CVE-2018-10855 – ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs
https://notcve.org/view.php?id=CVE-2018-10855
Ansible 2.5 prior to 2.5.5, and 2.4 prior to 2.4.5, do not honor the no_log task flag for failed tasks. When the no_log flag has been used to protect sensitive data passed to a task from being logged, and that task does not run successfully, Ansible will expose sensitive data in log files and on the terminal of the user running Ansible. Ansible, en versiones 2.5 anteriores a la 2.5.5 y 2.4 anteriores a la 2.4.5, no cumplen con la marca de tarea no_log para las tareas fallidas. Cuando se ha empleado la marca no_log para proteger datos sensibles que se pasan a una tarea desde que se registra y esa tarea no se ejecuta con éxito, Ansible mostrará datos sensibles en archivos de registro y en el terminal del usuario que ejecuta Ansible. • https://access.redhat.com/errata/RHBA-2018:3788 https://access.redhat.com/errata/RHSA-2018:1948 https://access.redhat.com/errata/RHSA-2018:1949 https://access.redhat.com/errata/RHSA-2018:2022 https://access.redhat.com/errata/RHSA-2018:2079 https://access.redhat.com/errata/RHSA-2018:2184 https://access.redhat.com/errata/RHSA-2018:2585 https://access.redhat.com/errata/RHSA-2019:0054 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10855 https://usn.ubuntu.com/ • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2018-0495 – ROHNP: Key Extraction Side Channel in Multiple Crypto Libraries
https://notcve.org/view.php?id=CVE-2018-0495
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. Libgcrypt en versiones anteriores a la 1.7.10 y versiones 1.8.x anteriores a la 1.8.3 permite un ataque de canal lateral por caché de memoria en las firmas ECDSA que se puede mitigar mediante el uso de la ocultación durante el proceso de firmado en la función _gcry_ecc_ecdsa_sign en cipher/ecc-ecdsa.c. Esto también se conoce como Return Of the Hidden Number Problem o ROHNP. Para descubrir una clave ECDSA, el atacante necesita acceso a la máquina local o a una máquina virtual diferente en el mismo host físico. • http://www.securitytracker.com/id/1041144 http://www.securitytracker.com/id/1041147 https://access.redhat.com/errata/RHSA-2018:3221 https://access.redhat.com/errata/RHSA-2018:3505 https://access.redhat.com/errata/RHSA-2019:1296 https://access.redhat.com/errata/RHSA-2019:1297 https://access.redhat.com/errata/RHSA-2019:1543 https://access.redhat.com/errata/RHSA-2019:2237 https://dev.gnupg.org/T4011 https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git%3Ba=commit%3 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVE-2018-1117 – ovirt-ansible-roles: passwords revealed in ansible log when provisioning new provider
https://notcve.org/view.php?id=CVE-2018-1117
ovirt-ansible-roles before version 1.0.6 has a vulnerability due to a missing no_log directive, resulting in the 'Add oVirt Provider to ManageIQ/CloudForms' playbook inadvertently disclosing admin passwords in the provisioning log. In an environment where logs are shared with other parties, this could lead to privilege escalation. ovirt-ansible-roles en versiones anteriores a la 1.0.6 tiene una vulnerabilidad debido a la falta de la directiva no_log, lo que resulta en que el procedimiento "Add oVirt Provider to ManageIQ/CloudForms" revela accidentalmente contraseñas de administrador en el registro de aprovisionamiento. En un entorno en el que se comparten registros con otras partes, esto podría conducir a un escalado de privilegios. Due to a missing no_log directive, the 'Add oVirt Provider to ManageIQ/CloudForms' playbook inadvertently disclosed admin passwords in the provisioning log. In an environment where logs are shared with other parties, this could lead to privilege escalation. • http://www.securityfocus.com/bid/104186 https://access.redhat.com/errata/RHSA-2018:1452 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1117 https://access.redhat.com/security/cve/CVE-2018-1117 https://bugzilla.redhat.com/show_bug.cgi?id=1574776 • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2017-18267 – poppler: Infinite recursion in fofi/FoFiType1C.cc:FoFiType1C::cvtGlyph() function allows denial of service
https://notcve.org/view.php?id=CVE-2017-18267
The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops. La función FoFiType1C::cvtGlyph en fofi/FoFiType1C.cc en Poppler 0.64.0 permite que atacantes remotos provoquen una denegación de servicio (recursión infinita) mediante un archivo PDF manipulado, tal y como demuestra pdftops. • https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2018:3140 https://access.redhat.com/errata/RHSA-2018:3505 https://bugzilla.freedesktop.org/show_bug.cgi?id=103238 https://lists.debian.org/debian-lts-announce/2018/10/msg00024.html https://lists.debian.org/debian-lts-announce/2020/07/msg00018.html https://usn.ubuntu.com/3647-1 https://access.redhat.com/security/cve/CVE-2017-18267 https://bugzilla.redhat.com/show_bug.cgi?id=1578777 • CWE-674: Uncontrolled Recursion CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2018-10767 – libgxps: Stack-based buffer overflow in calling glib in gxps_images_guess_content_type of gcontenttype.c
https://notcve.org/view.php?id=CVE-2018-10767
There is a stack-based buffer over-read in calling GLib in the function gxps_images_guess_content_type of gxps-images.c in libgxps through 0.3.0 because it does not reject negative return values from a g_input_stream_read call. A crafted input will lead to a remote denial of service attack. Hay una sobrelectura de búfer basada en pila en la llamada a GLib en la función gxps_images_guess_content_type de gxps-images.c en libgxps hasta la versión 0.3.0 debido a que no rechaza los valores de retorno de una llamada g_input_stream_read. Se podría realizar un ataque de denegación de servicio remoto con una entrada especialmente manipulada. • https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2018:3140 https://access.redhat.com/errata/RHSA-2018:3505 https://bugzilla.redhat.com/show_bug.cgi?id=1575188 https://access.redhat.com/security/cve/CVE-2018-10767 https://bugzilla.redhat.com/show_bug.cgi?id=1576175 • CWE-121: Stack-based Buffer Overflow CWE-125: Out-of-bounds Read •