Arch Linux 804 Published by

The following updates has been released for Arch Linux:

ASA-201910-6: unbound: denial of service
ASA-201910-7: chromium: multiple issues
ASA-201910-8: sdl: arbitrary code execution



ASA-201910-6: unbound: denial of service

Arch Linux Security Advisory ASA-201910-6
=========================================

Severity: High
Date : 2019-10-11
CVE-ID : CVE-2019-16866
Package : unbound
Type : denial of service
Remote : Yes
Link : https://security.archlinux.org/AVG-1042

Summary
=======

The package unbound before version 1.9.4-1 is vulnerable to denial of
service.

Resolution
==========

Upgrade to 1.9.4-1.

# pacman -Syu "unbound>=1.9.4-1"

The problem has been fixed upstream in version 1.9.4.

Workaround
==========

None.

Description
===========

Due to an error in parsing NOTIFY queries, it is possible for Unbound
from 1.7.1 up to and including 1.9.3 to continue processing malformed
queries and may ultimately result in a pointer dereference in
uninitialized memory. This results in a crash of the Unbound daemon.

Impact
======

A remote attacker might be able to crash the Unbound server via crafted
NOTIFY queries.

References
==========

https://www.nlnetlabs.nl/downloads/unbound/CVE-2019-16866.txt
https://github.com/NLnetLabs/unbound/commit/b60c4a472c856f0a98120b7259e991b3a6507eb5
https://security.archlinux.org/CVE-2019-16866


ASA-201910-7: chromium: multiple issues

Arch Linux Security Advisory ASA-201910-7
=========================================

Severity: High
Date : 2019-10-11
CVE-ID : CVE-2019-13693 CVE-2019-13694 CVE-2019-13695 CVE-2019-13696
CVE-2019-13697
Package : chromium
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-1043

Summary
=======

The package chromium before version 77.0.3865.120-1 is vulnerable to
multiple issues including arbitrary code execution and information
disclosure.

Resolution
==========

Upgrade to 77.0.3865.120-1.

# pacman -Syu "chromium>=77.0.3865.120-1"

The problems have been fixed upstream in version 77.0.3865.120.

Workaround
==========

None.

Description
===========

- CVE-2019-13693 (arbitrary code execution)

A use-after-free vulnerability has been found in the IndexedDB
component of the chromium browser before 77.0.3865.120.

- CVE-2019-13694 (arbitrary code execution)

A use-after-free vulnerability has been found in the WebRTC component
of the chromium browser before 77.0.3865.120.

- CVE-2019-13695 (arbitrary code execution)

A use-after-free vulnerability has been found in the audio component of
the chromium browser before 77.0.3865.120.

- CVE-2019-13696 (arbitrary code execution)

A use-after-free vulnerability has been found in the V8 component of
the chromium browser before 77.0.3865.120.

- CVE-2019-13697 (information disclosure)

A cross-origin size leak vulnerability has been found in the chromium
browser before 77.0.3865.120.

Impact
======

A remote attacker can access sensitive information or execute arbitrary
code on the affected host.

References
==========

https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html
https://crbug.com/1005753
https://crbug.com/1005251
https://crbug.com/1004730
https://crbug.com/1000635
https://crbug.com/990849
https://security.archlinux.org/CVE-2019-13693
https://security.archlinux.org/CVE-2019-13694
https://security.archlinux.org/CVE-2019-13695
https://security.archlinux.org/CVE-2019-13696
https://security.archlinux.org/CVE-2019-13697


ASA-201910-8: sdl: arbitrary code execution

Arch Linux Security Advisory ASA-201910-8
=========================================

Severity: High
Date : 2019-10-11
CVE-ID : CVE-2019-7572 CVE-2019-7573 CVE-2019-7574 CVE-2019-7575
CVE-2019-7576 CVE-2019-7577 CVE-2019-7578 CVE-2019-7635
CVE-2019-7636 CVE-2019-7637 CVE-2019-7638 CVE-2019-13616
Package : sdl
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-890

Summary
=======

The package sdl before version 1.2.15-13 is vulnerable to arbitrary
code execution.

Resolution
==========

Upgrade to 1.2.15-13.

