ASA-2019-00478 – PowerDNS Authoritative Server: Denial of service via crafted zone records

An issue has been found in PowerDNS Authoritative Server allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit when it tries to store the notified serial in the PostgreSQL database, if this serial cannot be represented in 31 bits.

ASA-2019-00477 – OpenSSL: Windows builds with insecure path defaults

OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in TLS. This directory is most commonly referred to as OPENSSLDIR, and is configurable with the --prefix / --openssldir configuration options. For OpenSSL versions 1.1.0 and 1.1.1, the mingw configuration targets assume that resulting programs and libraries are installed in a Unix-like environment and the default prefix for program installation as well as for OPENSSLDIR should be '/usr/local'. However, mingw programs are Windows programs, and as such, find themselves looking at sub-directories of 'C:/usr/local', which may be world writable, which enables untrusted users to modify OpenSSL's default configuration, insert CA certificates, modify (or even replace) existing engine modules, etc.

ASA-2019-00476 – GLPI: Stored Cross-Site Scripting (XSS) in the profile picture name

It has been discovered that GLPI does not sanitize the profile picture name which can be used to inject malicious HTML and JavaScript code inside the page. If an administrator access the profile, it can be used to interact with the GLPI instance with the administrator profile and perform sensitive actions such as add the low privileges account to the Super-Admin group.

ASA-2019-00474 – Mikrotik RouterOS: Stack exhaustion via recuring parsing of JSON

This vulnerability is similar to the CVE-2018-1158. An authenticated user communicating with the www binary can trigger a stack exhaustion vulnerability via recursive parsing of JSON containing message type M.

ASA-2019-00473 – Mikrotik RouterOS: Memory exhaustion via a crafted POST request

This vulnerability is similiar to the CVE-2018-1157. An authenticated user can cause the www binary to consume all memory via a crafted POST request to /jsproxy/upload. It's because of the incomplete fix for the CVE-2018-1157.

ASA-2019-00472 – FreeBSD: File descriptor reference count leak

If a process attempts to transmit rights over a UNIX-domain socket and an error causes the attempt to fail, references acquired on the rights are not released and are leaked. This bug can be used to cause the reference counter to wrap around and free the corresponding file structure. A local user can exploit the bug to gain root privileges or escape from a jail.

ASA-2019-00471 – FreeBSD: Bhyve out-of-bounds read in XHCI device

The pci_xhci_device_doorbell() function does not validate the 'epid' and 'streamid' provided by the guest, leading to an out-of-bounds read. A misbehaving bhyve guest could crash the system or access memory that it should not be able to.