Arch Linux Security Advisory ASA-202104-1
========================================
Severity: Critical
Date    : 2021-04-29
CVE-ID  : CVE-2021-22205 CVE-2021-28965
Package : gitlab
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-1822

Summary
======
The package gitlab before version 13.10.3-1 is vulnerable to multiple
issues including arbitrary code execution and incorrect calculation.

Resolution
=========
Upgrade to 13.10.3-1.

# pacman -Syu "gitlab>=13.10.3-1"

The problems have been fixed upstream in version 13.10.3.

Workaround
=========
None.

Description
==========
- CVE-2021-22205 (arbitrary code execution)

An issue has been discovered in GitLab CE/EE affecting all versions
starting from 11.9. GitLab was not properly validating image files that
is passed to a file parser which resulted in a remote command
execution. The issue is fixed in GitLab versions 13.10.3, 13.9.6 and
13.8.8.

- CVE-2021-28965 (incorrect calculation)

When parsing and serializing a crafted XML document, the REXML gem
(including the one bundled with Ruby) can create a wrong XML document
whose structure is different from the original one. The impact of this
issue highly depends on context, but it may lead to a vulnerability in
some programs that are using REXML. The issue is fixed in version 3.2.5
of the REXML gem.

Impact
=====
An attacker can crash or execute arbitrary code on the affected server
by providing a maliciously crafted XML or image file.

References
=========
https://about.gitlab.com/releases/2021/04/14/security-release-gitlab-13-10-3-released/
https://about.gitlab.com/releases/2021/04/14/security-release-gitlab-13-10-3-released/#Remote-code-execution-when-uploading-specially-crafted-image-files
https://gitlab.com/gitlab-org/gitlab/-/issues/327121
https://hackerone.com/reports/1154542
https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/
https://hackerone.com/reports/1104077
https://github.com/ruby/rexml/commit/a659c63e37414506dfb0d4655e031bb7a2e73fc8
https://github.com/ruby/rexml/commit/2fe62e29094d95921d7e19abbd2e26b23d78dc5b
https://github.com/ruby/rexml/commit/6a250d2cd1194c2be72becbdd9c3e770aa16e752
https://github.com/ruby/rexml/commit/f7bab8937513b1403cea5aff874cbf32fd5e8551
https://github.com/ruby/rexml/commit/f9d88e4948b4a43294c25dc0edb16815bd9d8618
https://github.com/ruby/rexml/commit/9b311e59ae05749e082eb6bbefa1cb620d1a786e
https://github.com/ruby/rexml/commit/3c137eb119550874b2b3e27d12b733ca67033377
https://security.archlinux.org/CVE-2021-22205
https://security.archlinux.org/CVE-2021-28965

ArchLinux: 202104-1: gitlab: multiple issues

April 29, 2021

Summary

- CVE-2021-22205 (arbitrary code execution) An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that is passed to a file parser which resulted in a remote command execution. The issue is fixed in GitLab versions 13.10.3, 13.9.6 and 13.8.8.
- CVE-2021-28965 (incorrect calculation)
When parsing and serializing a crafted XML document, the REXML gem (including the one bundled with Ruby) can create a wrong XML document whose structure is different from the original one. The impact of this issue highly depends on context, but it may lead to a vulnerability in some programs that are using REXML. The issue is fixed in version 3.2.5 of the REXML gem.

Resolution

Upgrade to 13.10.3-1. # pacman -Syu "gitlab>=13.10.3-1"
The problems have been fixed upstream in version 13.10.3.

References

https://about.gitlab.com/releases/2021/04/14/security-release-gitlab-13-10-3-released/ https://about.gitlab.com/releases/2021/04/14/security-release-gitlab-13-10-3-released/#Remote-code-execution-when-uploading-specially-crafted-image-files https://gitlab.com/gitlab-org/gitlab/-/issues/327121 https://hackerone.com/reports/1154542 https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/ https://hackerone.com/reports/1104077 https://github.com/ruby/rexml/commit/a659c63e37414506dfb0d4655e031bb7a2e73fc8 https://github.com/ruby/rexml/commit/2fe62e29094d95921d7e19abbd2e26b23d78dc5b https://github.com/ruby/rexml/commit/6a250d2cd1194c2be72becbdd9c3e770aa16e752 https://github.com/ruby/rexml/commit/f7bab8937513b1403cea5aff874cbf32fd5e8551 https://github.com/ruby/rexml/commit/f9d88e4948b4a43294c25dc0edb16815bd9d8618 https://github.com/ruby/rexml/commit/9b311e59ae05749e082eb6bbefa1cb620d1a786e https://github.com/ruby/rexml/commit/3c137eb119550874b2b3e27d12b733ca67033377 https://security.archlinux.org/CVE-2021-22205 https://security.archlinux.org/CVE-2021-28965

Severity
Package : gitlab
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-1822

Workaround

None.

Related News

4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved