aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2019-07-23T11:22:14Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9359[3.7] bind: A flaw in the "deny-answer-aliases" feature can cause an assertio...2019-07-23T11:22:14ZAlicha CH[3.7] bind: A flaw in the "deny-answer-aliases" feature can cause an assertion failure in named (CVE-2018-5740)“deny-answer-aliases” is a little-used feature intended to help
recursive server operators protect end users against DNS rebinding
attacks, a potential method of circumventing
the security model used by client browsers. However, a def...“deny-answer-aliases” is a little-used feature intended to help
recursive server operators protect end users against DNS rebinding
attacks, a potential method of circumventing
the security model used by client browsers. However, a defect in this
feature makes it easy, when the feature is in use, to experience an
assertion failure in name.c.
### Fixed In Version:
bind 9.9.13-P1, bind 9.10.8-P1, bind 9.11.4-P1, bind 9.12.2-P1, bind
9.11.3-S3
### Reference:
https://kb.isc.org/article/AA-01639/74/CVE-2018-5740
*(from redmine: issue id 9359, created on 2018-08-29, closed on 2018-09-10)*
* Relations:
* parent #9357
* Changesets:
* Revision 37ad006279f2ad8d29a3de1622a8d8e08e0d9814 by Natanael Copa on 2018-09-10T10:16:45Z:
```
main/bind: security upgrade to 9.11.4_p1 (CVE-2018-5740)
fixes #9359
```3.7.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9302[3.7] krb5: Multiple vulnerabilities (CVE-2017-15088, CVE-2018-5709, CVE-2018...2019-07-23T11:22:58ZAlicha CH[3.7] krb5: Multiple vulnerabilities (CVE-2017-15088, CVE-2018-5709, CVE-2018-5710)CVE-2017-15088: Buffer overflow in get\_matching\_data()
--------------------------------------------------------
plugins/preauth/pkinit/pkinit\_crypto\_openssl.c in MIT Kerberos 5 (aka
krb5) through 1.15.2 mishandles Distinguished Name...CVE-2017-15088: Buffer overflow in get\_matching\_data()
--------------------------------------------------------
plugins/preauth/pkinit/pkinit\_crypto\_openssl.c in MIT Kerberos 5 (aka
krb5) through 1.15.2 mishandles Distinguished Name
(DN) fields, which allows remote attackers to execute arbitrary code or
cause a denial of service (buffer overflow and application
crash) in situations involving untrusted X.509 data, related to the
get\_matching\_data and X509\_NAME\_oneline\_ex functions.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-15088
https://github.com/krb5/krb5/pull/707
### Patch:
https://github.com/krb5/krb5/commit/fbb687db1088ddd894d975996e5f6a4252b9a2b4
CVE-2018-5709: integer overflow in dbentry->n\_key\_data in kadmin/dbutil/dump.c
-----------------------------------------------------------------------------------
An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There
is a variable “dbentry->n\_key\_data” in kadmin/dbutil/dump.c
that can store 16-bit data but unknowingly the developer has assigned a
“u4” variable to it, which is for 32-bit data. An attacker can use
this
vulnerability to affect other artifacts of the database as we know that
a Kerberos database dump file contains trusted data.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-5709
https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities
CVE-2018-5710: null pointer deference in strlen function in plugins/kdb/ldap/libkdb\_ldap/ldap\_principal2.c
------------------------------------------------------------------------------------------------------------
An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The
pre-defined function “strlen” is getting a “NULL” string as a
parameter
value in plugins/kdb/ldap/libkdb\_ldap/ldap\_principal2.c in the Key
Distribution Center (KDC), which allows remote authenticated users
to cause a denial of service (NULL pointer dereference) via a modified
kadmin client.
### References:
https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Denial%20Of%20Service%28DoS%29
https://nvd.nist.gov/vuln/detail/CVE-2018-5710
*(from redmine: issue id 9302, created on 2018-08-21, closed on 2019-05-04)*
* Relations:
* copied_to #9299
* parent #9299
* Changesets:
* Revision 896ae53d1849faa57ea676acd47332399c11bae7 by Natanael Copa on 2018-08-21T14:37:39Z:
```
main/krb5: security upgrade to 1.15.3 (CVE-2017-15088,CVE-2018-5709,CVE-2018-5710)
fixes #9302
```3.7.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9283[3.7] ncurses: NULL Pointer Dereference in _nc_parse_entry function in tinfo/...2019-07-23T11:23:15ZAlicha CH[3.7] ncurses: NULL Pointer Dereference in _nc_parse_entry function in tinfo/parse_entry.c. (CVE-2018-10754)A flaw was found in ncurses before 6.1.20180414, there is a NULL Pointer
Dereference in the \_nc\_parse\_entry function of tinfo/parse\_entry.c.
