Advisory ROSA-SA-2021-1825

Software: dracut 033 OS: Cobalt 7.9 CVE-ID: CVE-2016-8637 CVE-Crit: HIGH CVE-DESC: A local information disclosure issue was discovered in dracut before 045 when generating initramfs images with read-only permissions for everyone when using 'Early cpio', such as when enabling microcode updates. A...

Advisory ROSA-SA-2021-1824

Software: dovecot 2.2.36 OS: Cobalt 7.9 CVE-ID: CVE-2019-10691 CVE-Crit: HIGH CVE-DESC: The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly cause the authentication service to fail by attempting to authenticate with an invalid UTF-8 sequence as the username. CVE-STATUS:...

Advisory ROSA-SA-2021-1823

Software: dnsmasq 2.76 OS: Cobalt 7.9 CVE-ID: CVE-2017-13704 CVE-Crit: HIGH CVE-DESC: In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in the memset call gets a negative value. Since this is an unsigned value, memset writes up to...

Advisory ROSA-SA-2021-1822

Software: dhcp 4.2.5 OS: Cobalt 7.9 CVE-ID: CVE-2013-2494 CVE-Crit: HIGH CVE-DESC: libdns in ISC DHCP 4.2.x through 4.2.5-P1 allows remote name servers to cause a denial of service memory consumption using vectors that include a regular expression, as demonstrated by a memory scarcity attack on a...

Advisory ROSA-SA-2021-1821

Software: dcraw 9.19 OS: Cobalt 7.9 CVE-ID: CVE-2018-19565 CVE-Crit: HIGH CVE-DESC: Buffer re-reading in cropmaskedpixels in dcraw before 9.28 could have been used by attackers who could provide malicious files to crash the application that binds the dcraw code or leak private information...

Advisory ROSA-SA-2021-1820

Software: cyrus-sasl 2.1.26 OS: Cobalt 7.9 CVE-ID: CVE-2020-8032 CVE-Crit: HIGH CVE-DESC: An insecure temporary file vulnerability in the cyrus-sasl openSUSE Factory package allows local attackers to escalate to the root level. This issue affects: openSUSE Factory cyrus-sasl version 2.1.27-4.2 an...

Advisory ROSA-SA-2021-1819

Software: cvs 1.11.23 OS: Cobalt 7.9 CVE-ID: CVE-2020-2324 CVE-Crit: HIGH CVE-DESC: The Jenkins CVS 2.16 and earlier plug-in does not configure its XML syntactic parser to prevent attacks on XML external objects XXE. CVE-STATUS: default CVE-REV: default...

Advisory ROSA-SA-2021-1818

Software: curl 7.29.0 OS: Cobalt 7.9 CVE-ID: CVE-2013-4545 CVE-Crit: CRITICAL CVE-DESC: cURL and libcurl from 7.18.0 through 7.32.0 when built with OpenSSL disables validation of CN and SAN certificate name fields CURLOPTSSLVERIFYHOST when digital signature validation CURLOPTSSLVERIFYPEER is...

Advisory ROSA-SA-2021-1817

Software: cups-filters 1.0.35 OS: Cobalt 7.9 CVE-ID: CVE-2013-6473 CVE-Crit: MEDIUM CVE-DESC: Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1.0.25 through 1.0.47 allow remote attackers to execute arbitrary code across a large 1 page or 2 lines in a URF file...

Advisory ROSA-SA-2021-1816

Software: cups 1.6.3 OS: Cobalt 7.9 CVE-ID: CVE-2013-6891 CVE-Crit: HIGH CVE-DESC: lppasswd in CUPS before 1.7.1 when run with setuid privileges allows local users to read parts of arbitrary files via modified HOME environment variable and symbolic link attack using .cups / client.conf. CVE-STATU...

Advisory ROSA-SA-2021-1815

Software: cryptsetup 2.0.3 OS: Cobalt 7.9 CVE-ID: CVE-2016-4484 CVE-Crit: MEDIUM CVE-DESC: Debian initrd script for cryptsetup package 2: 1.7.3-2 and earlier allows physically nearby attackers to gain access to the shell through multiple login attempts with an incorrect password. CVE-STATUS:...

Advisory ROSA-SA-2021-1814

Software: coreutils 8.22 OS: Cobalt 7.9 CVE-ID: CVE-2017-18018 CVE-Crit: MEDIUM CVE-DESC: In GNU Coreutils before 8.29, chown-core.c in chown and chgrp does not prevent replacing a simple file with a symbolic link while using POSIX "-R -L" parameters, allowing local users to change ownership of...

Advisory ROSA-SA-2021-1813

Software: clamav 0.102.4 OS: Cobalt 7.9 CVE-ID: CVE-2021-1386 CVE-Crit: HIGH CVE-DESC: A vulnerability in the Dynamic Link Library DLL loading mechanism in Cisco Advanced Malware Protection AMP for Windows Connector endpoints, ClamAV for Windows, and Immunet could allow an authenticated local...

Advisory ROSA-SA-2021-1812

Software: cifs-utils 6.2 OS: Cobalt 7.9 CVE-ID: CVE-2014-2830 CVE-Crit: MEDIUM CVE-DESC: stack-based buffer overflow in cifskey.c or cifscreds.c in cifs-utils before 6.4, used in pamcifscreds, allows remote attackers to have undefined impact via unknown vectors. CVE-STATUS: default CVE-REV: defau...

Advisory ROSA-SA-2021-1811

Software: c-ares 1.10.0 OS: Cobalt 7.9 CVE-ID: CVE-2016-5180 CVE-Crit: CRITICAL CVE-DESC: Heap-based buffer overflow in the arescreatequery function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service out-of-range entry or possibly execute arbitrary code via a hostnam...

Advisory ROSA-SA-2021-1810

Software: cairo 1.15.12 OS: Cobalt 7.9 CVE-ID: CVE-2018-18064 CVE-Crit: MEDIUM CVE-DESC: cairo before version 1.15.14 has an off-stack write while processing a generated document with WebKitGTK + due to interaction between cairo-rectangular-scan-converter.c generate and renderrows functions and...

Advisory ROSA-SA-2021-1809

Software: bolt 0.7 OS: Cobalt 7.9 CVE-ID: CVE-2015-7309 CVE-Crit: HIGH CVE-DESC: The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, allowing remote authenticated users to execute arbitrary code by renaming a created file and then directly accessing it...

Advisory ROSA-SA-2021-1808

Software: binutils 2.27 OS: Cobalt 7.9 CVE-ID: CVE-2017-12448 CVE-Crit: HIGH CVE-DESC: The bfdcacheclose function in bfd / cache.c in the Binary File Descriptor BFD library also known as libbfd distributed in GNU Binutils 2.29 and earlier allows remote attackers to invoke heap usage upon release...

Advisory ROSA-SA-2021-1807

Software: avahi 0.6.31 OS: Cobalt 7.9 CVE-ID: CVE-2021-26720 CVE-Crit: HIGH CVE-DESC: avahi-daemon-check-dns.sh in the Debian avahi package prior to version 0.8-4 is executed as root user via /etc/network/if-up.d/avahi-daemon and allows a local attacker to cause a denial of service or create...

Advisory ROSA-SA-2021-1806

Software: aspell 0.60.6.1 OS: Cobalt 7.9 CVE-ID: CVE-2019-20433 CVE-Crit: CRITICAL CVE-DESC: libaspell.a in GNU Aspell before 0.60.8 has a buffer reread for a string ending with one byte '\ 0' if the encoding is set to ucs-2 or ucs-4 outside the application. , as shown by the ASPELLCONF environme...

Advisory ROSA-SA-2021-1805

Software: ant 1.9.4 OS: Cobalt 7.9 CVE-ID: CVE-2020-1945 CVE-Crit: MEDIUM CVE-DESC: Apache Ant 1.1 through 1.9.14 and 1.10.0 through 1.10.7 uses the default temporary directory defined by the Java system property java.io.tmpdir for several tasks, and thus may leak sensitive information. The fixcr...

Advisory ROSA-SA-2021-1804

Software: accountservice 0.6.50 OS: Cobalt 7.9 CVE-ID: CVE-2020-16126 CVE-Crit: LOW CVE-DESC: Ubuntu-specific modification of AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, incorrectly removed ruid, allowing untrusted users to send signals to AccountsService,...

Advisory ROSA-SA-2021-1803

Software: bind 9.11.4 OS: Cobalt 7.9 CVE-ID: CVE-2018-5744 CVE-Crit: HIGH CVE-DESC: Memory release failure may occur when processing messages with a specific combination of EDNS parameters. Affected versions are BIND 9.10.7 - 9.10.8-P1, 9.11.3 - 9.11.5-P1, 9.12.0 - 9.12.3-P1 and versions 9.10.7-S...

Advisory ROSA-SA-2021-1802

Software: bash 4.2.46 OS: Cobalt 7.9 CVE-ID: CVE-2012-6711 CVE-Crit: HIGH CVE-DESC: A heap-based buffer overflow exists in GNU Bash before 4.3, when broad characters not supported by the current language standard set in the LCCTYPE environment variable are printed using the built-in echo function...