proglottis Go wrapper 0.1.1之前版本(用于GPGME库)中存在资源管理错误漏洞。攻击者可利用该漏洞造成拒绝服务或执行任意代码。
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
https://github.com/containers/image/commit/4c7a23f82ef09127b0ff28366d1cf31316dd6cc1
来源:MISC
链接:https://github.com/proglottis/gpgme/pull/23
来源:MISC
链接:https://github.com/containers/image/commit/4c7a23f82ef09127b0ff28366d1cf31316dd6cc1
来源:MISC
链接:https://github.com/proglottis/gpgme/compare/v0.1.0...v0.1.1
来源:MISC
链接:https://bugzilla.redhat.com/show_bug.cgi?id=1795838
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H6P6SSNKN4H6GSEVROHBDXA64PX7EOED/
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KDBT77KV3U7BESJX3P4S4MPVDGRTAQA2/
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WXV7NZELYWRRCXATXU3FYD3G3WJT3WYM/
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2020:0679
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2020:0689
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2020:0697
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/156683/Red-Hat-Security-Advisory-2020-0679-01.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.1695/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/156715/Red-Hat-Security-Advisory-2020-0697-01.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.1582/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.2490/
来源:vigilance.fr
链接:https://vigilance.fr/vulnerability/GPGME-use-after-free-via-Proglottis-Go-Wrapper-GPG-Signature-Verification-31657
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.0914/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/157691/Red-Hat-Security-Advisory-2020-2027-01.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/157213/Red-Hat-Security-Advisory-2020-1402-01.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.2374/
来源:nvd.nist.gov
链接:https://nvd.nist.gov/vuln/detail/CVE-2020-8945
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/157055/Red-Hat-Security-Advisory-2020-0934-01.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/158630/Red-Hat-Security-Advisory-2020-3167-01.html
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/158485/Red-Hat-Security-Advisory-2020-2927-01.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.2567/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.0870/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/158405/Red-Hat-Security-Advisory-2020-2413-01.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.1168/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/157682/Red-Hat-Security-Advisory-2020-2117-01.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.1333/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/157544/Red-Hat-Security-Advisory-2020-1940-01.html
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.1664/