It could lead to
a remote denial of service if the terminfo library code is used to
proces...A flaw was found in ncurses before 6.1.20180414, there is a NULL Pointer
Dereference in the \_nc\_parse\_entry function of tinfo/parse\_entry.c.
It could lead to
a remote denial of service if the terminfo library code is used to
process untrusted terminfo data in which a use-name is invalid syntax.
### Fixed In Version:
ncurses 6.1.20180414
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-10754
*(from redmine: issue id 9283, created on 2018-08-20, closed on 2018-08-22)*
* Relations:
* copied_to #9281
* parent #9281
* Changesets:
* Revision ff4efecdcffad26aa12170ab4e4b867f8f1d4c62 by Natanael Copa on 2018-08-21T14:48:02Z:
```
main/ncurses: backport security fix (CVE-2018-10754)
fixes #9283
```3.7.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9269[3.7] python2: Multiple vulnerabilities (CVE-2018-1060, CVE-2018-1061)2019-07-23T11:23:23ZAlicha CH[3.7] python2: Multiple vulnerabilities (CVE-2018-1060, CVE-2018-1061)CVE-2018-1060: DOS via regular expression catastrophic backtracking in apop() method in pop3lib
-----------------------------------------------------------------------------------------------
Catastrophic backtracking vulnerability was ...CVE-2018-1060: DOS via regular expression catastrophic backtracking in apop() method in pop3lib
-----------------------------------------------------------------------------------------------
Catastrophic backtracking vulnerability was found in Python.
Exploitation of a regular expression in
pop3lib’s apop() method although limited by 2048 chars, can lead to
denial of service.
### Fixed In Version:
python 2.7.15, python 3.4.9, python 3.5.6, python 3.7.0
### References:
https://bugs.python.org/issue32981
https://nvd.nist.gov/vuln/detail/CVE-2018-1060
CVE-2018-1061: DOS via regular expression backtracking in difflib.IS\_LINE\_JUNK method in difflib
--------------------------------------------------------------------------------------------------
Catastrophic backtracking vulnerability was found in Python.
Exploitation of a regular expression in
difflib.IS\_LINE\_JUNK method in servers that use difflib can lead to
denial of service.
### Fixed In Version:
python 2.7.15, python 3.4.9, python 3.5.6, python 3.7.0
### Reference:
https://bugs.python.org/issue32981
*(from redmine: issue id 9269, created on 2018-08-17, closed on 2018-08-23)*
* Relations:
* copied_to #9268
* parent #9268
* Changesets:
* Revision 25ab1f448efbe2bedbf0ebce9eca8d5c154fad56 on 2018-08-22T13:23:25Z:
```
main/python2: security upgrade to 2.7.15 (CVE-2018-1060, CVE-2018-1061)
Fixes #9269
```
* Revision bb7e90cba82a54c1b78cfd28a8706fbc21c93431 on 2018-08-22T14:19:42Z:
```
main/python3: security upgrade to 3.6.5 (CVE-2018-1060, CVE-2018-1061)
Fixes #9269
```3.7.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9257[3.7] ldb: Denial of Service Attack on DNS and LDAP server (CVE-2018-1140)2019-07-23T11:23:32ZAlicha CH[3.7] ldb: Denial of Service Attack on DNS and LDAP server (CVE-2018-1140)Missing input sanitization checks on some of the input parameters to
LDB database layer cause the LDAP server and DNS server to crash when
following a NULL pointer.
### Fixed In Version:
ldb 1.4.1, ldb 1.3.5
### References:
https...Missing input sanitization checks on some of the input parameters to
LDB database layer cause the LDAP server and DNS server to crash when
following a NULL pointer.
### Fixed In Version:
ldb 1.4.1, ldb 1.3.5
### References:
https://www.samba.org/samba/security/CVE-2018-1140.html
https://www.samba.org/samba/history/security.html
*(from redmine: issue id 9257, created on 2018-08-16, closed on 2018-08-23)*
* Relations:
* copied_to #9254
* parent #9254
* Changesets:
* Revision 8c6e5428a4982898bfe0a8d6e2c6c64d4f3f653f on 2018-08-22T11:55:31Z:
```
main/ldb: security fix (CVE-2018-1140)
Fixes #9257
```3.7.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9251[3.7] samba: Multiple vulnerabilities (CVE-2018-10858, CVE-2018-10918, CVE-20...2019-07-23T11:23:38ZAlicha CH[3.7] samba: Multiple vulnerabilities (CVE-2018-10858, CVE-2018-10918, CVE-2018-10919, CVE-2018-1139)CVE-2018-10858: Insufficient input validation on client directory listing in libsmbclient.
------------------------------------------------------------------------------------------
Samba releases 3.2.0 to 4.8.3 (inclusive) contain an e...CVE-2018-10858: Insufficient input validation on client directory listing in libsmbclient.
------------------------------------------------------------------------------------------
Samba releases 3.2.0 to 4.8.3 (inclusive) contain an error in
libsmbclient that could allow a malicious server
to overwrite client heap memory by returning an extra long filename in a
directory listing.
### Fixed In Version:
samba 4.6.16, samba 4.7.9, samba 4.8.4
### References:
https://www.samba.org/samba/security/CVE-2018-10858.html
https://www.samba.org/samba/history/security.html
CVE-2018-10918: Denial of Service Attack on AD DC DRSUAPI server
----------------------------------------------------------------
All versions of Samba from 4.7.0 onwards are vulnerable to a denial of
service attack which can crash the “samba” process when Samba is an
Active Directory Domain Controller.
### Fixed In Version:
samba 4.7.9, samba 4.8.4
### References:
https://www.samba.org/samba/security/CVE-2018-10918.html
https://www.samba.org/samba/history/security.html
CVE-2018-10919: Confidential attribute disclosure via substring search
----------------------------------------------------------------------
All versions of the Samba Active Directory LDAP server from 4.0.0
onwards are vulnerable to the disclosure of confidential attribute
values, both of attributes where the schema SEARCH\_FLAG\_CONFIDENTIAL
(0x80) searchFlags bit and where an explicit Access Control Entry has
been specified on the ntSecurityDescriptor.
### Fixed In Version:
samba 4.6.16, samba 4.7.9, samba 4.8.4
### References:
https://www.samba.org/samba/security/CVE-2018-10919.html
https://www.samba.org/samba/history/security.html
CVE-2018-1139: Weak authentication protocol regression
------------------------------------------------------
Samba releases 4.7.0 to 4.8.3 (inclusive) contain an error which
allows authentication using NTLMv1 over an SMB1 transport (either
directory or via NETLOGON SamLogon calls from a member server), even
when NTLMv1 is explicitly disabled on the server.
Normally, the use of NTLMv1 is disabled by default in favor of NTLMv2.
This has been the default since Samba 4.5. A code restructuring in the
NTLM authentication implementation of Samba in 4.7.0 caused this
regression to occur.
### Fixed In Version:
samba 4.7.9, samba 4.8.4
### References:
https://www.samba.org/samba/security/CVE-2018-1139.html
https://www.samba.org/samba/history/security.html
*(from redmine: issue id 9251, created on 2018-08-16, closed on 2018-08-23)*
* Relations:
* copied_to #9248
* parent #9248
* Changesets:
* Revision 2a5d0006bdb59356b99ca90d9b2b6147c0d526f6 on 2018-08-22T11:55:31Z:
```
main/samba: securiti fixes
CVE-2018-10858, CVE-2018-10918, CVE-2018-10919, CVE-2018-1139
Fixes #9251
```3.7.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9227[3.7] libmspack: Multiple vulnerabilities (CVE-2018-14679, CVE-2018-14680, CV...2019-07-23T11:23:55ZAlicha CH[3.7] libmspack: Multiple vulnerabilities (CVE-2018-14679, CVE-2018-14680, CVE-2018-14681, CVE-2018-14682)**CVE-2018-14679**: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha.
There is an off-by-one error in the CHM PMGI/PMGL chunk number validity
checks, which could lead
to denial of service (uninitialized data dere...**CVE-2018-14679**: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha.
There is an off-by-one error in the CHM PMGI/PMGL chunk number validity
checks, which could lead
to denial of service (uninitialized data dereference and application
crash).
### Fixed In Version:
libmspack 0.7alpha
### References:
http://www.openwall.com/lists/oss-security/2018/07/26/1
https://nvd.nist.gov/vuln/detail/CVE-2018-14679
### Patch:
https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a
**CVE-2018-14680**: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha.
It does not reject blank CHM filenames.
### Fixed In Version:
libmspack 0.7alpha
### References:
http://openwall.com/lists/oss-security/2018/07/28/1
### Patch:
https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a
**CVE-2018-14681**: An issue was discovered in kwajd\_read\_headers in
mspack/kwajd.c in libmspack before 0.7alpha.
A maliciously crafted KWAJ file header extensions could cause a one or
two byte overwrite.
### Fixed In Version:
libmspack 0.7alpha
### References:
http://www.openwall.com/lists/oss-security/2018/07/26/1
https://nvd.nist.gov/vuln/detail/CVE-2018-14681
### Patch:
https://github.com/kyz/libmspack/commit/0b0ef9344255ff5acfac6b7af09198ac9c9756c8
**CVE-2018-14682**: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha. There is an
off-by-one error in the TOLOWER() macro for CHM decompression.
### Fixed In Version:
libmspack 0.7alpha
### References:
http://openwall.com/lists/oss-security/2018/07/28/1
https://nvd.nist.gov/vuln/detail/CVE-2018-14682
### Patch:
https://github.com/kyz/libmspack/commit/4fd9ccaa54e1aebde1e4b95fb0163b699fd7bcc8
*(from redmine: issue id 9227, created on 2018-08-10, closed on 2018-08-23)*
* Relations:
* parent #9224
* Changesets:
* Revision c854dba4b5bde88f1673002621ab2bb8e0f66d4b by Natanael Copa on 2018-08-22T13:30:28Z:
```
main/libmspack: security upgrade to 0.7.1alpha
fixes #9227
```3.7.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9221[3.7] wpa_supplicant: Unauthenticated EAPOL-Key decryption in wpa_supplicant ...2019-07-23T11:24:00ZAlicha CH[3.7] wpa_supplicant: Unauthenticated EAPOL-Key decryption in wpa_supplicant (CVE-2018-14526)An issue was discovered in rsn\_supp/wpa.c in wpa\_supplicant 2.0
through 2.6. Under certain conditions,
the integrity of EAPOL-Key messages is not checked, leading to a
decryption oracle. An attacker within
range of the Access Point...An issue was discovered in rsn\_supp/wpa.c in wpa\_supplicant 2.0
through 2.6. Under certain conditions,
the integrity of EAPOL-Key messages is not checked, leading to a
decryption oracle. An attacker within
range of the Access Point and client can abuse the vulnerability to
recover sensitive information.
### References:
https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt
http://openwall.com/lists/oss-security/2018/08/08/3
https://nvd.nist.gov/vuln/detail/CVE-2018-14526
*(from redmine: issue id 9221, created on 2018-08-10, closed on 2018-08-22)*
* Relations:
* copied_to #9218
* parent #9218
* Changesets:
* Revision 662ff3103b7273a29d47f90ac9e63cae39b4d000 by Natanael Copa on 2018-08-21T14:01:32Z:
```
main/wpa_supplicant: security fix (CVE-2018-14526)
fixes #9221
```3.7.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9176[3.7] py-django: Open redirect possibility in CommonMiddleware (CVE-2018-14574)2019-07-23T11:24:34ZAlicha CH[3.7] py-django: Open redirect possibility in CommonMiddleware (CVE-2018-14574)If the django.middleware.common.CommonMiddleware and the APPEND\_SLASH
setting are both enabled, and if the project
has a URL pattern that accepts any path ending in a slash (many content
management systems have such a pattern), then a...If the django.middleware.common.CommonMiddleware and the APPEND\_SLASH
setting are both enabled, and if the project
has a URL pattern that accepts any path ending in a slash (many content
management systems have such a pattern), then a request to
a maliciously crafted URL of that site could lead to a redirect to
another site, enabling phishing and other attacks.
### Fixed In Version:
Django 1.11.15 and Django 2.0.8
### References:
https://www.djangoproject.com/weblog/2018/aug/01/security-releases/
http://openwall.com/lists/oss-security/2018/08/01/2
### Patch:
https://github.com/django/django/commit/d6eaee092709aad477a9894598496c6deec532ff
*(from redmine: issue id 9176, created on 2018-08-02, closed on 2018-08-07)*
* Relations:
* copied_to #9173
* parent #9173
* Changesets:
* Revision 8398d6707c886fd25c0ced7b0e0c8e3232f62295 by Natanael Copa on 2018-08-06T15:33:38Z:
```
main/py-django: security upgrade to 1.11.15 (CVE-2018-14574)
fixes #9176
```3.7.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9153[3.7] fuse: bypass of the "user_allow_other" restriction when SELinux is acti...2019-07-23T11:24:56ZAlicha CH[3.7] fuse: bypass of the "user_allow_other" restriction when SELinux is active (CVE-2018-10906)In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is
vulnerable to a restriction bypass when SELinux is active. This allows
non-root users to mount a FUSE file system with the ‘allow\_other’
mount
option regardless of ...In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is
vulnerable to a restriction bypass when SELinux is active. This allows
non-root users to mount a FUSE file system with the ‘allow\_other’
mount
option regardless of whether ‘user\_allow\_other’ is set in the fuse
configuration. An attacker may use this flaw to mount a FUSE file
system,
accessible by other users, and trick them into accessing files on that
file
system, possibly causing Denial of Service or other unspecified effects.
### References:
http://openwall.com/lists/oss-security/2018/07/24/1
https://nvd.nist.gov/vuln/detail/CVE-2018-10906
### Patches:
https://github.com/libfuse/libfuse/commit/28bdae3d113ef479c1660a581ef720cdc33bf466
https://github.com/libfuse/libfuse/commit/5018a0c016495155ee598b7e0167b43d5d902414
*(from redmine: issue id 9153, created on 2018-07-30, closed on 2018-07-31)*
* Relations:
* copied_to #9150
* parent #9150
* Changesets:
* Revision cb703b0b3b7418593d294739cd51d7f2a711c12a by Natanael Copa on 2018-07-30T16:25:15Z:
```
main/fuse: security upgrade to 2.9.8 (CVE-2018-10906)
fixes #9153
```3.7.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9142[3.7] libvorbis: heap buffer overflow in mapping0_forward function (CVE-2018-...2019-07-23T11:25:05ZAlicha CH[3.7] libvorbis: heap buffer overflow in mapping0_forward function (CVE-2018-10392)A flaw was found in libvorbis 1.3.6. The mapping0\_forward function in
mapping0.c file in Xiph.Org does not validate the number of channels,
which allows remote attackers to cause a denial of service (heap-based
buffer overflow or over...A flaw was found in libvorbis 1.3.6. The mapping0\_forward function in
mapping0.c file in Xiph.Org does not validate the number of channels,
which allows remote attackers to cause a denial of service (heap-based
buffer overflow or over-read) via a crafted file.
### References:
https://gitlab.xiph.org/xiph/vorbis/issues/2335
https://nvd.nist.gov/vuln/detail/CVE-2018-10392
### Patch:
https://gitlab.xiph.org/xiph/vorbis/commit/112d3bd0aaacad51305e1464d4b381dabad0e88b
*(from redmine: issue id 9142, created on 2018-07-27, closed on 2018-07-30)*
* Relations:
* copied_to #9139
* parent #91393.7.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9130[3.7] mutt: Multiple vulnerabilities (CVE-2018-14349, CVE-2018-14350, CVE-201...2019-07-23T11:25:12ZAlicha CH[3.7] mutt: Multiple vulnerabilities (CVE-2018-14349, CVE-2018-14350, CVE-2018-14351, CVE-2018-14352, CVE-2018-14353, CVE-2018-14354, CVE-2018-14355, CVE-2018-14356, CVE-2018-14357, CVE-2018-14358, CVE-2018-14359, CVE-2018-14362)CVE-2018-14349: Heap Overflow in imap/command.c
-----------------------------------------------
### Fixed In Version:
mutt 1.10.1
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-14349
### Patches:
https://gitlab.com/muttm...CVE-2018-14349: Heap Overflow in imap/command.c
-----------------------------------------------
### Fixed In Version:
mutt 1.10.1
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-14349
### Patches:
https://gitlab.com/muttmua/mutt/commit/9347b5c01dc52682cb6be11539d9b7ebceae4416
CVE-2018-14350: stack-based buffer overflow in imap/message.c
-------------------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-14349
### Patch:
https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870
CVE-2018-14351: IMAP status mailbox literal mishandled in imap/command.c
------------------------------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### References:
http://www.mutt.org/news.html
https://nvd.nist.gov/vuln/detail/CVE-2018-14351
### Patch:
https://gitlab.com/muttmua/mutt/commit/e57a8602b45f58edf7b3ffb61bb17525d75dfcb1
CVE-2018-14352: stack-based buffer overflow in imap/util.c
