aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2019-07-23T11:07:21Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10514[3.7] heimdal: S4U2Self with unkeyed checksum (CVE-2018-16860)2019-07-23T11:07:21ZAlicha CH[3.7] heimdal: S4U2Self with unkeyed checksum (CVE-2018-16860)S4U2Self is an extension to Kerberos used in Active Directory to allow
a service to request a kerberos ticket to itself from the Kerberos Key
Distribution Center (KDC) for a non-Kerberos authenticated user
(principal in Kerboros pa...S4U2Self is an extension to Kerberos used in Active Directory to allow
a service to request a kerberos ticket to itself from the Kerberos Key
Distribution Center (KDC) for a non-Kerberos authenticated user
(principal in Kerboros parlance). This is useful to allow internal
code paths to be standardized around Kerberos.
S4U2Proxy (constrained-delegation) is an extension of this mechanism
allowing this impersonation to a second service over the network. It
allows a privileged server that obtained a S4U2Self ticket to itself
to then assert the identity of that principal to a second service and
present itself as that principal to get services from the second
service.
There is a flaw in Samba’s AD DC in the Heimdal KDC. When the Heimdal
KDC checks the checksum that is placed on the S4U2Self packet by the
server to protect the requested principal against modification, it
does not confirm that the checksum algorithm that protects the user
name (principal) in the request is keyed. This allows a
man-in-the-middle attacker who can intercept the request to the KDC to
modify the packet by replacing the user name (principal) in the
request with any desired user name (principal) that exists in the KDC
and replace the checksum protecting that name with a CRC32 checksum
(which requires no prior knowledge to compute).
This would allow a S4U2Self ticket requested on behalf of user name
(principal) user@EXAMPLE.COM to any service to be changed to a
S4U2Self ticket with a user name (principal) of
Administrator@EXAMPLE.COM. This ticket would then contain the PAC of
the modified user name (principal).
### Affected Versions:
All releases of Heimdal from 0.8 including 7.5.0
### Reference:
https://github.com/heimdal/heimdal/commit/c6257cc2c842c0faaeb4ef34e33890ee88c4cbba
https://www.samba.org/samba/security/CVE-2018-16860.html
### Patch:
https://github.com/heimdal/heimdal/commit/c6257cc2c842c0faaeb4ef34e33890ee88c4cbba
*(from redmine: issue id 10514, created on 2019-05-30, closed on 2019-06-05)*
* Relations:
* parent #10510
* Changesets:
* Revision d3d301001ca95af4473c3a52c9bccd9950b7b04c on 2019-06-04T14:44:57Z:
```
main/heimdal: security fix (CVE-2018-16860)
Fixes #10514
Clarify license
```3.7.4Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10513[3.8] heimdal: S4U2Self with unkeyed checksum (CVE-2018-16860)2019-07-23T11:07:22ZAlicha CH[3.8] heimdal: S4U2Self with unkeyed checksum (CVE-2018-16860)S4U2Self is an extension to Kerberos used in Active Directory to allow
a service to request a kerberos ticket to itself from the Kerberos Key
Distribution Center (KDC) for a non-Kerberos authenticated user
(principal in Kerboros pa...S4U2Self is an extension to Kerberos used in Active Directory to allow
a service to request a kerberos ticket to itself from the Kerberos Key
Distribution Center (KDC) for a non-Kerberos authenticated user
(principal in Kerboros parlance). This is useful to allow internal
code paths to be standardized around Kerberos.
S4U2Proxy (constrained-delegation) is an extension of this mechanism
allowing this impersonation to a second service over the network. It
allows a privileged server that obtained a S4U2Self ticket to itself
to then assert the identity of that principal to a second service and
present itself as that principal to get services from the second
service.
There is a flaw in Samba’s AD DC in the Heimdal KDC. When the Heimdal
KDC checks the checksum that is placed on the S4U2Self packet by the
server to protect the requested principal against modification, it
does not confirm that the checksum algorithm that protects the user
name (principal) in the request is keyed. This allows a
man-in-the-middle attacker who can intercept the request to the KDC to
modify the packet by replacing the user name (principal) in the
request with any desired user name (principal) that exists in the KDC
and replace the checksum protecting that name with a CRC32 checksum
(which requires no prior knowledge to compute).
This would allow a S4U2Self ticket requested on behalf of user name
(principal) user@EXAMPLE.COM to any service to be changed to a
S4U2Self ticket with a user name (principal) of
Administrator@EXAMPLE.COM. This ticket would then contain the PAC of
the modified user name (principal).
### Affected Versions:
All releases of Heimdal from 0.8 including 7.5.0
### Reference:
https://github.com/heimdal/heimdal/commit/c6257cc2c842c0faaeb4ef34e33890ee88c4cbba
https://www.samba.org/samba/security/CVE-2018-16860.html
### Patch:
https://github.com/heimdal/heimdal/commit/c6257cc2c842c0faaeb4ef34e33890ee88c4cbba
*(from redmine: issue id 10513, created on 2019-05-30, closed on 2019-06-05)*
* Relations:
* parent #10510
* Changesets:
* Revision 5ee28b356b1b4aebf9d9fafa32c82c7519cbecd9 on 2019-06-04T14:27:17Z:
```
main/heimdal: security fix (CVE-2018-16860)
Fixes #10513
Remove unused patch, clarify license
```3.8.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10512[3.9] heimdal: S4U2Self with unkeyed checksum (CVE-2018-16860)2019-07-23T11:07:23ZAlicha CH[3.9] heimdal: S4U2Self with unkeyed checksum (CVE-2018-16860)S4U2Self is an extension to Kerberos used in Active Directory to allow
a service to request a kerberos ticket to itself from the Kerberos Key
Distribution Center (KDC) for a non-Kerberos authenticated user
(principal in Kerboros pa...S4U2Self is an extension to Kerberos used in Active Directory to allow
a service to request a kerberos ticket to itself from the Kerberos Key
Distribution Center (KDC) for a non-Kerberos authenticated user
(principal in Kerboros parlance). This is useful to allow internal
code paths to be standardized around Kerberos.
S4U2Proxy (constrained-delegation) is an extension of this mechanism
allowing this impersonation to a second service over the network. It
allows a privileged server that obtained a S4U2Self ticket to itself
to then assert the identity of that principal to a second service and
present itself as that principal to get services from the second
service.
There is a flaw in Samba’s AD DC in the Heimdal KDC. When the Heimdal
KDC checks the checksum that is placed on the S4U2Self packet by the
server to protect the requested principal against modification, it
does not confirm that the checksum algorithm that protects the user
name (principal) in the request is keyed. This allows a
man-in-the-middle attacker who can intercept the request to the KDC to
modify the packet by replacing the user name (principal) in the
request with any desired user name (principal) that exists in the KDC
and replace the checksum protecting that name with a CRC32 checksum
(which requires no prior knowledge to compute).
This would allow a S4U2Self ticket requested on behalf of user name
(principal) user@EXAMPLE.COM to any service to be changed to a
S4U2Self ticket with a user name (principal) of
Administrator@EXAMPLE.COM. This ticket would then contain the PAC of
the modified user name (principal).
### Affected Versions:
All releases of Heimdal from 0.8 including 7.5.0
### Reference:
https://github.com/heimdal/heimdal/commit/c6257cc2c842c0faaeb4ef34e33890ee88c4cbba
https://www.samba.org/samba/security/CVE-2018-16860.html
### Patch:
https://github.com/heimdal/heimdal/commit/c6257cc2c842c0faaeb4ef34e33890ee88c4cbba
*(from redmine: issue id 10512, created on 2019-05-30, closed on 2019-06-05)*
* Relations:
* parent #10510
* Changesets:
* Revision d7f01c593b1ee60783bd9bf1b13f1ef234896a10 on 2019-06-04T14:21:33Z:
```
main/heimdal: security fix (CVE-2018-16860)
Fixes #10512
Remove unused patch, clarify license
```3.9.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10511[3.10] heimdal: S4U2Self with unkeyed checksum (CVE-2018-16860)2019-07-23T11:07:25ZAlicha CH[3.10] heimdal: S4U2Self with unkeyed checksum (CVE-2018-16860)S4U2Self is an extension to Kerberos used in Active Directory to allow
a service to request a kerberos ticket to itself from the Kerberos Key
Distribution Center (KDC) for a non-Kerberos authenticated user
(principal in Kerboros pa...S4U2Self is an extension to Kerberos used in Active Directory to allow
a service to request a kerberos ticket to itself from the Kerberos Key
Distribution Center (KDC) for a non-Kerberos authenticated user
(principal in Kerboros parlance). This is useful to allow internal
code paths to be standardized around Kerberos.
S4U2Proxy (constrained-delegation) is an extension of this mechanism
allowing this impersonation to a second service over the network. It
allows a privileged server that obtained a S4U2Self ticket to itself
to then assert the identity of that principal to a second service and
present itself as that principal to get services from the second
service.
There is a flaw in Samba’s AD DC in the Heimdal KDC. When the Heimdal
KDC checks the checksum that is placed on the S4U2Self packet by the
server to protect the requested principal against modification, it
does not confirm that the checksum algorithm that protects the user
name (principal) in the request is keyed. This allows a
man-in-the-middle attacker who can intercept the request to the KDC to
modify the packet by replacing the user name (principal) in the
request with any desired user name (principal) that exists in the KDC
and replace the checksum protecting that name with a CRC32 checksum
(which requires no prior knowledge to compute).
This would allow a S4U2Self ticket requested on behalf of user name
(principal) user@EXAMPLE.COM to any service to be changed to a
S4U2Self ticket with a user name (principal) of
Administrator@EXAMPLE.COM. This ticket would then contain the PAC of
the modified user name (principal).
### Affected Versions:
All releases of Heimdal from 0.8 including 7.5.0
### Reference:
https://github.com/heimdal/heimdal/commit/c6257cc2c842c0faaeb4ef34e33890ee88c4cbba
https://www.samba.org/samba/security/CVE-2018-16860.html
### Patch:
https://github.com/heimdal/heimdal/commit/c6257cc2c842c0faaeb4ef34e33890ee88c4cbba
*(from redmine: issue id 10511, created on 2019-05-30, closed on 2019-06-05)*
* Relations:
* parent #10510
* Changesets:
* Revision aa2d24fab1e16e497512004aa40a11c032fcab73 on 2019-06-04T14:19:35Z:
```
main/heimdal: security fix (CVE-2018-16860)
Fixes #10511
Remove unused patch, clarify license
```3.10.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10510heimdal: S4U2Self with unkeyed checksum (CVE-2018-16860)2019-07-23T11:07:25ZAlicha CHheimdal: S4U2Self with unkeyed checksum (CVE-2018-16860)S4U2Self is an extension to Kerberos used in Active Directory to allow
a service to request a kerberos ticket to itself from the Kerberos Key
Distribution Center (KDC) for a non-Kerberos authenticated user
(principal in Kerboros pa...S4U2Self is an extension to Kerberos used in Active Directory to allow
a service to request a kerberos ticket to itself from the Kerberos Key
Distribution Center (KDC) for a non-Kerberos authenticated user
(principal in Kerboros parlance). This is useful to allow internal
code paths to be standardized around Kerberos.
S4U2Proxy (constrained-delegation) is an extension of this mechanism
allowing this impersonation to a second service over the network. It
allows a privileged server that obtained a S4U2Self ticket to itself
to then assert the identity of that principal to a second service and
present itself as that principal to get services from the second
service.
There is a flaw in Samba’s AD DC in the Heimdal KDC. When the Heimdal
KDC checks the checksum that is placed on the S4U2Self packet by the
server to protect the requested principal against modification, it
does not confirm that the checksum algorithm that protects the user
name (principal) in the request is keyed. This allows a
man-in-the-middle attacker who can intercept the request to the KDC to
modify the packet by replacing the user name (principal) in the
request with any desired user name (principal) that exists in the KDC
and replace the checksum protecting that name with a CRC32 checksum
(which requires no prior knowledge to compute).
This would allow a S4U2Self ticket requested on behalf of user name
(principal) user@EXAMPLE.COM to any service to be changed to a
S4U2Self ticket with a user name (principal) of
Administrator@EXAMPLE.COM. This ticket would then contain the PAC of
the modified user name (principal).
### Affected Versions:
All releases of Heimdal from 0.8 including 7.5.0
### Reference:
https://github.com/heimdal/heimdal/commit/c6257cc2c842c0faaeb4ef34e33890ee88c4cbba
https://www.samba.org/samba/security/CVE-2018-16860.html
### Patch:
https://github.com/heimdal/heimdal/commit/c6257cc2c842c0faaeb4ef34e33890ee88c4cbba
*(from redmine: issue id 10510, created on 2019-05-30, closed on 2019-06-05)*
* Relations:
* child #10511
* child #10512
* child #10513
* child #10514Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10508[3.8] samba: S4U2Self with unkeyed checksum (CVE-2018-16860)2019-07-23T11:07:26ZAlicha CH[3.8] samba: S4U2Self with unkeyed checksum (CVE-2018-16860)S4U2Self is an extension to Kerberos used in Active Directory to allow
a service to request a kerberos ticket to itself from the Kerberos Key
Distribution Center (KDC) for a non-Kerberos authenticated user
(principal in Kerboros pa...S4U2Self is an extension to Kerberos used in Active Directory to allow
a service to request a kerberos ticket to itself from the Kerberos Key
Distribution Center (KDC) for a non-Kerberos authenticated user
(principal in Kerboros parlance). This is useful to allow internal
code paths to be standardized around Kerberos.
S4U2Proxy (constrained-delegation) is an extension of this mechanism
allowing this impersonation to a second service over the network. It
allows a privileged server that obtained a S4U2Self ticket to itself
to then assert the identity of that principal to a second service and
present itself as that principal to get services from the second
service.
There is a flaw in Samba’s AD DC in the Heimdal KDC. When the Heimdal
KDC checks the checksum that is placed on the S4U2Self packet by the
server to protect the requested principal against modification, it
does not confirm that the checksum algorithm that protects the user
name (principal) in the request is keyed. This allows a
man-in-the-middle attacker who can intercept the request to the KDC to
modify the packet by replacing the user name (principal) in the
request with any desired user name (principal) that exists in the KDC
and replace the checksum protecting that name with a CRC32 checksum
(which requires no prior knowledge to compute).
This would allow a S4U2Self ticket requested on behalf of user name
(principal) user@EXAMPLE.COM to any service to be changed to a
S4U2Self ticket with a user name (principal) of
Administrator@EXAMPLE.COM. This ticket would then contain the PAC of
the modified user name (principal).
### Fixed In Version:
samba 4.8.12, samba 4.9.8 and samba 4.10.3
### References:
https://www.samba.org/samba/security/CVE-2018-16860.html
https://www.samba.org/samba/history/security.html
*(from redmine: issue id 10508, created on 2019-05-30, closed on 2019-06-05)*
* Relations:
* parent #10506
* Changesets:
* Revision 62d88ba3b7c2ed610aaf68d2a5a5956f6e702708 on 2019-06-05T06:27:09Z:
```
main/samba: security upgrade to 4.8.12 (CVE-2018-16860)
Fixes #10508
```3.8.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10507[3.9] samba: S4U2Self with unkeyed checksum (CVE-2018-16860)2019-07-23T11:07:28ZAlicha CH[3.9] samba: S4U2Self with unkeyed checksum (CVE-2018-16860)S4U2Self is an extension to Kerberos used in Active Directory to allow
a service to request a kerberos ticket to itself from the Kerberos Key
Distribution Center (KDC) for a non-Kerberos authenticated user
(principal in Kerboros pa...S4U2Self is an extension to Kerberos used in Active Directory to allow
a service to request a kerberos ticket to itself from the Kerberos Key
Distribution Center (KDC) for a non-Kerberos authenticated user
(principal in Kerboros parlance). This is useful to allow internal
code paths to be standardized around Kerberos.
S4U2Proxy (constrained-delegation) is an extension of this mechanism
allowing this impersonation to a second service over the network. It
allows a privileged server that obtained a S4U2Self ticket to itself
to then assert the identity of that principal to a second service and
present itself as that principal to get services from the second
service.
There is a flaw in Samba’s AD DC in the Heimdal KDC. When the Heimdal
KDC checks the checksum that is placed on the S4U2Self packet by the
server to protect the requested principal against modification, it
does not confirm that the checksum algorithm that protects the user
name (principal) in the request is keyed. This allows a
man-in-the-middle attacker who can intercept the request to the KDC to
modify the packet by replacing the user name (principal) in the
request with any desired user name (principal) that exists in the KDC
and replace the checksum protecting that name with a CRC32 checksum
(which requires no prior knowledge to compute).
This would allow a S4U2Self ticket requested on behalf of user name
(principal) user@EXAMPLE.COM to any service to be changed to a
S4U2Self ticket with a user name (principal) of
Administrator@EXAMPLE.COM. This ticket would then contain the PAC of
the modified user name (principal).
### Fixed In Version:
samba 4.8.12, samba 4.9.8 and samba 4.10.3
### References:
https://www.samba.org/samba/security/CVE-2018-16860.html
https://www.samba.org/samba/history/security.html
*(from redmine: issue id 10507, created on 2019-05-30, closed on 2019-06-05)*
* Relations:
* parent #10506
* Changesets:
* Revision 358e0341238ac9f457328893b2974e256e37693f on 2019-06-04T14:44:08Z:
```
main/samba: security upgrade to 4.8.12 (CVE-2018-16860)
Fixes #10507
```3.9.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10506samba: S4U2Self with unkeyed checksum (CVE-2018-16860)2019-07-23T11:07:29ZAlicha CHsamba: S4U2Self with unkeyed checksum (CVE-2018-16860)S4U2Self is an extension to Kerberos used in Active Directory to allow
a service to request a kerberos ticket to itself from the Kerberos Key
Distribution Center (KDC) for a non-Kerberos authenticated user
(principal in Kerboros pa...S4U2Self is an extension to Kerberos used in Active Directory to allow
a service to request a kerberos ticket to itself from the Kerberos Key
Distribution Center (KDC) for a non-Kerberos authenticated user
(principal in Kerboros parlance). This is useful to allow internal
code paths to be standardized around Kerberos.
S4U2Proxy (constrained-delegation) is an extension of this mechanism
allowing this impersonation to a second service over the network. It
allows a privileged server that obtained a S4U2Self ticket to itself
to then assert the identity of that principal to a second service and
present itself as that principal to get services from the second
service.
There is a flaw in Samba’s AD DC in the Heimdal KDC. When the Heimdal
KDC checks the checksum that is placed on the S4U2Self packet by the
server to protect the requested principal against modification, it
does not confirm that the checksum algorithm that protects the user
name (principal) in the request is keyed. This allows a
man-in-the-middle attacker who can intercept the request to the KDC to
modify the packet by replacing the user name (principal) in the
request with any desired user name (principal) that exists in the KDC
and replace the checksum protecting that name with a CRC32 checksum
(which requires no prior knowledge to compute).
This would allow a S4U2Self ticket requested on behalf of user name
(principal) user@EXAMPLE.COM to any service to be changed to a
S4U2Self ticket with a user name (principal) of
Administrator@EXAMPLE.COM. This ticket would then contain the PAC of
the modified user name (principal).
