aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2019-07-23T11:21:37Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9405[3.9] wireshark: Multiple vulnerabilities (CVE-2018-16056, CVE-2018-16057, CV...2019-07-23T11:21:37ZAlicha CH[3.9] wireshark: Multiple vulnerabilities (CVE-2018-16056, CVE-2018-16057, CVE-2018-16058)CVE-2018-16056: Bluetooth Attribute Protocol dissector crash
------------------------------------------------------------
Affected versions: 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, 2.2.0 to 2.2.16
Fixed versions: 2.6.3, 2.4.9, 2.2.17
### Ref...CVE-2018-16056: Bluetooth Attribute Protocol dissector crash
------------------------------------------------------------
Affected versions: 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, 2.2.0 to 2.2.16
Fixed versions: 2.6.3, 2.4.9, 2.2.17
### References:
https://www.wireshark.org/security/wnpa-sec-2018-45.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=14994
CVE-2018-16057: Radiotap dissector crash
----------------------------------------
Affected versions: 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, 2.2.0 to 2.2.16
Fixed versions: 2.6.3, 2.4.9, 2.2.17
### References:
https://www.wireshark.org/security/wnpa-sec-2018-46.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15022
CVE-2018-16058: Bluetooth AVDTP dissector crash
-----------------------------------------------
Affected versions: 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, 2.2.0 to 2.2.16
Fixed versions: 2.6.3, 2.4.9, 2.2.17
### References:
https://www.wireshark.org/security/wnpa-sec-2018-44.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=14884
*(from redmine: issue id 9405, created on 2018-09-10, closed on 2018-09-11)*
* Relations:
* parent #9404
* Changesets:
* Revision e9155647732297c2d4e384b3c1c9cca257f2416a by Natanael Copa on 2018-09-10T17:31:44Z:
```
community/wireshark: security upgrade to 2.6.3
CVE-2018-16056, CVE-2018-16057, CVE-2018-16058
fixes #9405
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9393[3.9] curl: NTLM password overflow via integer overflow (CVE-2018-14618)2019-07-23T11:21:47ZAlicha CH[3.9] curl: NTLM password overflow via integer overflow (CVE-2018-14618)The internal function Curl\_ntlm\_core\_mk\_nt\_hash multiplies the
length of the password by two (SUM)
to figure out how large temporary storage area to allocate from the
heap. The length value is then subsequently
used to iterate o...The internal function Curl\_ntlm\_core\_mk\_nt\_hash multiplies the
length of the password by two (SUM)
to figure out how large temporary storage area to allocate from the
heap. The length value is then subsequently
used to iterate over the password and generate output into the allocated
storage buffer. On systems with a 32 bit size\_t,
the math to calculate SUM triggers an integer overflow when the password
length exceeds 2GB (2^31 bytes). This integer
overflow usually causes a very small buffer to actually get allocated
instead of the intended very huge one, making the
use of that buffer end up in a heap buffer overflow.
### Affected versions:
libcurl 7.15.4 to and including 7.61.0
### Not affected versions:
libcurl < 7.15.4 and >= 7.61.1
### References:
https://curl.haxx.se/docs/CVE-2018-14618.html
### Patch:
https://github.com/curl/curl/commit/57d299a499155d4b327e341c6024e293b0418243.patch
*(from redmine: issue id 9393, created on 2018-09-06, closed on 2018-09-20)*
* Relations:
* parent #9392
* Changesets:
* Revision a64f50f2f36792ffa6bf4ca8fa4339d6d373f4f7 by Natanael Copa on 2018-09-10T09:32:19Z:
```
main/curl: security upgrade to 7.61.1 (CVE-2018-14618)
fixes #9393
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9356postfix 3.3.1-r1 is broken2019-07-23T11:22:17ZSteffen Nurpmesopostfix 3.3.1-r1 is brokenIt seems the paths have been mangled:
fatal: /usr/lib/postfix/postfix-script: No such file or directory
These are all in /usr/libexec/postfix/\*.
Guess what, exactly this time i simply updated the server and went
away.. 10 hours mail...It seems the paths have been mangled:
fatal: /usr/lib/postfix/postfix-script: No such file or directory
These are all in /usr/libexec/postfix/\*.
Guess what, exactly this time i simply updated the server and went
away.. 10 hours mails missing ;)
*(from redmine: issue id 9356, created on 2018-08-28, closed on 2019-01-10)*
* Relations:
* relates #93353.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9353[3.9] ffmpeg: Multiple vulnerabilities (CVE-2018-6912, CVE-2018-7751, CVE-201...2019-07-23T11:22:20ZAlicha CH[3.9] ffmpeg: Multiple vulnerabilities (CVE-2018-6912, CVE-2018-7751, CVE-2018-12459, CVE-2018-12460, CVE-2018-13301, CVE-2018-13303, CVE-2018-13304, CVE-2018-14394, CVE-2018-14395)**CVE-2018-7751**: The svg\_probe function in libavformat/img2dec.c in
FFmpeg through 3.4.2 allows
remote attackers to cause a denial of service (Infinite Loop) via a
crafted XML file.
### Fixed In Version:
ffmpeg 3.4.3
### Referenc...**CVE-2018-7751**: The svg\_probe function in libavformat/img2dec.c in
FFmpeg through 3.4.2 allows
remote attackers to cause a denial of service (Infinite Loop) via a
crafted XML file.
### Fixed In Version:
ffmpeg 3.4.3
### References:
https://ffmpeg.org/security.html
https://nvd.nist.gov/vuln/detail/CVE-2018-7751
**CVE-2018-14394**: ibavformat/movenc.c in FFmpeg before 4.0.2 allows
attackers to cause a denial of service
(application crash caused by a divide-by-zero error) with a user crafted
Waveform audio file.
### Fixed In Version:
ffmpeg 3.4.3
### References:
https://ffmpeg.org/security.html
https://nvd.nist.gov/vuln/detail/CVE-2018-14394
**CVE-2018-14395**: libavformat/movenc.c in FFmpeg before 4.0.2 allows
attackers to cause a denial of service (application crash
caused by a divide-by-zero error) with a user crafted audio file when
converting to the MOV audio format.
### Fixed In Version:
ffmpeg 3.4.4
References:
https://ffmpeg.org/security.html
https://nvd.nist.gov/vuln/detail/CVE-2018-14395
**CVE-2018-6912**: The decode\_plane function in libavcodec/utvideodec.c
in FFmpeg through 3.4.2 allows remote
attackers to cause a denial of service (out of array read) via a crafted
AVI file.
### Fixed In Version:
ffmpeg 4.0
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-6912
https://ffmpeg.org/security.html
**CVE-2018-12459**: An inconsistent bits-per-sample value in the
ff\_mpeg4\_decode\_picture\_header function in
libavcodec/mpeg4videodec.c in
FFmpeg 4.0 may trigger an assertion violation while converting a crafted
AVI file to MPEG4, leading to a denial of service.
### Fixed In Version:
ffmpeg 4.0.1
### References:
https://ffmpeg.org/security.html
https://nvd.nist.gov/vuln/detail/CVE-2018-12459
**CVE-2018-12460**: libavcodec in FFmpeg 4.0 may trigger a NULL pointer
dereference if the studio profile is incorrectly detected
while converting a crafted AVI file to MPEG4, leading to a denial of
service, related to idctdsp.c and mpegvideo.c.
### Fixed In Version:
ffmpeg 4.0.1
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-12460
https://ffmpeg.org/security.html
**CVE-2018-13301**: In FFmpeg 4.0.1, due to a missing check of a profile
value before setting it, the ff\_mpeg4\_decode\_picture\_header function
in
libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while
converting a crafted AVI file to MPEG4, leading to a denial of service.
### Fixed In Version:
ffmpeg 4.0.2
### References:
https://ffmpeg.org/security.html
https://nvd.nist.gov/vuln/detail/CVE-2018-13301
**CVE-2018-13303**: In FFmpeg 4.0.1, a missing check for failure of a
call to init\_get\_bits8() in the avpriv\_ac3\_parse\_header function
in
libavcodec/ac3\_parser.c may trigger a NULL pointer dereference while
converting a crafted AVI file to MPEG4, leading to a denial of service.
### Fixed In Version:
ffmpeg 4.0.2
### References:
https://ffmpeg.org/security.html
**CVE-2018-13304**: In libavcodec in FFmpeg 4.0.1, improper maintenance
of the consistency between the context profile field and studio\_profile
in libavcodec may
trigger an assertion failure while converting a crafted AVI file to
MPEG4, leading to a denial of service, related to error\_resilience.c,
h263dec.c, and mpeg4videodec.c.
### Fixed In Version:
ffmpeg 4.0.2
### References:
https://ffmpeg.org/security.html
https://nvd.nist.gov/vuln/detail/CVE-2018-13304
*(from redmine: issue id 9353, created on 2018-08-28, closed on 2018-08-29)*
* Relations:
* copied_to #9352
* parent #9352
* Changesets:
* Revision 2a92300f12bdc3ed7fc960459e6b5a37868da059 by Natanael Copa on 2018-08-28T13:49:05Z:
```
community/ffmpeg: security upgrade to 3.4.4
fixes #9115
fixes #9353
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9347[3.9] dropbear: User enumeration vulnerability (CVE-2018-15599)2019-07-23T11:22:27ZAlicha CH[3.9] dropbear: User enumeration vulnerability (CVE-2018-15599)The recv\_msg\_userauth\_request function in svr-auth.c in Dropbear
through 2018.76 is prone to a user enumeration vulnerability because
username
validity affects how fields in SSH\_MSG\_USERAUTH messages are handled,
a similar issue t...The recv\_msg\_userauth\_request function in svr-auth.c in Dropbear
through 2018.76 is prone to a user enumeration vulnerability because
username
validity affects how fields in SSH\_MSG\_USERAUTH messages are handled,
a similar issue to CVE-2018-15473 in an unrelated codebase.
### References:
http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2018q3/002108.html
https://nvd.nist.gov/vuln/detail/CVE-2018-15599
### Patch:
https://secure.ucc.asn.au/hg/dropbear/rev/5d2d1021ca00
*(from redmine: issue id 9347, created on 2018-08-28, closed on 2018-11-08)*
* Relations:
* parent #9346
* Changesets:
* Revision 685fa426c5c984f78ebcf0ac1189fe147fc832c3 by Natanael Copa on 2018-09-10T10:40:02Z:
```
main/dropbear: backport security fix (CVE-2018-15599)
fixes #9347
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9317[3.9] openssh: User enumeration via malformed packets in authentication reque...2019-07-23T11:22:48ZAlicha CH[3.9] openssh: User enumeration via malformed packets in authentication requests (CVE-2018-15473)OpenSSH through 7.7 is prone to a user enumeration vulnerability due to
not delaying bailout for
an invalid authenticating user until after the packet containing the
request has been fully parsed,
related to auth2-gss.c, auth2-hostba...OpenSSH through 7.7 is prone to a user enumeration vulnerability due to
not delaying bailout for
an invalid authenticating user until after the packet containing the
request has been fully parsed,
related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
### References:
http://www.openwall.com/lists/oss-security/2018/08/15/5
https://nvd.nist.gov/vuln/detail/CVE-2018-15473
### Patch:
https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0
*(from redmine: issue id 9317, created on 2018-08-22, closed on 2018-09-20)*
* Relations:
* parent #9316
* Changesets:
* Revision c314d18b4e1c932d8670c49f265f919242b7a17b by Natanael Copa on 2018-08-22T08:56:21Z:
```
main/openssh: backport security fix (CVE-2018-15473)
fixes #9317
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9306[3.9] spice: Missing check in demarshal.py:write_validate_array_item() allows...2019-07-23T11:22:55ZAlicha CH[3.9] spice: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service (CVE-2018-10873)A vulnerability was discovered in SPICE before version 0.14.1 where the
generated code used for demarshalling messages
lacked sufficient bounds checks. A malicious client or server, after
authentication, could send specially crafted me...A vulnerability was discovered in SPICE before version 0.14.1 where the
generated code used for demarshalling messages
lacked sufficient bounds checks. A malicious client or server, after
authentication, could send specially crafted messages
to its peer which would result in a crash or, potentially, other
impacts.
### References:
http://openwall.com/lists/oss-security/2018/08/17/1
https://nvd.nist.gov/vuln/detail/CVE-2018-10873
### Patch:
https://gitlab.freedesktop.org/spice/spice-common/commit/bb15d4815ab586b4c4a20f4a565970a44824c42c
*(from redmine: issue id 9306, created on 2018-08-21, closed on 2018-11-08)*
* Relations:
* copied_to #9305
* parent #9305
* Changesets:
* Revision 4e1c871fdcc37ed141df6a2f53d3bd62fddd8fea on 2018-11-07T13:21:12Z:
```
main/spice: security upgrade to 0.14.1 (CVE-2018-10873)
Fixes #9306
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9291PHP5 EOL2019-07-23T11:23:06ZAndy PostnikovPHP5 EOLAs **php5** is EOL in 31 Dec 2018
https://secure.php.net/supported-versions.php
\- remove php5\* packages & fix dependencies (5 - cacti-php5,
phoronix-test-suite, phpldapadmin, rutorrent, zoneminder)
\- rename php7 packages prefix to *...As **php5** is EOL in 31 Dec 2018
https://secure.php.net/supported-versions.php
\- remove php5\* packages & fix dependencies (5 - cacti-php5,
phoronix-test-suite, phpldapadmin, rutorrent, zoneminder)
\- rename php7 packages prefix to **php-**
- for 3.9 release split peal/non-pecl packages like \#9277
*(from redmine: issue id 9291, created on 2018-08-20, closed on 2019-01-23)*
* Relations:
* relates #9277
* relates #6810
* relates #63533.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9249[3.9] samba: Multiple vulnerabilities (CVE-2018-10858, CVE-2018-10918, CVE-20...2019-07-23T11:23:41ZAlicha CH[3.9] samba: Multiple vulnerabilities (CVE-2018-10858, CVE-2018-10918, CVE-2018-10919, CVE-2018-1139, CVE-2018-1140)CVE-2018-10858: Insufficient input validation on client directory listing in libsmbclient.
------------------------------------------------------------------------------------------
Samba releases 3.2.0 to 4.8.3 (inclusive) contain an e...CVE-2018-10858: Insufficient input validation on client directory listing in libsmbclient.
------------------------------------------------------------------------------------------
Samba releases 3.2.0 to 4.8.3 (inclusive) contain an error in
libsmbclient that could allow a malicious server
to overwrite client heap memory by returning an extra long filename in a
directory listing.
### Fixed In Version:
samba 4.6.16, samba 4.7.9, samba 4.8.4
### References:
https://www.samba.org/samba/security/CVE-2018-10858.html
https://www.samba.org/samba/history/security.html
CVE-2018-10918: Denial of Service Attack on AD DC DRSUAPI server
----------------------------------------------------------------
All versions of Samba from 4.7.0 onwards are vulnerable to a denial of
service attack which can crash the “samba” process when Samba is an
Active Directory Domain Controller.
### Fixed In Version:
samba 4.7.9, samba 4.8.4
### References:
https://www.samba.org/samba/security/CVE-2018-10918.html
https://www.samba.org/samba/history/security.html
CVE-2018-10919: Confidential attribute disclosure via substring search
----------------------------------------------------------------------
All versions of the Samba Active Directory LDAP server from 4.0.0
onwards are vulnerable to the disclosure of confidential attribute
values, both of attributes where the schema SEARCH\_FLAG\_CONFIDENTIAL
(0x80) searchFlags bit and where an explicit Access Control Entry has
been specified on the ntSecurityDescriptor.
### Fixed In Version:
samba 4.6.16, samba 4.7.9, samba 4.8.4
### References:
https://www.samba.org/samba/security/CVE-2018-10919.html
https://www.samba.org/samba/history/security.html
CVE-2018-1139: Weak authentication protocol regression
------------------------------------------------------
Samba releases 4.7.0 to 4.8.3 (inclusive) contain an error which
allows authentication using NTLMv1 over an SMB1 transport (either
directory or via NETLOGON SamLogon calls from a member server), even
when NTLMv1 is explicitly disabled on the server.
Normally, the use of NTLMv1 is disabled by default in favor of NTLMv2.
This has been the default since Samba 4.5. A code restructuring in the
NTLM authentication implementation of Samba in 4.7.0 caused this
regression to occur.
### Fixed In Version:
samba 4.7.9, samba 4.8.4
### References:
https://www.samba.org/samba/security/CVE-2018-1139.html
https://www.samba.org/samba/history/security.html
CVE-2018-1140: Denial of Service Attack on DNS and LDAP server
--------------------------------------------------------------
All versions of Samba from 4.8.0 onwards are vulnerable to a denial of
service attack when Samba is an Active Directory Domain Controller.
### Fixed In Version:
samba 4.8.4
### References:
https://bugzilla.redhat.com/show\_bug.cgi?id=%20CVE-2018-1140
https://www.samba.org/samba/history/security.html
*(from redmine: issue id 9249, created on 2018-08-16, closed on 2018-08-23)*
* Relations:
* copied_to #9248
* parent #9248
* Changesets:
* Revision d773d4c9846c9af6fff4cf55c1942ce486760f82 by Andy Postnikov on 2018-08-20T14:33:06Z:
```
main/samba: security upgrade to 4.8.4
Fixes #9249
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9225[3.9] libmspack: Multiple vulnerabilities (CVE-2018-14679, CVE-2018-14680, CV...2019-07-23T11:23:57ZAlicha CH[3.9] libmspack: Multiple vulnerabilities (CVE-2018-14679, CVE-2018-14680, CVE-2018-14681, CVE-2018-14682)**CVE-2018-14679**: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha.
There is an off-by-one error in the CHM PMGI/PMGL chunk number validity
checks, which could lead
to denial of service (uninitialized data dere...**CVE-2018-14679**: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha.
There is an off-by-one error in the CHM PMGI/PMGL chunk number validity
checks, which could lead
to denial of service (uninitialized data dereference and application
crash).
### Fixed In Version:
libmspack 0.7alpha
### References:
http://www.openwall.com/lists/oss-security/2018/07/26/1
https://nvd.nist.gov/vuln/detail/CVE-2018-14679
### Patch:
https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a
**CVE-2018-14680**: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha.
It does not reject blank CHM filenames.
### Fixed In Version:
libmspack 0.7alpha
### References:
http://openwall.com/lists/oss-security/2018/07/28/1
### Patch:
https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a
**CVE-2018-14681**: An issue was discovered in kwajd\_read\_headers in
mspack/kwajd.c in libmspack before 0.7alpha.
A maliciously crafted KWAJ file header extensions could cause a one or
two byte overwrite.
### Fixed In Version:
libmspack 0.7alpha
### References:
http://www.openwall.com/lists/oss-security/2018/07/26/1
https://nvd.nist.gov/vuln/detail/CVE-2018-14681
### Patch:
https://github.com/kyz/libmspack/commit/0b0ef9344255ff5acfac6b7af09198ac9c9756c8
**CVE-2018-14682**: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha. There is an
off-by-one error in the TOLOWER() macro for CHM decompression.
