ASA-2020-00045 – WhatsApp Desktop: A security feature bypass issue could have allowed for sandbox escape

A security feature bypass issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed for sandbox escape in Electron and escalation of privilege if combined with a remote code execution vulnerability inside the sandboxed renderer process.

ASA-2020-00039 – Linux kernel: SELinux netlink permission check bypass due to SELinux incorrectly assume that an skb would only contain a single netlink message

A flaw was found in the Linux kernels SELinux LSM hook implementation, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing.

ASA-2019-00271 – FreeBSD: ICMP/ICMP6 packet filter bypass in pf

pf(4) is an Internet Protocol packet filter originally written for OpenBSD. In addition to filtering packets, it also has packet normalization capabilities. States in pf(4) let ICMP and ICMP6 packets pass if they have a packet in their payload matching an existing condition. pf(4) does not check if the outer ICMP or ICMP6 packet has the same destination IP as the source IP of the inner protocol packet. A maliciously crafted ICMP/ICMP6 packet could bypass the packet filter rules and be passed to a host that would otherwise be unavailable.

ASA-2019-00270 – FreeBSD: IPv6 fragment reassembly panic in pf(4)

A bug in the pf(4) IPv6 fragment reassembly logic incorrectly uses the last extension header offset from the last received packet instead of from the first packet. Malicious IPv6 packets with different IPv6 extensions could cause a kernel panic or potentially a filtering rule bypass. Only systems leveraging the pf(4) firewall and include packet scrubbing using the recommended 'scrub all in' or similar are affected.

ASA-2019-00234 – BIND: Limiting simultaneous TCP clients is ineffective

By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The number of allowed connections is a tunable parameter which, if unset, defaults to a conservative value for most servers. Unfortunately, the code which was intended to limit the number of simultaneous connections contains an error which can be exploited to grow the number of simultaneous connections beyond this limit.

ASA-2019-00016 – PowerDNS: Lua hooks are not applied in certain configurations

An issue has been found in PowerDNS Recursor where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua. When the recursor is configured to run with more than one thread (threads=X) and to do the distribution of incoming queries to the worker threads itself (pdns-distributes-queries=yes), the Lua script is not properly loaded in the thread handling incoming TCP queries, causing the Lua hooks to not be properly applied.