 |
oss-sec - sfeed_tests - sfeed tests and RSS and Atom files |
 |
git clone git://git.codemadness.org/sfeed_tests |
 |
Log |
|
Files |
|
Refs |
|
README |
|
LICENSE |
|
--- |
|
oss-sec (14380B) |
|
--- |
|
1 <?xml version="1.0" encoding="utf-8"?> |
|
2 <rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"> |
|
3 <channel> |
|
4 <title>Open Source Security</title> |
|
5 <link>http://seclists.org/#oss-sec</link> |
|
6 <atom:link href="http://seclists.org/rss/oss-sec.rss" rel="self" typ… |
|
7 <language>en-us</language> |
|
8 <description>Discussion of security flaws, concepts, and practices i… |
|
9 <pubDate>Thu, 17 Sep 2020 11:00:03 GMT</pubDate> |
|
10 <lastBuildDate>Thu, 17 Sep 2020 11:00:03 GMT</lastBuildDate> |
|
11 <!-- MHonArc v2.6.19 --> |
|
12 |
|
13 |
|
14 |
|
15 <item> |
|
16 <title>Apache + PHP <= 7.4.10 open_basedir bypass</title> |
|
17 <link>http://seclists.org/oss-sec/2020/q3/184</link> |
|
18 <description><p>Posted by Havijoori on Sep 17</p>Introdu… |
|
19 ============<br> |
|
20 open_basedir security feature can be bypassed when Apache web server run… |
|
21 <br> |
|
22 Proof of Concept<br> |
|
23 ================<br> |
|
24 1. Set open_basedir as a security feature in php.ini file :<br> |
|
25 open_basedir = /var/www/html:/tmp<br> |
|
26 2. Make a directory with the name of your web server&apos;s home dir… |
|
27 mkdir -p /var/www/html/var/www/html<br> |
|
28 3. Make a symlink to a restricted writable...<br></description> |
|
29 <pubDate>Thu, 17 Sep 2020 10:50:42 GMT</pubDate> |
|
30 <guid isPermaLink="true">http://seclists.org/oss-sec/2020/q3/184</gu… |
|
31 </item> |
|
32 <item> |
|
33 <title>Samba and CVE-2020-1472 ("Zerologon")</title> |
|
34 <link>http://seclists.org/oss-sec/2020/q3/183</link> |
|
35 <description><p>Posted by Douglas Bagnall on Sep 17</p>I… |
|
36 access to an unauthenticated user on a Domain Controller. Microsoft gav… |
|
37 it a CVSS score of 10.<br> |
|
38 <br> |
|
39 <a rel="nofollow" href="https://portal.msrc.microsoft… |
|
40 <br> |
|
41 The Samba security team was not contacted before the announcement, which… |
|
42 is very sparse on detail, and was unable to learn much through an<br&… |
|
43 established (and generally quite useful) channel for...<br></descr… |
|
44 <pubDate>Thu, 17 Sep 2020 10:48:56 GMT</pubDate> |
|
45 <guid isPermaLink="true">http://seclists.org/oss-sec/2020/q3/183</gu… |
|
46 </item> |
|
47 <item> |
|
48 <title>CVE-2020-25625 QEMU: usb: hcd-ohci: infinite loop issue while… |
|
49 <link>http://seclists.org/oss-sec/2020/q3/182</link> |
|
50 <description><p>Posted by P J P on Sep 17</p> Hello,&l… |
|
51 <br> |
|
52 An infinite loop issue was found in the USB OHCI controller emulator of … |
|
53 It could occur while servicing OHCI isochronous transfer descriptors (TD… |
|
54 ohci_service_iso_td routine, as it retires a TD if it has passed its tim… |
|
55 frame. While doing so it does not check if the TD was already processed … |
|
56 and holds an error code in TD_CC. It may happen if the TD list has a loo… |
|
57 <br> |
|
58 A guest user/process may use this flaw to consume cpu...<br></desc… |
|
59 <pubDate>Thu, 17 Sep 2020 10:15:23 GMT</pubDate> |
|
60 <guid isPermaLink="true">http://seclists.org/oss-sec/2020/q3/182</gu… |
|
61 </item> |
|
62 |
|
63 |
|
64 <item> |
|
65 <title>CVE-2020-25085 QEMU: sdhci: out-of-bounds access issue while … |
|
66 <link>http://seclists.org/oss-sec/2020/q3/181</link> |
|
67 <description><p>Posted by P J P on Sep 16</p> Hello,&l… |
|
68 <br> |
|
69 An out-of-bounds r/w access issue was found in the SDHCI Controller emul… |
|
70 of QEMU. It may occur while doing multi block SDMA, if transfer block si… |
|
71 exceeds the &apos;s-&gt;fifo_buffer[s-&gt;buf_maxsz]&apo… |
|
72 element pointer &apos;s-&gt;data_count&apos; pointing out of… |
|
73 DMA r/w operation to OOB access issue. A guest user/process may use this… |
|
74 to crash the QEMU...<br></description> |
|
75 <pubDate>Wed, 16 Sep 2020 18:56:48 GMT</pubDate> |
|
76 <guid isPermaLink="true">http://seclists.org/oss-sec/2020/q3/181</gu… |
|
77 </item> |
|
78 <item> |
|
79 <title>CVE-2020-25084 QEMU: usb: use-after-free issue while setting … |
|
80 <link>http://seclists.org/oss-sec/2020/q3/180</link> |
|
81 <description><p>Posted by P J P on Sep 16</p> Hello,&l… |
|
82 <br> |
|
83 An use-after-free issue was found in USB(xHCI/eHCI) controller emulators… |
|
84 QEMU. It occurs while setting up USB packet, as usb_packet_map() routine… |
|
85 return an error, which was not checked. A guest user/process may use thi… |
|
86 to crash the QEMU process resulting in DoS scenario.<br> |
|
87 <br> |
|
88 Upstream patches:<br> |
|
89 -----------------<br> |
|
90 -&gt; <a rel="nofollow" href="https://lists.no… |
|
91 -&gt;...<br></description> |
|
92 <pubDate>Wed, 16 Sep 2020 18:29:25 GMT</pubDate> |
|
93 <guid isPermaLink="true">http://seclists.org/oss-sec/2020/q3/180</gu… |
|
94 </item> |
|
95 <item> |
|
96 <title>Re: [CVE-2020-13944] Apache Airflow Reflected XSS via Origin … |
|
97 <link>http://seclists.org/oss-sec/2020/q3/179</link> |
|
98 <description><p>Posted by Kaxil Naik on Sep 16</p>Correc… |
|
99 <pubDate>Wed, 16 Sep 2020 14:54:19 GMT</pubDate> |
|
100 <guid isPermaLink="true">http://seclists.org/oss-sec/2020/q3/179</gu… |
|
101 </item> |
|
102 <item> |
|
103 <title>Multiple vulnerabilities in Jenkins plugins</title> |
|
104 <link>http://seclists.org/oss-sec/2020/q3/178</link> |
|
105 <description><p>Posted by Daniel Beck on Sep 16</p>Jenki… |
|
106 the world to reliably build, test, and deploy their software.<br> |
|
107 <br> |
|
108 The following releases contain fixes for security vulnerabilities:<br… |
|
109 <br> |
|
110 * Blue Ocean Plugin 1.23.3<br> |
|
111 * computer-queue-plugin Plugin 1.6<br> |
|
112 * Email Extension Plugin 2.76<br> |
|
113 * Health Advisor by CloudBees Plugin 3.2.1<br> |
|
114 * Mailer Plugin 1.32.1<br> |
|
115 * Perfecto Plugin 1.18<br> |
|
116 * Pipeline Maven Integration Plugin 3.9.3<br> |
|
117 * Validating String...<br></description> |
|
118 <pubDate>Wed, 16 Sep 2020 13:14:57 GMT</pubDate> |
|
119 <guid isPermaLink="true">http://seclists.org/oss-sec/2020/q3/178</gu… |
|
120 </item> |
|
121 <item> |
|
122 <title>[CVE-2020-13944] Apache Airflow Reflected XSS via Origin Para… |
|
123 <link>http://seclists.org/oss-sec/2020/q3/177</link> |
|
124 <description><p>Posted by Kaxil Naik on Sep 16</p>Versio… |
|
125 Description:<br> |
|
126 The &quot;origin&quot; parameter passed to some of the endpoints… |
|
127 vulnerable to XSS exploit.<br> |
|
128 <br> |
|
129 Credit:<br> |
|
130 The issue was independently discovered and reported by Ali Al-Habsi of&l… |
|
131 Accellion &amp; Everardo Padilla Saca.<br> |
|
132 <br> |
|
133 Thanks,<br> |
|
134 Kaxil,<br> |
|
135 on behalf of Apache Airflow PMC<br></description> |
|
136 <pubDate>Wed, 16 Sep 2020 12:08:37 GMT</pubDate> |
|
137 <guid isPermaLink="true">http://seclists.org/oss-sec/2020/q3/177</gu… |
|
138 </item> |
|
139 <item> |
|
140 <title>Linux Kernel: out-of-bounds reading in vgacon_scrolldelta</ti… |
|
141 <link>http://seclists.org/oss-sec/2020/q3/176</link> |
|
142 <description><p>Posted by NopNop Nop on Sep 16</p>Hi,<… |
|
143 <br> |
|
144 We found a out-of-bounds reading in vgacon_scrolldelta. This BUG is caus… |
|
145 by &quot;soff&quot; being negative after VT_RESIZE.<br> |
|
146 <br> |
|
147 Our PoC (panic with CONFIG_KASAN=y):<br> |
|
148 <br> |
|
149 #include &lt;stdio.h&gt;<br> |
|
150 #include &lt;stdlib.h&gt;<br> |
|
151 #include &lt;unistd.h&gt;<br> |
|
152 #include &lt;sys/types.h&gt;<br> |
|
153 #include &lt;sys/stat.h&gt;<br> |
|
154 #include &lt;sys/ioctl.h&gt;<br> |
|
155 #include &lt;fcntl.h&gt;<br> |
|
156 <br> |
|
157 int main(int argc, char** argv)<br> |
|
158 {<br> |
|
159 int fd = open(&quot;/dev/tty1&quot;, O_RDWR, 0);...<b… |
|
160 <pubDate>Wed, 16 Sep 2020 10:14:45 GMT</pubDate> |
|
161 <guid isPermaLink="true">http://seclists.org/oss-sec/2020/q3/176</gu… |
|
162 </item> |
|
163 |
|
164 |
|
165 <item> |
|
166 <title>[CVE-2020-13948] Apache Superset Remote Code Execution Vulner… |
|
167 <link>http://seclists.org/oss-sec/2020/q3/175</link> |
|
168 <description><p>Posted by William Barrett on Sep 15</p>A… |
|
169 <br> |
|
170 While investigating a bug report on Apache Superset, it was determined t… |
|
171 via a number of templated text fields in the product that would allow ar… |
|
172 web application process. It was thus possible for an authenticated user … |
|
173 variables, and process information. Additionally...<br></descripti… |
|
174 <pubDate>Tue, 15 Sep 2020 18:26:51 GMT</pubDate> |
|
175 <guid isPermaLink="true">http://seclists.org/oss-sec/2020/q3/175</gu… |
|
176 </item> |
|
177 <item> |
|
178 <title>CVE-2020-14390: Linux kernel: slab-out-of-bounds in fbcon</ti… |
|
179 <link>http://seclists.org/oss-sec/2020/q3/174</link> |
|
180 <description><p>Posted by Minh Yuan on Sep 15</p>Hi,<… |
|
181 <br> |
|
182 I found a out-of-bound write in fbcon_redraw_softback while the kernel&l… |
|
183 version &lt;= 5.9.rc5. The oldest affected kernel version is 2.2.3.&… |
|
184 The root cause of this vulnerability is that the value of vc-&gt;vc_… |
|
185 not updated in time while invoking vc_do_resize.<br> |
|
186 <br> |
|
187 This is my PoC (need the permission to open and write the tty, and need … |
|
188 have a fbcon driver):<br> |
|
189 <br> |
|
190 // author by ziiiro@thu<br> |
|
191 #include &lt;stdio.h&gt;<br> |
|
192 #include &lt;stdlib.h&gt;...<br></description> |
|
193 <pubDate>Tue, 15 Sep 2020 11:08:01 GMT</pubDate> |
|
194 <guid isPermaLink="true">http://seclists.org/oss-sec/2020/q3/174</gu… |
|
195 </item> |
|
196 <item> |
|
197 <title>Fwd: [CVE-2020-13928 ] Apache Atlas Multiple XSS Vulnerabilit… |
|
198 <link>http://seclists.org/oss-sec/2020/q3/173</link> |
|
199 <description><p>Posted by Keval Bhatt on Sep 15</p>Hello… |
|
200 <br> |
|
201 Please find below details on CVE fixed in Apache Atlas releases *2.1.0*&… |
|
202 <br> |
|
203 ------------------------------------------------------------------------… |
|
204 <br> |
|
205 CVE-2020-13928: Atlas was found vulnerable to a Cross-Site<br… |
|
206 Scripting in Basic Search functionality.<br> |
|
207 <br> |
|
208 Severity: Critical<br> |
|
209 <br> |
|
210 Vendor: The Apache Software Foundation<br> |
|
211 <br> |
|
212 Versions affected: Apache Atlas versions 2.0.0...<br></desc… |
|
213 <pubDate>Tue, 15 Sep 2020 07:34:08 GMT</pubDate> |
|
214 <guid isPermaLink="true">http://seclists.org/oss-sec/2020/q3/173</gu… |
|
215 </item> |
|
216 |
|
217 |
|
218 <item> |
|
219 <title>[CVE-2020-11977] Apache Syncope: Remote Code Execution via Fl… |
|
220 <link>http://seclists.org/oss-sec/2020/q3/172</link> |
|
221 <description><p>Posted by Francesco Chicchiriccò on Sep 14<… |
|
222 When the Flowable extension is enabled, an administrator with workflow e… |
|
223 perform malicious operations, including but not limited to file read, fi… |
|
224 <br> |
|
225 Severity: Low<br> |
|
226 <br> |
|
227 Vendor: The Apache Software Foundation<br> |
|
228 <br> |
|
229 Affects:<br> |
|
230 2.1.X releases prior to 2.1.7<br> |
|
231 <br> |
|
232 Solution:<br> |
|
233 2.1.X users: upgrade to 2.1.7<br> |
|
234 <br> |
|
235 Credit:<br> |
|
236 This issue was discovered by ch0wn of Orz Lab.<br></description> |
|
237 <pubDate>Mon, 14 Sep 2020 10:57:54 GMT</pubDate> |
|
238 <guid isPermaLink="true">http://seclists.org/oss-sec/2020/q3/172</gu… |
|
239 </item> |
|
240 |
|
241 |
|
242 <item> |
|
243 <title>[CVE-2020-11991] Apache Cocoon security vulnerability</title> |
|
244 <link>http://seclists.org/oss-sec/2020/q3/171</link> |
|
245 <description><p>Posted by Cédric Damioli on Sep 11</p>[… |
|
246 <br> |
|
247 Severity: Important<br> |
|
248 <br> |
|
249 Vendor: The Apache Software Foundation<br> |
|
250 <br> |
|
251 Versions Affected: Apache Cocoon up to 2.1.12<br> |
|
252 <br> |
|
253 Description: When using the StreamGenerator, the code parse a <br> |
|
254 user-provided XML.<br> |
|
255 <br> |
|
256 A specially crafted XML, including external system entities, could be &l… |
|
257 used to access any file on the server system.<br> |
|
258 <br> |
|
259 Mitigation:<br> |
|
260 <br> |
|
261 The StreamGenerator now ignores external entities. 2.1.x users should...… |
|
262 <pubDate>Fri, 11 Sep 2020 10:07:37 GMT</pubDate> |
|
263 <guid isPermaLink="true">http://seclists.org/oss-sec/2020/q3/171</gu… |
|
264 </item> |
|
265 |
|
266 |
|
267 <item> |
|
268 <title>Re: CVE Request: Linux kernel vsyscall page refcounting error… |
|
269 <link>http://seclists.org/oss-sec/2020/q3/170</link> |
|
270 <description><p>Posted by Salvatore Bonaccorso on Sep 10</p… |
|
271 cannot request anymore CVEs through that list but one can use<br> |
|
272 <a rel="nofollow" href="https://cveform.mitre.org/&qu… |
|
273 <br> |
|
274 Regards,<br> |
|
275 Salvatore<br></description> |
|
276 <pubDate>Thu, 10 Sep 2020 14:54:18 GMT</pubDate> |
|
277 <guid isPermaLink="true">http://seclists.org/oss-sec/2020/q3/170</gu… |
|
278 </item> |
|
279 |
|
280 |
|
281 |
|
282 <!-- MHonArc v2.6.19 --> |
|
283 </channel> |
|
284 </rss> |
