March 2019 - java-sig-commits - Fedora Mailing-Lists

[Bug 1677636] New: CVE-2019-8343 nasm: use-after-free in paste_tokens in asm/preproc.c

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1677636 Bug ID: 1677636 Summary: CVE-2019-8343 nasm: use-after-free in paste_tokens in asm/preproc.c Product: Security Response Hardware: All OS: Linux Status: NEW Whiteboard: impact=important,public=20190214,reported=20190215,sou rce=cve,cvss3=7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H /I:H/A:H,cwe=CWE-416,fedora-all/nasm=affected,rhel-5/n asm=new,rhel-6/nasm=new,rhel-7/nasm=new,rhel-8/nasm=ne w Component: vulnerability Keywords: Security Severity: high Priority: high Assignee: security-response-team(a)redhat.com Reporter: darunesh(a)redhat.com CC: dominik(a)greysector.net, i.gnatenko.brain(a)gmail.com, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, nickc(a)redhat.com Target Milestone: --- Classification: Other In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in paste_tokens in asm/preproc.c. Reference: https://bugzilla.nasm.us/show_bug.cgi?id=3392556 -- You are receiving this mail because: You are on the CC list for the bug.

4 years, 5 months

1
10
0 / 0

[Bug 1663908] New: CVE-2018-20538 nasm: Use-after-free at asm/preproc.c resulting in a denial of service

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1663908 Bug ID: 1663908 Summary: CVE-2018-20538 nasm: Use-after-free at asm/preproc.c resulting in a denial of service Product: Security Response Hardware: All OS: Linux Status: NEW Whiteboard: impact=low,public=20181118,reported=20181228,source=cv e,cvss3=3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A :L,cwe=CWE-416,fedora-all/nasm=affected,rhel-5/nasm=ne w,rhel-6/nasm=new,rhel-7/nasm=new,rhel-8/nasm=new Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: anemec(a)redhat.com CC: dominik(a)greysector.net, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, nickc(a)redhat.com Target Milestone: --- Classification: Other A use-after-free vulnerability was found in nasm. A specially crafted file could cause the application to crash. Upstream issue: https://bugzilla.nasm.us/show_bug.cgi?id=3392531 -- You are receiving this mail because: You are on the CC list for the bug.

4 years, 5 months

1
7
0 / 0

[Bug 1663907] New: CVE-2018-20535 nasm: Use-after-free at asm/preproc.c resulting in a denial of service

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1663907 Bug ID: 1663907 Summary: CVE-2018-20535 nasm: Use-after-free at asm/preproc.c resulting in a denial of service Product: Security Response Hardware: All OS: Linux Status: NEW Whiteboard: impact=low,public=20181118,reported=20181228,source=cv e,cvss3=3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A :L,cwe=CWE-416,fedora-all/nasm=affected,rhel-5/nasm=ne w,rhel-6/nasm=new,rhel-7/nasm=new,rhel-8/nasm=new Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: anemec(a)redhat.com CC: dominik(a)greysector.net, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, nickc(a)redhat.com Target Milestone: --- Classification: Other A use-after-free vulnerability was found in nasm. A specially crafted file could cause the application to crash. Upstream issue: https://bugzilla.nasm.us/show_bug.cgi?id=3392530 -- You are receiving this mail because: You are on the CC list for the bug.

4 years, 5 months

1
6
0 / 0

[Bug 1663906] New: CVE-2018-1000886 nasm: Buffer overflow in asm/stdscan.c:130 resulting in a denial of service

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1663906 Bug ID: 1663906 Summary: CVE-2018-1000886 nasm: Buffer overflow in asm/stdscan.c:130 resulting in a denial of service Product: Security Response Hardware: All OS: Linux Status: NEW Whiteboard: impact=low,public=20180906,reported=20181221,source=cv e,cvss3=3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A :L,cwe=CWE-122,fedora-all/nasm=affected,rhel-5/nasm=ne w,rhel-6/nasm=new,rhel-7/nasm=new,rhel-8/nasm=new Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: anemec(a)redhat.com CC: dominik(a)greysector.net, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, nickc(a)redhat.com Target Milestone: --- Classification: Other A buffer overflow vulnerability was found in nasm. A specially crafted file could trigger endless macro generation and cause the application to crash. Upstream issue: https://bugzilla.nasm.us/show_bug.cgi?id=3392514 -- You are receiving this mail because: You are on the CC list for the bug.

