From f8ba23384dfb9a493bc572e39fcc151f2da4a54c Mon Sep 17 00:00:00 2001 From: albert Date: Fri, 19 Apr 2024 13:05:09 +0900 Subject: [PATCH] Testing --- nixos/hosts/framework-server/default.nix | 1 + .../hosts/framework-server/docker/default.nix | 6 + .../docker/external/default.nix | 5 + .../docker/internal/default.nix | 5 + .../docker/internal/it-tools.nix | 37 + out.txt | 1083 +++++++++++++++++ 6 files changed, 1137 insertions(+) create mode 100644 nixos/hosts/framework-server/docker/default.nix create mode 100644 nixos/hosts/framework-server/docker/external/default.nix create mode 100644 nixos/hosts/framework-server/docker/internal/default.nix create mode 100644 nixos/hosts/framework-server/docker/internal/it-tools.nix create mode 100644 out.txt diff --git a/nixos/hosts/framework-server/default.nix b/nixos/hosts/framework-server/default.nix index 83b935a8..fc0aaf1e 100644 --- a/nixos/hosts/framework-server/default.nix +++ b/nixos/hosts/framework-server/default.nix @@ -14,6 +14,7 @@ ./wireguard.nix ./cron.nix ./firewall.nix + ./docker ]; environment.systemPackages = [ diff --git a/nixos/hosts/framework-server/docker/default.nix b/nixos/hosts/framework-server/docker/default.nix new file mode 100644 index 00000000..9278f790 --- /dev/null +++ b/nixos/hosts/framework-server/docker/default.nix @@ -0,0 +1,6 @@ +{}: { + import = [ + ./internal + ./external + ]; +} diff --git a/nixos/hosts/framework-server/docker/external/default.nix b/nixos/hosts/framework-server/docker/external/default.nix new file mode 100644 index 00000000..0c5407bc --- /dev/null +++ b/nixos/hosts/framework-server/docker/external/default.nix @@ -0,0 +1,5 @@ +{}: { + imports = [ + + ]; +} diff --git a/nixos/hosts/framework-server/docker/internal/default.nix b/nixos/hosts/framework-server/docker/internal/default.nix new file mode 100644 index 00000000..ee96251a --- /dev/null +++ b/nixos/hosts/framework-server/docker/internal/default.nix @@ -0,0 +1,5 @@ +{}: { + imports = [ + ./it-tools.nix + ]; +} diff --git a/nixos/hosts/framework-server/docker/internal/it-tools.nix b/nixos/hosts/framework-server/docker/internal/it-tools.nix new file mode 100644 index 00000000..fb71c559 --- /dev/null +++ b/nixos/hosts/framework-server/docker/internal/it-tools.nix @@ -0,0 +1,37 @@ +{ ... }: { + virtualisation.oci-containers.containers."it-tools" = { + image = "docker.io/fredliang/derper"; + container_name = "it-tools"; + log-driver = "journald"; + restart = "always"; + depends_on = [ + "promtail" + "traefik-int" + ]; + labels = { + type = "internal"; + traefik = { + enable = true; + docker.network = "sysctlio_default"; + http = { + routers.it-tools = { + tls.enable = "true"; + tls.certresolver = "letsencrypt-int"; + entrypoints = "web-secure-int"; + rule = "Host(`sysctl.io`)"; + }; + services.it-tools = { + loadbalancer.server.port = 80; + }; + }; + }; + # Flame Configs + flame = { + icon = "home"; + type = "app"; + url = "https://sysctl.io"; + name = "Cyberchef"; + }; + }; + }; +} diff --git a/out.txt b/out.txt new file mode 100644 index 00000000..04450ae8 --- /dev/null +++ b/out.txt @@ -0,0 +1,1083 @@ +103 derivations with active advisories + +------------------------------------------------------------------------ +SDL_ttf-2.0.11 + +/nix/store/6akg13v13jh95wlcwyl8n5z7kx8hh8g5-SDL_ttf-2.0.11.drv +CVE CVSSv3 Description +https://nvd.nist.gov/vuln/detail/CVE-2022-27470 7.8 SDL_ttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTF_RenderText_Solid(). This vulnerability is triggered via a crafted TTF file. + +------------------------------------------------------------------------ +ShellCheck-0.9.0 + +/nix/store/plbp71qisk34jql6nx0w24nhgh75vq80-ShellCheck-0.9.0.drv +CVE CVSSv3 Description +https://nvd.nist.gov/vuln/detail/CVE-2021-28794 9.8 The unofficial ShellCheck extension before 0.13.4 for Visual Studio Code mishandles