### Fixed In Version:
samba 4.8.12, samba 4.9.8 and samba 4.10.3
### References:
https://www.samba.org/samba/security/CVE-2018-16860.html
https://www.samba.org/samba/history/security.html
*(from redmine: issue id 10506, created on 2019-05-30, closed on 2019-06-05)*
* Relations:
* child #10507
* child #10508
* child #10509Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10503[3.9] firefox-esr: Multiple vulnerabilities (CVE-2019-9816, CVE-2019-9817, CV...2019-07-23T10:34:20ZAlicha CH[3.9] firefox-esr: Multiple vulnerabilities (CVE-2019-9816, CVE-2019-9817, CVE-2019-9819, CVE-2019-9820, CVE-2019-11691, CVE-2019-11692, CVE-2019-11693, CVE-2019-7317, CVE-2019-9797, CVE-2018-18511, CVE-2019-11698, CVE-2019-9800)CVE-2019-9816: Type confusion with object groups and UnboxedObjects
CVE-2019-9817: Stealing of cross-domain images using canvas
CVE-2019-9819: Compartment mismatch with fetch API
CVE-2019-9820: Use-after-free of ChromeEventHandler ...CVE-2019-9816: Type confusion with object groups and UnboxedObjects
CVE-2019-9817: Stealing of cross-domain images using canvas
CVE-2019-9819: Compartment mismatch with fetch API
CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell
CVE-2019-11691: Use-after-free in XMLHttpRequest
CVE-2019-11692: Use-after-free removing listeners in the event listener
manager
CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux
CVE-2019-7317: Use-after-free in png\_image\_free of libpng library
CVE-2019-9797: Cross-origin theft of images with createImageBitmap
CVE-2018-18511: Cross-origin theft of images with
ImageBitmapRenderingContext
CVE-2019-11698: Theft of user history data through drag and drop of
hyperlinks to and from bookmarks
CVE-2019-9800: Memory safety bugs
### Fixed In Version:
Firefox ESR 60.7
### Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-14/\#CVE-2019-9817
*(from redmine: issue id 10503, created on 2019-05-29)*3.9.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10502[3.9] wireshark: dissection engine crash (CVE-2019-12295)2019-07-23T11:07:32ZAlicha CH[3.9] wireshark: dissection engine crash (CVE-2019-12295)It may be possible to make Wireshark crash by injecting a malformed
packet onto the wire or
by convincing someone to read a malformed packet trace file.
Affected versions: 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, 2.4.0 to 2.4.14
Fixed versio...It may be possible to make Wireshark crash by injecting a malformed
packet onto the wire or
by convincing someone to read a malformed packet trace file.
Affected versions: 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, 2.4.0 to 2.4.14
Fixed versions: 3.0.2, 2.6.9, 2.4.15
### References:
https://www.wireshark.org/security/wnpa-sec-2019-19.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15778
*(from redmine: issue id 10502, created on 2019-05-28, closed on 2019-06-05)*
* Relations:
* parent #10500
* Changesets:
* Revision 2577e96215c480a381a7d1b806c25e310d7bea52 by Natanael Copa on 2019-06-04T14:34:41Z:
```
community/wireshark: security upgrade to 2.6.9 (CVE-2019-12295)
fixes #10502
```3.9.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10501[3.10] wireshark: dissection engine crash (CVE-2019-12295)2019-07-23T11:07:33ZAlicha CH[3.10] wireshark: dissection engine crash (CVE-2019-12295)It may be possible to make Wireshark crash by injecting a malformed
packet onto the wire or
by convincing someone to read a malformed packet trace file.
Affected versions: 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, 2.4.0 to 2.4.14
Fixed versio...It may be possible to make Wireshark crash by injecting a malformed
packet onto the wire or
by convincing someone to read a malformed packet trace file.
Affected versions: 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, 2.4.0 to 2.4.14
Fixed versions: 3.0.2, 2.6.9, 2.4.15
### References:
https://www.wireshark.org/security/wnpa-sec-2019-19.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15778
*(from redmine: issue id 10501, created on 2019-05-28, closed on 2019-06-05)*
* Relations:
* parent #10500
* Changesets:
* Revision e5bce08f307d563f1c82d22257e76bf9f0bf48fe by Natanael Copa on 2019-06-04T13:38:25Z:
```
community/wireshark: security upgrade to 3.0.2 (CVE-2019-12295)
fixes #10501
```3.10.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10500wireshark: dissection engine crash (CVE-2019-12295)2019-07-23T11:07:34ZAlicha CHwireshark: dissection engine crash (CVE-2019-12295)It may be possible to make Wireshark crash by injecting a malformed
packet onto the wire or
by convincing someone to read a malformed packet trace file.
Affected versions: 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, 2.4.0 to 2.4.14
Fixed versio...It may be possible to make Wireshark crash by injecting a malformed
packet onto the wire or
by convincing someone to read a malformed packet trace file.
Affected versions: 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, 2.4.0 to 2.4.14
Fixed versions: 3.0.2, 2.6.9, 2.4.15
### References:
https://www.wireshark.org/security/wnpa-sec-2019-19.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15778
*(from redmine: issue id 10500, created on 2019-05-28, closed on 2019-06-05)*
* Relations:
* child #10501
* child #10502Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10497[3.9] curl: Multiple vulnerabilities (CVE-2019-5435, CVE-2019-5436)2019-07-23T11:07:35ZAlicha CH[3.9] curl: Multiple vulnerabilities (CVE-2019-5435, CVE-2019-5436)CVE-2019-5435: Integer overflows in curl\_url\_set()
----------------------------------------------------
libcurl contains two integer overflows in the curl\_url\_set() function
that if triggered, can lead to
a too small buffer alloca...CVE-2019-5435: Integer overflows in curl\_url\_set()
----------------------------------------------------
libcurl contains two integer overflows in the curl\_url\_set() function
that if triggered, can lead to
a too small buffer allocation and a subsequent heap buffer overflow.
Affected versions: libcurl 7.62.0 to and including 7.64.1
Not affected versions: libcurl < 7.62.0 and >= libcurl 7.65.0
### Reference:
https://curl.haxx.se/docs/CVE-2019-5435.html
### Patch:
https://github.com/curl/curl/commit/5fc28510a4664f4
CVE-2019-5436: TFTP receive buffer overflow
-------------------------------------------
libcurl contains a heap buffer overflow in the function
(tftp\_receive\_packet()) that recevives data from
a TFTP server. It calls recvfrom() with the default size for the buffer
rather than with the size that was
used to allocate it. Thus, the content that might overwrite the heap
memory is entirely controlled by the server.
The flaw exists if the user selects to use a “blksize” of 504 or smaller
(default is 512). The smaller size that is used,
the larger the possible overflow becomes. Users chosing a smaller size
than default should be rare as the primary
use case for changing the size is to make it larger.
Affected versions: libcurl 7.19.4 to and including 7.64.1
Not affected versions: libcurl < 7.19.4 and >= libcurl 7.65.0
### Reference:
https://curl.haxx.se/docs/CVE-2019-5436.html
### Patch:
https://github.com/curl/curl/commit/2576003415625d7b5f0e390902f8097830b82275
*(from redmine: issue id 10497, created on 2019-05-28, closed on 2019-06-06)*
* Relations:
* parent #10496
* Changesets:
* Revision f4c02c83cf9d1a3f4bbb31b4a9dfd48e58a1fbca on 2019-06-05T06:35:39Z:
```
main/curl: security fixes (CVE-2019-5435, CVE-2019-5436)
Fixes #10497
```3.9.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10496curl: Multiple vulnerabilities (CVE-2019-5435, CVE-2019-5436)2019-07-23T11:07:36ZAlicha CHcurl: Multiple vulnerabilities (CVE-2019-5435, CVE-2019-5436)CVE-2019-5435: Integer overflows in curl\_url\_set()
----------------------------------------------------
libcurl contains two integer overflows in the curl\_url\_set() function
that if triggered, can lead to
a too small buffer alloca...CVE-2019-5435: Integer overflows in curl\_url\_set()
----------------------------------------------------
libcurl contains two integer overflows in the curl\_url\_set() function
that if triggered, can lead to
a too small buffer allocation and a subsequent heap buffer overflow.
Affected versions: libcurl 7.62.0 to and including 7.64.1
Not affected versions: libcurl < 7.62.0 and >= libcurl 7.65.0
### Reference:
https://curl.haxx.se/docs/CVE-2019-5435.html
### Patch:
https://github.com/curl/curl/commit/5fc28510a4664f4
CVE-2019-5436: TFTP receive buffer overflow
-------------------------------------------
libcurl contains a heap buffer overflow in the function
(tftp\_receive\_packet()) that recevives data from
a TFTP server. It calls recvfrom() with the default size for the buffer
rather than with the size that was
used to allocate it. Thus, the content that might overwrite the heap
memory is entirely controlled by the server.
The flaw exists if the user selects to use a “blksize” of 504 or smaller
(default is 512). The smaller size that is used,
the larger the possible overflow becomes. Users chosing a smaller size
than default should be rare as the primary
use case for changing the size is to make it larger.
Affected versions: libcurl 7.19.4 to and including 7.64.1
Not affected versions: libcurl < 7.19.4 and >= libcurl 7.65.0
### Reference:
https://curl.haxx.se/docs/CVE-2019-5436.html
### Patch:
https://github.com/curl/curl/commit/2576003415625d7b5f0e390902f8097830b82275
*(from redmine: issue id 10496, created on 2019-05-28, closed on 2019-06-06)*
* Relations:
* child #10497
* child #10498
* child #10499Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10494[3.7] monit: Multiple vulnerabilities (CVE-2019-11454, CVE-2019-11455)2019-07-23T11:07:38ZAlicha CH[3.7] monit: Multiple vulnerabilities (CVE-2019-11454, CVE-2019-11455)CVE-2019-11454: cross-site scripting (XSS) in http/cervlet.c
------------------------------------------------------------
Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash
Monit before 5.25.3 allows a remote unauthen...CVE-2019-11454: cross-site scripting (XSS) in http/cervlet.c
------------------------------------------------------------
Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash
Monit before 5.25.3 allows a remote unauthenticated attacker to
introduce arbitrary JavaScript
via manipulation of an unsanitized user field of the Authorization
header for HTTP Basic Authentication, which is mishandled during an
\_viewlog operation.
