SB2019091163 - Out-of-bounds read in firefox-esr (Alpine package)
Published: September 11, 2019 Updated: January 17, 2022
Security Bulletin ID
SB2019091163
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2019-15903)
The vulnerability allows a remote attacker to gain access to potentially sensitive information or perform denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing XML documents within the expat library. A remote attacker can create a specially crafted XML file, pass it to the affected application, trigger out-of-bounds read error and read contents of memory on the system or crash the affected application.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=0369f89e24eb199e5ab53e57fe3e146ad74f4b5a
- https://git.alpinelinux.org/aports/commit/?id=b1371f86b0a24e94bb792cecce20428086ca00b8
- https://git.alpinelinux.org/aports/commit/?id=b9c639e03673ba5972f16271c575b155853d71b7
- https://git.alpinelinux.org/aports/commit/?id=af0d1d1edd77beb85efb9bbf0ad15000eb319170
- https://git.alpinelinux.org/aports/commit/?id=c01f27f5016fb801d36ffea67177a9f2f6b6f784
- https://git.alpinelinux.org/aports/commit/?id=881a54816216d011d1d27286df2693851c86caef
- https://git.alpinelinux.org/aports/commit/?id=40a4951871b0a2e718de6a07e0772730fc280d06
- https://git.alpinelinux.org/aports/commit/?id=e9bd8a37793b2737c60e8aabb4e30540de6420cc
- https://git.alpinelinux.org/aports/commit/?id=795c32179f1238f33dd64c4fab4a8e94d9017368
- https://git.alpinelinux.org/aports/commit/?id=05e5fbf809000e016eee3fdfdaffb6e39a4956fd
- https://git.alpinelinux.org/aports/commit/?id=190b36f9a208145ae20d54cea9575ebd14bbb213
- https://git.alpinelinux.org/aports/commit/?id=bb3e7ac09ba2b7a07cbf46deb00cff51e3037758
- https://git.alpinelinux.org/aports/commit/?id=f99152b5f555bb218d0f31324ab58d589fc9c68a
- https://git.alpinelinux.org/aports/commit/?id=80209a8a1410935deaa223ea13b77b1679bd8e1d
- https://git.alpinelinux.org/aports/commit/?id=9a9372b3f091845ba6a028b2ab8b0a6dcb937275