# pacman -Syu "sdl>=1.2.15-13"

The problems have been fixed upstream but no release is available yet.

Workaround
==========

None.

Description
===========

- CVE-2019-7572 (arbitrary code execution)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c.

- CVE-2019-7573 (arbitrary code execution)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c
(inside the wNumCoef loop).

- CVE-2019-7574 (arbitrary code execution)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c.

- CVE-2019-7575 (arbitrary code execution)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c.

- CVE-2019-7576 (arbitrary code execution)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c
(outside the wNumCoef loop).

- CVE-2019-7577 (arbitrary code execution)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c.

- CVE-2019-7578 (arbitrary code execution)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c.

- CVE-2019-7635 (arbitrary code execution)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c.

- CVE-2019-7636 (arbitrary code execution)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c.

- CVE-2019-7637 (arbitrary code execution)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c.

- CVE-2019-7638 (arbitrary code execution)

SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has
a heap-based buffer over-read in Map1toN in video/SDL_pixels.c.

- CVE-2019-13616 (arbitrary code execution)

A heap-based buffer overflow was discovered in SDL in the
SDL_BlitCopy() function, that was called while copying an existing
surface into a new optimized one, due to lack of validation while
loading a BMP image in the SDL_LoadBMP_RW() function. An application
that uses SDL to parse untrusted input files may be vulnerable to this
flaw, which could allow an attacker to make the application crash or
possibly execute code.

Impact
======

An attacker can execute arbitrary code on the affected host via a
crafted audio, image or video file.

References
==========

https://bugzilla.libsdl.org/show_bug.cgi?id=4495
https://discourse.libsdl.org/t/vulnerabilities-found-in-libsdl-1-2-15-and-sdl2/25720
https://hg.libsdl.org/SDL/rev/e52413f52586
https://hg.libsdl.org/SDL/rev/a8afedbcaea0
https://bugzilla.libsdl.org/show_bug.cgi?id=4491
https://hg.libsdl.org/SDL/rev/388987dff7bf
https://hg.libsdl.org/SDL/rev/f9a9d6c76b21
https://bugzilla.libsdl.org/show_bug.cgi?id=4496
https://hg.libsdl.org/SDL/rev/a6e3d2f5183e
https://bugzilla.libsdl.org/show_bug.cgi?id=4493
https://hg.libsdl.org/SDL/rev/a936f9bd3e38
https://bugzilla.libsdl.org/show_bug.cgi?id=4490
https://bugzilla.libsdl.org/show_bug.cgi?id=4492
https://hg.libsdl.org/SDL/rev/faf9bbcfb5f
https://hg.libsdl.org/SDL/rev/416136310b88
https://bugzilla.libsdl.org/show_bug.cgi?id=4494
https://bugzilla.libsdl.org/show_bug.cgi?id=4498
https://hg.libsdl.org/SDL/rev/7c643f1c1887
https://hg.libsdl.org/SDL/rev/f1f5878be5db
https://bugzilla.libsdl.org/show_bug.cgi?id=4499
https://hg.libsdl.org/SDL/rev/19d8c3b9c251
https://hg.libsdl.org/SDL/rev/07c39cbbeacf
https://bugzilla.libsdl.org/show_bug.cgi?id=4497
https://hg.libsdl.org/SDL/rev/9b0e5c555c0f
https://bugzilla.libsdl.org/show_bug.cgi?id=4500
https://bugzilla.libsdl.org/show_bug.cgi?id=4538
https://hg.libsdl.org/SDL/rev/ad1bbfbca760
https://security.archlinux.org/CVE-2019-7572
https://security.archlinux.org/CVE-2019-7573
https://security.archlinux.org/CVE-2019-7574
https://security.archlinux.org/CVE-2019-7575
https://security.archlinux.org/CVE-2019-7576
https://security.archlinux.org/CVE-2019-7577
https://security.archlinux.org/CVE-2019-7578
https://security.archlinux.org/CVE-2019-7635
https://security.archlinux.org/CVE-2019-7636
https://security.archlinux.org/CVE-2019-7637
https://security.archlinux.org/CVE-2019-7638
https://security.archlinux.org/CVE-2019-13616a