ID

VAR-202012-1278

CVE

CVE-2020-8285

TITLE

curl  Recursion control vulnerability in

DESCRIPTION

curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. curl There is a recursive control vulnerability and an out-of-bounds write vulnerability.Denial of service (DoS) It may be put into a state. HAXX libcurl is an open source client-side URL transfer library developed by Haxx (HAXX) in Sweden. The product supports protocols such as FTP, SFTP, TFTP and HTTP. A security vulnerability exists in libcurl that could be exploited by an attacker to trigger a fatal error via libcurl's FTP wildcards, thereby triggering a denial of service. A security issue was found in curl versions 7.21.0 up to and including 7.73.0. libcurl offers a wildcard matching functionality, which allows a callback (set with CURLOPT_CHUNK_BGN_FUNCTION) to return information back to libcurl on how to handle a specific entry in a directory when libcurl iterates over a list of all available entries. When this callback returns CURL_CHUNK_BGN_FUNC_SKIP, to tell libcurl to not deal with that file, the internal function in libcurl then calls itself recursively to handle the next directory entry. If there's a sufficient amount of file entries and if the callback returns "skip" enough number of times, libcurl runs out of stack space. The exact amount will of course vary with platforms, compilers and other environmental factors. The content of the remote directory is not kept on the stack, so it seems hard for the malicious user to control exactly what data that overwrites the stack - however it remains a Denial-Of-Service vector as a malicious user who controls a server that a libcurl-using application works with under these premises can trigger a crash. Bugs fixed (https://bugzilla.redhat.com/): 1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve 1945703 - "Guest OS Info" availability in VMI describe is flaky 1958816 - [2.6.z] KubeMacPool fails to start due to OOM likely caused by a high number of Pods running in the cluster 1963275 - migration controller null pointer dereference 1965099 - Live Migration double handoff to virt-handler causes connection failures 1965181 - CDI importer doesn't report AwaitingVDDK like it used to 1967086 - Cloning DataVolumes between namespaces fails while creating cdi-upload pod 1967887 - [2.6.6] nmstate is not progressing on a node and not configuring vlan filtering that causes an outage for VMs 1969756 - Windows VMs fail to start on air-gapped environments 1970372 - Virt-handler fails to verify container-disk 1973227 - segfault in virt-controller during pdb deletion 1974084 - 2.6.6 containers 1975212 - No Virtual Machine Templates Found [EDIT - all templates are marked as depracted] 1975727 - [Regression][VMIO][Warm] The third precopy does not end in warm migration 1977756 - [2.6.z] PVC keeps in pending when using hostpath-provisioner 1982760 - [v2v] no kind VirtualMachine is registered for version \"kubevirt.io/v1\" i... 1986989 - OpenShift Virtualization 2.6.z cannot be upgraded to 4.8.0 initially deployed starting with <= 4.8 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: curl security and bug fix update Advisory ID: RHSA-2021:1610-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1610 Issue date: 2021-05-18 CVE Names: CVE-2020-8231 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 ==================================================================== 1. Summary: An update for curl is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP. Security Fix(es): * curl: FTP PASV command response can cause curl to connect to arbitrary host (CVE-2020-8284) * curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used (CVE-2020-8285) * curl: Inferior OCSP verification (CVE-2020-8286) * curl: Expired pointer dereference via multi API with CURLOPT_CONNECT_ONLY option set (CVE-2020-8231) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1868032 - CVE-2020-8231 curl: Expired pointer dereference via multi API with CURLOPT_CONNECT_ONLY option set 1873327 - libcurl: Segfault when HTTPS_PROXY and NO_PROXY is used together 1895391 - multiarch conflicts in libcurl-minimal 1902667 - CVE-2020-8284 curl: FTP PASV command response can cause curl to connect to arbitrary host 1902687 - CVE-2020-8285 curl: Malicious FTP server can trigger stack overflow when CURLOPT_CHUNK_BGN_FUNCTION is used 1906096 - CVE-2020-8286 curl: Inferior OCSP verification 1918692 - Body dropped from POST request when using proxy with NTLM authentication 