----------------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14352
### Patch:
https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d
CVE-2018-14353: integer underflow in imap/util.c
------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### References:
http://www.mutt.org/news.html
https://nvd.nist.gov/vuln/detail/CVE-2018-14353
### Patch:
https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d
CVE-2018-14354: Remote code injection vulnerability to an IMAP mailbox
----------------------------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14354
### Patch:
https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d
CVE-2018-14355: IMAP header caching path traversal vulnerability
----------------------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14355
### Patch:
https://gitlab.com/muttmua/mutt/commit/31eef6c766f47df8281942d19f76e35f475c781d
CVE-2018-14356: mishandles a zero-length UID in pop.c
-----------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14356
### Patch:
https://gitlab.com/muttmua/mutt/commit/e154cba1b3fc52bb8cb8aa846353c0db79b5d9c6
CVE-2018-14357: Remote Code Execution via backquote characters
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14357
### Patch:
https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d
CVE-2018-14358: stack-based buffer overflow in imap/message.c
-------------------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14358
### Patch:
https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870
CVE-2018-14359: buffer overflow via base64 data
-----------------------------------------------
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14359
### Patch:
https://gitlab.com/muttmua/mutt/commit/3d9028fec8f4d08db2251096307c0bbbebce669a
CVE-2018-14362: POP body caching path traversal vulnerability
-------------------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14362
### Patch:
https://gitlab.com/muttmua/mutt/commit/6aed28b40a0410ec47d40c8c7296d8d10bae7576
*(from redmine: issue id 9130, created on 2018-07-24, closed on 2018-07-27)*
* Relations:
* copied_to #9127
* parent #9127
* Changesets:
* Revision 7b76ef5a44a34f2aa0ab6dcbd05653a7f384d5cd by Natanael Copa on 2018-07-24T15:33:35Z:
```
main/mutt: security upgrade to 1.10.1
CVE-2018-14349, CVE-2018-14350, CVE-2018-14351, CVE-2018-14352,
CVE-2018-14353, CVE-2018-14354, CVE-2018-14355, CVE-2018-14356,
CVE-2018-14357, CVE-2018-14358, CVE-2018-14359, CVE-2018-14362
fixes #9130
```3.7.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9102[3.7] znc: Multiple vulnerabilities (CVE-2018-14055, CVE-2018-14056)2020-06-23T23:02:11ZAlicha CH[3.7] znc: Multiple vulnerabilities (CVE-2018-14055, CVE-2018-14056)**CVE-2018-14055**: ZNC before 1.7.1-rc1 does not properly validate
untrusted lines coming from the
network, allowing a non-admin user to escalate his privilege and inject
rogue values into znc.conf.
### Reference:
https://nvd.nist.g...**CVE-2018-14055**: ZNC before 1.7.1-rc1 does not properly validate
untrusted lines coming from the
network, allowing a non-admin user to escalate his privilege and inject
rogue values into znc.conf.
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14055
### Patches:
https://github.com/znc/znc/commit/a7bfbd93812950b7444841431e8e297e62cb524e
https://github.com/znc/znc/commit/d22fef8620cdd87490754f607e7153979731c69d
**CVE-2018-14056**: ZNC before 1.7.1-rc1 is prone to a path traversal
flaw via ../ in a web
skin name to access files outside of the intended skins directories.
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14056
### Patch:
https://github.com/znc/znc/commit/a4a5aeeb17d32937d8c7d743dae9a4cc755ce773
*(from redmine: issue id 9102, created on 2018-07-17, closed on 2018-07-19)*
* Relations:
* copied_to #9099
* parent #9099
* Changesets:
* Revision 98215e479882b7bbf540e8afb166a2b5c3504ed8 by Natanael Copa on 2018-07-18T07:57:46Z:
```
main/znc: security upgrade to 1.7.1 (CVE-2018-14055,CVE-2018-14056)
fixes #9102
```3.7.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9067Package name error in alpine-secdb2019-07-12T15:37:08ZalgitbotPackage name error in alpine-secdbHi,
https://git.alpinelinux.org/cgit/alpine-secdb/tree/v3.7/main.yaml\#n397
says there are two CVEs open on package libressl prior to 2.6.5-r0 in
Alpine 3.7 (and certainly earlier, I haven’t checked). However, Alpine
3.7 does not have a...Hi,
https://git.alpinelinux.org/cgit/alpine-secdb/tree/v3.7/main.yaml\#n397
says there are two CVEs open on package libressl prior to 2.6.5-r0 in
Alpine 3.7 (and certainly earlier, I haven’t checked). However, Alpine
3.7 does not have a package named exactly libressl; it has two packages,
named libressl2.6-libcrypto and libressl2.6-libssl. The version of those
packages in the instances I see is 2.6.3-r0, thus concerned by the CVE.