shellcheck.executablePath. + +------------------------------------------------------------------------ +ShellCheck-0.9.0-r1.cabal + +/nix/store/iy8p12sn2na90ra4fm6kjh13hjxp4hh7-ShellCheck-0.9.0-r1.cabal.drv +CVE CVSSv3 Description +https://nvd.nist.gov/vuln/detail/CVE-2021-28794 9.8 The unofficial ShellCheck extension before 0.13.4 for Visual Studio Code mishandles shellcheck.executablePath. + +------------------------------------------------------------------------ +accountsservice-23.13.9 + +/nix/store/ckcfyb0q0kcfh1jvskcahb7gkhba9qga-accountsservice-23.13.9.drv +CVE CVSSv3 Description +https://nvd.nist.gov/vuln/detail/CVE-2023-3297 7.8 In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process. + +------------------------------------------------------------------------ +allegro-4.4.3.1 + +/nix/store/1wx6nli6mfdrba040lmnvp1lam8qkr71-allegro-4.4.3.1.drv +CVE CVSSv3 Description +https://nvd.nist.gov/vuln/detail/CVE-2021-36489 6.5 Buffer Overflow vulnerability in Allegro through 5.2.6 allows attackers to cause a denial of service via crafted PCX/TGA/BMP files to allegro_image addon. + +------------------------------------------------------------------------ +async-2.2.4 + +/nix/store/bdwmf22xshkavaq72ldpqbgisrcdsqv2-async-2.2.4.drv +CVE CVSSv3 Description +https://nvd.nist.gov/vuln/detail/CVE-2021-43138 7.8 In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution. + +------------------------------------------------------------------------ +async-2.2.4-r4.cabal + +/nix/store/8ycx860g0yw19iqxw0xyas3n7136wqz0-async-2.2.4-r4.cabal.drv +CVE CVSSv3 Description +https://nvd.nist.gov/vuln/detail/CVE-2021-43138 7.8 In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution. + +------------------------------------------------------------------------ +audiofile-0.3.6 + +/nix/store/17ppapcm6q8ssyzimnpzzafmc8y22h4b-audiofile-0.3.6.drv +CVE CVSSv3 Description +https://nvd.nist.gov/vuln/detail/CVE-2020-18781 5.5 Heap buffer overflow vulnerability in FilePOSIX::read in File.cpp in audiofile 0.3.6 may cause denial-of-service via a crafted wav file, this bug can be triggered by the executable sfconvert. + +------------------------------------------------------------------------ +avahi-0.8 + +/nix/store/kmqkzy8gpacyvd3ydbdw23nr7hb69f5g-avahi-0.8.drv +CVE CVSSv3 Description +https://nvd.nist.gov/vuln/detail/CVE-2021-26720 7.8 avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects the packaging for Debian GNU/Linux (used indirectly by SUSE), not the upstream Avahi product. + +------------------------------------------------------------------------ +avahi-0.8 + +/nix/store/18kmmcbrv14145a2sa6aw47h3ydjzqla-avahi-0.8.drv +CVE CVSSv3 Description +https://nvd.nist.gov/vuln/detail/CVE-2021-26720 7.8 avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects the packaging for Debian GNU/Linux (used indirectly by SUSE), not the upstream Avahi product. + +------------------------------------------------------------------------ +bind-9.18.24 + +/nix/store/a712l6j41g0nk13s6zpscqxp2nsyd525-bind-9.18.24.drv +CVE CVSSv3 Description +https://nvd.nist.gov/vuln/detail/CVE-2019-6470 7.5 There had existed in one of the ISC BIND libraries a bug in a function that was used by dhcpd when operating in DHCPv6 mode. There was also a bug in dhcpd relating to the use of this function per its documentation, but the bug in the library function prevented this from causing any harm. All releases of dhcpd from ISC contain copies of this, and other, BIND libraries in combinations that have been tested prior to release and are known to not present issues like this. Some third-party packagers of ISC software have modified the dhcpd source, BIND source, or version matchup in ways that create the crash potential. Based on reports available to ISC, the crash probability is large and no analysis has been done on how, or even if, the probability can be manipulated