### References:
https://github.com/dzflack/exploits/blob/master/unix/monit\_xss.py
https://nvd.nist.gov/vuln/detail/CVE-2019-11454
### Patches:
https://bitbucket.org/tildeslash/monit/commits/1a8295eab6815072a18019b668fe084945b751f3
https://bitbucket.org/tildeslash/monit/commits/328f60773057641c4b2075fab9820145e95b728c
CVE-2019-11455: buffer over-read in function Util\_urlDecode in util.c
----------------------------------------------------------------------
A buffer over-read in Util\_urlDecode in util.c in Tildeslash Monit
before 5.25.3 allows a remote authenticated attacker to retrieve the
contents of adjacent memory via manipulation of GET or POST parameters.
The attacker can also cause a denial of service (application outage).
### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-11455
### Patch:
https://bitbucket.org/tildeslash/monit/commits/f12d0cdb42d4e74dffe1525d4062c815c48ac57a
*(from redmine: issue id 10494, created on 2019-05-28, closed on 2019-06-05)*
* Relations:
* parent #10491
* Changesets:
* Revision 165df433b6fd3e30ce578c4f54946a2079aa963c on 2019-06-05T14:16:54Z:
```
main/monit: upgrade to 5.25.2, security fixes
CVE-2019-11454, CVE-2019-11455
Fixes #10494
```3.7.4Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10493[3.8] monit: Multiple vulnerabilities (CVE-2019-11454, CVE-2019-11455)2019-07-23T11:07:39ZAlicha CH[3.8] monit: Multiple vulnerabilities (CVE-2019-11454, CVE-2019-11455)CVE-2019-11454: cross-site scripting (XSS) in http/cervlet.c
------------------------------------------------------------
Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash
Monit before 5.25.3 allows a remote unauthen...CVE-2019-11454: cross-site scripting (XSS) in http/cervlet.c
------------------------------------------------------------
Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash
Monit before 5.25.3 allows a remote unauthenticated attacker to
introduce arbitrary JavaScript
via manipulation of an unsanitized user field of the Authorization
header for HTTP Basic Authentication, which is mishandled during an
\_viewlog operation.
### References:
https://github.com/dzflack/exploits/blob/master/unix/monit\_xss.py
https://nvd.nist.gov/vuln/detail/CVE-2019-11454
### Patches:
https://bitbucket.org/tildeslash/monit/commits/1a8295eab6815072a18019b668fe084945b751f3
https://bitbucket.org/tildeslash/monit/commits/328f60773057641c4b2075fab9820145e95b728c
CVE-2019-11455: buffer over-read in function Util\_urlDecode in util.c
----------------------------------------------------------------------
A buffer over-read in Util\_urlDecode in util.c in Tildeslash Monit
before 5.25.3 allows a remote authenticated attacker to retrieve the
contents of adjacent memory via manipulation of GET or POST parameters.
The attacker can also cause a denial of service (application outage).
### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-11455
### Patch:
https://bitbucket.org/tildeslash/monit/commits/f12d0cdb42d4e74dffe1525d4062c815c48ac57a
*(from redmine: issue id 10493, created on 2019-05-28, closed on 2019-06-05)*
* Relations:
* parent #10491
* Changesets:
* Revision 8ae19acb1269f568cc856f52a50234227872b0bd on 2019-06-05T13:42:06Z:
```
main/monit: upgrade to 5.25.2, security fixes
CVE-2019-11454, CVE-2019-11455
Fixes #10493
```3.8.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10492[3.9] monit: Multiple vulnerabilities (CVE-2019-11454, CVE-2019-11455)2019-07-23T11:07:40ZAlicha CH[3.9] monit: Multiple vulnerabilities (CVE-2019-11454, CVE-2019-11455)CVE-2019-11454: cross-site scripting (XSS) in http/cervlet.c
------------------------------------------------------------
Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash
Monit before 5.25.3 allows a remote unauthen...CVE-2019-11454: cross-site scripting (XSS) in http/cervlet.c
------------------------------------------------------------
Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash
Monit before 5.25.3 allows a remote unauthenticated attacker to
introduce arbitrary JavaScript
via manipulation of an unsanitized user field of the Authorization
header for HTTP Basic Authentication, which is mishandled during an
\_viewlog operation.
### References:
https://github.com/dzflack/exploits/blob/master/unix/monit\_xss.py
https://nvd.nist.gov/vuln/detail/CVE-2019-11454
### Patches:
https://bitbucket.org/tildeslash/monit/commits/1a8295eab6815072a18019b668fe084945b751f3
https://bitbucket.org/tildeslash/monit/commits/328f60773057641c4b2075fab9820145e95b728c
CVE-2019-11455: buffer over-read in function Util\_urlDecode in util.c
----------------------------------------------------------------------
A buffer over-read in Util\_urlDecode in util.c in Tildeslash Monit
before 5.25.3 allows a remote authenticated attacker to retrieve the
contents of adjacent memory via manipulation of GET or POST parameters.
The attacker can also cause a denial of service (application outage).
### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-11455
### Patch:
https://bitbucket.org/tildeslash/monit/commits/f12d0cdb42d4e74dffe1525d4062c815c48ac57a
*(from redmine: issue id 10492, created on 2019-05-28, closed on 2019-06-05)*
* Relations:
* parent #10491
* Changesets:
* Revision b3c4cba85e047ff7101bb58a0acf2a266f0d3f34 on 2019-06-05T13:39:23Z:
```
main/monit: security fixes (CVE-2019-11454, CVE-2019-11455)
Fixes #10492
```3.9.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10491monit: Multiple vulnerabilities (CVE-2019-11454, CVE-2019-11455)2019-07-23T11:07:41ZAlicha CHmonit: Multiple vulnerabilities (CVE-2019-11454, CVE-2019-11455)CVE-2019-11454: cross-site scripting (XSS) in http/cervlet.c
------------------------------------------------------------
Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash
Monit before 5.25.3 allows a remote unauthen...CVE-2019-11454: cross-site scripting (XSS) in http/cervlet.c
------------------------------------------------------------
Persistent cross-site scripting (XSS) in http/cervlet.c in Tildeslash
Monit before 5.25.3 allows a remote unauthenticated attacker to
introduce arbitrary JavaScript
via manipulation of an unsanitized user field of the Authorization
header for HTTP Basic Authentication, which is mishandled during an
\_viewlog operation.
### References:
https://github.com/dzflack/exploits/blob/master/unix/monit\_xss.py
https://nvd.nist.gov/vuln/detail/CVE-2019-11454
### Patches:
https://bitbucket.org/tildeslash/monit/commits/1a8295eab6815072a18019b668fe084945b751f3
https://bitbucket.org/tildeslash/monit/commits/328f60773057641c4b2075fab9820145e95b728c
CVE-2019-11455: buffer over-read in function Util\_urlDecode in util.c
----------------------------------------------------------------------
A buffer over-read in Util\_urlDecode in util.c in Tildeslash Monit
before 5.25.3 allows a remote authenticated attacker to retrieve the
contents of adjacent memory via manipulation of GET or POST parameters.
The attacker can also cause a denial of service (application outage).
### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-11455
### Patch:
https://bitbucket.org/tildeslash/monit/commits/f12d0cdb42d4e74dffe1525d4062c815c48ac57a
*(from redmine: issue id 10491, created on 2019-05-28, closed on 2019-06-05)*
* Relations:
* child #10492
* child #10493
* child #10494Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10438[3.9] libjpeg-turbo: denial of service in get_8bit_row in rdbmp.c (CVE-2018-1...2019-07-23T10:32:29ZAlicha CH[3.9] libjpeg-turbo: denial of service in get_8bit_row in rdbmp.c (CVE-2018-14498)get\_8bit\_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG
through 3.3.1 allows attackers to cause a denial of service (heap-based
buffer over-read
and application crash) via a crafted 8-bit BMP in which one or more of
the c...get\_8bit\_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG
through 3.3.1 allows attackers to cause a denial of service (heap-based
buffer over-read
and application crash) via a crafted 8-bit BMP in which one or more of
the color indices is out of range for the number of palette entries.
### References:
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/258
https://nvd.nist.gov/vuln/detail/CVE-2018-14498
### Patch:
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55
*(from redmine: issue id 10438, created on 2019-05-09)*
* Relations:
* parent #103063.9.5LeoLeohttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10437[3.7] libjpeg-turbo: denial of service in get_8bit_row in rdbmp.c (CVE-2018-1...2019-07-23T10:32:28ZAlicha CH[3.7] libjpeg-turbo: denial of service in get_8bit_row in rdbmp.c (CVE-2018-14498)get\_8bit\_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG
through 3.3.1 allows attackers to cause a denial of service (heap-based
buffer over-read
and application crash) via a crafted 8-bit BMP in which one or more of
the c...get\_8bit\_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG
through 3.3.1 allows attackers to cause a denial of service (heap-based
buffer over-read
and application crash) via a crafted 8-bit BMP in which one or more of
the color indices is out of range for the number of palette entries.
### References:
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/258
https://nvd.nist.gov/vuln/detail/CVE-2018-14498
### Patch:
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55
*(from redmine: issue id 10437, created on 2019-05-09)*
* Relations:
* parent #103063.7.4LeoLeo