CVE-2020-6452 – chromium-browser: Heap buffer overflow in media
https://notcve.org/view.php?id=CVE-2020-6452
Heap buffer overflow in media in Google Chrome prior to 80.0.3987.162 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Un desbordamiento de búfer de la pila (heap) en media en Google Chrome versiones anteriores a 80.0.3987.162, permitió a un atacante remoto explotar potencialmente una corrupción de la pila (heap) por medio de una página HTML diseñada. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00024.html http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00031.html https://chromereleases.googleblog.com/2020/03/stable-channel-update-for-desktop_31.html https://crbug.com/1059764 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMXT4OKBMCJSNSX7TZDBJNY6ORKFZRFO https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQTV7EFWQKF6VJBCVH4PUQJLGO7ISLTN https://access.red • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2020-8834 – Linux kernel KVM Power8 conflicting use of HSTATE_HOST_R1
https://notcve.org/view.php?id=CVE-2020-8834
KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption. Because of this, an attacker with the ability run code in kernel space of a guest VM can cause the host kernel to panic. There were two commits that, according to the reporter, introduced the vulnerability: f024ee098476 ("KVM: PPC: Book3S HV: Pull out TM state save/restore into separate procedures") 87a11bb6a7f7 ("KVM: PPC: Book3S HV: Work around XER[SO] bug in fake suspend mode") The former landed in 4.8, the latter in 4.17. This was fixed without realizing the impact in 4.18 with the following three commits, though it's believed the first is the only strictly necessary commit: 6f597c6b63b6 ("KVM: PPC: Book3S PR: Add guest MSR parameter for kvmppc_save_tm()/kvmppc_restore_tm()") 7b0e827c6970 ("KVM: PPC: Book3S HV: Factor fake-suspend handling out of kvmppc_save/restore_tm") 009c872a8bc4 ("KVM: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file") KVM en el kernel de Linux en los procesadores Power8, presenta un uso conflictivo de HSTATE_HOST_R1 para almacenar el estado r1 en plus kvmppc_hv_entry en kvmppc_ {save, restore} _tm, conllevando a una corrupción de la pila. Debido a esto, un atacante con la capacidad de ejecutar código en el espacio del kernel de una Máquina Virtual invitada puede causar que el kernel del host entre en pánico. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00035.html https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1867717 https://usn.ubuntu.com/4318-1 https://usn.ubuntu.com/usn/usn-4318-1 https://www.openwall.com/lists/oss-security/2020/04/06/2 https://access.redhat.com/security/cve/CVE-2020-8834 https://bugzilla.redhat.com/show_bug.cgi?id=1819615 • CWE-121: Stack-based Buffer Overflow CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-368: Context Switching Race Condition •
CVE-2020-11501 – gnutls: DTLS client hello contains a random value of all zeroes
https://notcve.org/view.php?id=CVE-2020-11501
GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol. GnuTLS versiones 3.6.x anteriores a 3.6.13, usa una criptografía incorrecta para DTLS. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00015.html https://gitlab.com/gnutls/gnutls/-/commit/5b595e8e52653f6c5726a4cdd8fddeb6e83804d2 https://gitlab.com/gnutls/gnutls/-/issues/960 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ILMOWPKMTZAIMK5F32TUMO34XCABUCFJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WDYY3R4F5CUTFAMXH2C5NKYFVDEJLTT7 https://security.gentoo.org/glsa/202004-06 https://security.netapp.com/advis • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-330: Use of Insufficiently Random Values •
CVE-2019-18905 – Deprecated functionality in autoyast2 automatically imports gpg keys without checking them
https://notcve.org/view.php?id=CVE-2019-18905
A Insufficient Verification of Data Authenticity vulnerability in autoyast2 of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows remote attackers to MITM connections when deprecated and unused functionality of autoyast is used to create images. This issue affects: SUSE Linux Enterprise Server 12 autoyast2 version 4.1.9-3.9.1 and prior versions. SUSE Linux Enterprise Server 15 autoyast2 version 4.0.70-3.20.1 and prior versions. Una vulnerabilidad de Verificación Insuficiente de la Autenticidad de Datos en autoyast2 de SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, permite a atacantes remotos conexiones de tipo MITM cuando es usada la funcionalidad obsoleta y no utilizada autoyast para crear imágenes. Este problema afecta a: autoyast2 de SUSE Linux Enterprise Server 12 versión 4.1.9-3.9.1 y versiones anteriores. autoyast2 de SUSE Linux Enterprise Server 15 versión 4.0.70-3.20.1 y versiones anteriores. • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00050.html https://bugzilla.suse.com/show_bug.cgi?id=1140711 • CWE-345: Insufficient Verification of Data Authenticity •
CVE-2019-18904 – Migrations requests can cause DoS on rmt
https://notcve.org/view.php?id=CVE-2019-18904
A Uncontrolled Resource Consumption vulnerability in rmt of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Public Cloud 15-SP1, SUSE Linux Enterprise Module for Server Applications 15, SUSE Linux Enterprise Module for Server Applications 15-SP1, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1 allows remote attackers to cause DoS against rmt by requesting migrations. This issue affects: SUSE Linux Enterprise High Performance Computing 15-ESPOS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise High Performance Computing 15-LTSS rmt-server versions prior to 2.5.2-3.26.1. SUSE Linux Enterprise Module for Public Cloud 15-SP1 rmt-server versions prior to 2.5.2-3.9.1. SUSE Linux Enterprise Module for Server Applications 15 rmt-server versions prior to 2.5.2-3.26.1. • https://bugzilla.suse.com/show_bug.cgi?id=1160922 • CWE-400: Uncontrolled Resource Consumption •