-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Moderate: Red Hat Quay v3.4.0 security update
Advisory ID:       RHSA-2021:0420-01
Product:           Red Hat Quay
Advisory URL:      https://access.redhat.com/errata/RHSA-2021:0420
Issue date:        2021-02-04
CVE Names:         CVE-2019-3866 CVE-2019-16785 CVE-2019-16786 
                   CVE-2019-16789 CVE-2019-19911 CVE-2019-20477 
                   CVE-2020-5310 CVE-2020-5311 CVE-2020-5312 
                   CVE-2020-5313 CVE-2020-8131 CVE-2020-10177 
                   CVE-2020-10378 CVE-2020-10379 CVE-2020-10994 
                   CVE-2020-11538 CVE-2020-14040 
====================================================================
1. Summary:

Red Hat Quay 3.4.0 is now available with bug fixes and various
enhancements.

Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

2. Description:

Quay 3.4.0 release

Security Fix(es):

* waitress: HTTP request smuggling through LF vs CRLF handling
(CVE-2019-16785)

* waitress: HTTP request smuggling through invalid Transfer-Encoding
(CVE-2019-16786)

* waitress: HTTP Request Smuggling through Invalid whitespace characters in
headers (CVE-2019-16789)

* python-pillow: Integer overflow leading to buffer overflow in
ImagingLibTiffDecode (CVE-2020-5310)

* python-pillow: out-of-bounds write in expandrow in
libImaging/SgiRleDecode.c (CVE-2020-5311)

* python-pillow: improperly restricted operations on memory buffer in
libImaging/PcxDecode.c (CVE-2020-5312)

* python-pillow: two buffer overflows in libImaging/TiffDecode.c due to
small buffers allocated in ImagingLibTiffDecode() (CVE-2020-10379)

* python-pillow: out-of-bounds reads/writes in the parsing of SGI image
files in expandrow/expandrow2 (CVE-2020-11538)

* openstack-mistral: information disclosure in mistral log (CVE-2019-3866)

* python-pillow: uncontrolled resource consumption in FpxImagePlugin.py
(CVE-2019-19911)

* PyYAML: command execution through python/object/apply constructor in
FullLoader (CVE-2019-20477)

* python-pillow: out-of-bounds read in ImagingFliDecode when loading FLI
images (CVE-2020-5313)

* yarn: Arbitrary filesystem write via tar expansion (CVE-2020-8131)

* golang.org/x/text: possibility to trigger an infinite loop in
encoding/unicode could lead to crash (CVE-2020-14040)

* python-pillow: multiple out-of-bounds reads in libImaging/FliDecode.c
(CVE-2020-10177)

* python-pillow: an out-of-bounds read in libImaging/PcxDecode.c can occur
when reading PCX files (CVE-2020-10378)

* python-pillow: multiple out-of-bounds reads via a crafted JP2 file
(CVE-2020-10994)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

3. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

1768731 - CVE-2019-3866 openstack-mistral: information disclosure in mistral log
1789532 - CVE-2020-5313 python-pillow: out-of-bounds read in ImagingFliDecode when loading FLI images
1789533 - CVE-2020-5312 python-pillow: improperly restricted operations on memory buffer in libImaging/PcxDecode.c
1789535 - CVE-2020-5311 python-pillow: out-of-bounds write in expandrow in libImaging/SgiRleDecode.c
1789538 - CVE-2020-5310 python-pillow: Integer overflow leading to buffer overflow in ImagingLibTiffDecode
1789540 - CVE-2019-19911 python-pillow: uncontrolled resource consumption in FpxImagePlugin.py
1789807 - CVE-2019-16789 waitress: HTTP Request Smuggling through Invalid whitespace characters in headers1791415 - CVE-2019-16786 waitress: HTTP request smuggling through invalid Transfer-Encoding
1791420 - CVE-2019-16785 waitress: HTTP request smuggling through LF vs CRLF handling
1806005 - CVE-2019-20477 PyYAML: command execution through python/object/apply constructor in FullLoader
1816261 - CVE-2020-8131 yarn: Arbitrary filesystem write via tar expansion
1852814 - CVE-2020-11538 python-pillow: out-of-bounds reads/writes in the parsing of SGI image files in expandrow/expandrow2
1852820 - CVE-2020-10994 python-pillow: multiple out-of-bounds reads via a crafted JP2 file
1852824 - CVE-2020-10177 python-pillow: multiple out-of-bounds reads in libImaging/FliDecode.c
1852832 - CVE-2020-10378 python-pillow: an out-of-bounds read in libImaging/PcxDecode.c can occur when reading PCX files
1852836 - CVE-2020-10379 python-pillow: two buffer overflows in libImaging/TiffDecode.c due to small buffers allocated in ImagingLibTiffDecode()
1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash

5. References:

https://access.redhat.com/security/cve/CVE-2019-3866
https://access.redhat.com/security/cve/CVE-2019-16785
https://access.redhat.com/security/cve/CVE-2019-16786
https://access.redhat.com/security/cve/CVE-2019-16789
https://access.redhat.com/security/cve/CVE-2019-19911
https://access.redhat.com/security/cve/CVE-2019-20477
https://access.redhat.com/security/cve/CVE-2020-5310
https://access.redhat.com/security/cve/CVE-2020-5311
https://access.redhat.com/security/cve/CVE-2020-5312
https://access.redhat.com/security/cve/CVE-2020-5313
https://access.redhat.com/security/cve/CVE-2020-8131
https://access.redhat.com/security/cve/CVE-2020-10177
https://access.redhat.com/security/cve/CVE-2020-10378
https://access.redhat.com/security/cve/CVE-2020-10379
https://access.redhat.com/security/cve/CVE-2020-10994
https://access.redhat.com/security/cve/CVE-2020-11538
https://access.redhat.com/security/cve/CVE-2020-14040
https://access.redhat.com/security/updates/classification/#moderate

6. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBYBweDtzjgjWX9erEAQgOFQ/+JHchzZ0RO/O8aTOdm5eNX8oFUfP2Fo1K
jU0L+GYTIA0lenBvUo3Xs4qhVvwLVQcoCOGBz1Uvg3lnbHmTvH4nAxxMKAfU+utT
adD4oA8J08dzI5zPLsmlrgNENt0SqjSdV836EAC8w2nKvXsm0ylItZ3RBGWgQJqV
X4k/YQUpJWl3PA6+SFuTRq/L5lASULUOBM8TfkYIeK2FEk+a8LVDh37JLtRmc4SS
h6Hnh6/5ARnk4uuCjrz2JMzyAgm+Z63Bra/4UAH9BGp7+6bHr2AY7FvIA++204kB
Da8u6qmdxQIw78NJdE2OdvyIijBxnawglt+TTw+4mqlSpxelAhfdq0opPNLkj0X0
XFzql0fbtpeqxnruaue7L2R0KeCX2U+gfpT0hKiP30teMwrGScnxQIn0EZK73N+l
N6pl5Mg03lUtJW0KKPG4da2ghnDbjVBCs8AYhTLSKSCP78VU346+kC3wmYA+R6Da
mYEtLDfo28rXQFdFxZHC+G/Rm/F8AaY4bx7aaEa+fTAwCHTcPHMisG1VYdzRnfPV
DURTzSztTQXtls0mRVgzaNbOFSSNxHAL7wo3p7Atb2G1Q2e9+xSTrWN6HQfYpu3l
isOMJKCTilPU8urRBfzzlqopyxsQUUC69iS8j3uiIkSai46gjx14PXz0AAbjwhRS
nckOuXCQ1Ig=nv1p
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2021-0420:01 Moderate: Red Hat Quay v3.4.0 security update

Red Hat Quay 3.4.0 is now available with bug fixes and various enhancements

Summary

Quay 3.4.0 release
Security Fix(es):
* waitress: HTTP request smuggling through LF vs CRLF handling (CVE-2019-16785)
* waitress: HTTP request smuggling through invalid Transfer-Encoding (CVE-2019-16786)
* waitress: HTTP Request Smuggling through Invalid whitespace characters in headers (CVE-2019-16789)
* python-pillow: Integer overflow leading to buffer overflow in ImagingLibTiffDecode (CVE-2020-5310)
* python-pillow: out-of-bounds write in expandrow in libImaging/SgiRleDecode.c (CVE-2020-5311)
* python-pillow: improperly restricted operations on memory buffer in libImaging/PcxDecode.c (CVE-2020-5312)
* python-pillow: two buffer overflows in libImaging/TiffDecode.c due to small buffers allocated in ImagingLibTiffDecode() (CVE-2020-10379)
* python-pillow: out-of-bounds reads/writes in the parsing of SGI image files in expandrow/expandrow2 (CVE-2020-11538)
* openstack-mistral: information disclosure in mistral log (CVE-2019-3866)
* python-pillow: uncontrolled resource consumption in FpxImagePlugin.py (CVE-2019-19911)
* PyYAML: command execution through python/object/apply constructor in FullLoader (CVE-2019-20477)
* python-pillow: out-of-bounds read in ImagingFliDecode when loading FLI images (CVE-2020-5313)
* yarn: Arbitrary filesystem write via tar expansion (CVE-2020-8131)
* golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)
* python-pillow: multiple out-of-bounds reads in libImaging/FliDecode.c (CVE-2020-10177)
* python-pillow: an out-of-bounds read in libImaging/PcxDecode.c can occur when reading PCX files (CVE-2020-10378)
* python-pillow: multiple out-of-bounds reads via a crafted JP2 file (CVE-2020-10994)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.



Summary


Solution

Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258

References

https://access.redhat.com/security/cve/CVE-2019-3866 https://access.redhat.com/security/cve/CVE-2019-16785 https://access.redhat.com/security/cve/CVE-2019-16786 https://access.redhat.com/security/cve/CVE-2019-16789 https://access.redhat.com/security/cve/CVE-2019-19911 https://access.redhat.com/security/cve/CVE-2019-20477 https://access.redhat.com/security/cve/CVE-2020-5310 https://access.redhat.com/security/cve/CVE-2020-5311 https://access.redhat.com/security/cve/CVE-2020-5312 https://access.redhat.com/security/cve/CVE-2020-5313 https://access.redhat.com/security/cve/CVE-2020-8131 https://access.redhat.com/security/cve/CVE-2020-10177 https://access.redhat.com/security/cve/CVE-2020-10378 https://access.redhat.com/security/cve/CVE-2020-10379 https://access.redhat.com/security/cve/CVE-2020-10994 https://access.redhat.com/security/cve/CVE-2020-11538 https://access.redhat.com/security/cve/CVE-2020-14040 https://access.redhat.com/security/updates/classification/#moderate

Package List


Severity
Advisory ID: RHSA-2021:0420-01
Product: Red Hat Quay
Advisory URL: https://access.redhat.com/errata/RHSA-2021:0420
Issued Date: : 2021-02-04
CVE Names: CVE-2019-3866 CVE-2019-16785 CVE-2019-16786 CVE-2019-16789 CVE-2019-19911 CVE-2019-20477 CVE-2020-5310 CVE-2020-5311 CVE-2020-5312 CVE-2020-5313 CVE-2020-8131 CVE-2020-10177 CVE-2020-10378 CVE-2020-10379 CVE-2020-10994 CVE-2020-11538 CVE-2020-14040

Topic

Red Hat Quay 3.4.0 is now available with bug fixes and variousenhancements.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.


Topic


 

Relevant Releases Architectures


Bugs Fixed

1768731 - CVE-2019-3866 openstack-mistral: information disclosure in mistral log

1789532 - CVE-2020-5313 python-pillow: out-of-bounds read in ImagingFliDecode when loading FLI images

1789533 - CVE-2020-5312 python-pillow: improperly restricted operations on memory buffer in libImaging/PcxDecode.c

1789535 - CVE-2020-5311 python-pillow: out-of-bounds write in expandrow in libImaging/SgiRleDecode.c

1789538 - CVE-2020-5310 python-pillow: Integer overflow leading to buffer overflow in ImagingLibTiffDecode

1789540 - CVE-2019-19911 python-pillow: uncontrolled resource consumption in FpxImagePlugin.py

1789807 - CVE-2019-16789 waitress: HTTP Request Smuggling through Invalid whitespace characters in headers1791415 - CVE-2019-16786 waitress: HTTP request smuggling through invalid Transfer-Encoding

1791420 - CVE-2019-16785 waitress: HTTP request smuggling through LF vs CRLF handling

1806005 - CVE-2019-20477 PyYAML: command execution through python/object/apply constructor in FullLoader

1816261 - CVE-2020-8131 yarn: Arbitrary filesystem write via tar expansion

1852814 - CVE-2020-11538 python-pillow: out-of-bounds reads/writes in the parsing of SGI image files in expandrow/expandrow2

1852820 - CVE-2020-10994 python-pillow: multiple out-of-bounds reads via a crafted JP2 file

1852824 - CVE-2020-10177 python-pillow: multiple out-of-bounds reads in libImaging/FliDecode.c

1852832 - CVE-2020-10378 python-pillow: an out-of-bounds read in libImaging/PcxDecode.c can occur when reading PCX files

1852836 - CVE-2020-10379 python-pillow: two buffer overflows in libImaging/TiffDecode.c due to small buffers allocated in ImagingLibTiffDecode()

1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash


Related News

4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved