Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
172
security advisorydenial of serviceUbuntuUbuntu 18.04 LTS: USN-7239-1 critical: libmicrodns denial of service
Several security issues were fixed in libmicrodns.. ========================================================================== Ubuntu Security Notice USN-7239-1 January 28, 2025 libmicrodns vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: Several security issues were fixed in libmicrodns. Software Description: - libmicrodns: minimal mDNS resolver and announcer library Details: It was discovered that libmicrodns could recursively follow the same compression pointer, leading to an infinite loop. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-6071) It was discovered that libmicrodns did not check the return value of the rr_decode function, which could lead to a double free. An attacker could possibly use this issue to execute arbitrary code. (CVE-2020-6072) It was discovered that libmicrodns incorrectly handled certain inputs, which could lead to an integer overflow. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-6073) It was discovered that libmicrodns incorrectly handled certain inputs, which could lead to a out-of-bounds read. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-6077) It was discovered that libmicrodns incorrectly handled memory when parsing mDNS messages in mdns_recv, which could lead to a NULL pointer dereference. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-6078) It was discovered that libmicrodns incorrectly handled memory, which could lead to excessive memory consumption due to memory leaks. An attacker could possibly use this issue to cause a denial of service. (CVE-2020-6079, CVE-2020-6080) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS libmicrodns0 0.0.8-1ubuntu0.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7239-1 CVE-2020-6071, CVE-2020-6072, CVE-2020-6073, CVE-2020-6077, CVE-2020-6078, CVE-2020-6079, CVE-2020-6080 . A series of security flaws in libmicrodns have been resolved for Ubuntu 18.04 LTS through system updates.. libmicrodns updates, Ubuntu security, security advisory updates. . Severity: Critical. LinuxSecurity.com Team
Jan 29, 2025
•Critical
Ubuntu
91
security advisorygentoovulnerabilityGentoo: GLSA-202005-10 Normal Severity: libmicrodns Code Execution Risk
Multiple vulnerabilities have been found in libmicrodns, the worst of which could result in the arbitrary execution of code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202005-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libmicrodns: Multiple vulnerabilities Date: May 14, 2020 Bugs: #714606 ID: 202005-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in libmicrodns, the worst of which could result in the arbitrary execution of code. Background ========= libmicrodns is an mDNS library, focused on being simple and cross-platform. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-libs/libmicrodns < 0.1.2 > = 0.1.2 Description ========== Multiple vulnerabilities have been discovered in libmicrodns. Please review the CVE identifiers and the upstream advisory referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All libmicrodns users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-libs/libmicrodns-0.1.2" References ========= [ 1 ] CVE-2020-6071 https://nvd.nist.gov/vuln/detail/CVE-2020-6071 [ 2 ] CVE-2020-6072 https://nvd.nist.gov/vuln/detail/CVE-2020-6072 [ 3 ] CVE-2020-6073 https://nvd.nist.gov/vuln/detail/CVE-2020-6073 [ 4 ] CVE-2020-6077 https://nvd.nist.gov/vuln/detail/CVE-2020-6077 [ 5 ] CVE-2020-6078 https://nvd.nist.gov/vuln/detail/CVE-2020-6078 [ 6 ] CVE-2020-6079 https://nvd.nist.gov/vuln/detail/CVE-2020-6079 [ 7 ] CVE-2020-6080 https://nvd.nist.gov/vuln/detail/CVE-2020-6080 [ 8 ] VideoLAN-SB-VLC-309 https://www.videolan.org/security/sb-vlc309.html Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202005-10 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
May 14, 2020
Gentoo
198
security advisorydenial of servicecode executionArchLinux: 202004-24 Critical: libmicrodns Issues Leading To DoS
The package libmicrodns before version 0.1.2-1 is vulnerable to multiple issues including arbitrary code execution, denial of service and information disclosure. . Arch Linux Security Advisory ASA-202004-24 ========================================= Severity: Critical Date : 2020-04-30 CVE-ID : CVE-2020-6071 CVE-2020-6072 CVE-2020-6073 CVE-2020-6077 CVE-2020-6078 CVE-2020-6079 CVE-2020-6080 Package : libmicrodns Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1136 Summary ====== The package libmicrodns before version 0.1.2-1 is vulnerable to multiple issues including arbitrary code execution, denial of service and information disclosure. Resolution ========= Upgrade to 0.1.2-1. # pacman -Syu "libmicrodns> =0.1.2-1" The problems have been fixed upstream in version 0.1.2. Workaround ========= None. Description ========== - CVE-2020-6071 (denial of service) An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the compression pointer is followed without checking for recursion, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability. - CVE-2020-6072 (arbitrary code execution) An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rr_decode function's return value is not checked, leading to a double free that could be exploited to execute arbitrary code. An attacker can send an mDNS message to trigger this vulnerability. - CVE-2020-6073 (information disclosure) An exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing the RDATA section in a TXT record in mDNS messages, multiple integer overflows can be triggered, leading to a denial of service. An attacker can send an mDNS message to trigger thisvulnerability. - CVE-2020-6077 (information disclosure) An exploitable denial-of-service vulnerability exists in the message- parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages, the implementation does not properly keep track of the available data in the message, possibly leading to an out-of-bounds read that would result in a denial of service. An attacker can send an mDNS message to trigger this vulnerability. - CVE-2020-6078 (denial of service) An exploitable denial-of-service vulnerability exists in the message- parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages in mdns_recv, the return value of the mdns_read_header function is not checked, leading to an uninitialized variable usage that eventually results in a null pointer dereference, leading to service crash. An attacker can send a series of mDNS messages to trigger this vulnerability. - CVE-2020-6079 (denial of service) Multiple exploitable denial-of-service vulnerabilities exist in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger these vulnerabilities. - CVE-2020-6080 (denial of service) Multiple exploitable denial-of-service vulnerabilities exist in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger these vulnerabilities. Impact ===== A remote attacker can provide crafted DNS responses to crash the service, disclose data or execute arbitrarycode. References ========= https://github.com/videolabs/libmicrodns/releases/tag/0.1.1 https://talosintelligence.com/vulnerability_reports/TALOS-2020-0994 https://github.com/videolabs/libmicrodns/commit/0103f40371cd6e5f034d1ea5674cd33316fef518 https://talosintelligence.com/vulnerability_reports/TALOS-2020-0995 https://github.com/videolabs/libmicrodns/commit/219b180c3cea9ad674a5512412fbd75592f61aa7 https://talosintelligence.com/vulnerability_reports/TALOS-2020-0996 https://github.com/videolabs/libmicrodns/commit/f0e8a723ef2d0a7ef9e200a8fd7c561d4695c5cf https://talosintelligence.com/vulnerability_reports/TALOS-2020-1000 https://github.com/videolabs/libmicrodns/commit/80860fad7e046959b730a0e37fd8d6ad955682ec https://talosintelligence.com/vulnerability_reports/TALOS-2020-1001 https://github.com/videolabs/libmicrodns/commit/4fb18284bea9a4f5eaf7745d72965b9b24e27d61 https://talosintelligence.com/vulnerability_reports/TALOS-2020-1002 https://github.com/videolabs/libmicrodns/commit/9768bdbeb8ea6b7849a97af4362d1b5184352cee https://security.archlinux.org/CVE-2020-6071 https://security.archlinux.org/CVE-2020-6072 https://security.archlinux.org/CVE-2020-6073 https://security.archlinux.org/CVE-2020-6077 https://security.archlinux.org/CVE-2020-6078 https://security.archlinux.org/CVE-2020-6079 https://security.archlinux.org/CVE-2020-6080 . A serious vulnerability in libmicrodns could allow remote code execution and DoS threats. Update your packages and monitor systems for safety. libmicrodns, security advisory, archlinux issues, code execution. . Severity: Critical. LinuxSecurity.com Team
May 05, 2020
•Critical
ArchLinux
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!