https://bugzilla.redhat.com/show_bug.cgi?id=1663907
Bug ID: 1663907
Summary: CVE-2018-20535 nasm: Use-after-free at asm/preproc.c
resulting in a denial of service
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Whiteboard: impact=low,public=20181118,reported=20181228,source=cv
e,cvss3=3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A
:L,cwe=CWE-416,fedora-all/nasm=affected,rhel-5/nasm=ne
w,rhel-6/nasm=new,rhel-7/nasm=new,rhel-8/nasm=new
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: anemec(a)redhat.com
CC: dominik(a)greysector.net,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, nickc(a)redhat.com
Target Milestone: ---
Classification: Other
A use-after-free vulnerability was found in nasm. A specially crafted file
could cause the application to crash.
Upstream issue:
https://bugzilla.nasm.us/show_bug.cgi?id=3392530
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1663906
Bug ID: 1663906
Summary: CVE-2018-1000886 nasm: Buffer overflow in
asm/stdscan.c:130 resulting in a denial of service
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Whiteboard: impact=low,public=20180906,reported=20181221,source=cv
e,cvss3=3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A
:L,cwe=CWE-122,fedora-all/nasm=affected,rhel-5/nasm=ne
w,rhel-6/nasm=new,rhel-7/nasm=new,rhel-8/nasm=new
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: anemec(a)redhat.com
CC: dominik(a)greysector.net,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, nickc(a)redhat.com
Target Milestone: ---
Classification: Other
A buffer overflow vulnerability was found in nasm. A specially crafted file
could trigger endless macro generation and cause the application to crash.
Upstream issue:
https://bugzilla.nasm.us/show_bug.cgi?id=3392514
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1663909
Bug ID: 1663909
Summary: CVE-2018-1000886 CVE-2018-20535 CVE-2018-20538 nasm:
various flaws [fedora-all]
Product: Fedora
Version: 29
Status: NEW
Component: nasm
Keywords: Security, SecurityTracking
Severity: low
Priority: low
Assignee: mizdebsk(a)redhat.com
Reporter: anemec(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: dominik(a)greysector.net,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1670704
Bug ID: 1670704
Summary: CVE-2019-7147 nasm: Buffer over-read in function
crc64ib in crc64.c resulting in denial of service.
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Whiteboard: impact=moderate,public=20190101,reported=20190129,sour
ce=cve,cvss3=6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/
I:N/A:H,cwe=CWE-400,fedora-all/nasm=affected,rhel-5/na
sm=new,rhel-6/nasm=new,rhel-7/nasm=new,rhel-8/nasm=new
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: darunesh(a)redhat.com
CC: dominik(a)greysector.net,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, nickc(a)redhat.com
Target Milestone: ---
Classification: Other
A buffer over-read exists in the function crc64ib in crc64.c in nasmlib in
Netwide Assembler (NASM) 2.14rc16. A crafted asm input can cause segmentation
faults, leading to denial-of-service.
References:
https://bugzilla.nasm.us/show_bug.cgi?id=3392544
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1670705
Bug ID: 1670705
Summary: CVE-2019-7147 nasm: Buffer over-read in function
crc64ib in crc64.c resulting in denial of service.
[fedora-all]
Product: Fedora
Version: 29
Status: NEW
Component: nasm
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: mizdebsk(a)redhat.com
Reporter: darunesh(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: dominik(a)greysector.net,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1689874
Bug ID: 1689874
Summary: CVE-2019-1003029 jenkins-script-security-plugin:
jenkins-plugin-script-security: sandbox bypass in
script security plugin [fedora-all]
Product: Fedora
Version: 29
Status: NEW
Component: jenkins-script-security-plugin
Keywords: Security, SecurityTracking
Severity: high
Priority: high
Assignee: msrb(a)redhat.com
Reporter: darunesh(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, msrb(a)redhat.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1670291
Bug ID: 1670291
Summary: groovy-sandbox: jenkins-plugin-workflow-cps: Sandbox
Bypass in Groovy Plugin (SECURITY-1293) [fedora-all]
Product: Fedora
Version: 29
Status: NEW
Component: groovy-sandbox
Keywords: Security, SecurityTracking
Severity: high
Priority: high
Assignee: msrb(a)redhat.com
Reporter: sfowler(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, msrb(a)redhat.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1685179
Bug ID: 1685179
Summary: CVE-2019-0200 qpid-java: Malformed AMQP 0-8 to 0-10
commands resulting in a Denial of Service
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Whiteboard: impact=important,public=20190301,reported=20190301,sou
rce=oss-security,cvss3=7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:
N/S:U/C:N/I:N/A:H,cwe=CWE-20,fedora-all/qpid-java=affe
cted,mrg-m-3/qpid-java=notaffected
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: anemec(a)redhat.com
CC: esammons(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jross(a)redhat.com, mcressma(a)redhat.com,
messaging-bugs(a)redhat.com, puntogil(a)libero.it,
rrajasek(a)redhat.com
Target Milestone: ---
Classification: Other
A Denial of Service vulnerability was found in Apache Qpid Broker-J versions
6.0.0-7.0.6 (inclusive) and 7.1.0 which allows an unauthenticated attacker to
crash the broker instance by sending specially crafted commands using AMQP
protocol versions below 1.0 (AMQP 0-8, 0-9, 0-91 and 0-10).
Upstream issue:
https://issues.apache.org/jira/browse/QPID-8273
References:
https://seclists.org/oss-sec/2019/q1/152
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1685180
Bug ID: 1685180
Summary: CVE-2019-0200 qpid-java: Malformed AMQP 0-8 to 0-10
commands resulting in a Denial of Service [fedora-all]
Product: Fedora
Version: 29
Status: NEW
Component: qpid-java
Keywords: Security, SecurityTracking
Severity: high
Priority: high
Assignee: puntogil(a)libero.it
Reporter: anemec(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
puntogil(a)libero.it
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1684557
Bug ID: 1684557
Summary: CVE-2019-1003024 jenkins-script-security-plugin:
jenkins-plugin-script-security: Sandbox Bypass in
Script Security Plugin (SECURITY-1320) [fedora-all]
Product: Fedora
Version: 29
Status: NEW
Component: jenkins-script-security-plugin
Keywords: Security, SecurityTracking
Severity: high
Priority: high
Assignee: msrb(a)redhat.com
Reporter: anemec(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, msrb(a)redhat.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.