An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default if Bash is run with its effective UID not equal to its real UID it will drop privileges by setting its effective UID to its real UID. However it does so incorrectly. On Linux and other systems that support "saved UID" functionality the saved UID is not dropped. An attacker with command execution in the shell can use "enable -f" for runtime loading of a new builtin which can be a shared object that calls setuid() and therefore regains privileges. However binaries running with an effective UID of 0 are unaffected.

...

An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault associated with a NULL pointer dereference leading to a denial of service in the intuit_diff_type function in pch.c aka a "mangled rename" issue.

...

A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that when processed by the glob function would potentially lead to arbitrary code execution. This was fixed in version 2.32.

...

The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified. For example within a single execution of a program the output of every __builtin_darn() call may be the same.

...

In the GNU C Library (aka glibc or libc6) through 2.28 the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters which could lead applications to incorrectly assume that it had parsed a valid string without the possibility of embedded HTTP headers or other potentially dangerous substrings.

...

In the GNU C Library (aka glibc or libc6) through 2.28 attempting to resolve a crafted hostname via getaddrinfo() leads to the allocation of a socket descriptor that is not closed. This is related to the if_nametoindex() function.

...

An issue was discovered in GNU libiberty as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls.

...

An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section.

...

GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.

...

do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638 but the ! syntax is specific to ed and is unrelated to a shell metacharacter.

...

In the GNU C Library (aka glibc or libc6) through 2.29 check_dst_limits_calc_pos_1 in posix/regexec.c has Uncontrolled Recursion as demonstrated by '(\227|)(\\1\\1|t1|\\\2537)+' in grep.

...

In the GNU C Library (aka glibc or libc6) through 2.29 proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.

...

GNU GLOBAL: Arbitrary code execution

Background GNU GLOBAL is a source code tagging system that works the same way across diverse environments, such as Emacs editor, Vi editor, Less viewer, Bash shell, various web browsers, etc. Description A vulnerability was found in an undocumented function of gozilla. Impact A remote attacker...

Fedora: Security Advisory for radare2 (FEDORA-2020-aa51efe207)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

All-Dynamics Software enlogic:show Digital Signage System 2.0.2 Session Fixation

All-Dynamics Software enlogic:show Digital Signage System 2.0.2 Session Fixation Vendor: All-Dynamics Software GmbH Vendor web page: https://www.all-dynamics.de Product web page: https://www.enlogic-show.com Affected version: 2.0.2 Build 2098 ILP32W 0/1/3/1597919619 Summary: Bring communication...

Fedora: Security Advisory for golang (FEDORA-2020-9cd1204ba0)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

The vulnerability of the memcpy function in the glibc library, which allows a hacker to execute arbitrary code in the context of a privileged process

The vulnerability of the memcpy function in the glibc library arises from an operation that occurs outside the buffer boundaries. Exploiting this vulnerability allows a remote attacker to execute arbitrary code within the privileged process context...

FreeRDP < 2.2.0 Integer Overflow Vulnerability

FreeRDP is prone to an integer overflow vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you ca...

Fedora: Security Advisory for bashtop (FEDORA-2020-54e4356732)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Binutils: Multiple vulnerabilities

Background The GNU Binutils are a collection of tools to create, modify and analyse binary files. Many of the files use BFD, the Binary File Descriptor library, to do low-level manipulation. Description Multiple vulnerabilities have been discovered in Binutils. Please review the CVE identifiers...