### Fixed In Version:
libmspack 0.7alpha
### References:
http://openwall.com/lists/oss-security/2018/07/28/1
https://nvd.nist.gov/vuln/detail/CVE-2018-14682
### Patch:
https://github.com/kyz/libmspack/commit/4fd9ccaa54e1aebde1e4b95fb0163b699fd7bcc8
*(from redmine: issue id 9225, created on 2018-08-10, closed on 2018-08-23)*
* Relations:
* parent #9224
* Changesets:
* Revision 214cb233279c7ef0221557f24d0d0af79a46d3b7 by Natanael Copa on 2018-08-22T13:28:16Z:
```
main/libmspack: security upgrade to 0.7.1alpha
fixes #9225
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9219[3.9] wpa_supplicant: Unauthenticated EAPOL-Key decryption in wpa_supplicant ...2019-07-23T11:24:02ZAlicha CH[3.9] wpa_supplicant: Unauthenticated EAPOL-Key decryption in wpa_supplicant (CVE-2018-14526)An issue was discovered in rsn\_supp/wpa.c in wpa\_supplicant 2.0
through 2.6. Under certain conditions,
the integrity of EAPOL-Key messages is not checked, leading to a
decryption oracle. An attacker within
range of the Access Point...An issue was discovered in rsn\_supp/wpa.c in wpa\_supplicant 2.0
through 2.6. Under certain conditions,
the integrity of EAPOL-Key messages is not checked, leading to a
decryption oracle. An attacker within
range of the Access Point and client can abuse the vulnerability to
recover sensitive information.
### References:
https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt
http://openwall.com/lists/oss-security/2018/08/08/3
https://nvd.nist.gov/vuln/detail/CVE-2018-14526
*(from redmine: issue id 9219, created on 2018-08-10, closed on 2018-08-22)*
* Relations:
* copied_to #9218
* parent #9218
* Changesets:
* Revision ecc28455ea46b5da17cc43d1250d6a16ebeba169 by Natanael Copa on 2018-08-21T13:55:16Z:
```
main/wpa_supplicant: security fix (CVE-2018-14526)
fixes #9219
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9208[3.9] libao: Invalid memory allocation in _tokenize_matrix function in audio_...2019-07-23T11:24:11ZAlicha CH[3.9] libao: Invalid memory allocation in _tokenize_matrix function in audio_out.c (CVE-2017-11548)The \_tokenize\_matrix function in audio\_out.c in Xiph.Org libao 1.2.0
allows remote attackers to cause
a denial of service (memory corruption) via a crafted MP3 file.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-11548 ...The \_tokenize\_matrix function in audio\_out.c in Xiph.Org libao 1.2.0
allows remote attackers to cause
a denial of service (memory corruption) via a crafted MP3 file.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-11548
http://seclists.org/fulldisclosure/2017/Jul/84
*(from redmine: issue id 9208, created on 2018-08-08, closed on 2019-01-01)*
* Relations:
* copied_to #9207
* parent #9207
* Changesets:
* Revision d25107e8a0abff1db592d5a79b4cd03b670ff905 by Natanael Copa on 2018-12-04T12:17:12Z:
```
main/libao: security fix for CVE-2017-11548
fixes #9208
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9174[3.9] py-django: Open redirect possibility in CommonMiddleware (CVE-2018-14574)2019-07-23T11:24:36ZAlicha CH[3.9] py-django: Open redirect possibility in CommonMiddleware (CVE-2018-14574)If the django.middleware.common.CommonMiddleware and the APPEND\_SLASH
setting are both enabled, and if the project
has a URL pattern that accepts any path ending in a slash (many content
management systems have such a pattern), then a...If the django.middleware.common.CommonMiddleware and the APPEND\_SLASH
setting are both enabled, and if the project
has a URL pattern that accepts any path ending in a slash (many content
management systems have such a pattern), then a request to
a maliciously crafted URL of that site could lead to a redirect to
another site, enabling phishing and other attacks.
