Parent Directory | Revision Log
MGASA-2021-0041: p11-kit-0.23.22-1.mga7
1 | type: security |
2 | subject: Updated p11-kit packages fix security vulnerabilities |
3 | CVE: |
4 | - CVE-2020-29361 |
5 | - CVE-2020-29362 |
6 | - CVE-2020-29363 |
7 | src: |
8 | 7: |
9 | core: |
10 | - p11-kit-0.23.22-1.mga7 |
11 | description: | |
12 | Multiple integer overflows have been discovered in the array allocations in |
13 | the p11-kit library and the p11-kit list command, where overflow checks are |
14 | missing before calling realloc or calloc (CVE-2020-29361). |
15 | |
16 | A heap-based buffer over-read has been discovered in the RPC protocol used by |
17 | the p11-kit server/remote commands and the client library. When the remote |
18 | entity supplies a byte array through a serialized PKCS#11 function call, the |
19 | receiving entity may allow the reading of up to 4 bytes of memory past the |
20 | heap allocation (CVE-2020-29362). |
21 | |
22 | A heap-based buffer overflow has been discovered in the RPC protocol used by |
23 | p11-kit server/remote commands and the client library. When the remote entity |
24 | supplies a serialized byte array in a CK_ATTRIBUTE, the receiving entity may |
25 | not allocate sufficient length for the buffer to store the deserialized value |
26 | (CVE-2020-29363). |
27 | references: |
28 | - https://bugs.mageia.org/show_bug.cgi?id=27853 |
29 | - https://github.com/p11-glue/p11-kit/security/advisories/GHSA-q4r3-hm6m-mvc2 |
30 | - https://github.com/p11-glue/p11-kit/security/advisories/GHSA-5wpq-43j2-6qwc |
31 | - https://github.com/p11-glue/p11-kit/security/advisories/GHSA-5j67-fw89-fp6x |
32 | - https://github.com/p11-glue/p11-kit/releases/tag/0.23.22 |
33 | - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4D5CLBYQ6GQU5KRRIBTSC4AOKNPX2JPE/ |
34 | ID: MGASA-2021-0041 |
ViewVC Help | |
Powered by ViewVC 1.1.30 |