oss-sec - sfeed_tests - sfeed tests and RSS and Atom files
(HTM) git clone git://git.codemadness.org/sfeed_tests
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
oss-sec (14380B)
---
1 <?xml version="1.0" encoding="utf-8"?>
2 <rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
3 <channel>
4 <title>Open Source Security</title>
5 <link>http://seclists.org/#oss-sec</link>
6 <atom:link href="http://seclists.org/rss/oss-sec.rss" rel="self" type="application/rss+xml" />
7 <language>en-us</language>
8 <description>Discussion of security flaws, concepts, and practices in the Open Source community</description>
9 <pubDate>Thu, 17 Sep 2020 11:00:03 GMT</pubDate>
10 <lastBuildDate>Thu, 17 Sep 2020 11:00:03 GMT</lastBuildDate>
11 <!-- MHonArc v2.6.19 -->
12
13
14
15 <item>
16 <title>Apache + PHP <= 7.4.10 open_basedir bypass</title>
17 <link>http://seclists.org/oss-sec/2020/q3/184</link>
18 <description><p>Posted by Havijoori on Sep 17</p>Introduction<br>
19 ============<br>
20 open_basedir security feature can be bypassed when Apache web server runs PHP scripts.<br>
21 <br>
22 Proof of Concept<br>
23 ================<br>
24 1. Set open_basedir as a security feature in php.ini file :<br>
25 open_basedir = /var/www/html:/tmp<br>
26 2. Make a directory with the name of your web server&apos;s home directory inside your web server&apos;s home directory :<br>
27 mkdir -p /var/www/html/var/www/html<br>
28 3. Make a symlink to a restricted writable...<br></description>
29 <pubDate>Thu, 17 Sep 2020 10:50:42 GMT</pubDate>
30 <guid isPermaLink="true">http://seclists.org/oss-sec/2020/q3/184</guid>
31 </item>
32 <item>
33 <title>Samba and CVE-2020-1472 ("Zerologon")</title>
34 <link>http://seclists.org/oss-sec/2020/q3/183</link>
35 <description><p>Posted by Douglas Bagnall on Sep 17</p>In August, Microsoft patched CVE-2020-1472, which gives administrator<br>
36 access to an unauthenticated user on a Domain Controller. Microsoft gave<br>
37 it a CVSS score of 10.<br>
38 <br>
39 <a rel="nofollow" href="https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1472#ID0EUGAC">https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1472#ID0EUGAC</a><br>
40 <br>
41 The Samba security team was not contacted before the announcement, which<br>
42 is very sparse on detail, and was unable to learn much through an<br>
43 established (and generally quite useful) channel for...<br></description>
44 <pubDate>Thu, 17 Sep 2020 10:48:56 GMT</pubDate>
45 <guid isPermaLink="true">http://seclists.org/oss-sec/2020/q3/183</guid>
46 </item>
47 <item>
48 <title>CVE-2020-25625 QEMU: usb: hcd-ohci: infinite loop issue while processing transfer descriptors</title>
49 <link>http://seclists.org/oss-sec/2020/q3/182</link>
50 <description><p>Posted by P J P on Sep 17</p> Hello,<br>
51 <br>
52 An infinite loop issue was found in the USB OHCI controller emulator of QEMU. <br>
53 It could occur while servicing OHCI isochronous transfer descriptors (TD) in <br>
54 ohci_service_iso_td routine, as it retires a TD if it has passed its time <br>
55 frame. While doing so it does not check if the TD was already processed ones <br>
56 and holds an error code in TD_CC. It may happen if the TD list has a loop.<br>
57 <br>
58 A guest user/process may use this flaw to consume cpu...<br></description>
59 <pubDate>Thu, 17 Sep 2020 10:15:23 GMT</pubDate>
60 <guid isPermaLink="true">http://seclists.org/oss-sec/2020/q3/182</guid>
61 </item>
62
63
64 <item>
65 <title>CVE-2020-25085 QEMU: sdhci: out-of-bounds access issue while doing multi block SDMA</title>
66 <link>http://seclists.org/oss-sec/2020/q3/181</link>
67 <description><p>Posted by P J P on Sep 16</p> Hello,<br>
68 <br>
69 An out-of-bounds r/w access issue was found in the SDHCI Controller emulator <br>
70 of QEMU. It may occur while doing multi block SDMA, if transfer block size <br>
71 exceeds the &apos;s-&gt;fifo_buffer[s-&gt;buf_maxsz]&apos; size. It&apos;d leave the current <br>
72 element pointer &apos;s-&gt;data_count&apos; pointing out of bounds. Leading the subsequent <br>
73 DMA r/w operation to OOB access issue. A guest user/process may use this flaw <br>
74 to crash the QEMU...<br></description>
75 <pubDate>Wed, 16 Sep 2020 18:56:48 GMT</pubDate>
76 <guid isPermaLink="true">http://seclists.org/oss-sec/2020/q3/181</guid>
77 </item>
78 <item>
79 <title>CVE-2020-25084 QEMU: usb: use-after-free issue while setting up packet</title>
80 <link>http://seclists.org/oss-sec/2020/q3/180</link>
81 <description><p>Posted by P J P on Sep 16</p> Hello,<br>
82 <br>
83 An use-after-free issue was found in USB(xHCI/eHCI) controller emulators of <br>
84 QEMU. It occurs while setting up USB packet, as usb_packet_map() routine may <br>
85 return an error, which was not checked. A guest user/process may use this flaw <br>
86 to crash the QEMU process resulting in DoS scenario.<br>
87 <br>
88 Upstream patches:<br>
89 -----------------<br>
90 -&gt; <a rel="nofollow" href="https://lists.nongnu.org/archive/html/qemu-devel/2020-08/msg08050.html">https://lists.nongnu.org/archive/html/qemu-devel/2020-08/msg08050.html</a><br>
91 -&gt;...<br></description>
92 <pubDate>Wed, 16 Sep 2020 18:29:25 GMT</pubDate>
93 <guid isPermaLink="true">http://seclists.org/oss-sec/2020/q3/180</guid>
94 </item>
95 <item>
96 <title>Re: [CVE-2020-13944] Apache Airflow Reflected XSS via Origin Parameter <= 1.10.12</title>
97 <link>http://seclists.org/oss-sec/2020/q3/179</link>
98 <description><p>Posted by Kaxil Naik on Sep 16</p>Correction the issue only affects &lt; 1.10.12 (not &lt;= 1.10.12)<br></description>
99 <pubDate>Wed, 16 Sep 2020 14:54:19 GMT</pubDate>
100 <guid isPermaLink="true">http://seclists.org/oss-sec/2020/q3/179</guid>
101 </item>
102 <item>
103 <title>Multiple vulnerabilities in Jenkins plugins</title>
104 <link>http://seclists.org/oss-sec/2020/q3/178</link>
105 <description><p>Posted by Daniel Beck on Sep 16</p>Jenkins is an open source automation server which enables developers around<br>
106 the world to reliably build, test, and deploy their software.<br>
107 <br>
108 The following releases contain fixes for security vulnerabilities:<br>
109 <br>
110 * Blue Ocean Plugin 1.23.3<br>
111 * computer-queue-plugin Plugin 1.6<br>
112 * Email Extension Plugin 2.76<br>
113 * Health Advisor by CloudBees Plugin 3.2.1<br>
114 * Mailer Plugin 1.32.1<br>
115 * Perfecto Plugin 1.18<br>
116 * Pipeline Maven Integration Plugin 3.9.3<br>
117 * Validating String...<br></description>
118 <pubDate>Wed, 16 Sep 2020 13:14:57 GMT</pubDate>
119 <guid isPermaLink="true">http://seclists.org/oss-sec/2020/q3/178</guid>
120 </item>
121 <item>
122 <title>[CVE-2020-13944] Apache Airflow Reflected XSS via Origin Parameter <= 1.10.12</title>
123 <link>http://seclists.org/oss-sec/2020/q3/177</link>
124 <description><p>Posted by Kaxil Naik on Sep 16</p>Versions Affected: &lt;= 1.10.12<br>
125 Description:<br>
126 The &quot;origin&quot; parameter passed to some of the endpoints like &apos;/trigger&apos; was<br>
127 vulnerable to XSS exploit.<br>
128 <br>
129 Credit:<br>
130 The issue was independently discovered and reported by Ali Al-Habsi of<br>
131 Accellion &amp; Everardo Padilla Saca.<br>
132 <br>
133 Thanks,<br>
134 Kaxil,<br>
135 on behalf of Apache Airflow PMC<br></description>
136 <pubDate>Wed, 16 Sep 2020 12:08:37 GMT</pubDate>
137 <guid isPermaLink="true">http://seclists.org/oss-sec/2020/q3/177</guid>
138 </item>
139 <item>
140 <title>Linux Kernel: out-of-bounds reading in vgacon_scrolldelta</title>
141 <link>http://seclists.org/oss-sec/2020/q3/176</link>
142 <description><p>Posted by NopNop Nop on Sep 16</p>Hi,<br>
143 <br>
144 We found a out-of-bounds reading in vgacon_scrolldelta. This BUG is caused<br>
145 by &quot;soff&quot; being negative after VT_RESIZE.<br>
146 <br>
147 Our PoC (panic with CONFIG_KASAN=y):<br>
148 <br>
149 #include &lt;stdio.h&gt;<br>
150 #include &lt;stdlib.h&gt;<br>
151 #include &lt;unistd.h&gt;<br>
152 #include &lt;sys/types.h&gt;<br>
153 #include &lt;sys/stat.h&gt;<br>
154 #include &lt;sys/ioctl.h&gt;<br>
155 #include &lt;fcntl.h&gt;<br>
156 <br>
157 int main(int argc, char** argv)<br>
158 {<br>
159 int fd = open(&quot;/dev/tty1&quot;, O_RDWR, 0);...<br></description>
160 <pubDate>Wed, 16 Sep 2020 10:14:45 GMT</pubDate>
161 <guid isPermaLink="true">http://seclists.org/oss-sec/2020/q3/176</guid>
162 </item>
163
164
165 <item>
166 <title>[CVE-2020-13948] Apache Superset Remote Code Execution Vulnerability</title>
167 <link>http://seclists.org/oss-sec/2020/q3/175</link>
168 <description><p>Posted by William Barrett on Sep 15</p>Affected Versions: Apache Superset &lt; 0.37.1<br>
169 <br>
170 While investigating a bug report on Apache Superset, it was determined that an authenticated user could craft requests <br>
171 via a number of templated text fields in the product that would allow arbitrary access to Python’s `os` package in the <br>
172 web application process. It was thus possible for an authenticated user to list and access files, environment <br>
173 variables, and process information. Additionally...<br></description>
174 <pubDate>Tue, 15 Sep 2020 18:26:51 GMT</pubDate>
175 <guid isPermaLink="true">http://seclists.org/oss-sec/2020/q3/175</guid>
176 </item>
177 <item>
178 <title>CVE-2020-14390: Linux kernel: slab-out-of-bounds in fbcon</title>
179 <link>http://seclists.org/oss-sec/2020/q3/174</link>
180 <description><p>Posted by Minh Yuan on Sep 15</p>Hi,<br>
181 <br>
182 I found a out-of-bound write in fbcon_redraw_softback while the kernel<br>
183 version &lt;= 5.9.rc5. The oldest affected kernel version is 2.2.3.<br>
184 The root cause of this vulnerability is that the value of vc-&gt;vc_origin is<br>
185 not updated in time while invoking vc_do_resize.<br>
186 <br>
187 This is my PoC (need the permission to open and write the tty, and need to<br>
188 have a fbcon driver):<br>
189 <br>
190 // author by ziiiro@thu<br>
191 #include &lt;stdio.h&gt;<br>
192 #include &lt;stdlib.h&gt;...<br></description>
193 <pubDate>Tue, 15 Sep 2020 11:08:01 GMT</pubDate>
194 <guid isPermaLink="true">http://seclists.org/oss-sec/2020/q3/174</guid>
195 </item>
196 <item>
197 <title>Fwd: [CVE-2020-13928 ] Apache Atlas Multiple XSS Vulnerability</title>
198 <link>http://seclists.org/oss-sec/2020/q3/173</link>
199 <description><p>Posted by Keval Bhatt on Sep 15</p>Hello,<br>
200 <br>
201 Please find below details on CVE fixed in Apache Atlas releases *2.1.0*<br>
202 <br>
203 -------------------------------------------------------------------------------------------------<br>
204 <br>
205 CVE-2020-13928: Atlas was found vulnerable to a Cross-Site<br>
206 Scripting in Basic Search functionality.<br>
207 <br>
208 Severity: Critical<br>
209 <br>
210 Vendor: The Apache Software Foundation<br>
211 <br>
212 Versions affected: Apache Atlas versions 2.0.0...<br></description>
213 <pubDate>Tue, 15 Sep 2020 07:34:08 GMT</pubDate>
214 <guid isPermaLink="true">http://seclists.org/oss-sec/2020/q3/173</guid>
215 </item>
216
217
218 <item>
219 <title>[CVE-2020-11977] Apache Syncope: Remote Code Execution via Flowable workflow definition</title>
220 <link>http://seclists.org/oss-sec/2020/q3/172</link>
221 <description><p>Posted by Francesco Chicchiriccò on Sep 14</p>Description:<br>
222 When the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to <br>
223 perform malicious operations, including but not limited to file read, file write, and code execution.<br>
224 <br>
225 Severity: Low<br>
226 <br>
227 Vendor: The Apache Software Foundation<br>
228 <br>
229 Affects:<br>
230 2.1.X releases prior to 2.1.7<br>
231 <br>
232 Solution:<br>
233 2.1.X users: upgrade to 2.1.7<br>
234 <br>
235 Credit:<br>
236 This issue was discovered by ch0wn of Orz Lab.<br></description>
237 <pubDate>Mon, 14 Sep 2020 10:57:54 GMT</pubDate>
238 <guid isPermaLink="true">http://seclists.org/oss-sec/2020/q3/172</guid>
239 </item>
240
241
242 <item>
243 <title>[CVE-2020-11991] Apache Cocoon security vulnerability</title>
244 <link>http://seclists.org/oss-sec/2020/q3/171</link>
245 <description><p>Posted by Cédric Damioli on Sep 11</p>[CVE-2020-11991] Apache Cocoon security vulnerability<br>
246 <br>
247 Severity: Important<br>
248 <br>
249 Vendor: The Apache Software Foundation<br>
250 <br>
251 Versions Affected: Apache Cocoon up to 2.1.12<br>
252 <br>
253 Description: When using the StreamGenerator, the code parse a <br>
254 user-provided XML.<br>
255 <br>
256 A specially crafted XML, including external system entities, could be <br>
257 used to access any file on the server system.<br>
258 <br>
259 Mitigation:<br>
260 <br>
261 The StreamGenerator now ignores external entities. 2.1.x users should...<br></description>
262 <pubDate>Fri, 11 Sep 2020 10:07:37 GMT</pubDate>
263 <guid isPermaLink="true">http://seclists.org/oss-sec/2020/q3/171</guid>
264 </item>
265
266
267 <item>
268 <title>Re: CVE Request: Linux kernel vsyscall page refcounting error</title>
269 <link>http://seclists.org/oss-sec/2020/q3/170</link>
270 <description><p>Posted by Salvatore Bonaccorso on Sep 10</p>CVE-2020-25221 has been assigned by MITRE for this issue (note one<br>
271 cannot request anymore CVEs through that list but one can use<br>
272 <a rel="nofollow" href="https://cveform.mitre.org/">https://cveform.mitre.org/</a>)<br>
273 <br>
274 Regards,<br>
275 Salvatore<br></description>
276 <pubDate>Thu, 10 Sep 2020 14:54:18 GMT</pubDate>
277 <guid isPermaLink="true">http://seclists.org/oss-sec/2020/q3/170</guid>
278 </item>
279
280
281
282 <!-- MHonArc v2.6.19 -->
283 </channel>
284 </rss>