DLA 3226-1: cgal security update
-------------------------------------------------------------------------
Debian LTS Advisory DLA-3226-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Helmut Grohne
December 06, 2022 https://wiki.debian.org/LTS
-------------------------------------------------------------------------
Package : cgal
Version : 4.13-1+deb10u1
CVE ID : CVE-2020-28601 CVE-2020-28602 CVE-2020-28603 CVE-2020-28604
CVE-2020-28605 CVE-2020-28606 CVE-2020-28607 CVE-2020-28608
CVE-2020-28609 CVE-2020-28610 CVE-2020-28611 CVE-2020-28612
CVE-2020-28613 CVE-2020-28614 CVE-2020-28615 CVE-2020-28616
CVE-2020-28617 CVE-2020-28618 CVE-2020-28619 CVE-2020-28620
CVE-2020-28621 CVE-2020-28622 CVE-2020-28623 CVE-2020-28624
CVE-2020-28625 CVE-2020-28626 CVE-2020-28627 CVE-2020-28628
CVE-2020-28629 CVE-2020-28630 CVE-2020-28631 CVE-2020-28632
CVE-2020-28633 CVE-2020-28634 CVE-2020-28635 CVE-2020-28636
CVE-2020-35628 CVE-2020-35629 CVE-2020-35630 CVE-2020-35631
CVE-2020-35632 CVE-2020-35633 CVE-2020-35634 CVE-2020-35635
CVE-2020-35636
Debian Bug : 985671
When parsing files containing Nef polygon data, several memory access
violations may happen. Many of these allow code execution.
CVE-2020-28601
A code execution vulnerability exists in the Nef polygon-parsing
functionality of CGAL. An oob read vulnerability exists in
Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of[] OOB read.
An attacker can provide malicious input to trigger this
vulnerability.
CVE-2020-28602
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionality of CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_2/PM_io_parser.h PM_io_parser::read_vertex()
Halfedge_of[].
CVE-2020-28603
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionality of CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_2/PM_io_parser.h PM_io_parser::read_hedge() e->set_prev().
CVE-2020-28604
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionality of CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_2/PM_io_parser.h PM_io_parser::read_hedge() e->set_next().
CVE-2020-28605
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionality of CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read exists in
Nef_2/PM_io_parser.h PM_io_parser::read_hedge()
e->set_vertex().
CVE-2020-28606
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_2/PM_io_parser.h PM_io_parser::read_hedge() e->set_face().
CVE-2020-28607
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_2/PM_io_parser.h PM_io_parser::read_face() set_halfedge().
CVE-2020-28608
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_2/PM_io_parser.h PM_io_parser::read_face() store_fc().
CVE-2020-28609
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_2/PM_io_parser.h PM_io_parser::read_face() store_iv().
CVE-2020-28610
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SM_io_parser.h SM_io_parser::read_vertex()
set_face().
CVE-2020-28611
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SM_io_parser.h SM_io_parser::read_vertex()
set_first_out_edge().
CVE-2020-28612
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_vertex()
vh->svertices_begin().
CVE-2020-28613
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_vertex()
vh->svertices_last().
CVE-2020-28614
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_vertex()
vh->shalfedges_begin().
CVE-2020-28615
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_vertex()
vh->shalfedges_last().
CVE-2020-28616
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_vertex()
vh->sfaces_begin().
CVE-2020-28617
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_vertex()
vh->sfaces_last().
CVE-2020-28618
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_vertex()
vh->shalfloop().
CVE-2020-28619
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_edge() eh->twin().
CVE-2020-28620
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_edge()
eh->center_vertex():.
CVE-2020-28621
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_edge()
eh->out_sedge().
CVE-2020-28622
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_edge()
eh->incident_sface().
CVE-2020-28623
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_facet() fh->twin().
CVE-2020-28624
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_facet()
fh->boundary_entry_objects SEdge_of.
CVE-2020-28625
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_facet()
fh->boundary_entry_objects SLoop_of.
CVE-2020-28626
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_facet()
fh->incident_volume().
CVE-2020-28627
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_volume()
ch->shell_entry_objects().
CVE-2020-28628
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_volume() seh->twin().
CVE-2020-28629
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_sedge() seh->sprev().
CVE-2020-28630
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_sedge() seh->snext().
CVE-2020-28631
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_sedge() seh->source().
CVE-2020-28632
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_sedge()
seh->incident_sface().
CVE-2020-28633
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_sedge() seh->prev().
CVE-2020-28634
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_sedge() seh->next().
CVE-2020-28635
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_sedge() seh->facet().
CVE-2020-28636
A code execution vulnerability exists in the Nef polygon-parsing
functionalityof CGAL. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->twin() An
attacker can provide malicious input to trigger this vulnerability.
CVE-2020-35628
A code execution vulnerability exists in the Nef polygon-parsing
functionalityof CGAL. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop()
slh->incident_sface. An attacker can provide malicious input to
trigger this vulnerability.
CVE-2020-35629
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->facet().
CVE-2020-35630
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface()
sfh->center_vertex().
CVE-2020-35631
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface()
SD.link_as_face_cycle().
CVE-2020-35632
Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface()
sfh->boundary_entry_objects Edge_of.
CVE-2020-35633
A code execution vulnerability exists in the Nef polygon-parsing
functionalityof CGAL. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface()
store_sm_boundary_item() Edge_of.A specially crafted malformed file
can lead to an out-of-bounds read and type confusion, which could
lead to code execution. An attacker can provide malicious input to
trigger this vulnerability.
CVE-2020-35634
A code execution vulnerability exists in the Nef polygon-parsing
functionalityof CGAL. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface()
sfh->boundary_entry_objects Sloop_of. A specially crafted malformed
file can lead to an out-of-bounds read and type confusion, which
could lead to code execution. An attacker can provide malicious input
to trigger this vulnerability.
CVE-2020-35635
A code execution vulnerability exists in the Nef polygon-parsing
functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h
SNC_io_parser::read_sface() store_sm_boundary_item() Sloop_of OOB
read. A specially crafted malformed file can lead to an out-of-bounds
read and type confusion, which could lead to code execution. An
attacker can provide malicious input to trigger this vulnerability.
CVE-2020-35636
A code execution vulnerability exists in the Nef polygon-parsing
functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h
SNC_io_parser::read_sface() sfh->volume() OOB read. A specially
crafted malformed file can lead to an out-of-bounds read and type
confusion, which could lead to code execution. An attacker can
provide malicious input to trigger this vulnerability.
For Debian 10 buster, these problems have been fixed in version
4.13-1+deb10u1.
We recommend that you upgrade your cgal packages.
For the detailed security status of cgal please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/cgal
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
A cgal security update has been released for Debian GNU/Linux 10 LTS to address several memory access violations.