Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
198
security advisorysoftware updatecode executionArch Linux: ASA-202102-37 Medium Severity Python Code Execution Issues
The package python before version 3.9.2-1 is vulnerable to multiple issues including arbitrary code execution and url request injection. . Arch Linux Security Advisory ASA-202102-37 ========================================= Severity: Medium Date : 2021-02-27 CVE-ID : CVE-2021-3177 CVE-2021-23336 Package : python Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1465 Summary ====== The package python before version 3.9.2-1 is vulnerable to multiple issues including arbitrary code execution and url request injection. Resolution ========= Upgrade to 3.9.2-1. # pacman -Syu "python> =3.9.2-1" The problems have been fixed upstream in version 3.9.2. Workaround ========= None. Description ========== - CVE-2021-3177 (arbitrary code execution) Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely. - CVE-2021-23336 (url request injection) The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter. The package python-django contains a copy of urllib.parse.parse_qsl() which was added to backport some security fixes. A further security fix has been issued in versions 3.1.7, 3.0.13 and 2.2.19such that parse_qsl() no longer allows using ; as a query parameter separator by default. Impact ===== A malicious format string could execute code and a malicious user could send crafted HTTP queries poisoning the cache. References ========= https://python-security.readthedocs.io/vuln/ctypes-buffer-overflow-pycarg_repr.html https://bugs.python.org/issue42938 https://github.com/python/cpython/pull/24239 https://github.com/python/cpython/commit/c347cbe694743cee120457aa6626712f7799a932 https://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/ https://bugs.python.org/issue42967 https://github.com/python/cpython/pull/24297 https://github.com/python/cpython/commit/c9f07813ab8e664d8c34413c4fc2d4f86c061a92 https://www.djangoproject.com/weblog/2021/feb/19/security-releases/ https://github.com/django/django/commit/8f6d431b08cbb418d9144b976e7b972546607851 https://security.archlinux.org/CVE-2021-3177 https://security.archlinux.org/CVE-2021-23336 . A number of vulnerabilities identified in the Python module on Arch Linux classified with medium risk. It is advisable to perform an update to mitigate these threats.. Arch Linux Security, Python Update, Code Execution Issues, Request Injection, Package Upgrade. . Severity: Medium. LinuxSecurity.com Team
Mar 01, 2021
•Medium
ArchLinux
198
security advisorydenial of servicehigh severityArch Linux Advisory: ASA-202101-14 High: Nodejs DoS and Code Injection
The package nodejs-lts-erbium before version 12.20.1-1 is vulnerable to multiple issues including arbitrary code execution and url request injection. . Arch Linux Security Advisory ASA-202101-14 ========================================= Severity: High Date : 2021-01-12 CVE-ID : CVE-2020-8265 CVE-2020-8287 Package : nodejs-lts-erbium Type : multiple issues Remote : No Link : https://security.archlinux.org/AVG-1402 Summary ====== The package nodejs-lts-erbium before version 12.20.1-1 is vulnerable to multiple issues including arbitrary code execution and url request injection. Resolution ========= Upgrade to 12.20.1-1. # pacman -Syu "nodejs-lts-erbium> =12.20.1-1" The problems have been fixed upstream in version 12.20.1. Workaround ========= None. Description ========== - CVE-2020-8265 (arbitrary code execution) The nodejs release lines 15.x, 14.x, 12.x and 10.x are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResult structure. This may be exploited to corrupt memory leading to a Denial of Service or potentially other exploits. The issue is fixed in nodejs versions 15.5.1, 14.15.4, 12.20.1 and 10.23.1. - CVE-2020-8287 (url request injection) The nodejs release lines 15.x, 14.x, 12.x and 10.x allow two copies of a header field in an HTTP request. For example, two Transfer-Encoding header fields. In this case Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling. The issue is fixed in nodejs versions 15.5.1, 14.15.4, 12.20.1 and 10.23.1. Impact ===== A malicious user could achieve data exfiltration through HTTP headersor execute arbitrary code through poor APIusage. References ========= https://groups.google.com/g/nodejs-sec/c/kyzmwvQdUfs/m/7mjPCzY2BAAJ https://github.com/nodejs/node/commit/9834ef85a0a549a45a98f04dc51af1782a7126ee https://github.com/nodejs/node/commit/4f8772f9b731118628256189b73cd202149bbd97 https://github.com/nodejs/node/commit/5b00de7d67a1372aa342115ad28edd3f78268bb6 https://github.com/nodejs/node/commit/7f178663ebffc82c9f8a5a1b6bf2da0c263a30ed https://github.com/nodejs/node/commit/357e2857c8385c303782ced2ac8b568df06d4326 https://github.com/nodejs/node/commit/e0c9a2285cfe18642d15d5ed9b7122755c6e66e0 https://github.com/nodejs/node/commit/c5dbe831b714b3a98c59ba2406b791fb27016d79 https://github.com/nodejs/node/commit/641f786bb1a1f6eb1ff8750782ed939780f2b31a https://github.com/nodejs/node/commit/7ecac8143f0a91785ed0bd3b4d9aab5d98419b41 https://github.com/nodejs/node/commit/92d430917a63a567bb528100371263c46e50ee4a https://github.com/nodejs/node/commit/4a30ac8c755d0701e773831ce22153b66bb36305 https://github.com/nodejs/node/commit/420244e4d9ca6de2612e7f503f5c87e448fbc14b https://github.com/nodejs/node/commit/fc70ce08f5818a286fb5899a1bc3aff5965a745e https://github.com/nodejs/node/commit/aa6b97fb99d7528649fadb4c6a894e078fe4323c https://security.archlinux.org/CVE-2020-8265 https://security.archlinux.org/CVE-2020-8287 . Critical issues found in nodejs-lts-erbium on Arch Linux, impacting stability with code execution and HTTP injection risks.. nodejs-lts-erbium, arch linux, security advisory, remote code execution, high severity. . LinuxSecurity.com Team
Jan 15, 2021
ArchLinux
172
security advisorycriticalUbuntuUbuntu 14.10: 2474-1 Critical Advisory: Curl Arbitrary Request Injection
curl could be tricked into adding arbitrary requests when following certain URLs.. =========================================================================Ubuntu Security Notice USN-2474-1 January 15, 2015 curl vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS Summary: curl could be tricked into adding arbitrary requests when following certain URLs. Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries Details: Andrey Labunets discovered that curl incorrectly handled certain URLs when using a proxy server. If a user or automated system were tricked into using a specially crafted URL, an attacker could possibly use this issue to inject arbitrary HTTP requests. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.10: libcurl3 7.37.1-1ubuntu3.2 libcurl3-gnutls 7.37.1-1ubuntu3.2 libcurl3-nss 7.37.1-1ubuntu3.2 Ubuntu 14.04 LTS: libcurl3 7.35.0-1ubuntu2.3 libcurl3-gnutls 7.35.0-1ubuntu2.3 libcurl3-nss 7.35.0-1ubuntu2.3 Ubuntu 12.04 LTS: libcurl3 7.22.0-3ubuntu4.12 libcurl3-gnutls 7.22.0-3ubuntu4.12 libcurl3-nss 7.22.0-3ubuntu4.12 Ubuntu 10.04 LTS: libcurl3 7.19.7-1ubuntu1.11 libcurl3-gnutls 7.19.7-1ubuntu1.11 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-2474-1 CVE-2014-8150 Package Information: https://launchpad.net/ubuntu/+source/curl/7.37.1-1ubuntu3.2 https://launchpad.net/ubuntu/+source/curl/7.35.0-1ubuntu2.3 https://launchpad.net/ubuntu/+source/curl/7.22.0-3ubuntu4.12 https://launchpad.net/ubuntu/+source/curl/7.19.7-1ubuntu1.11 . An important vulnerability in Curl permits the manipulation of unsolicited requests via specially designed URLs. Immediate update suggested.. curl Security, Ubuntu Vulnerability, Request Injection Threat. . Severity: Critical. LinuxSecurity.com Team
Jan 15, 2015
•Critical
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!