Bug 1180064 - (CVE-2020-29361) VUL-0: CVE-2020-29361: p11-kit: integer overflow when allocating memory for arrays or attributes and object identifiers
(CVE-2020-29361)
VUL-0: CVE-2020-29361: p11-kit: integer overflow when allocating memory for a...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Ludwig Nussel
Security Team bot
https://smash.suse.de/issue/273408/
CVSSv3.1:SUSE:CVE-2020-29361:7.5:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-12-15 17:39 UTC by Wolfgang Frisch
Modified: 2022-12-19 13:54 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Wolfgang Frisch 2020-12-15 17:39:06 UTC
CVE-2020-29361

There are multiple arithmetic overflow bugs when allocating memory for arrays, such as arrays of attributes and arrays of object identifiers. In some cases, these are reachable from the RPC protocol. This flaw could lead to a buffer overflow.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1903592
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29361
Comment 3 Ludwig Nussel 2021-05-17 11:49:06 UTC
Fixed in Factory by upgrade to 0.23.22
Comment 4 Gianluca Gabrielli 2021-07-28 12:57:56 UTC
Hi Ludwig,

SUSE:SLE-15:Update/p11-kit has not been addressed yet, could you please submit the fix?
Moreover, please do not close security issues from your side. Instead re-assign them back to the security team.
Comment 5 Ludwig Nussel 2021-07-28 13:12:42 UTC
sle15 does not include the server module. What's the attack vector?
Comment 8 Gianluca Gabrielli 2021-08-18 13:33:13 UTC
(In reply to Ludwig Nussel from comment #5)
> sle15 does not include the server module. What's the attack vector?

As for CVE-2020-29362 [0] I think that SUSE:SLE-12:Update/p11-kit, SUSE:SLE-12-SP3:Update/p11-kit and SUSE:SLE-15:Update/p11-kit might be affected. Accordingly to the related GHSA [1] the security bug exists for the `list` command as well for the p11-kit library. Can you confirm our package is not affected?

[0] https://bugzilla.suse.com/show_bug.cgi?id=1180065
[1] https://github.com/p11-glue/p11-kit/security/advisories/GHSA-q4r3-hm6m-mvc2
Comment 11 Swamp Workflow Management 2021-12-22 14:27:48 UTC
openSUSE-SU-2021:4154-1: An update that solves one vulnerability and has one errata is now available.

Category: security (important)
Bug References: 1180064,1187993
CVE References: CVE-2020-29361
JIRA References: 
Sources used:
openSUSE Leap 15.3 (src):    p11-kit-0.23.2-4.13.1
Comment 12 Swamp Workflow Management 2021-12-22 14:40:21 UTC
SUSE-SU-2021:4154-1: An update that solves one vulnerability and has one errata is now available.

Category: security (important)
Bug References: 1180064,1187993
CVE References: CVE-2020-29361
JIRA References: 
Sources used:
SUSE MicroOS 5.1 (src):    p11-kit-0.23.2-4.13.1
SUSE MicroOS 5.0 (src):    p11-kit-0.23.2-4.13.1
SUSE Manager Server 4.1 (src):    p11-kit-0.23.2-4.13.1
SUSE Manager Retail Branch Server 4.1 (src):    p11-kit-0.23.2-4.13.1
SUSE Manager Proxy 4.1 (src):    p11-kit-0.23.2-4.13.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    p11-kit-0.23.2-4.13.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    p11-kit-0.23.2-4.13.1
SUSE Linux Enterprise Server for SAP 15 (src):    p11-kit-0.23.2-4.13.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    p11-kit-0.23.2-4.13.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    p11-kit-0.23.2-4.13.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    p11-kit-0.23.2-4.13.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    p11-kit-0.23.2-4.13.1
SUSE Linux Enterprise Server 15-LTSS (src):    p11-kit-0.23.2-4.13.1
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (src):    p11-kit-0.23.2-4.13.1
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (src):    p11-kit-0.23.2-4.13.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    p11-kit-0.23.2-4.13.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    p11-kit-0.23.2-4.13.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    p11-kit-0.23.2-4.13.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    p11-kit-0.23.2-4.13.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    p11-kit-0.23.2-4.13.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    p11-kit-0.23.2-4.13.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    p11-kit-0.23.2-4.13.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    p11-kit-0.23.2-4.13.1
SUSE Enterprise Storage 7 (src):    p11-kit-0.23.2-4.13.1
SUSE Enterprise Storage 6 (src):    p11-kit-0.23.2-4.13.1
SUSE CaaS Platform 4.5 (src):    p11-kit-0.23.2-4.13.1
SUSE CaaS Platform 4.0 (src):    p11-kit-0.23.2-4.13.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 13 Swamp Workflow Management 2021-12-23 17:16:33 UTC
openSUSE-SU-2021:1611-1: An update that solves one vulnerability and has one errata is now available.

Category: security (important)
Bug References: 1180064,1187993
CVE References: CVE-2020-29361
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    p11-kit-0.23.2-lp152.7.3.1
Comment 17 Swamp Workflow Management 2022-02-03 20:18:11 UTC
SUSE-SU-2022:0323-1: An update that solves 6 vulnerabilities, contains one feature and has 5 fixes is now available.

Category: security (critical)
Bug References: 1089938,1139519,1158916,1180064,1182058,1191227,1192684,1193533,1193690,1194859,1195048
CVE References: CVE-2020-29361,CVE-2021-20316,CVE-2021-43566,CVE-2021-44141,CVE-2021-44142,CVE-2022-0336
JIRA References: SLE-23330
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    apparmor-2.8.2-56.6.3, p11-kit-0.23.2-8.3.2, samba-4.15.4+git.324.8332acf1a63-3.54.1, sssd-1.16.1-7.28.9
SUSE Linux Enterprise Server 12-SP5 (src):    apparmor-2.8.2-56.6.3, ca-certificates-1_201403302107-15.3.3, gnutls-3.4.17-8.4.1, libnettle-3.1-21.3.2, p11-kit-0.23.2-8.3.2, samba-4.15.4+git.324.8332acf1a63-3.54.1, sssd-1.16.1-7.28.9, yast2-samba-client-3.1.23-3.3.1
SUSE Linux Enterprise High Availability 12-SP5 (src):    samba-4.15.4+git.324.8332acf1a63-3.54.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 18 Marcus Meissner 2022-12-19 13:54:37 UTC
was done