Debian 9955 Published by

A cgal security update has been released for Debian GNU/Linux 10 LTS to address several memory access violations.



DLA 3226-1: cgal security update


-------------------------------------------------------------------------
Debian LTS Advisory DLA-3226-1 debian-lts@lists.debian.org
  https://www.debian.org/lts/security/ Helmut Grohne
December 06, 2022   https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package : cgal
Version : 4.13-1+deb10u1
CVE ID : CVE-2020-28601 CVE-2020-28602 CVE-2020-28603 CVE-2020-28604
CVE-2020-28605 CVE-2020-28606 CVE-2020-28607 CVE-2020-28608
CVE-2020-28609 CVE-2020-28610 CVE-2020-28611 CVE-2020-28612
CVE-2020-28613 CVE-2020-28614 CVE-2020-28615 CVE-2020-28616
CVE-2020-28617 CVE-2020-28618 CVE-2020-28619 CVE-2020-28620
CVE-2020-28621 CVE-2020-28622 CVE-2020-28623 CVE-2020-28624
CVE-2020-28625 CVE-2020-28626 CVE-2020-28627 CVE-2020-28628
CVE-2020-28629 CVE-2020-28630 CVE-2020-28631 CVE-2020-28632
CVE-2020-28633 CVE-2020-28634 CVE-2020-28635 CVE-2020-28636
CVE-2020-35628 CVE-2020-35629 CVE-2020-35630 CVE-2020-35631
CVE-2020-35632 CVE-2020-35633 CVE-2020-35634 CVE-2020-35635
CVE-2020-35636
Debian Bug : 985671

When parsing files containing Nef polygon data, several memory access
violations may happen. Many of these allow code execution.

CVE-2020-28601

A code execution vulnerability exists in the Nef polygon-parsing
functionality of CGAL. An oob read vulnerability exists in
Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of[] OOB read.
An attacker can provide malicious input to trigger this
vulnerability.

CVE-2020-28602

Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionality of CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_2/PM_io_parser.h PM_io_parser::read_vertex()
Halfedge_of[].

CVE-2020-28603

Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionality of CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_2/PM_io_parser.h PM_io_parser::read_hedge() e->set_prev().

CVE-2020-28604

Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionality of CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_2/PM_io_parser.h PM_io_parser::read_hedge() e->set_next().

CVE-2020-28605

Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionality of CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read exists in
Nef_2/PM_io_parser.h PM_io_parser::read_hedge()
e->set_vertex().

CVE-2020-28606

Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_2/PM_io_parser.h PM_io_parser::read_hedge() e->set_face().

CVE-2020-28607

Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_2/PM_io_parser.h PM_io_parser::read_face() set_halfedge().

CVE-2020-28608

Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_2/PM_io_parser.h PM_io_parser::read_face() store_fc().

CVE-2020-28609

Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_2/PM_io_parser.h PM_io_parser::read_face() store_iv().

CVE-2020-28610

Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SM_io_parser.h SM_io_parser::read_vertex()
set_face().

CVE-2020-28611

Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SM_io_parser.h SM_io_parser::read_vertex()
set_first_out_edge().

CVE-2020-28612

Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_vertex()
vh->svertices_begin().

CVE-2020-28613

Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_vertex()
vh->svertices_last().

CVE-2020-28614

Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_vertex()
vh->shalfedges_begin().

CVE-2020-28615

Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_vertex()
vh->shalfedges_last().

CVE-2020-28616

Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_vertex()
vh->sfaces_begin().

CVE-2020-28617

Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_vertex()
vh->sfaces_last().

CVE-2020-28618

Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_vertex()
vh->shalfloop().

CVE-2020-28619

Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_edge() eh->twin().

CVE-2020-28620

Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_edge()
eh->center_vertex():.

CVE-2020-28621

Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_edge()
eh->out_sedge().

CVE-2020-28622

Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_edge()
eh->incident_sface().

CVE-2020-28623

Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_facet() fh->twin().

CVE-2020-28624

Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_facet()
fh->boundary_entry_objects SEdge_of.

CVE-2020-28625

Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_facet()
fh->boundary_entry_objects SLoop_of.

CVE-2020-28626

Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_facet()
fh->incident_volume().

CVE-2020-28627

Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_volume()
ch->shell_entry_objects().

CVE-2020-28628

Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_volume() seh->twin().

CVE-2020-28629

Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_sedge() seh->sprev().

CVE-2020-28630

Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_sedge() seh->snext().

CVE-2020-28631

Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_sedge() seh->source().

CVE-2020-28632

Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_sedge()
seh->incident_sface().

CVE-2020-28633

Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_sedge() seh->prev().

CVE-2020-28634

Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_sedge() seh->next().

CVE-2020-28635

Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_sedge() seh->facet().

CVE-2020-28636

A code execution vulnerability exists in the Nef polygon-parsing
functionalityof CGAL. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->twin() An
attacker can provide malicious input to trigger this vulnerability.

CVE-2020-35628

A code execution vulnerability exists in the Nef polygon-parsing
functionalityof CGAL. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop()
slh->incident_sface. An attacker can provide malicious input to
trigger this vulnerability.

CVE-2020-35629

Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->facet().

CVE-2020-35630

Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface()
sfh->center_vertex().

CVE-2020-35631

Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface()
SD.link_as_face_cycle().

CVE-2020-35632

Multiple code execution vulnerabilities exists in the Nef polygon-
parsing functionalityof CGAL. A specially crafted malformed file can
lead to an out-of-bounds read and type confusion, which could lead to
code execution. An attacker can provide malicious input to trigger
any of these vulnerabilities. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface()
sfh->boundary_entry_objects Edge_of.

CVE-2020-35633

A code execution vulnerability exists in the Nef polygon-parsing
functionalityof CGAL. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface()
store_sm_boundary_item() Edge_of.A specially crafted malformed file
can lead to an out-of-bounds read and type confusion, which could
lead to code execution. An attacker can provide malicious input to
trigger this vulnerability.

CVE-2020-35634

A code execution vulnerability exists in the Nef polygon-parsing
functionalityof CGAL. An oob read vulnerability exists in
Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface()
sfh->boundary_entry_objects Sloop_of. A specially crafted malformed
file can lead to an out-of-bounds read and type confusion, which
could lead to code execution. An attacker can provide malicious input
to trigger this vulnerability.

CVE-2020-35635

A code execution vulnerability exists in the Nef polygon-parsing
functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h
SNC_io_parser::read_sface() store_sm_boundary_item() Sloop_of OOB
read. A specially crafted malformed file can lead to an out-of-bounds
read and type confusion, which could lead to code execution. An
attacker can provide malicious input to trigger this vulnerability.

CVE-2020-35636

A code execution vulnerability exists in the Nef polygon-parsing
functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h
SNC_io_parser::read_sface() sfh->volume() OOB read. A specially
crafted malformed file can lead to an out-of-bounds read and type
confusion, which could lead to code execution. An attacker can
provide malicious input to trigger this vulnerability.

For Debian 10 buster, these problems have been fixed in version
4.13-1+deb10u1.

We recommend that you upgrade your cgal packages.

For the detailed security status of cgal please refer to
its security tracker page at:
  https://security-tracker.debian.org/tracker/cgal

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at:   https://wiki.debian.org/LTS