&id=408a4956acde24413f3c684912b1d3e404bed8e2
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.13&id=68a1936e1812653b68c5b68e698d88fb35018835
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.13&id=4a99047ed51c98a09a537fe2c12420d815dfe296
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.46&id=e9d271731d21647f8f9e9a261582cf47b868589a
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.46&id=8c82c52d1de931532200b447df8b4fc92129cfd9
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.46&id=5fc6ed1831ca5a30fb0ceefd5e33c7c689e7627b
AVG-2093 edited at 23 Jun 2021 16:38:29
Severity
- Unknown
+ Medium
CVE-2021-35197 edited at 23 Jun 2021 16:38:29
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Access restriction bypass
Description
+ A security issue has been found in MediaWiki before version 1.36.1 that allows blocked users to purge pages.
References
+ https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/YR3X4L2CPSEJVSY543AWEO65TD6APXHP/
+ https://phabricator.wikimedia.org/T280226
+ https://releases.wikimedia.org/mediawiki/1.36/mediawiki-1.36.1.patch.gz
Notes
AVG-2093 created at 23 Jun 2021 16:28:36
Packages
+ mediawiki
Issues
+ CVE-2021-35197
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 1.36.0-1
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2021-35197 created at 23 Jun 2021 16:28:36
AVG-2060 edited at 22 Jun 2021 22:31:27
Status
- Vulnerable
+ Fixed
Fixed
+ 0.65.2-1
AVG-2090 edited at 22 Jun 2021 18:22:25
Status
- Testing
+ Fixed
CVE-2021-29157 edited at 22 Jun 2021 15:28:44
Description
- Dovecot before version 2.3.14.1 does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens in some configurations. The attack requires an attacker to be able to write files to the local disk. As a result, a local attacker can login as any user and access their emails.
+ A security issue has been found in Dovecot before version 2.3.14.1. The kid and azp fields in JWT tokens are not correctly escaped. This may be used to supply attacker controlled keys to validate tokens in some configurations. The attack requires an attacker to be able to write files to the local disk. As a result, a local attacker can login as any user and access their emails.
CVE-2021-33515 edited at 22 Jun 2021 15:24:13
Description
- A security issue has been found in Dovecot before version 2.3.14.1. An on-path attacker could inject plaintext commands before the STARTTLS negotiation that would be executed after STARTTLS finished with the client. Only the SMTP submission service is affected. As a result, an attacker can potentially steal user credentials and mails. The attacker needs to have sending permissions on the submission server (a valid username and password).
+ A security issue has been found in Dovecot before version 2.3.14.1. An on-path attacker could inject plaintext commands before the STARTTLS negotiation that would be executed after STARTTLS finished with the client. Only the SMTP submission service is affected. As a result, an attacker can potentially steal user credentials and emails. The attacker needs to have sending permissions on the submission server (a valid username and password).