ASA-2019-00662 – Git: Recursive submodule cloning allows using git directory twice with synonymous directory name written in .git/

When submodules are cloned recursively, under certain circumstances Git could be fooled into using the same Git directory twice. When using submodule paths that refer to the same file system entity (e.g. using the NTFS Alternate Data Streams attack mentioned in CVE-2019-1352 where files would be written to the `.git/` directory using a synonymous directory name), it was possible to "squat" on the `git~1` shortname on NTFS drives, opening attacks via `git~2`. This also affects Git when run as a Linux application inside the Windows Subsystem for Linux.

ASA-2019-00644 – Linux kernel: A memory leak in ql_alloc_large_buffers()

A memory leak in the ql_alloc_large_buffers() function in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux kernel allows local users to cause a denial of service (memory consumption) by triggering pci_dma_mapping_error() failures.

ASA-2019-00643 – Linux kernel: Two memory leaks in sja1105_static_config_upload()

Two memory leaks in the sja1105_static_config_upload() function in drivers/net/dsa/sja1105/sja1105_spi.c in the Linux kernel allow attackers to cause a denial of service (memory consumption) by triggering static_config_buf_prepare_for_upload() or sja1105_inhibit_tx() failures.