HYCU 4.3.1-616 security updates

  • RHSA-2021:4903:
    • CVE-2021-43527: nss: Memory corruption in decodeECorDsaSignature with DSA signatures (and RSA-PSS)
  • RHSA-2021:4647:
    • CVE-2021-20317: kernel: timer tree corruption leads to missing wakeup and system freeze
    • CVE-2021-43267: kernel: Insufficient validation of user-supplied sizes for the MSG_CRYPTO message type
  • RHSA-2021:4587:
    • CVE-2021-42574: Developer environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks
  • RHSA-2021:4537:
    • CVE-2021-20325: httpd: Regression of CVE-2021-40438 and CVE-2021-26691 fixes in Red Hat Enterprise Linux 8.5
  • RHSA-2021:4517:
    • CVE-2021-3778: vim: heap-based buffer overflow in utf_ptr2char() in mbyte.c
    • CVE-2021-3796: vim: use-after-free in nv_replace() in normal.c
  • RHSA-2021:4513:
    • CVE-2021-36084: libsepol: use-after-free in __cil_verify_classperms()
    • CVE-2021-36085: libsepol: use-after-free in __cil_verify_classperms()
    • CVE-2021-36086: libsepol: use-after-free in cil_reset_classpermission()
    • CVE-2021-36087: libsepol: heap-based buffer overflow in ebitmap_match_any()
  • RHSA-2021:4511:
    • CVE-2021-22876: curl: Leak of authentication credentials in URL via automatic Referer
    • CVE-2021-22898: curl: TELNET stack contents disclosure
    • CVE-2021-22925: curl: Incorrect fix for CVE-2021-22898 TELNET stack contents disclosure
  • RHSA-2021:4510:
    • CVE-2020-24370: lua: segmentation fault in getlocal and setlocal functions in ldebug.c
  • RHSA-2021:4489:
    • CVE-2021-20266: rpm: missing length checks in hdrblobInit()
  • RHSA-2021:4464:
    • CVE-2021-3445: libdnf: Signature verification bypass via signature placed in the main RPM header
  • RHSA-2021:4455:
    • CVE-2021-3572: python-pip: Incorrect handling of unicode separators in git references
  • RHSA-2021:4451:
    • CVE-2021-3580: nettle: Remote crash in RSA decryption via manipulated ciphertext
    • CVE-2021-20231: gnutls: Use after free in client key_share extension
    • CVE-2021-20232: gnutls: Use after free in client_send_params in lib/ext/pre_shared_key.c
  • RHSA-2021:4426:
    • CVE-2019-17594: ncurses: heap-based buffer overflow in the _nc_find_entry function in tinfo/comp_hash.c
    • CVE-2019-17595: ncurses: heap-based buffer overflow in the fmt_entry function in tinfo/comp_hash.c
  • RHSA-2021:4424:
    • CVE-2021-23840: openssl: integer overflow in CipherUpdate
    • CVE-2021-23841: openssl: NULL pointer dereference in X509_issuer_and_serial_hash()
  • RHSA-2021:4409:
    • CVE-2021-33560: libgcrypt: mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm
  • RHSA-2021:4408:
    • CVE-2021-3200: libsolv: heap-based buffer overflow in testcase_read() in src/testcase.c
  • RHSA-2021:4404:
    • CVE-2021-20269: kexec-tools: incorrect permissions on kdump dmesg file
  • RHSA-2021:4399:
    • CVE-2021-3426: python: Information disclosure via pydoc
  • RHSA-2021:4396:
    • CVE-2019-5827: sqlite: out-of-bounds access due to the use of 32-bit memory allocator interfaces
    • CVE-2019-13750: sqlite: dropping of shadow tables not restricted in defensive mode
    • CVE-2019-13751: sqlite: fts3: improve detection of corrupted records
    • CVE-2019-19603: sqlite: mishandling of certain SELECT statements with non-existent VIEW can lead to DoS
    • CVE-2020-13435: sqlite: NULL pointer dereference in sqlite3ExprCodeTarget()
  • RHSA-2021:4393:
    • CVE-2020-10001: cups: access to uninitialized buffer in ipp.c
  • RHSA-2021:4387:
    • CVE-2020-16135: libssh: NULL pointer dereference in sftpserver.c if ssh_buffer_new returns NULL
  • RHSA-2021:4386:
