CVE-2019-3815 – systemd: memory leak in journald-server.c introduced by fix for CVE-2018-16864
https://notcve.org/view.php?id=CVE-2019-3815
A memory leak was discovered in the backport of fixes for CVE-2018-16864 in Red Hat Enterprise Linux. Function dispatch_message_real() in journald-server.c does not free the memory allocated by set_iovec_field_free() to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash. This issue only affects versions shipped with Red Hat Enterprise since v219-62.2. Se descubrió una fuga de memoria en el "backport" de soluciones para CVE-2018-16864 en Red Hat Enterprise Linux. • http://www.securityfocus.com/bid/106632 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2019:0201 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3815 https://lists.debian.org/debian-lts-announce/2019/03/msg00013.html https://access.redhat.com/security/cve/CVE-2019-3815 https://bugzilla.redhat.com/show_bug.cgi?id=1666690 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2019-6116 – Ghostscript 9.26 - Pseudo-Operator Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-6116
In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution. En Artifex Ghostscript hasta la versión 9.26, los procedimientos ephemeral o transient pueden permitir el acceso a los operadores del sistema, lo que conduce a la ejecución remota de código. It was found that ghostscript could leak sensitive operators on the operand stack when a pseudo-operator pushes a subroutine. A specially crafted PostScript file could use this flaw to escape the -dSAFER protection in order to, for example, have access to the file system outside of the SAFER constraints. Ghostscript has an issue with pseudo-operators that can lead to remote code execution. • https://www.exploit-db.com/exploits/46242 http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00047.html http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00048.html http://packetstormsecurity.com/files/151307/Ghostscript-Pseudo-Operator-Remote-Code-Execution.html http://packetstormsecurity.com/files/152367/Slackware-Security-Advisory-ghostscript-Updates.html http://www.openwall.com/lists/oss-security/2019/01/23/5 http://www.openwall.com/lists/oss-security/2019/03/21/1 http: •
CVE-2019-2422 – OpenJDK: memory disclosure in FileChannelImpl (Libraries, 8206290)
https://notcve.org/view.php?id=CVE-2019-2422
Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u201, 8u192 and 11.0.1; Java SE Embedded: 8u191. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. • http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00028.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00013.html http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html http://www.securityfocus.com/bid/106596 https://access.redhat.com/errata/RHSA-2019:0416 https://access.redhat.com/errata/RHSA-2019:0435 https://access.redhat.com/errata/RHSA-2019:0436 https://a • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2019-6133 – polkit: Temporary auth hijacking via PID reuse and non-atomic fork
https://notcve.org/view.php?id=CVE-2019-6133
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c. En PolicyKit (también conocido como polkit) 0.115, el mecanismo de protección "start time" puede omitirse debido a que fork() no es atómico y, por lo tanto, las decisiones de autorización se cachean incorrectamente. Esto está relacionado con la falta de comprobación de uid en polkitbackend/polkitbackendinteractiveauthority.c. A vulnerability was found in polkit. • http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00049.html http://www.securityfocus.com/bid/106537 https://access.redhat.com/errata/RHSA-2019:0230 https://access.redhat.com/errata/RHSA-2019:0420 https://access.redhat.com/errata/RHSA-2019:0832 https://access.redhat.com/errata/RHSA-2019:2699 https://access.redhat.com/errata/RHSA-2019:2978 https://bugs.chromium.org/p/project-zero/issues/detail?id=1692 https://git.kernel.org/linus/7b55851367136b1efd84d98fea81ba57a98304cf https • CWE-284: Improper Access Control CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2018-16866 – systemd: out-of-bounds read when parsing a crafted syslog message
https://notcve.org/view.php?id=CVE-2018-16866
An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable. Se ha descubierto una lectura fuera de límites en systemd-journald en la forma en la que analiza mensajes de registro que terminan con dos puntos ":". Un atacante local puede emplear este error para divulgar datos de la memoria del proceso. • http://packetstormsecurity.com/files/152841/System-Down-A-systemd-journald-Exploit.html http://seclists.org/fulldisclosure/2019/May/21 http://www.openwall.com/lists/oss-security/2019/05/10/4 http://www.securityfocus.com/bid/106527 https://access.redhat.com/errata/RHSA-2019:2091 https://access.redhat.com/errata/RHSA-2019:3222 https://access.redhat.com/errata/RHSA-2020:0593 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16866 https://seclists.org/bugtraq/2019/May/25 • CWE-125: Out-of-bounds Read CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •