Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Mageia 7 MGASA-2021-0041 Moderate: p11-kit Integer Overflows

mageia
Calendar Grey January 17, 2021
Dist Mageia Esm H88
MGASA-2021-0052 tackles potential buffer overflow and invalid memory access issues within the libpng package through necessary patches for Mageia 8.
Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling reall...

Summary

Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc (CVE-2020-29361).
A heap-based buffer over-read has been discovered in the RPC protocol used by the p11-kit server/remote commands and the client library. When the remote entity supplies a byte array through a serialized PKCS#11 function call, the receiving entity may allow the reading of up to 4 bytes of memory past the heap allocation (CVE-2020-29362).
A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the remote entity supplies a serialized byte array in a CK_ATTRIBUTE, the receiving entity may not allocate sufficient length for the buffer to store the deserialized value (CVE-2020-29363).

References

- https://bugs.mageia.org/show_bug.cgi?id=27853

- https://github.com/p11-glue/p11-kit/security/advisories/GHSA-q4r3-hm6m-mvc2

- https://github.com/p11-glue/p11-kit/security/advisories/GHSA-5wpq-43j2-6qwc

- https://github.com/p11-glue/p11-kit/security/advisories/GHSA-5j67-fw89-fp6x

- https://github.com/p11-glue/p11-kit/releases/tag/0.23.22

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4D5CLBYQ6GQU5KRRIBTSC4AOKNPX2JPE/

- https://www.cve.org/CVERecord?id=CVE-2020-29361

- https://www.cve.org/CVERecord?id=CVE-2020-29362

- https://www.cve.org/CVERecord?id=CVE-2020-29363

Topics%20covered

Topics Covered

security advisory moderate buffer overflow moderate severity heap overflow integer overflow remote command buffer over-read Mageia p11-kit

Resolution

SRPMS

- 7/core/p11-kit-0.23.22-1.mga7

Publication date: 17 Jan 2021
URL: https://advisories.mageia.org/MGASA-2021-0041.html
Type: security
CVE: CVE-2020-29361, CVE-2020-29362, CVE-2020-29363

Topics%20covered

Topics Covered

security advisory moderate buffer overflow moderate severity heap overflow integer overflow remote command buffer over-read Mageia p11-kit

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here