java-sig-commits February 2019

java-sig-commits@lists.fedoraproject.org

1 participants
205 discussions

[Bug 1668319] New: CVE-2019-6290 nasm: Infinite recursion in eval.c causing stack exhaustion problem resulting in a denial of service
by bugzilla＠redhat.com 27 Nov '19

27 Nov '19

https://bugzilla.redhat.com/show_bug.cgi?id=1668319 Bug ID: 1668319 Summary: CVE-2019-6290 nasm: Infinite recursion in eval.c causing stack exhaustion problem resulting in a denial of service Product: Security Response Hardware: All OS: Linux Status: NEW Whiteboard: impact=moderate,public=20190102,reported=20190115,sour ce=cve,cvss3=5.5/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/ I:N/A:H,cwe=CWE-400,fedora-all/nasm=affected,rhel-5/na sm=new,rhel-6/nasm=new,rhel-7/nasm=new,rhel-8/nasm=new Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: darunesh(a)redhat.com CC: dominik(a)greysector.net, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, nickc(a)redhat.com Target Milestone: --- Classification: Other An infinite recursion issue was discovered in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem resulting from infinite recursion in the functions expr, rexp, bexpr and cexpr in certain scenarios involving lots of '{' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file. Upstream Issue: https://bugzilla.nasm.us/show_bug.cgi?id=3392548 -- You are receiving this mail because: You are on the CC list for the bug.

1 8

[Bug 1668320] New: CVE-2019-6290 nasm: Infinite recursion in eval.c causing stack exhaustion problem resulting in a denial of service [fedora-all]
by bugzilla＠redhat.com 27 Nov '19

27 Nov '19

https://bugzilla.redhat.com/show_bug.cgi?id=1668320 Bug ID: 1668320 Summary: CVE-2019-6290 nasm: Infinite recursion in eval.c causing stack exhaustion problem resulting in a denial of service [fedora-all] Product: Fedora Version: 29 Status: NEW Component: nasm Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: mizdebsk(a)redhat.com Reporter: darunesh(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: dominik(a)greysector.net, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

1 7

[Bug 1668321] New: CVE-2019-6291 nasm: Recursive calls in the function expr resulting in a denial of service
by bugzilla＠redhat.com 27 Nov '19

27 Nov '19

https://bugzilla.redhat.com/show_bug.cgi?id=1668321 Bug ID: 1668321 Summary: CVE-2019-6291 nasm: Recursive calls in the function expr resulting in a denial of service Product: Security Response Hardware: All OS: Linux Status: NEW Whiteboard: impact=moderate,public=20190102,reported=20190115,sour ce=cve,cvss3=5.5/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/ I:N/A:H,cwe=CWE-400,fedora-all/nasm=affected,rhel-5/na sm=new,rhel-6/nasm=new,rhel-7/nasm=new,rhel-8/nasm=new Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: darunesh(a)redhat.com CC: dominik(a)greysector.net, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, nickc(a)redhat.com Target Milestone: --- Classification: Other An issue was discovered in the function expr6 in eval.c in Netwide Assembler (NASM) through 2.14.02. There is a stack exhaustion problem caused by the expr6 function making recursive calls to itself in certain scenarios involving lots of '!' or '+' or '-' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted asm file. Upstream Issue: https://bugzilla.nasm.us/show_bug.cgi?id=3392549 -- You are receiving this mail because: You are on the CC list for the bug.

1 8

[Bug 1668322] New: CVE-2019-6291 nasm: Recursive calls in the function expr resulting in a denial of service [fedora-all]
by bugzilla＠redhat.com 27 Nov '19

27 Nov '19

https://bugzilla.redhat.com/show_bug.cgi?id=1668322 Bug ID: 1668322 Summary: CVE-2019-6291 nasm: Recursive calls in the function expr resulting in a denial of service [fedora-all] Product: Fedora Version: 29 Status: NEW Component: nasm Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: mizdebsk(a)redhat.com Reporter: darunesh(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: dominik(a)greysector.net, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

1 6

[Bug 1661627] New: CVE-2018-17244 elasticsearch: Information Exposure due to improper set request headers [fedora-all]
by bugzilla＠redhat.com 27 Nov '19

27 Nov '19

https://bugzilla.redhat.com/show_bug.cgi?id=1661627 Bug ID: 1661627 Summary: CVE-2018-17244 elasticsearch: Information Exposure due to improper set request headers [fedora-all] Product: Fedora Version: 29 Status: NEW Component: elasticsearch Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: emmanuel(a)seyman.fr Reporter: lpardo(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: bobjensen(a)gmail.com, emmanuel(a)seyman.fr, java-sig-commits(a)lists.fedoraproject.org, jvanek(a)redhat.com, pahan(a)hubbitus.info, zbyszek(a)in.waw.pl Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

1 5

[Bug 1677637] New: CVE-2019-8343 nasm: use-after-free in paste_tokens in asm/preproc.c [fedora-all]
by bugzilla＠redhat.com 27 Nov '19

27 Nov '19

https://bugzilla.redhat.com/show_bug.cgi?id=1677637 Bug ID: 1677637 Summary: CVE-2019-8343 nasm: use-after-free in paste_tokens in asm/preproc.c [fedora-all] Product: Fedora Version: 29 Status: NEW Component: nasm Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: i.gnatenko.brain(a)gmail.com Reporter: darunesh(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: dominik(a)greysector.net, i.gnatenko.brain(a)gmail.com, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

1 6

[Bug 1677636] New: CVE-2019-8343 nasm: use-after-free in paste_tokens in asm/preproc.c
by bugzilla＠redhat.com 27 Nov '19

27 Nov '19

https://bugzilla.redhat.com/show_bug.cgi?id=1677636 Bug ID: 1677636 Summary: CVE-2019-8343 nasm: use-after-free in paste_tokens in asm/preproc.c Product: Security Response Hardware: All OS: Linux Status: NEW Whiteboard: impact=important,public=20190214,reported=20190215,sou rce=cve,cvss3=7.8/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H /I:H/A:H,cwe=CWE-416,fedora-all/nasm=affected,rhel-5/n asm=new,rhel-6/nasm=new,rhel-7/nasm=new,rhel-8/nasm=ne w Component: vulnerability Keywords: Security Severity: high Priority: high Assignee: security-response-team(a)redhat.com Reporter: darunesh(a)redhat.com CC: dominik(a)greysector.net, i.gnatenko.brain(a)gmail.com, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, nickc(a)redhat.com Target Milestone: --- Classification: Other In Netwide Assembler (NASM) 2.14.02, there is a use-after-free in paste_tokens in asm/preproc.c. Reference: https://bugzilla.nasm.us/show_bug.cgi?id=3392556 -- You are receiving this mail because: You are on the CC list for the bug.

1 10

[Bug 1663908] New: CVE-2018-20538 nasm: Use-after-free at asm/preproc.c resulting in a denial of service
by bugzilla＠redhat.com 27 Nov '19

27 Nov '19

https://bugzilla.redhat.com/show_bug.cgi?id=1663908 Bug ID: 1663908 Summary: CVE-2018-20538 nasm: Use-after-free at asm/preproc.c resulting in a denial of service Product: Security Response Hardware: All OS: Linux Status: NEW Whiteboard: impact=low,public=20181118,reported=20181228,source=cv e,cvss3=3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A :L,cwe=CWE-416,fedora-all/nasm=affected,rhel-5/nasm=ne w,rhel-6/nasm=new,rhel-7/nasm=new,rhel-8/nasm=new Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: anemec(a)redhat.com CC: dominik(a)greysector.net, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, nickc(a)redhat.com Target Milestone: --- Classification: Other A use-after-free vulnerability was found in nasm. A specially crafted file could cause the application to crash. Upstream issue: https://bugzilla.nasm.us/show_bug.cgi?id=3392531 -- You are receiving this mail because: You are on the CC list for the bug.

1 7

[Bug 1663907] New: CVE-2018-20535 nasm: Use-after-free at asm/preproc.c resulting in a denial of service
by bugzilla＠redhat.com 27 Nov '19

27 Nov '19

https://bugzilla.redhat.com/show_bug.cgi?id=1663907 Bug ID: 1663907 Summary: CVE-2018-20535 nasm: Use-after-free at asm/preproc.c resulting in a denial of service Product: Security Response Hardware: All OS: Linux Status: NEW Whiteboard: impact=low,public=20181118,reported=20181228,source=cv e,cvss3=3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A :L,cwe=CWE-416,fedora-all/nasm=affected,rhel-5/nasm=ne w,rhel-6/nasm=new,rhel-7/nasm=new,rhel-8/nasm=new Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: anemec(a)redhat.com CC: dominik(a)greysector.net, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, nickc(a)redhat.com Target Milestone: --- Classification: Other A use-after-free vulnerability was found in nasm. A specially crafted file could cause the application to crash. Upstream issue: https://bugzilla.nasm.us/show_bug.cgi?id=3392530 -- You are receiving this mail because: You are on the CC list for the bug.

1 6

[Bug 1663906] New: CVE-2018-1000886 nasm: Buffer overflow in asm/stdscan.c:130 resulting in a denial of service
by bugzilla＠redhat.com 27 Nov '19

27 Nov '19

https://bugzilla.redhat.com/show_bug.cgi?id=1663906 Bug ID: 1663906 Summary: CVE-2018-1000886 nasm: Buffer overflow in asm/stdscan.c:130 resulting in a denial of service Product: Security Response Hardware: All OS: Linux Status: NEW Whiteboard: impact=low,public=20180906,reported=20181221,source=cv e,cvss3=3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A :L,cwe=CWE-122,fedora-all/nasm=affected,rhel-5/nasm=ne w,rhel-6/nasm=new,rhel-7/nasm=new,rhel-8/nasm=new Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: anemec(a)redhat.com CC: dominik(a)greysector.net, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, nickc(a)redhat.com Target Milestone: --- Classification: Other A buffer overflow vulnerability was found in nasm. A specially crafted file could trigger endless macro generation and cause the application to crash. Upstream issue: https://bugzilla.nasm.us/show_bug.cgi?id=3392514 -- You are receiving this mail because: You are on the CC list for the bug.

1 6

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

java-sig-commits February 2019