### Fixed In Version:
Django 1.11.15 and Django 2.0.8
### References:
https://www.djangoproject.com/weblog/2018/aug/01/security-releases/
http://openwall.com/lists/oss-security/2018/08/01/2
### Patch:
https://github.com/django/django/commit/d6eaee092709aad477a9894598496c6deec532ff
*(from redmine: issue id 9174, created on 2018-08-02, closed on 2018-08-07)*
* Relations:
* copied_to #9173
* parent #9173
* Changesets:
* Revision be7e22246de0916a68b640d89fc11fa95ea548b5 by Natanael Copa on 2018-08-06T15:15:13Z:
```
main/py-django: security upgrade to 1.11.15 (CVE-2018-14574)
fixes #9174
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9158[3.9] wireshark: Multiple vulnerabilities (CVE-2018-14339, CVE-2018-14340, CV...2019-07-23T11:24:50ZAlicha CH[3.9] wireshark: Multiple vulnerabilities (CVE-2018-14339, CVE-2018-14340, CVE-2018-14341, CVE-2018-14342, CVE-2018-14343, CVE-2018-14344, CVE-2018-14367, CVE-2018-14368, CVE-2018-14369, CVE-2018-14370)**CVE-2018-14339**: MMSE dissector infinite loop
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-38.html
**CVE-...**CVE-2018-14339**: MMSE dissector infinite loop
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-38.html
**CVE-2018-14340**: Multiple dissectors could crash
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-36.html
**CVE-2018-14341**: DICOM dissector large loop
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-39.html
**CVE-2018-14342**: BGP dissector large loop
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-34.html
**CVE-2018-14343**: ASN.1 BER and related dissectors crash.
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-37.html
**CVE-2018-14344**: ISMP dissector crash.
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-35.html
**CVE-2018-14367**: CoAP dissector crash
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7
Fixed versions: 2.6.2, 2.4.8
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-42.html
**CVE-2018-14368**: Bazaar dissector infinite loop
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-40.html
**CVE-2018-14369**: HTTP2 dissector crash
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-41.html
**CVE-2018-14370**: IEEE 802.11 dissector crash
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7
Fixed versions: 2.6.2, 2.4.8
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-43.html
*(from redmine: issue id 9158, created on 2018-07-30, closed on 2018-07-31)*
* Relations:
* copied_to #9157
* parent #91573.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9151[3.9] fuse: bypass of the "user_allow_other" restriction when SELinux is acti...2019-07-23T11:24:57ZAlicha CH[3.9] fuse: bypass of the "user_allow_other" restriction when SELinux is active (CVE-2018-10906)In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is
vulnerable to a restriction bypass when SELinux is active. This allows
non-root users to mount a FUSE file system with the ‘allow\_other’
mount
option regardless of ...In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is
vulnerable to a restriction bypass when SELinux is active. This allows
non-root users to mount a FUSE file system with the ‘allow\_other’
mount
option regardless of whether ‘user\_allow\_other’ is set in the fuse
configuration. An attacker may use this flaw to mount a FUSE file
system,
accessible by other users, and trick them into accessing files on that
file
system, possibly causing Denial of Service or other unspecified effects.
### References:
http://openwall.com/lists/oss-security/2018/07/24/1
https://nvd.nist.gov/vuln/detail/CVE-2018-10906
### Patches:
https://github.com/libfuse/libfuse/commit/28bdae3d113ef479c1660a581ef720cdc33bf466
https://github.com/libfuse/libfuse/commit/5018a0c016495155ee598b7e0167b43d5d902414
*(from redmine: issue id 9151, created on 2018-07-30, closed on 2018-07-31)*
* Relations:
* copied_to #9150
* parent #9150
* Changesets:
* Revision cab094ae856f8729453475a6c5fff8e35d8844ab by Natanael Copa on 2018-07-30T16:03:32Z:
```
main/fuse: security upgrade to 2.9.8 (CVE-2018-10906)
fixes #9151
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9140[3.9] libvorbis: heap buffer overflow in mapping0_forward function (CVE-2018-...2019-07-23T11:25:07ZAlicha CH[3.9] libvorbis: heap buffer overflow in mapping0_forward function (CVE-2018-10392)A flaw was found in libvorbis 1.3.6. The mapping0\_forward function in
mapping0.c file in Xiph.Org does not validate the number of channels,
which allows remote attackers to cause a denial of service (heap-based
buffer overflow or over...A flaw was found in libvorbis 1.3.6. The mapping0\_forward function in
mapping0.c file in Xiph.Org does not validate the number of channels,
which allows remote attackers to cause a denial of service (heap-based
buffer overflow or over-read) via a crafted file.