    • CVE-2018-20673: libiberty: Integer overflow in demangle_template() function
  • RHSA-2021:4385:
    • CVE-2021-3800: glib2: Possible privilege escalation thourgh pkexec and aliases
    • CVE-2021-28153: glib: g_file_replace() with G_FILE_CREATE_REPLACE_DESTINATION creates empty target for dangling symlink
  • RHSA-2021:4384:
    • CVE-2021-25214: bind: Broken inbound incremental zone update (IXFR) can cause named to terminate unexpectedly
  • RHSA-2021:4382:
    • CVE-2020-12762: json-c: integer overflow and out-of-bounds write via a large JSON file
  • RHSA-2021:4381:
    • CVE-2020-13558: webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution
    • CVE-2020-24870: LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp
    • CVE-2020-27918: webkitgtk: Use-after-free leading to arbitrary code execution
    • CVE-2020-29623: webkitgtk: User may be unable to fully delete browsing history
    • CVE-2020-36241: gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory
    • CVE-2021-1765: webkitgtk: IFrame sandboxing policy violation
    • CVE-2021-1788: webkitgtk: Use-after-free leading to arbitrary code execution
    • CVE-2021-1789: webkitgtk: Type confusion issue leading to arbitrary code execution
    • CVE-2021-1799: webkitgtk: Access to restricted ports on arbitrary servers via port redirection
    • CVE-2021-1801: webkitgtk: IFrame sandboxing policy violation
    • CVE-2021-1844: webkitgtk: Memory corruption issue leading to arbitrary code execution
    • CVE-2021-1870: webkitgtk: Logic issue leading to arbitrary code execution
    • CVE-2021-1871: webkitgtk: Logic issue leading to arbitrary code execution
    • CVE-2021-21775: webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and possibly code execution
    • CVE-2021-21779: webkitgtk: Use-after-free in WebCore::GraphicsContext leading to information leak and possibly code execution
    • CVE-2021-21806: webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution
    • CVE-2021-28650: gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix)
    • CVE-2021-30663: webkitgtk: Integer overflow leading to arbitrary code execution
    • CVE-2021-30665: webkitgtk: Memory corruption leading to arbitrary code execution
    • CVE-2021-30682: webkitgtk: Logic issue leading to leak of sensitive user information
    • CVE-2021-30689: webkitgtk: Logic issue leading to universal cross site scripting attack
    • CVE-2021-30720: webkitgtk: Logic issue allowing access to restricted ports on arbitrary servers
    • CVE-2021-30734: webkitgtk: Memory corruptions leading to arbitrary code execution
    • CVE-2021-30744: webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack
    • CVE-2021-30749: webkitgtk: Memory corruptions leading to arbitrary code execution
    • CVE-2021-30758: webkitgtk: Type confusion leading to arbitrary code execution
    • CVE-2021-30795: webkitgtk: Use-after-free leading to arbitrary code execution
    • CVE-2021-30797: webkitgtk: Insufficient checks leading to arbitrary code execution
    • CVE-2021-30799: webkitgtk: Memory corruptions leading to arbitrary code execution
  • RHSA-2021:4374:
    • CVE-2019-18218: file: heap-based buffer overflow in cdf_read_property_info in cdf.c
  • RHSA-2021:4373:
    • CVE-2019-20838: pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1
    • CVE-2020-14155: pcre: Integer overflow when parsing callout numeric arguments
  • RHSA-2021:4368:
    • CVE-2020-14145: openssh: Observable discrepancy leading to an information leak in the algorithm negotiation
  • RHSA-2021:4358:
    • CVE-2021-27645: glibc: Use-after-free in addgetnetgrentX function in netgroupcache.c