by an attacker. Affects: Builds of dhcpd versions prior to version 4.4.1 when using BIND versions 9.11.2 or later, or BIND versions with specific bug fixes backported to them. ISC does not have access to comprehensive version lists for all repackagings of dhcpd that are vulnerable. In particular, builds from other vendors may also be affected. Operators are advised to consult their vendor documentation. + +------------------------------------------------------------------------ +binutils-2.40 + +/nix/store/i9nabsm6h43ang88m4d1af872z1818wn-binutils-2.40.drv +CVE CVSSv3 Description +https://nvd.nist.gov/vuln/detail/CVE-2023-25585 5.5 A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service. +https://nvd.nist.gov/vuln/detail/CVE-2023-25586 5.5 A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service. +https://nvd.nist.gov/vuln/detail/CVE-2023-25588 5.5 A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service. + +------------------------------------------------------------------------ +busybox-1.36.1 + +/nix/store/gwxmydaymm8bkildq804m0118kiaw2k5-busybox-1.36.1.drv +CVE CVSSv3 Description +https://nvd.nist.gov/vuln/detail/CVE-2023-42363 5.5 A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1. +https://nvd.nist.gov/vuln/detail/CVE-2023-42364 5.5 A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function. +https://nvd.nist.gov/vuln/detail/CVE-2023-42365 5.5 A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function. +https://nvd.nist.gov/vuln/detail/CVE-2023-42366 5.5 A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159. + +------------------------------------------------------------------------ +cereal-0.5.8.3 + +/nix/store/s81gj7d0j563bk9m0rrv4z7fbyhkazj5-cereal-0.5.8.3.drv +CVE CVSSv3 Description +https://nvd.nist.gov/vuln/detail/CVE-2020-11105 9.8 An issue was discovered in USC iLab cereal through 1.3.0. It employs caching of std::shared_ptr values, using the raw pointer address as a unique identifier. This becomes problematic if an std::shared_ptr variable goes out of scope and is freed, and a new std::shared_ptr is allocated at the same address. Serialization fidelity thereby becomes dependent upon memory layout. In short, serialized std::shared_ptr variables cannot always be expected to serialize back into their original values. This can have any number of consequences, depending on the context within which this manifests. +https://nvd.nist.gov/vuln/detail/CVE-2020-11104 5.3 An issue was discovered in USC iLab cereal through 1.3.0. Serialization of an (initialized) C/C++ long double variable into a BinaryArchive or PortableBinaryArchive leaks several bytes of stack or heap memory, from which sensitive information (such as memory layout or private keys) can be gleaned if the archive is distributed outside of a trusted context. + +------------------------------------------------------------------------ +commonmark-0.2.4 + +/nix/store/ch3bvlgqs0km63ap6pcagka4a579jsp1-commonmark-0.2.4.drv +CVE CVSSv3 Description +https://nvd.nist.gov/vuln/detail/CVE-2019-10010 6.1 Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library before 0.18.3 allows remote attackers to insert unsafe links into HTML by using double-encoded HTML entities that are not properly escaped during rendering, a different vulnerability than CVE-2018-20583. + +------------------------------------------------------------------------ +coreutils-9.4 + +/nix/store/anqn1bi6n9rrlvk9n2j2ykbbjpbnaycb-coreutils-9.4.drv +CVE CVSSv3 Description +https://nvd.nist.gov/vuln/detail/CVE-2024-0684 5.5 A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service. + +------------------------------------------------------------------------ +cpio-0.3.0 + +/nix/store/1dcpqff189g2v8iwc2gb2gnx6fj77id9-cpio-0.3.0.drv +CVE CVSSv3 Description +https://nvd.nist.gov/vuln/detail/CVE-2021-38185 7.8 GNU cpio through 2.13 allows attackers to execute arbitrary code via a crafted pattern file, because of a dstring.c ds_fgetstr integer overflow that triggers an out-of-bounds heap write. NOTE: it is unclear whether there are common cases where the pattern file, associated with the -E option, is untrusted data. +https://nvd.nist.gov/vuln/detail/CVE-2019-14866 7.3 In all versions of cpio before 2.13 does not properly validate input files when generating TAR archives. When cpio is used to create TAR archives from paths an attacker can write to, the resulting archive may contain files with permissions the attacker did not have or in paths he did not have access to. Extracting those archives from a high-privilege user without carefully reviewing them may lead to the compromise of the system. + +------------------------------------------------------------------------ +crossbeam-0.8.2 + +/nix/store/jz87ydpr92hq1vfdsc6wy2xka58kckm3-crossbeam-0.8.2.drv +CVE CVSSv3 Description +https://nvd.nist.gov/vuln/detail/CVE-2022-23639 8.1 crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that the alignment of `{i,u}64` was always the same as `Atomic{I,U}64`. However, the alignment of `{i,u}64` on a 32-bit target can be smaller than `Atomic{I,U}64`. This can cause unaligned memory accesses and data race. Crates using `fetch_*` methods with `AtomicCell<{i,u}64>` are affected by this issue. 32-bit targets without `Atomic{I,U}64` and 64-bit targets are not affected by this issue. This has been fixed in crossbeam-utils 0.8.7. There are currently no known workarounds. + +------------------------------------------------------------------------ +cups-2.4.7 + +/nix/store/mwv0lz8nqcw1gzb25azss97w6fc3l8wy-cups-2.4.7.drv +CVE CVSSv3 Description +https://nvd.nist.gov/vuln/detail/CVE-2022-26691 6.7 A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges. + +------------------------------------------------------------------------ +curl-0.4.44 + +/nix/store/ym1798z3jrbd4id2ihrincdljnix4kqk-curl-0.4.44.drv +CVE CVSSv3 Description +https://nvd.nist.gov/vuln/detail/CVE-2022-32221 9.8 When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST. +https://nvd.nist.gov/vuln/detail/CVE-2019-5443 7.8 A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can do anything it wants. +https://nvd.nist.gov/vuln/detail/CVE-2022-27781 7.5 libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation. +https://nvd.nist.gov/vuln/detail/CVE-2022-27782 7.5 libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily. +https://nvd.nist.gov/vuln/detail/CVE-2023-28319 7.5 A use after free vulnerability exists in curl alphabet_size variable in the read_vlc_prefix() function. +https://nvd.nist.gov/vuln/detail/CVE-2022-3341 5.3 A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an application to crash. + +------------------------------------------------------------------------ +ffmpeg-6.0 + +/nix/store/0ahfrgfyqy9s3xy87qsrrp9b4f0bilk8-ffmpeg-6.0.drv +CVE CVSSv3 Description +https://nvd.nist.gov/vuln/detail/CVE-2024-22860 9.8 Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder. +https://nvd.nist.gov/vuln/detail/CVE-2024-22862 9.8 Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the JJPEG XL Parser. +https://nvd.nist.gov/vuln/detail/CVE-2023-47470 7.8 Buffer Overflow vulnerability in Ffmpeg before github commit 4565747056a11356210ed8edcecb920105e40b60 allows a remote attacker to achieve an out-of-array write, execute arbitrary code, and cause a denial of service (DoS) via the ref_pic_list_struct function in libavcodec/evc_ps.c +https://nvd.nist.gov/vuln/detail/CVE-2024-22861 7.5 Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service (DoS) via the avcodec/osq module. +https://nvd.nist.gov/vuln/detail/CVE-2023-46407 5.5 FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size variable in the read_vlc_prefix() function. + +------------------------------------------------------------------------ +flex-2.6.4 + +/nix/store/icwmyxcn986n3fqv0bq551nkpkpik61j-flex-2.6.4.drv +CVE CVSSv3 Description +https://nvd.nist.gov/vuln/detail/CVE-2019-6293 5.5 An issue was discovered in the function mark_beginning_as_normal in nfa.c in flex 2.6.4. There is a stack exhaustion problem caused by the mark_beginning_as_normal function making recursive calls to itself in certain scenarios involving lots of '*' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service. + +------------------------------------------------------------------------ +fuse-2.9.9 + +/nix/store/831bxw4hqw5nkyrw22m0bplfj8wiwgl3-fuse-2.9.9.drv +CVE CVSSv3 Description +https://nvd.nist.gov/vuln/detail/CVE-2019-14860 6.5 It was found that the Syndesis configuration for Cross-Origin Resource Sharing was set to allow all origins. An attacker could use this lack of protection to conduct phishing attacks and further access unauthorized information. +https://nvd.nist.gov/vuln/detail/CVE-2019-14900 6.5 A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. + +------------------------------------------------------------------------ +fuse-2.9.9-closefrom-glibc-2-34.patch?id=8a970396fca7aca2d5a761b8e7a8242f1eef14c9 + +/nix/store/dvp4qz361cnkd2di3wklbpc4xb2s3q97-fuse-2.9.9-closefrom-glibc-2-34.patch?id=8a970396fca7aca2d5a761b8e7a8242f1eef14c9.drv +CVE CVSSv3 Description +https://nvd.nist.gov/vuln/detail/CVE-2019-14860 6.5 It was found that the Syndesis configuration for Cross-Origin Resource Sharing was set to allow all origins. An attacker could use this lack of protection to conduct phishing attacks and further access unauthorized information. +https://nvd.nist.gov/vuln/detail/CVE-2019-14900 6.5 A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. + +------------------------------------------------------------------------ +fuse-3.16.2 + +/nix/store/pxnpcbzwispj5sfz7fn25zi4y5x041fc-fuse-3.16.2.drv +CVE CVSSv3 Description +https://nvd.nist.gov/vuln/detail/CVE-2019-14860 6.5 It was found that the Syndesis configuration for Cross-Origin Resource Sharing was set to allow all origins. An attacker could use this lack of protection to conduct phishing attacks and further access unauthorized information. +https://nvd.nist.gov/vuln/detail/CVE-2019-14900 6.5 A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. + +------------------------------------------------------------------------ +gcc-12.3.0 + +/nix/store/dlx7agskbxlvnrwb3lcg31lb68fc7mpp-gcc-12.3.0.drv +CVE CVSSv3 Description +https://nvd.nist.gov/vuln/detail/CVE-2023-4039 4.8 + +**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains +that target AArch64 allows an attacker to exploit an existing buffer +overflow in dynamically-sized local variables in your application +without this being detected. This stack-protector failure only applies +to C99-style dynamically-sized local variables or those created using +alloca(). The stack-protector operates as intended for statically-sized +local variables. + +The default behavior when the stack-protector +detects an overflow is to terminate your application, resulting in +controlled loss of availability. An attacker who can exploit a buffer +overflow without triggering the stack-protector might be able to change +program flow control to cause an uncontrolled loss of availability or to + go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself. + + + + + + + +------------------------------------------------------------------------ +gcc-13.2.0 + +/nix/store/jmp1awmbs8sjcp7nvv5r050nmmrzmqga-gcc-13.2.0.drv +CVE CVSSv3 Description +https://nvd.nist.gov/vuln/detail/CVE-2023-4039 4.8 + +**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains +that target AArch64 allows an attacker to exploit an existing buffer +overflow in dynamically-sized local variables in your application +without this being detected. This stack-protector failure only applies +to C99-style dynamically-sized local variables or those created using +alloca(). The stack-protector operates as intended for statically-sized +local variables. + +The default behavior when the stack-protector +detects an overflow is to terminate your application, resulting in +controlled loss of availability. An attacker who can exploit a buffer +overflow without triggering the stack-protector might be able to change +program flow control to cause an uncontrolled loss of availability or to + go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself. + + + + + + + +------------------------------------------------------------------------ +git-2.42.0 + +/nix/store/80cd34r522r7j0lncjmd956mml2xi6vf-git-2.42.0.drv +CVE CVSSv3 Description +https://nvd.nist.gov/vuln/detail/CVE-2022-36882 8.8 A cross-site request forgery (CSRF) vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit. +https://nvd.nist.gov/vuln/detail/CVE-2022-30947 7.5 Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents. +https://nvd.nist.gov/vuln/detail/CVE-2022-36883 7.5 A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit. +https://nvd.nist.gov/vuln/detail/CVE-2022-38663 6.5 Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (`gitUsernamePassword`) credentials binding. +https://nvd.nist.gov/vuln/detail/CVE-2021-21684 6.1 Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability. +https://nvd.nist.gov/vuln/detail/CVE-2020-2136 5.4 Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability. +https://nvd.nist.gov/vuln/detail/CVE-2022-36884 5.3 The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository. +https://nvd.nist.gov/vuln/detail/CVE-2019-1003010 4.3 A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a workspace and attach corresponding metadata to a build record. + +------------------------------------------------------------------------ +git-2.44.0 + +/nix/store/n6ij928gx7850gw79fsmv853jqaizpl1-git-2.44.0.drv +CVE CVSSv3 Description +https://nvd.nist.gov/vuln/detail/CVE-2022-36882 8.8 A cross-site request forgery (CSRF) vulnerability in Jenkins Git Plugin 4.11.3 and earlier allows attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit. +https://nvd.nist.gov/vuln/detail/CVE-2022-30947 7.5 Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents. +https://nvd.nist.gov/vuln/detail/CVE-2022-36883 7.5 A missing permission check in Jenkins Git Plugin 4.11.3 and earlier allows unauthenticated attackers to trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit. +https://nvd.nist.gov/vuln/detail/CVE-2022-38663 6.5 Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (`gitUsernamePassword`) credentials binding. +https://nvd.nist.gov/vuln/detail/CVE-2021-21684 6.1 Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability. +https://nvd.nist.gov/vuln/detail/CVE-2020-2136 5.4 Jenkins Git Plugin 4.2.0 and earlier does not escape the error message for the repository URL for Microsoft TFS field form validation, resulting in a stored cross-site scripting vulnerability. +https://nvd.nist.gov/vuln/detail/CVE-2022-36884 5.3 The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository. +https://nvd.nist.gov/vuln/detail/CVE-2019-1003010 4.3 A cross-site request forgery vulnerability exists in Jenkins Git Plugin 3.9.1 and earlier in src/main/java/hudson/plugins/git/GitTagAction.java that allows attackers to create a Git tag in a workspace and attach corresponding metadata to a build record. + +------------------------------------------------------------------------ +glibc-2.34-fix.patch?rev=50 + +/nix/store/0qlkv3jvivllfliyiqgdnn1hpiz2ivac-glibc-2.34-fix.patch?rev=50.drv +CVE CVSSv3 Description +https://nvd.nist.gov/vuln/detail/CVE-2023-0687 9.8 A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier assigned to this vulnerability. NOTE: The real existence of this vulnerability is still doubted at the moment. The inputs that induce this vulnerability are basically addresses of the running application that is built with gmon enabled. It's basically trusted input or input that needs an actual security flaw to be compromised or controlled. +https://nvd.nist.gov/vuln/detail/CVE-2023-4911 7.8 A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. +https://nvd.nist.gov/vuln/detail/CVE-2021-3998 7.5 A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data. +https://nvd.nist.gov/vuln/detail/CVE-2023-5156 7.5 A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash. +https://nvd.nist.gov/vuln/detail/CVE-2023-4527 6.5 A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash. +https://nvd.nist.gov/vuln/detail/CVE-2023-4813 5.9 A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge. + +------------------------------------------------------------------------ +glibc-2.38-44 + +/nix/store/jd7m66pgl7kmd50hayh48q8i5w51mg3y-glibc-2.38-44.drv +CVE CVSSv3 Description +https://nvd.nist.gov/vuln/detail/CVE-2023-4911 7.8 A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. +https://nvd.nist.gov/vuln/detail/CVE-2023-6246 7.8 A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer. +https://nvd.nist.gov/vuln/detail/CVE-2023-5156 7.5 A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash. +https://nvd.nist.gov/vuln/detail/CVE-2023-6779 7.5 An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer. +https://nvd.nist.gov/vuln/detail/CVE-2023-4527 6.5 A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash. +https://nvd.nist.gov/vuln/detail/CVE-2023-6780 5.3 An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer. + +------------------------------------------------------------------------ +glibc-2.38-44-source-unsecvars + +/nix/store/sjf8mgjx4q49hyfaf5xdsiq2qpsfa229-glibc-2.38-44-source-unsecvars.drv +CVE CVSSv3 Description +https://nvd.nist.gov/vuln/detail/CVE-2023-4911 7.8 A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. +https://nvd.nist.gov/vuln/detail/CVE-2023-6246 7.8 A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer. +https://nvd.nist.gov/vuln/detail/CVE-2023-5156 7.5 A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash. +https://nvd.nist.gov/vuln/detail/CVE-2023-6779 7.5 An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer. +https://nvd.nist.gov/vuln/detail/CVE-2023-4527 6.5 A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash. +https://nvd.nist.gov/vuln/detail/CVE-2023-6780 5.3 An integer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a very long message, leading to an incorrect calculation of the buffer size to store the message, resulting in undefined behavior. This issue affects glibc 2.37 and newer. + +------------------------------------------------------------------------ +go-1.21.0-linux-amd64-bootstrap + +/nix/store/gc7683dxq87ab3330s5vgj33qwqrjxfd-go-1.21.0-linux-amd64-bootstrap.drv +CVE CVSSv3 Description +https://nvd.nist.gov/vuln/detail/CVE-2023-39320 9.8 The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules downloaded directly using VCS software. +https://nvd.nist.gov/vuln/detail/CVE-2023-39323 8.1 Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex. +https://nvd.nist.gov/vuln/detail/CVE-2023-39321 7.5 Processing an incomplete post-handshake message for a QUIC connection can cause a panic. +https://nvd.nist.gov/vuln/detail/CVE-2023-39322 7.5 QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. With fix, connections now consistently reject messages larger than 65KiB in size. +https://nvd.nist.gov/vuln/detail/CVE-2023-39325 7.5 A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function. +https://nvd.nist.gov/vuln/detail/CVE-2023-44487 7.5 The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. +https://nvd.nist.gov/vuln/detail/CVE-2023-39318 6.1 The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in