This difference in naming means that the Clair security scanner does not
detect that there is a concern on these images and that they should be
updated.
*(from redmine: issue id 9067, created on 2018-07-09, closed on 2018-07-13)*3.7.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9036[3.7] firefox-esr: Heap buffer overflow rasterizing paths in SVG with Skia (C...2019-07-23T11:26:00ZAlicha CH[3.7] firefox-esr: Heap buffer overflow rasterizing paths in SVG with Skia (CVE-2018-6126)A heap buffer overflow can occur in the Skia library when rasterizing
paths using a maliciously
crafted SVG file with anti-aliasing turned off. This results in a
potentially exploitable crash.
### Fixed in:
Firefox ESR 52.8.1
### Re...A heap buffer overflow can occur in the Skia library when rasterizing
paths using a maliciously
crafted SVG file with anti-aliasing turned off. This results in a
potentially exploitable crash.
### Fixed in:
Firefox ESR 52.8.1
### Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-14/
*(from redmine: issue id 9036, created on 2018-06-26, closed on 2018-07-16)*
* Relations:
* copied_to #9034
* parent #9034
* Changesets:
* Revision 87a58154ba71f8435bad6a2f7fe626defeca29ce by Natanael Copa on 2018-07-11T14:52:05Z:
```
community/firefox-esr: security upgrade to 52.8.1 (CVE-2018-6126)
fixes #9036
```3.7.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9018IPv6 addresses on VLAN interfaces2019-07-23T11:26:11ZTyler AIPv6 addresses on VLAN interfacesPreviously discussed here:
https://lists.alpinelinux.org/alpine-user/0368.html and
http://lists.alpinelinux.org/alpine-devel/5486.html
When you set an interface like:
# VLAN 3
auto eth0.3
iface eth0.3 inet static
add...Previously discussed here:
https://lists.alpinelinux.org/alpine-user/0368.html and
http://lists.alpinelinux.org/alpine-devel/5486.html
When you set an interface like:
# VLAN 3
auto eth0.3
iface eth0.3 inet static
address 192.168.3.1
netmask 255.255.255.0
broadcast 192.168.3.255
iface eth0.3 inet6 static
address fde4:8dba:e21c:3::1
netmask 64
You’ll see these errors when booting:
RTNETLINK answers: File exists
run-parts: /etc/network/if-pre-up.d/vlan: exit status 2
It appears to be silenced if you do not set an IPv6 address in addition
to an IPv4 one, that however is quite often the reason people might use
VLANs in the first place.
Any assistance to fix this would be greatly appreciated.
*(from redmine: issue id 9018, created on 2018-06-18, closed on 2018-09-11)*
* Changesets:
* Revision fcf202d3e511637897a5cade6ff6c1c04626e3d1 by Natanael Copa on 2018-06-19T07:08:42Z:
```
main/vlan: fix support for both ipv4 and ipv6 address on vlans
ref #9018
```
* Revision 7f627e924dc6f25bdbaf50a72f8c77982be674f8 by Natanael Copa on 2018-06-21T12:15:05Z:
```
main/vlan: fix support for both ipv4 and ipv6 address on vlans
fixes #9018
```3.7.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9004[3.7] libgcrypt: Key Extraction Side Channel (CVE-2018-0495)2019-07-23T11:26:20ZAlicha CH[3.7] libgcrypt: Key Extraction Side Channel (CVE-2018-0495)Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache
side-channel attack on ECDSA signatures that can be mitigated through
the use of
blinding during the signing process in the \_gcry\_ecc\_ecdsa\_sign
function in ciphe...Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache
side-channel attack on ECDSA signatures that can be mitigated through
the use of
blinding during the signing process in the \_gcry\_ecc\_ecdsa\_sign
function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number
Problem or ROHNP.