    • CVE-2021-33574: glibc: mq_notify does not handle separately allocated thread attributes
    • CVE-2021-35942: glibc: Arbitrary read in wordexp()
  • RHSA-2021:4356:
    • CVE-2019-14615: kernel: Intel graphics card information leak.
    • CVE-2020-0427: kernel: out-of-bounds reads in pinctrl subsystem.
    • CVE-2020-24502: kernel: Improper input validation in some Intel(R) Ethernet E810 Adapter drivers
    • CVE-2020-24503: kernel: Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers
    • CVE-2020-24504: kernel: Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers
    • CVE-2020-24586: kernel: Fragmentation cache not cleared on reconnection
    • CVE-2020-24587: kernel: Reassembling fragments encrypted under different keys
    • CVE-2020-24588: kernel: wifi frame payload being parsed incorrectly as an L2 frame
    • CVE-2020-26139: kernel: Forwarding EAPOL from unauthenticated wifi client
    • CVE-2020-26140: kernel: accepting plaintext data frames in protected networks
    • CVE-2020-26141: kernel: not verifying TKIP MIC of fragmented frames
    • CVE-2020-26143: kernel: accepting fragmented plaintext frames in protected networks
    • CVE-2020-26144: kernel: accepting unencrypted A-MSDU frames that start with RFC1042 header
    • CVE-2020-26145: kernel: accepting plaintext broadcast fragments as full frames
    • CVE-2020-26146: kernel: reassembling encrypted fragments with non-consecutive packet numbers
    • CVE-2020-26147: kernel: reassembling mixed encrypted/plaintext fragments
    • CVE-2020-27777: kernel: powerpc: RTAS calls can be used to compromise kernel integrity
    • CVE-2020-29368: kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check
    • CVE-2020-29660: kernel: locking inconsistency in drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c can lead to a read-after-free
    • CVE-2020-36158: kernel: buffer overflow in mwifiex_cmd_802_11_ad_hoc_start function in drivers/net/wireless/marvell/mwifiex/join.c via a long SSID value
    • CVE-2020-36312: kernel: memory leak upon a kmalloc failure in kvm_io_bus_unregister_dev function in virt/kvm/kvm_main.c
    • CVE-2020-36386: kernel: slab out-of-bounds read in hci_extended_inquiry_result_evt() in net/bluetooth/hci_event.c
    • CVE-2021-0129: kernel: Improper access control in BlueZ may allow information disclosure vulnerability.
    • CVE-2021-3348: kernel: Use-after-free in ndb_queue_rq() in drivers/block/nbd.c
    • CVE-2021-3489: kernel: Linux kernel eBPF RINGBUF map oversized allocation
    • CVE-2021-3564: kernel: double free in bluetooth subsystem when the HCI device initialization fails
    • CVE-2021-3573: kernel: use-after-free in function hci_sock_bound_ioctl()
    • CVE-2021-3600: kernel: eBPF 32-bit source register truncation on div/mod
    • CVE-2021-3635: kernel: flowtable list del corruption with kernel BUG at lib/list_debug.c:50
    • CVE-2021-3659: kernel: NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c
    • CVE-2021-3679: kernel: DoS in rb_per_cpu_empty()
    • CVE-2021-3732: kernel: overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files
    • CVE-2021-20194: kernel: heap overflow in __cgroup_bpf_run_filter_getsockopt()
    • CVE-2021-20239: kernel: setsockopt System Call Untrusted Pointer Dereference Information Disclosure
    • CVE-2021-23133: kernel: Race condition in sctp_destroy_sock list_del
    • CVE-2021-28950: kernel: fuse: stall on CPU can occur because a retry loop continually finds the same bad inode
    • CVE-2021-28971: kernel: System crash in intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c