### References:
https://gitlab.xiph.org/xiph/vorbis/issues/2335
https://nvd.nist.gov/vuln/detail/CVE-2018-10392
### Patch:
https://gitlab.xiph.org/xiph/vorbis/commit/112d3bd0aaacad51305e1464d4b381dabad0e88b
*(from redmine: issue id 9140, created on 2018-07-27, closed on 2018-07-30)*
* Relations:
* copied_to #9139
* parent #91393.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9128[3.9] mutt: Multiple vulnerabilities (CVE-2018-14349, CVE-2018-14350, CVE-201...2019-07-23T11:25:15ZAlicha CH[3.9] mutt: Multiple vulnerabilities (CVE-2018-14349, CVE-2018-14350, CVE-2018-14351, CVE-2018-14352, CVE-2018-14353, CVE-2018-14354, CVE-2018-14355, CVE-2018-14356, CVE-2018-14357, CVE-2018-14358, CVE-2018-14359, CVE-2018-14362)CVE-2018-14349: Heap Overflow in imap/command.c
-----------------------------------------------
### Fixed In Version:
mutt 1.10.1
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-14349
### Patches:
https://gitlab.com/muttm...CVE-2018-14349: Heap Overflow in imap/command.c
-----------------------------------------------
### Fixed In Version:
mutt 1.10.1
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-14349
### Patches:
https://gitlab.com/muttmua/mutt/commit/9347b5c01dc52682cb6be11539d9b7ebceae4416
CVE-2018-14350: stack-based buffer overflow in imap/message.c
-------------------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-14349
### Patch:
https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870
CVE-2018-14351: IMAP status mailbox literal mishandled in imap/command.c
------------------------------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### References:
http://www.mutt.org/news.html
https://nvd.nist.gov/vuln/detail/CVE-2018-14351
### Patch:
https://gitlab.com/muttmua/mutt/commit/e57a8602b45f58edf7b3ffb61bb17525d75dfcb1
CVE-2018-14352: stack-based buffer overflow in imap/util.c
----------------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14352
### Patch:
https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d
CVE-2018-14353: integer underflow in imap/util.c
------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### References:
http://www.mutt.org/news.html
https://nvd.nist.gov/vuln/detail/CVE-2018-14353
### Patch:
https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d
CVE-2018-14354: Remote code injection vulnerability to an IMAP mailbox
----------------------------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14354
### Patch:
https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d
CVE-2018-14355: IMAP header caching path traversal vulnerability
----------------------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14355
### Patch:
https://gitlab.com/muttmua/mutt/commit/31eef6c766f47df8281942d19f76e35f475c781d
CVE-2018-14356: mishandles a zero-length UID in pop.c
-----------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14356
### Patch:
https://gitlab.com/muttmua/mutt/commit/e154cba1b3fc52bb8cb8aa846353c0db79b5d9c6
CVE-2018-14357: Remote Code Execution via backquote characters
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14357
### Patch:
https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d
CVE-2018-14358: stack-based buffer overflow in imap/message.c
-------------------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14358
### Patch:
https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870
CVE-2018-14359: buffer overflow via base64 data
-----------------------------------------------
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14359
### Patch:
https://gitlab.com/muttmua/mutt/commit/3d9028fec8f4d08db2251096307c0bbbebce669a
CVE-2018-14362: POP body caching path traversal vulnerability
-------------------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14362
### Patch:
https://gitlab.com/muttmua/mutt/commit/6aed28b40a0410ec47d40c8c7296d8d10bae7576
*(from redmine: issue id 9128, created on 2018-07-24, closed on 2018-07-27)*
* Relations:
* copied_to #9127
* parent #9127
* Changesets:
* Revision ed115862c323b563d378a0ca48ef4f6e7cf55388 by Natanael Copa on 2018-07-24T15:23:25Z:
```
main/mutt: security upgrade to 1.10.1
CVE-2018-14349, CVE-2018-14350, CVE-2018-14351, CVE-2018-14352,
CVE-2018-14353, CVE-2018-14354, CVE-2018-14355, CVE-2018-14356,
CVE-2018-14357, CVE-2018-14358, CVE-2018-14359, CVE-2018-14362
fixes #9128
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9115[3.9] ffmpeg: Multiple vulnerabilities (CVE-2018-7557, CVE-2018-10001, CVE-20...2019-07-23T11:25:22ZAlicha CH[3.9] ffmpeg: Multiple vulnerabilities (CVE-2018-7557, CVE-2018-10001, CVE-2018-12458, CVE-2018-13300, CVE-2018-13302)**CVE-2018-7557**: The decode\_init function in libavcodec/utvideodec.c
in FFmpeg through 3.4.2 allows remote attackers
to cause a denial of service (Out of array read) via an AVI file with
crafted dimensions within chroma subsampling ...**CVE-2018-7557**: The decode\_init function in libavcodec/utvideodec.c
in FFmpeg through 3.4.2 allows remote attackers
to cause a denial of service (Out of array read) via an AVI file with
crafted dimensions within chroma subsampling data.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-7557
### Patch:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/7414d0bda7763f9bd69c26c068e482ab297c1c96
**CVE-2018-10001**: The decode\_init function in libavcodec/utvideodec.c
in FFmpeg through 3.4.2 allows
remote attackers to cause a denial of service (out of array read) via an
AVI file.
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-10001
### Patch:
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=47b7c68ae54560e2308bdb6be4fb076c73b93081
**CVE-2018-12458**: An improper integer type in the
mpeg4\_encode\_gop\_header function in libavcodec/mpeg4videoenc.c in
FFmpeg 4.0 may trigger an assertion violation while converting a crafted
AVI file to MPEG4, leading to a denial of service.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-12458
### Patch:
https://github.com/FFmpeg/FFmpeg/commit/e1182fac1afba92a4975917823a5f644bee7e6e8
**CVE-2018-13300**: In FFmpeg 4.0.1, an improper argument
(AVCodecParameters) passed to the avpriv\_request\_sample
function in the handle\_eac3 function in libavformat/movenc.c may
trigger an out-of-array read while converting a
crafted AVI file to MPEG4, leading to a denial of service and possibly
an information disclosure.
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-13300
### Patch:
https://github.com/FFmpeg/FFmpeg/commit/95556e27e2c1d56d9e18f5db34d6f756f3011148
**CVE-2018-13302**: In FFmpeg 4.0.1, improper handling of frame types
(other than EAC3\_FRAME\_TYPE\_INDEPENDENT) that
have multiple independent substreams in the handle\_eac3 function in
libavformat/movenc.c may trigger an out-of-array access
while converting a crafted AVI file to MPEG4, leading to a denial of
service or possibly unspecified other impact.
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-13302
### Patch:
https://github.com/FFmpeg/FFmpeg/commit/ed22dc22216f74c75ee7901f82649e1ff725ba50
*(from redmine: issue id 9115, created on 2018-07-19, closed on 2018-08-29)*
* Relations:
* copied_to #9114
* parent #9114
* Changesets:
* Revision 2a92300f12bdc3ed7fc960459e6b5a37868da059 by Natanael Copa on 2018-08-28T13:49:05Z:
```
community/ffmpeg: security upgrade to 3.4.4
fixes #9115
fixes #9353
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9100[3.9] znc: Multiple vulnerabilities (CVE-2018-14055, CVE-2018-14056)2019-07-23T11:25:35ZAlicha CH[3.9] znc: Multiple vulnerabilities (CVE-2018-14055, CVE-2018-14056)**CVE-2018-14055**: ZNC before 1.7.1-rc1 does not properly validate
untrusted lines coming from the
network, allowing a non-admin user to escalate his privilege and inject
rogue values into znc.conf.
### Reference:
https://nvd.nist.g...**CVE-2018-14055**: ZNC before 1.7.1-rc1 does not properly validate
untrusted lines coming from the
network, allowing a non-admin user to escalate his privilege and inject
rogue values into znc.conf.
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14055
### Patches:
https://github.com/znc/znc/commit/a7bfbd93812950b7444841431e8e297e62cb524e
https://github.com/znc/znc/commit/d22fef8620cdd87490754f607e7153979731c69d
**CVE-2018-14056**: ZNC before 1.7.1-rc1 is prone to a path traversal
flaw via ../ in a web
skin name to access files outside of the intended skins directories.
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14056
### Patch:
https://github.com/znc/znc/commit/a4a5aeeb17d32937d8c7d743dae9a4cc755ce773
*(from redmine: issue id 9100, created on 2018-07-17, closed on 2018-07-19)*
* Relations:
* copied_to #9099
* parent #9099
* Changesets:
* Revision bd4fb24c372fc0a49ab402a6773ad26ee7314d80 by Natanael Copa on 2018-07-18T07:33:45Z:
```
main/znc: security upgrade to 1.7.1 (CVE-2018-14055,CVE-2018-14056)
fixes #9100
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8601if grub is used, why to load /etc/update-extlinux.conf2019-07-23T11:34:58Zjiri bif grub is used, why to load /etc/update-extlinux.confHi,
apk del syslinux
apk add grub
…so one wants to use grub. but why is grub patched to load a kind of
syslinux (extlinux) related script?
1. grep -nC3 /etc/update-extlinux.conf /etc/grub.d/10\_linux
21-exec\_prefix=“/usr”
...Hi,
apk del syslinux
apk add grub
…so one wants to use grub. but why is grub patched to load a kind of
syslinux (extlinux) related script?
1. grep -nC3 /etc/update-extlinux.conf /etc/grub.d/10\_linux
21-exec\_prefix=“/usr”
22-datarootdir=“/usr/share”
23-
24:. /etc/update-extlinux.conf
25-. “$pkgdatadir/grub-mkconfig\_lib”
26-
27-GRUB\_CMDLINE\_LINUX\_DEFAULT=“modules=${modules}
${default\_kernel\_opts} ${GRUB\_CMDLINE\_LINUX\_DEFAULT}”
imo there should be condition if possible.
*(from redmine: issue id 8601, created on 2018-03-02, closed on 2019-01-23)*
* Changesets:
* Revision cb6c7c4b66dc4640425f875c7d9545dad9e7823c by Natanael Copa on 2019-01-17T18:59:46Z:
```
main/grub: misc alpine fixes for /etc/grub.d/10_linux
- do not depend on /etc/update-extlinux.conf
- remove GNU when GRUB_DISTRIBUTOR="Alpine"
- clean up initramfs search
fixes #8601
```3.9.0Natanael CopaNatanael Copa