* CVE-2021-28906 Description: "In function read_yin_leaf() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags that results in a crash." https://github.com/CESNET/libyang/issues/1455 * CVE-2021-28905 Description: "In function lys_node_free() in libyang <= v1.0.225, it asserts that the value of node->module can't be NULL. But in some cases, node->module can be null, which triggers a reachable assertion (CWE-617)." https://github.com/CESNET/libyang/issues/1452 * CVE-2021-28904 Description: "In function ext_get_plugin() in libyang <= v1.0.225, it doesn't check whether the value of revision is NULL. If revision is NULL, the operation of strcmp(revision, ext_plugins[u].revision) will lead to a crash." https://github.com/CESNET/libyang/issues/1451 * CVE-2021-28903 Description: "A stack overflow in libyang <= v1.0.225 can cause a denial of service through function lyxml_parse_mem(). lyxml_parse_elem() function will be called recursively, which will consume stack space and lead to crash." https://github.com/CESNET/libyang/issues/1453 * CVE-2021-28902 Description: "In function read_yin_container() in libyang <= v1.0.225, it doesn't check whether the value of retval->ext[r] is NULL. In some cases, it can be NULL, which leads to the operation of retval->ext[r]->flags that results in a crash." https://github.com/CESNET/libyang/issues/1454
All look fixed(?) upstream, thanks!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a6491cbd55ee320a821c1f91aa08dda83071e1df commit a6491cbd55ee320a821c1f91aa08dda83071e1df Author: Jakov Smolic <jakov.smolic@sartura.hr> AuthorDate: 2021-05-24 13:22:38 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-05-26 12:34:56 +0000 net-libs/libyang: Seurity bump to 1.0.236 * Note that upstream didn't make a proper release, but has tagged version 1.0.236 in the commit, so let's just fetch the tarball using commit id Bug: https://bugs.gentoo.org/791373 Signed-off-by: Jakov Smolic <jakov.smolic@sartura.hr> Closes: https://github.com/gentoo/gentoo/pull/20966 Signed-off-by: Sam James <sam@gentoo.org> net-libs/libyang/Manifest | 1 + net-libs/libyang/libyang-1.0.236.ebuild | 46 +++++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+)
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please vote.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cd49db32c2ce99b6326819023a0358d7b184dbb5 commit cd49db32c2ce99b6326819023a0358d7b184dbb5 Author: Jakov Smolic <jakov.smolic@sartura.hr> AuthorDate: 2021-05-27 08:15:21 +0000 Commit: Sergey Popov <pinkbyte@gentoo.org> CommitDate: 2021-05-27 09:45:17 +0000 net-libs/libyang: Security cleanup Closes: https://github.com/gentoo/gentoo/pull/21005 Bug: https://bugs.gentoo.org/791373 Signed-off-by: Sergey Popov <pinkbyte@gentoo.org> Signed-off-by: Jakov Smolic <jakov.smolic@sartura.hr> net-libs/libyang/Manifest | 2 -- net-libs/libyang/libyang-1.0.215.ebuild | 46 --------------------------------- net-libs/libyang/libyang-1.0.225.ebuild | 44 ------------------------------- 3 files changed, 92 deletions(-)
GLSA request filed.
This issue was resolved and addressed in GLSA 202107-54 at https://security.gentoo.org/glsa/202107-54 by GLSA coordinator John Helmert III (ajak).