    • CVE-2021-29155: kernel: protection for sequences of pointer arithmetic operations against speculatively out-of-bounds loads can be bypassed to leak content of kernel memory
    • CVE-2021-29646: kernel: improper input validation in tipc_nl_retrieve_key function in net/tipc/node.c
    • CVE-2021-29650: kernel: lack a full memory barrier upon the assignment of a new table value in net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h may lead to DoS
    • CVE-2021-31440: kernel: local escalation of privileges in handling of eBPF programs
    • CVE-2021-31829: kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory
    • CVE-2021-31916: kernel: out of bounds array access in drivers/md/dm-ioctl.c
    • CVE-2021-33033: kernel: use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c
    • CVE-2021-33200: kernel: out-of-bounds reads and writes due to enforcing incorrect limits for pointer arithmetic operations by BPF verifier
  • RHSA-2021:4326:
    • CVE-2021-31535: libX11: missing request length checks
  • RHSA-2021:4288:
    • CVE-2020-17541: libjpeg-turbo: Stack-based buffer overflow in the "transform" component
  • RHSA-2021:4257:
    • CVE-2021-26690: httpd: mod_session: NULL pointer dereference when parsing Cookie header
    • CVE-2021-30641: httpd: Unexpected URL matching with 'MergeSlashes OFF'
  • RHSA-2021:4241:
    • CVE-2020-35521: libtiff: Memory allocation failure in tiff2rgba
    • CVE-2020-35522: libtiff: Memory allocation failure in tiff2rgba
    • CVE-2020-35523: libtiff: Integer overflow in tif_getimage.c
    • CVE-2020-35524: libtiff: Heap-based buffer overflow in TIFF2PDF tool
  • RHSA-2021:4236:
    • CVE-2020-8037: tcpdump: ppp decapsulator can be convinced to allocate a large amount of memory
  • RHSA-2021:4235:
    • CVE-2020-27828: jasper: Heap-based buffer overflow in cp_create() in jpc_enc.c
    • CVE-2021-3272: jasper: Heap-based buffer over-read in jp2_decode() in jp2_dec.c
    • CVE-2021-26926: jasper: Out of bounds read in jp2_decode() in jp2_dec.c
    • CVE-2021-26927: jasper: NULL pointer dereference in jp2_decode() in jp2_dec.c
  • RHSA-2021:4201:
    • CVE-2021-20095: python-babel: Relative path traversal allows attacker to load arbitrary locale files and execute arbitrary code
    • CVE-2021-42771: python-babel: Relative path traversal allows attacker to load arbitrary locale files and execute arbitrary code
  • RHSA-2021:4191:
    • CVE-2020-15859: QEMU: net: e1000e: use-after-free while sending packets
    • CVE-2021-3592: QEMU: slirp: invalid pointer initialization may lead to information disclosure (bootp)
    • CVE-2021-3593: QEMU: slirp: invalid pointer initialization may lead to information disclosure (udp6)
    • CVE-2021-3594: QEMU: slirp: invalid pointer initialization may lead to information disclosure (udp)
    • CVE-2021-3595: QEMU: slirp: invalid pointer initialization may lead to information disclosure (tftp)
    • CVE-2021-3631: libvirt: Insecure sVirt label generation
    • CVE-2021-3667: libvirt: Improper locking on ACL failure in virStoragePoolLookupByTargetPath API
  • RHSA-2021:4161:
    • CVE-2020-28493: python-jinja2: ReDoS vulnerability in the urlize filter

 

Was this article helpful?
0 out of 0 found this helpful

Comments

1 comment
  • Once again, appreciate the work put in for the security bulletins being posted on the support portal. I would like to point out a need for some clarity though...

    Are these "fixed" in HYCU 4.3.1-616? Or, are these "current" threats to this code level?

    Are earlier versions affected (example 4.2.1-2519)?

    What is the "first fixed release"?

    0

Please sign in to leave a comment.