4 years, 5 months

1
6
0 / 0

[Bug 1663909] New: CVE-2018-1000886 CVE-2018-20535 CVE-2018-20538 nasm: various flaws [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1663909 Bug ID: 1663909 Summary: CVE-2018-1000886 CVE-2018-20535 CVE-2018-20538 nasm: various flaws [fedora-all] Product: Fedora Version: 29 Status: NEW Component: nasm Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: mizdebsk(a)redhat.com Reporter: anemec(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: dominik(a)greysector.net, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

4 years, 5 months

1
7
0 / 0

[Bug 1670704] New: CVE-2019-7147 nasm: Buffer over-read in function crc64ib in crc64.c resulting in denial of service.

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1670704 Bug ID: 1670704 Summary: CVE-2019-7147 nasm: Buffer over-read in function crc64ib in crc64.c resulting in denial of service. Product: Security Response Hardware: All OS: Linux Status: NEW Whiteboard: impact=moderate,public=20190101,reported=20190129,sour ce=cve,cvss3=6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/ I:N/A:H,cwe=CWE-400,fedora-all/nasm=affected,rhel-5/na sm=new,rhel-6/nasm=new,rhel-7/nasm=new,rhel-8/nasm=new Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: darunesh(a)redhat.com CC: dominik(a)greysector.net, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, nickc(a)redhat.com Target Milestone: --- Classification: Other A buffer over-read exists in the function crc64ib in crc64.c in nasmlib in Netwide Assembler (NASM) 2.14rc16. A crafted asm input can cause segmentation faults, leading to denial-of-service. References: https://bugzilla.nasm.us/show_bug.cgi?id=3392544 -- You are receiving this mail because: You are on the CC list for the bug.

4 years, 5 months

1
8
0 / 0

[Bug 1670705] New: CVE-2019-7147 nasm: Buffer over-read in function crc64ib in crc64.c resulting in denial of service. [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1670705 Bug ID: 1670705 Summary: CVE-2019-7147 nasm: Buffer over-read in function crc64ib in crc64.c resulting in denial of service. [fedora-all] Product: Fedora Version: 29 Status: NEW Component: nasm Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: mizdebsk(a)redhat.com Reporter: darunesh(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: dominik(a)greysector.net, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

4 years, 5 months

1
7
0 / 0

[Bug 1689874] New: CVE-2019-1003029 jenkins-script-security-plugin: jenkins-plugin-script-security: sandbox bypass in script security plugin [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1689874 Bug ID: 1689874 Summary: CVE-2019-1003029 jenkins-script-security-plugin: jenkins-plugin-script-security: sandbox bypass in script security plugin [fedora-all] Product: Fedora Version: 29 Status: NEW Component: jenkins-script-security-plugin Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: msrb(a)redhat.com Reporter: darunesh(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, msrb(a)redhat.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

4 years, 5 months

1
4
0 / 0

[Bug 1670291] New: groovy-sandbox: jenkins-plugin-workflow-cps: Sandbox Bypass in Groovy Plugin (SECURITY-1293) [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1670291 Bug ID: 1670291 Summary: groovy-sandbox: jenkins-plugin-workflow-cps: Sandbox Bypass in Groovy Plugin (SECURITY-1293) [fedora-all] Product: Fedora Version: 29 Status: NEW Component: groovy-sandbox Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: msrb(a)redhat.com Reporter: sfowler(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, msrb(a)redhat.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

4 years, 5 months

1
7
0 / 0

[Bug 1685179] New: CVE-2019-0200 qpid-java: Malformed AMQP 0-8 to 0-10 commands resulting in a Denial of Service

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1685179 Bug ID: 1685179 Summary: CVE-2019-0200 qpid-java: Malformed AMQP 0-8 to 0-10 commands resulting in a Denial of Service Product: Security Response Hardware: All OS: Linux Status: NEW Whiteboard: impact=important,public=20190301,reported=20190301,sou rce=oss-security,cvss3=7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI: N/S:U/C:N/I:N/A:H,cwe=CWE-20,fedora-all/qpid-java=affe cted,mrg-m-3/qpid-java=notaffected Component: vulnerability Keywords: Security Severity: high Priority: high Assignee: security-response-team(a)redhat.com Reporter: anemec(a)redhat.com CC: esammons(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, jross(a)redhat.com, mcressma(a)redhat.com, messaging-bugs(a)redhat.com, puntogil(a)libero.it, rrajasek(a)redhat.com Target Milestone: --- Classification: Other A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 6.0.0-7.0.6 (inclusive) and 7.1.0 which allows an unauthenticated attacker to crash the broker instance by sending specially crafted commands using AMQP protocol versions below 1.0 (AMQP 0-8, 0-9, 0-91 and 0-10). Upstream issue: https://issues.apache.org/jira/browse/QPID-8273 References: https://seclists.org/oss-sec/2019/q1/152 -- You are receiving this mail because: You are on the CC list for the bug.

4 years, 5 months

1
2
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

java-sig-commits March 2019