1) CVE-2020-6071 Description: "An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the compression pointer is followed without checking for recursion, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability." URL: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0994 2) CVE-2020-6072 Description: "An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rr_decode function's return value is not checked, leading to a double free that could be exploited to execute arbitrary code. An attacker can send an mDNS message to trigger this vulnerability." URL: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0995 3) CVE-2020-6073 Description: "An exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing the RDATA section in a TXT record in mDNS messages, multiple integer overflows can be triggered, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability." URL: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0996 4) CVE-2020-6077 Description: "An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages, the implementation does not properly keep track of the available data in the message, possibly leading to an out-of-bounds read that would result in a denial of service. An attacker can send an mDNS message to trigger this vulnerability." URL: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1000 5) CVE-2020-6078 Description: "An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages in mdns_recv, the return value of the mdns_read_header function is not checked, leading to an uninitialized variable usage that eventually results in a null pointer dereference, leading to service crash. An attacker can send a series of mDNS messages to trigger this vulnerability." URL: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1001 6) CVE-2020-6079 Description: "An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through decoding of the domain name performed by rr_decode." URL: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1002 7) CVE-2020-6080 Description: "An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through the function rr_read_RR [5] reads the current resource record, except for the RDATA section. This is read by the loop at in rr_read. For each RR type, a different function is called. When the RR type is 0x10, the function rr_read_TXT is called at [6]." URL: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1002
@maintainer(s), please create an appropriate ebuild.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9d41fe2bbcddc03ff2f97b979c302778b494021b commit 9d41fe2bbcddc03ff2f97b979c302778b494021b Author: Adam Feldman <NP-Hardass@gentoo.org> AuthorDate: 2020-04-11 20:15:51 +0000 Commit: Adam Feldman <NP-Hardass@gentoo.org> CommitDate: 2020-04-11 20:16:33 +0000 net-libs/libmicrodns: Bump to 0.1.2 Bug: https://bugs.gentoo.org/714606 Package-Manager: Portage-2.3.96, Repoman-2.3.21 Signed-off-by: Adam Feldman <NP-Hardass@gentoo.org> net-libs/libmicrodns/Manifest | 1 + net-libs/libmicrodns/libmicrodns-0.1.2.ebuild | 35 +++++++++++++++++++++++++++ net-libs/libmicrodns/libmicrodns-9999.ebuild | 24 +++++++++++------- 3 files changed, 51 insertions(+), 9 deletions(-)
arm64 stable
ppc stable
ppc64 stable
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please vote.
Resetting sanity check; keywords are not fully specified and arches are not CC-ed.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=93473e2cd16939d513bc064738f4d639e513dd5c commit 93473e2cd16939d513bc064738f4d639e513dd5c Author: Adam Feldman <NP-Hardass@gentoo.org> AuthorDate: 2020-04-14 21:46:47 +0000 Commit: Adam Feldman <NP-Hardass@gentoo.org> CommitDate: 2020-04-14 21:46:47 +0000 net-libs/libmicrodns: Drop old Bug: https://bugs.gentoo.org/714606 Package-Manager: Portage-2.3.96, Repoman-2.3.21 Signed-off-by: Adam Feldman <NP-Hardass@gentoo.org> net-libs/libmicrodns/Manifest | 1 - net-libs/libmicrodns/libmicrodns-0.0.9.ebuild | 31 --------------------------- 2 files changed, 32 deletions(-)
Thanks all.
(here, it looks like stable kw were carried forward and cleanup is already done, so we will just wait on glsa? for now).
CVE-2020-6080 (https://nvd.nist.gov/vuln/detail/CVE-2020-6080): An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through the function rr_read_RR [5] reads the current resource record, except for the RDATA section. This is read by the loop at in rr_read. For each RR type, a different function is called. When the RR type is 0x10, the function rr_read_TXT is called at [6]. CVE-2020-6079 (https://nvd.nist.gov/vuln/detail/CVE-2020-6079): An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through decoding of the domain name performed by rr_decode. CVE-2020-6078 (https://nvd.nist.gov/vuln/detail/CVE-2020-6078): An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages in mdns_recv, the return value of the mdns_read_header function is not checked, leading to an uninitialized variable usage that eventually results in a null pointer dereference, leading to service crash. An attacker can send a series of mDNS messages to trigger this vulnerability. CVE-2020-6077 (https://nvd.nist.gov/vuln/detail/CVE-2020-6077): An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages, the implementation does not properly keep track of the available data in the message, possibly leading to an out-of-bounds read that would result in a denial of service. An attacker can send an mDNS message to trigger this vulnerability. CVE-2020-6073 (https://nvd.nist.gov/vuln/detail/CVE-2020-6073): An exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing the RDATA section in a TXT record in mDNS messages, multiple integer overflows can be triggered, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability. CVE-2020-6072 (https://nvd.nist.gov/vuln/detail/CVE-2020-6072): An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rr_decode function's return value is not checked, leading to a double free that could be exploited to execute arbitrary code. An attacker can send an mDNS message to trigger this vulnerability. CVE-2020-6071 (https://nvd.nist.gov/vuln/detail/CVE-2020-6071): An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the compression pointer is followed without checking for recursion, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability.
This issue was resolved and addressed in GLSA 202005-10 at https://security.gentoo.org/glsa/202005-10 by GLSA coordinator Thomas Deutschmann (whissi).
