Home Original page

Log - Arch Linux

AVG-1116 edited at 17 Mar 2020 13:20:29
Severity
- Unknown
+ High
CVE-2020-0556 edited at 17 Mar 2020 13:20:29
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Access restriction bypass
Description
+ It was discovered that the HID and HOGP profiles implementations in bluez before 5.54 don't specifically require bonding between the device and the host. This creates an opportunity for a malicious device to connect to a target host to either impersonate an existing HID device without security or to cause an SDP or GATT service discovery to take place which would allow HID reports to be injected to the input subsystem froma non-bonded source.
+ This potentially enables escalation of privilege and denial of service via adjacent access.
References
+ https://lore.kernel.org/linux-bluetooth/20200310023516.209146-1-alainm@chromium.org/
+ https://patchwork.kernel.org/patch/11428317/
+ https://patchwork.kernel.org/patch/11428319/
+ https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8cdbd3b09f29da29374e2f83369df24228da0ad1
+ https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=3cccdbab2324086588df4ccf5f892fb3ce1f1787
Notes
AVG-1116 created at 17 Mar 2020 13:17:04
Packages
+ bluez
Issues
+ CVE-2020-0556
Status
+ Fixed
Severity
+ Unknown
Affected
+ 5.53-1
Fixed
+ 5.54-1
Ticket
Advisory qualified
+ Yes
References
+ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html
+ https://www.openwall.com/lists/oss-security/2020/03/12/4
Notes
CVE-2020-0556 created at 17 Mar 2020 13:17:04
ASA-202003-11 edited at 16 Mar 2020 16:30:12
ASA-202003-10 edited at 16 Mar 2020 16:28:40
ASA-202003-9 edited at 16 Mar 2020 16:28:38
CVE-2020-10018 edited at 16 Mar 2020 16:27:13
Description
- A use-after-free has been foud in WebKitGTK before 2.28.0, where processing maliciously crafted web content may lead to arbitrary code execution.
+ A use-after-free has been found in WebKitGTK before 2.28.0, where processing maliciously crafted web content may lead to arbitrary code execution.
ASA-202003-11 edited at 16 Mar 2020 11:38:54
Impact
+ A remote attacker can access sensitive information and execute arbitrary commands and code on the affected host.
ASA-202003-11 created at 16 Mar 2020 11:38:27
CVE-2019-20503 edited at 16 Mar 2020 11:33:38
Description
- An out-of-bounds read has been found in Firefox before 74. The inputs to sctp_load_addresses_from_init are verified by sctp_arethere_unrecognized_parameters; however, the two functions handled parameter bounds differently, resulting in out of bounds reads when parameters are partially outside a chunk.
+ An out-of-bounds read has been found in Firefox before 74 and Thunderbird before 68.6. The inputs to sctp_load_addresses_from_init are verified by sctp_arethere_unrecognized_parameters; however, the two functions handled parameter bounds differently, resulting in out of bounds reads when parameters are partially outside a chunk.
References
https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2019-20503
+ https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2019-20503
https://bugzilla.mozilla.org/show_bug.cgi?id=1613765
CVE-2020-6805 edited at 16 Mar 2020 11:33:18
Description
- A use-after-free issue has been found in Firefox before 74. When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash.
+ A use-after-free issue has been found in Firefox before 74 and Thunderbird before 68.6. When removing data about an origin whose tab was recently closed, a use-after-free could occur in the Quota manager, resulting in a potentially exploitable crash.
References
https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6805
+ https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6805
https://bugzilla.mozilla.org/show_bug.cgi?id=1610880