6. Package List: Red Hat Enterprise Linux BaseOS (v. 8): Source: curl-7.61.1-18.el8.src.rpm aarch64: curl-7.61.1-18.el8.aarch64.rpm curl-debuginfo-7.61.1-18.el8.aarch64.rpm curl-debugsource-7.61.1-18.el8.aarch64.rpm curl-minimal-debuginfo-7.61.1-18.el8.aarch64.rpm libcurl-7.61.1-18.el8.aarch64.rpm libcurl-debuginfo-7.61.1-18.el8.aarch64.rpm libcurl-devel-7.61.1-18.el8.aarch64.rpm libcurl-minimal-7.61.1-18.el8.aarch64.rpm libcurl-minimal-debuginfo-7.61.1-18.el8.aarch64.rpm ppc64le: curl-7.61.1-18.el8.ppc64le.rpm curl-debuginfo-7.61.1-18.el8.ppc64le.rpm curl-debugsource-7.61.1-18.el8.ppc64le.rpm curl-minimal-debuginfo-7.61.1-18.el8.ppc64le.rpm libcurl-7.61.1-18.el8.ppc64le.rpm libcurl-debuginfo-7.61.1-18.el8.ppc64le.rpm libcurl-devel-7.61.1-18.el8.ppc64le.rpm libcurl-minimal-7.61.1-18.el8.ppc64le.rpm libcurl-minimal-debuginfo-7.61.1-18.el8.ppc64le.rpm s390x: curl-7.61.1-18.el8.s390x.rpm curl-debuginfo-7.61.1-18.el8.s390x.rpm curl-debugsource-7.61.1-18.el8.s390x.rpm curl-minimal-debuginfo-7.61.1-18.el8.s390x.rpm libcurl-7.61.1-18.el8.s390x.rpm libcurl-debuginfo-7.61.1-18.el8.s390x.rpm libcurl-devel-7.61.1-18.el8.s390x.rpm libcurl-minimal-7.61.1-18.el8.s390x.rpm libcurl-minimal-debuginfo-7.61.1-18.el8.s390x.rpm x86_64: curl-7.61.1-18.el8.x86_64.rpm curl-debuginfo-7.61.1-18.el8.i686.rpm curl-debuginfo-7.61.1-18.el8.x86_64.rpm curl-debugsource-7.61.1-18.el8.i686.rpm curl-debugsource-7.61.1-18.el8.x86_64.rpm curl-minimal-debuginfo-7.61.1-18.el8.i686.rpm curl-minimal-debuginfo-7.61.1-18.el8.x86_64.rpm libcurl-7.61.1-18.el8.i686.rpm libcurl-7.61.1-18.el8.x86_64.rpm libcurl-debuginfo-7.61.1-18.el8.i686.rpm libcurl-debuginfo-7.61.1-18.el8.x86_64.rpm libcurl-devel-7.61.1-18.el8.i686.rpm libcurl-devel-7.61.1-18.el8.x86_64.rpm libcurl-minimal-7.61.1-18.el8.i686.rpm libcurl-minimal-7.61.1-18.el8.x86_64.rpm libcurl-minimal-debuginfo-7.61.1-18.el8.i686.rpm libcurl-minimal-debuginfo-7.61.1-18.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-8231 https://access.redhat.com/security/cve/CVE-2020-8284 https://access.redhat.com/security/cve/CVE-2020-8285 https://access.redhat.com/security/cve/CVE-2020-8286 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYKPto9zjgjWX9erEAQh16A/7Byq8RPmIFM/cXYG93ASi4Zv7hnzQcC2N jmLQXZ6zcISfUgPHrd4ePRczWL/dqdF1qGqtcef0pvnR7WBF6FnKbptGthqgicis T8HKx8wf79RmEXvqenIsLOFCqzoyHOqcBWAmLIjG/w90QiVBd3H/OzPn59WlR27l ulmkFd76mr2CuU05aTTxKA5B7uL9SdDSFB6Ee/9iU9PSq/BqEOuKKcIiReyLwLDt 9x8OII61xtl/rukO3QsBclY5tWBfjx4Ja5gRq5+MWYUvZuGfiT0HnrPCzjbim8Xk ZEPVfYAjGnp9JN2SZCCvjb5DuF6l0AWCG6m8J6kuB4xujJN6v62+QjZ4dcOKB5DH RCZhqk8HRE3uT7vTrnaHvilsOPjKip+NNoxKLBrwIYpbdLx0t1tMGO5obP+jrOmU +2YOcwxaHQZZd2RQP8iK5JsZaTDhzzeWv/g5vYBu+kb1LcBy1x7uwE+yVfbYBgiR 1+coyOfOzjdkaVoaRcJnC9ETKLuWqaWmy/pdWRHKyhtNT3+LF4zK2hMPmYReh1gE hDSR7YcDtnOgpiSIxHDzSQwQSyYwACdOtU5nnr2ZYO2ppm3nTHuXTzmD9YcijQru m2BWtKQTPBdGBbEVoBpYN6OxSC5DkNh53D6e1hzxpb6kIRRyiiinLdNIHVlCJCtW 1dg/uh2h6WQ=FWND -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description: Windows Container Support for Red Hat OpenShift allows you to deploy Windows container workloads running on Windows Server containers. Bug Fix(es): * WMCO patch pub-key-hash annotation to Linux node (BZ#1945248) * LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath (BZ#1952917) * Telemetry info not completely available to identify windows nodes (BZ#1955319) * WMCO incorrectly shows node as ready after a failed configuration (BZ#1956412) * kube-proxy service terminated unexpectedly after recreated LB service (BZ#1963263) 3. Solution: For Windows Machine Config Operator upgrades, see the following documentation: https://docs.openshift.com/container-platform/4.7/windows_containers/window s-node-upgrades.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1945248 - WMCO patch pub-key-hash annotation to Linux node 1946538 - CVE-2021-25736 kubernetes: LoadBalancer Service type don't create a HNS policy for empty or invalid external loadbalancer IP, what could lead to MITM 1952917 - LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath 1955319 - Telemetry info not completely available to identify windows nodes 1956412 - WMCO incorrectly shows node as ready after a failed configuration 1963263 - kube-proxy service terminated unexpectedly after recreated LB service 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-04-26-2 macOS Big Sur 11.3 macOS Big Sur 11.