(https://nvd.nist.gov/vuln/detail/CVE-2019-12208): njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in njs_function_native_call in njs/njs_function.c. Gentoo Security Padawan (domhnall)
(https://nvd.nist.gov/vuln/detail/CVE-2019-12207): njs through 0.3.1, used in NGINX, has a heap-based buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. reference: https://github.com/nginx/njs/issues/168 (https://nvd.nist.gov/vuln/detail/CVE-2019-12206): njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in nxt_utf8_encode in nxt_utf8.c. reference: https://github.com/nginx/njs/issues/162
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5fdf3186cecdd5096f4da7cf89951db6956561b9 commit 5fdf3186cecdd5096f4da7cf89951db6956561b9 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2019-05-21 15:11:46 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2019-05-21 15:11:58 +0000 www-servers/nginx: security cleanup Bug: https://bugs.gentoo.org/686424 Package-Manager: Portage-2.3.66, Repoman-2.3.12 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> www-servers/nginx/Manifest | 6 - www-servers/nginx/nginx-1.14.2-r4.ebuild | 1089 ----------------------------- www-servers/nginx/nginx-1.15.12-r1.ebuild | 1089 ----------------------------- www-servers/nginx/nginx-1.16.0.ebuild | 1089 ----------------------------- 4 files changed, 3273 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=39515d7bd653357aa676db7ecec780ee41082772 commit 39515d7bd653357aa676db7ecec780ee41082772 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2019-05-21 15:11:12 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2019-05-21 15:11:57 +0000 www-servers/nginx: amd64 & x86 stable Bug: https://bugs.gentoo.org/686424 Package-Manager: Portage-2.3.66, Repoman-2.3.12 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> www-servers/nginx/nginx-1.16.0-r1.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6db7bd5b06933cb95f1c57f5c97d18ca3006d8ba commit 6db7bd5b06933cb95f1c57f5c97d18ca3006d8ba Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2019-05-21 15:09:25 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2019-05-21 15:11:56 +0000 www-servers/nginx: rev bump to bump 3rd party modules - nginScript module bumped to v0.3.2 - HTTP LUA module bumped to v0.10.15 Bug: https://bugs.gentoo.org/686424 Package-Manager: Portage-2.3.66, Repoman-2.3.12 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> www-servers/nginx/nginx-1.16.0-r1.ebuild | 1089 ++++++++++++++++++++++++++++++ 1 file changed, 1089 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=795099eac16f7bfad6c836e6c514c3efca5b2425 commit 795099eac16f7bfad6c836e6c514c3efca5b2425 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2019-05-21 15:07:41 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2019-05-21 15:11:55 +0000 www-servers/nginx: bump to v1.17.0 mainline - nginScript module bumped to v0.3.2 - HTTP LUA module bumped to v0.10.15 Bug: https://bugs.gentoo.org/686424 Package-Manager: Portage-2.3.66, Repoman-2.3.12 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> www-servers/nginx/Manifest | 3 + www-servers/nginx/nginx-1.17.0.ebuild | 1089 +++++++++++++++++++++++++++++++++ 2 files changed, 1092 insertions(+)
Problem was in njs extension. GLSA Vote: No Repository is clean, all done.
Not all fixed yet. This will become a tracking nightmare, upstream started fuzzing.
(In reply to Thomas Deutschmann from comment #4) > Not all fixed yet. This will become a tracking nightmare, upstream started > fuzzing. Let's disregard this as it was never explained which weren't fixed. No GLSA (like the other njs bugs), all done!