To discover an ECDSA key, the attacker needs access to either the local
machine or a different virtual machine on the same physical host.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-0495
https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000426.html
### Patch:
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=9010d1576e278a4274ad3f4aa15776c28f6ba965
*(from redmine: issue id 9004, created on 2018-06-14, closed on 2018-06-21)*
* Relations:
* copied_to #9002
* parent #9002
* Changesets:
* Revision a8d906fd888391043f72226d80ddaf247ef4ad9f by Natanael Copa on 2018-06-19T11:28:14Z:
```
main/libgcrypt: security upgrade to 1.8.3
fixes #9004
```3.7.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8994[3.7] gnupg: filename sanitization problem (CVE-2018-12020)2019-07-23T11:26:27ZAlicha CH[3.7] gnupg: filename sanitization problem (CVE-2018-12020)GnuPG before version 2.2.8 does not properly sanitize original filenames
of signed or encrypted messages allowing for the insertion of line feeds
and other control characters.
An attacker could exploit this by injecting such characters...GnuPG before version 2.2.8 does not properly sanitize original filenames
of signed or encrypted messages allowing for the insertion of line feeds
and other control characters.
An attacker could exploit this by injecting such characters to craft
status messages and fake the validity of signatures.
### References:
https://lists.gnupg.org/pipermail/gnupg-announce/2018q2/000425.html
### Patches:
https://dev.gnupg.org/rG2326851c60793653069494379b16d84e4c10a0ac
https://dev.gnupg.org/rG210e402acd3e284b32db1901e43bf1470e659e49
https://dev.gnupg.org/rG13f135c7a252cc46cff96e75968d92b6dc8dce1b
*(from redmine: issue id 8994, created on 2018-06-13, closed on 2018-06-14)*
* Relations:
* copied_to #8993
* parent #8993
* Changesets:
* Revision b653afac12d9d1c926afa8c77920e3d827b98422 on 2018-06-13T13:40:24Z:
```
main/gnupg: security fix (CVE-2018-12020)
Fixes #8994
```3.7.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8983[3.7] perl: Directory traversal in Archive::Tar (CVE-2018-12015)2019-07-23T11:26:38ZAlicha CH[3.7] perl: Directory traversal in Archive::Tar (CVE-2018-12015)In Perl through 5.26.2, the Archive::Tar module allows remote attackers
to bypass a directory-traversal protection mechanism,
and overwrite arbitrary files, via an archive file containing a symlink
and a regular file with the same name...In Perl through 5.26.2, the Archive::Tar module allows remote attackers
to bypass a directory-traversal protection mechanism,
and overwrite arbitrary files, via an archive file containing a symlink
and a regular file with the same name.
### References:
http://seclists.org/oss-sec/2018/q2/167
https://rt.cpan.org/Public/Bug/Display.html?id=125523
### Patch:
https://github.com/jib/archive-tar-new/commit/ae65651eab053fc6dc4590dbb863a268215c1fc5
*(from redmine: issue id 8983, created on 2018-06-12, closed on 2018-07-30)*
* Relations:
* copied_to #8981
* parent #8981
* Changesets:
* Revision d824c74b9e030ebcf4a6267380d33648a3be6fca on 2018-06-13T12:22:51Z:
```
main/perl: security fix (CVE-2018-12015)
Fixes #8983
```3.7.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8967[3.7] xfsprogs: Security: wrong owner / group on XFS binaries2019-07-23T11:26:52ZNatanael Copa[3.7] xfsprogs: Security: wrong owner / group on XFS binariesIn version 4.14.0-r0 of the following packages installed from
http://dl-cdn.alpinelinux.org/alpine/v3.7/main all files installed have
owner/group = 1000/1000 which is a huge security hole.
xfsprogs
xfsprogs-libs
xfsprogs-extra
xfs...In version 4.14.0-r0 of the following packages installed from
http://dl-cdn.alpinelinux.org/alpine/v3.7/main all files installed have
owner/group = 1000/1000 which is a huge security hole.
xfsprogs
xfsprogs-libs
xfsprogs-extra
xfsprogs-doc
*(from redmine: issue id 8967, created on 2018-06-06, closed on 2018-06-06)*
* Relations:
* parent #8963
* Changesets:
* Revision 5785ba66475d48a4ecda924a6f892547af0b4ec7 by Natanael Copa on 2018-06-06T10:11:04Z:
```
main/xfsprogs: fix owner of files
fixes #8967
```3.7.1Natanael CopaNatanael Copa