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212325. APFS Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: A logic issue was addressed with improved state management. CVE-2021-1853: Gary Nield of ECSC Group plc and Tim Michaud(@TimGMichaud) of Zoom Video Communications AppleMobileFileIntegrity Available for: macOS Big Sur Impact: A malicious application may be able to bypass Privacy preferences Description: An issue in code signature validation was addressed with improved checks. CVE-2021-1849: Siguza Apple Neural Engine Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1867: Zuozhi Fan (@pattern_F_) and Wish Wu(吴潍浠) of Ant Group Tianqiong Security Lab Archive Utility Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: A logic issue was addressed with improved state management. CVE-2021-1810: an anonymous researcher Audio Available for: macOS Big Sur Impact: An application may be able to read restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2021-1808: JunDong Xie of Ant Security Light-Year Lab CFNetwork Available for: macOS Big Sur Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A memory initialization issue was addressed with improved memory handling. CVE-2021-1857: an anonymous researcher CoreAudio Available for: macOS Big Sur Impact: Processing a maliciously crafted audio file may disclose restricted memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1846: JunDong Xie of Ant Security Light-Year Lab CoreAudio Available for: macOS Big Sur Impact: A malicious application may be able to read restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2021-1809: JunDong Xie of Ant Security Light-Year Lab CoreFoundation Available for: macOS Big Sur Impact: A malicious application may be able to leak sensitive user information Description: A validation issue was addressed with improved logic. CVE-2021-30659: Thijs Alkemade of Computest CoreGraphics Available for: macOS Big Sur Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2021-1847: Xuwei Liu of Purdue University CoreText Available for: macOS Big Sur Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: A logic issue was addressed with improved state management. CVE-2021-1811: Xingwei Lin of Ant Security Light-Year Lab curl Available for: macOS Big Sur Impact: An attacker may provide a fraudulent OCSP response that would appear valid Description: This issue was addressed with improved checks. CVE-2020-8286: an anonymous researcher curl Available for: macOS Big Sur Impact: A remote attacker may be able to cause a denial of service Description: A buffer overflow was addressed with improved input validation. CVE-2020-8285: xnynx DiskArbitration Available for: macOS Big Sur Impact: A malicious application may be able to modify protected parts of the file system Description: A permissions issue existed in DiskArbitration. This was addressed with additional ownership checks. CVE-2021-1784: Mikko Kenttälä (@Turmio_) of SensorFu, Csaba Fitzl (@theevilbit) of Offensive Security, and an anonymous researcher FaceTime Available for: macOS Big Sur Impact: Muting a CallKit call while ringing may not result in mute being enabled Description: A logic issue was addressed with improved state management. CVE-2021-1872: Siraj Zaneer of Facebook FontParser Available for: macOS Big Sur Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1881: an anonymous researcher, Xingwei Lin of Ant Security Light-Year Lab, Mickey Jin of Trend Micro, and Hou JingYi (@hjy79425575) of Qihoo 360 Foundation Available for: macOS Big Sur Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved validation. CVE-2021-1882: Gabe Kirkpatrick (@gabe_k) Foundation Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: A validation issue was addressed with improved logic. CVE-2021-1813: Cees Elzinga Heimdal Available for: macOS Big Sur Impact: Processing maliciously crafted server messages may lead to heap corruption Description: This issue was addressed with improved checks. CVE-2021-1883: Gabe Kirkpatrick (@gabe_k) Heimdal Available for: macOS Big Sur Impact: A remote attacker may be able to cause a denial of service Description: A race condition was addressed with improved locking. CVE-2021-1884: Gabe Kirkpatrick (@gabe_k) ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-1880: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30653: Ye Zhang of Baidu Security CVE-2021-1814: Ye Zhang of Baidu Security, Mickey Jin & Qi Sun of Trend Micro, and Xingwei Lin of Ant Security Light-Year Lab CVE-2021-1843: Ye Zhang of Baidu Security ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1885: CFF of Topsec Alpha Team ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-1858: Mickey Jin of Trend Micro Installer Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: This issue was addressed with improved handling of file metadata. CVE-2021-30658: Wojciech Reguła (@_r3ggi) of SecuRing Intel Graphics Driver Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-1841: Jack Dates of RET2 Systems, Inc. CVE-2021-1834: ABC Research s.r.o. working with Trend Micro Zero Day Initiative Kernel Available for: macOS Big Sur Impact: A malicious application may be able to disclose kernel memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2021-1860: @0xalsr Kernel Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: A memory corruption issue was addressed with improved validation. CVE-2021-1840: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved state management. CVE-2021-1851: @0xalsr Kernel Available for: macOS Big Sur Impact: Copied files may not have the expected file permissions Description: The issue was addressed with improved permissions logic. CVE-2021-1832: an anonymous researcher Kernel Available for: macOS Big Sur Impact: A malicious application may be able to disclose kernel memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30660: Alex Plaskett libxpc Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: A race condition was addressed with additional validation. CVE-2021-30652: James Hutchins libxslt Available for: macOS Big Sur Impact: Processing a maliciously crafted file may lead to heap corruption Description: A double free issue was addressed with improved memory management. CVE-2021-1875: Found by OSS-Fuzz Login Window Available for: macOS Big Sur Impact: A malicious application with root privileges may be able to access private information Description: This issue was addressed with improved entitlements. CVE-2021-1824: Wojciech Reguła (@_r3ggi) of SecuRing Notes Available for: macOS Big Sur Impact: Locked Notes content may have been unexpectedly unlocked Description: A logic issue was addressed with improved state management. CVE-2021-1859: Syed Ali Shuja (@SyedAliShuja) of Colour King Pvt. Ltd NSRemoteView Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-1876: Matthew Denton of Google Chrome Preferences Available for: macOS Big Sur Impact: A local user may be able to modify protected parts of the file system Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2021-1815: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) CVE-2021-1739: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) CVE-2021-1740: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) Safari Available for: macOS Big Sur Impact: A malicious website may be able to track users by setting state in a cache Description: An issue existed in determining cache occupancy. The issue was addressed through improved logic. CVE-2021-1861: Konstantinos Solomos of University of Illinois at Chicago Safari Available for: macOS Big Sur Impact: A malicious website may be able to force unnecessary network connections to fetch its favicon Description: A logic issue was addressed with improved state management. CVE-2021-1855: Håvard Mikkelsen Ottestad of HASMAC AS SampleAnalysis Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: A logic issue was addressed with improved state management. CVE-2021-1868: Tim Michaud of Zoom Communications smbx Available for: macOS Big Sur Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An integer overflow was addressed with improved input validation. CVE-2021-1878: Aleksandar Nikolic of Cisco Talos (talosintelligence.com) System Preferences Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: A logic issue was addressed with improved state management. CVE-2021-30657: an anonymous researcher tcpdump Available for: macOS Big Sur Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2020-8037: an anonymous researcher Time Machine Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: The issue was addressed with improved permissions logic. CVE-2021-1839: Tim Michaud(@TimGMichaud) of Zoom Video Communications and Gary Nield of ECSC Group plc WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: An input validation issue was addressed with improved input validation. CVE-2021-1825: Alex Camboe of Aon’s Cyber Solutions WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2021-1817: an anonymous researcher WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved restrictions. CVE-2021-1826: an anonymous researcher WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2021-1820: an anonymous researcher WebKit Storage Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: A use after free issue was addressed with improved memory management. CVE-2021-30661: yangkang(@dnpushme) of 360 ATA WebRTC Available for: macOS Big Sur Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: A use after free issue was addressed with improved memory management. CVE-2020-7463: Megan2013678 Wi-Fi Available for: macOS Big Sur Impact: An application may be able to cause unexpected system termination or write kernel memory Description: A memory corruption issue was addressed with improved validation. CVE-2021-1828: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab Wi-Fi Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2021-1829: Tielei Wang of Pangu Lab Wi-Fi Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with system privileges Description: The issue was addressed with improved permissions logic. CVE-2021-30655: Gary Nield of ECSC Group plc and Tim Michaud(@TimGMichaud) of Zoom Video Communications and Wojciech Reguła (@_r3ggi) of SecuRing Windows Server Available for: macOS Big Sur Impact: A malicious application may be able to unexpectedly leak a user's credentials from secure text fields Description: An API issue in Accessibility TCC permissions was addressed with improved state management. CVE-2021-1873: an anonymous researcher Installation note: This update may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCHO0UACgkQZcsbuWJ6 jjA/XA/7BDDpbLo0btLbUrps6ELmcqFZhpvhuekw8Yd3jVeJihLcJGJpY38ZCcne srCJHuXPzlk3ex0bVkKNRrB04xF0vCA4TEBsJ495754PAKWrxmlx0Ce8zg4h+ey/ cMTaUgfB1sgOFO8kJCKJurCjhyQ3Xj5c5xa8/zxlKoAgI36PmhZsCoXC6KD+5mqn QCRF0kE/y0QSfsq13j4grLGMXLS4pkAJRMWvDiEliYDTw3pOul7ZDOwxLEyucVTv fE60H7ff7jfPbDcQ4yEgEbla40+YZYwl9Sv4zxIU2OBPva6HLbA+PXxk4F1QX7eA ECrfycMSIbQKZ2phryENZCcrX5DN4M/VcGIHq4ujF2CXBJymSWV0O5k5K0GzZ0Ko T2Zr2LOOunvHGrYy0okholNYb0iMA09dvwuDdEGr+vhLZhq1BBbmThhNEnArl7mE /fx2bvaS3o8TxGuh7mbeFK9q5Tafxe5Qhwgz9pnAtqBC8z1NgQoetk9pKPNDIsNY t3/7Xcix+fs28YOjmxPTpntud0EGSjxXm4g0bDbsU922iV1Z3ncgOvd//IzPXniS v4IqR/gPbhg+c2CGoaezD91sE5onLuMmFCogkUyftGHnN0EueKMjI+3fmyG4l4d1 0C3to6hKJNmTm56RgxwfVVOeVnsPF490s9LUYzO4ZUbaQHIuDfo= =9+Ju -----END PGP SIGNATURE----- . Description: Red Hat OpenShift Serverless 1.17.0 release of the OpenShift Serverless Operator. This version of the OpenShift Serverless Operator is supported on Red Hat OpenShift Container Platform versions 4.6, 4.7 and 4.8, and includes security and bug fixes and enhancements. Security Fix(es): * golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558) * golang: net: lookup functions may return invalid host names (CVE-2021-33195) * golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197) * golang: match/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198) * golang: encoding/xml: infinite loop when using xml.NewTokenDecoder with a custom TokenReader (CVE-2021-27918) * golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525) * golang: archive/zip: malformed archive may cause panic or memory exhaustion (CVE-2021-33196) It was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed in RHSA for Serverless client kn 1.16.0. This has been fixed (CVE-2021-3703). Solution: See the Red Hat OpenShift Container Platform 4.6 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/ 4.6/html/serverless/index See the Red Hat OpenShift Container Platform 4.7 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/ 4.7/html/serverless/index See the Red Hat OpenShift Container Platform 4.8 documentation at: https://access.redhat.com/documentation/en-us/openshift_container_platform/ 4.8/html/serverless/index 4. Bugs fixed (https://bugzilla.redhat.com/): 1983596 - CVE-2021-34558 golang: crypto/tls: certificate of wrong type is causing TLS client to panic 1983651 - Release of OpenShift Serverless Serving 1.17.0 1983654 - Release of OpenShift Serverless Eventing 1.17.0 1989564 - CVE-2021-33195 golang: net: lookup functions may return invalid host names 1989570 - CVE-2021-33197 golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty 1989575 - CVE-2021-33198 golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents 1992955 - CVE-2021-3703 serverless: incomplete fix for CVE-2021-27918 / CVE-2021-31525 / CVE-2021-33196 5

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

TYPE

overflow, code execution, xss

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2025-11-19T21:28:16.529000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE