![]() ![]() Upgrade Alpine:3.12 git to version 2.26.3-r0 or higher. As always, it is best to avoid cloning repositories from untrusted sources. Likewise, if no clean/smudge filters such as Git LFS are configured globally (i.e. via git config -global core.symlinks false), the described attack won't work. As a workaound, if symbolic link support is disabled in Git (e.g. The problem has been patched in the versions published on Tuesday, March 9th, 2021. Git for Windows configures Git LFS by default, and is therefore vulnerable. Note that clean/smudge filters have to be configured for that. the default file systems on Windows and macOS). In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS, may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS, HFS+ or APFS (i.e. Git is an open-source distributed revision control system. See How to fix? for Alpine:3.12 relevant versions. Note: Versions mentioned in the description apply to the upstream git package. Upgrade Alpine:3.12 curl to version 7.77.0-r0 or higher. ![]() When using that memory, libcurl might even call a function pointer in the object, making it possible for a remote code execution if the server could somehow manage to get crafted memory content into the correct place in memory. If the connection is used by multiple transfers (like with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection) that first transfer object might be freed before the new session is established on that connection and then the function will access a memory buffer that might be freed. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. ![]() A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. See How to fix? for Alpine:3.12 relevant versions.Ĭurl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. Note: Versions mentioned in the description apply to the upstream curl package. Upgrade Alpine:3.12 openssl to version 1.1.1l-r0 or higher. The location of the buffer is application dependent but is typically heap allocated. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out" parameter. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. Typically an application will call this function twice. In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Note: Versions mentioned in the description apply to the upstream openssl package. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |