2.9.9

(2022-08-11)

What’s New

  • (ENGDTR-3220) Upgraded Synopsys scanner to version 2022.6.0.

Bug fixes

  • (FIELD-4537) Fixed the invalid documentation links that are embedded in MSR vulnerability scan warnings.

Security

  • Updated Golang to version 1.17.13 to resolve vulnerabilities. For more information, refer to the following announcements for versions 1.17.12 and 1.17.13.

  • Resolved CVEs, as detailed:

    CVE

    Status

    Problem details from upstream

    CVE-2022-29458

    Resolved

    ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.

    CVE-2022-29155

    Resolved

    In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, an SQL injection vulnerability exists in the experimental back-sql back end to slapd, through an SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping.

    CVE-2022-34265

    Resolved

    An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected.

    CVE-2022-2274

    Resolved

    The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048-bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption, an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048-bit RSA private keys running on machines that support AVX512IFMA instructions of the X86_64 architecture are affected by this issue.

    CVE-2015-20107

    Resolved

    In Python (aka CPython) through 3.10.4, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided file names or arguments).

    CVE-2022-30065

    Resolved

    A use-after-free in Busybox 1.35-x’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function.

    CVE-2022-27782

    Resolved

    libcurl would reuse a previously created connection even when a TLS or SSH-related option had been changed that should have prohibited reuse. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, several TLS and SSH settings were left out from the configuration match checks, making them match too easily.

    CVE-2022-27781

    Resolved

    libcurl provides the CURLOPT_CERTINFO option to allow applications to request details to be returned about a server’s certificate chain. Due to an erroneous function, a malicious server could make libcurl built with NSS get stuck in a never-ending busy-loop when trying to retrieve that information.

    CVE-2022-32148

    Resolved

    No description is available for this CVE.

    CVE-2022-30631

    Resolved

    No description is available for this CVE.

    CVE-2022-30633

    Resolved

    No description is available for this CVE.

    CVE-2022-28131

    Resolved

    No description is available for this CVE.

    CVE-2022-30635

    Resolved

    No description is available for this CVE.

    CVE-2022-30632

    Resolved

    No description is available for this CVE.

    CVE-2022-30630

    Resolved

    No description is available for this CVE.

    CVE-2022-1962

    Resolved

    No description is available for this CVE.

    CVE-2022-32189

    Resolved

    No description is available for this CVE.

    CVE-2022-1996

    Not vulnerable 1

    Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.

    CVE-2021-41556

    False positive

    sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read in the core interpreter that can lead to code execution. If a victim executes an attacker-controlled squirrel script, it is possible for the attacker to break out of the squirrel script sandbox even if all dangerous functionality such as file system functions have been disabled. An attacker might abuse this bug to target, for example, cloud services that allow customization using SquirrelScripts, or distribute malware through video games that embed a Squirrel Engine.

    1

    The issue is likely to be triggered in software that uses a CORS filter, which MSR does not.