aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2019-07-23T11:52:46Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7384[3.4] postgresql: Multiple vulnerabilities (CVE-2017-7484, CVE-2017-7485, CVE...2019-07-23T11:52:46ZAlicha CH[3.4] postgresql: Multiple vulnerabilities (CVE-2017-7484, CVE-2017-7485, CVE-2017-7486)CVE-2017-7484: selectivity estimators bypass SELECT privilege checks
--------------------------------------------------------------------
### Fixed In Version:
postgresql 9.4.12, **postgresql 9.5.7**, postgresql 9.6.3
### References:
...CVE-2017-7484: selectivity estimators bypass SELECT privilege checks
--------------------------------------------------------------------
### Fixed In Version:
postgresql 9.4.12, **postgresql 9.5.7**, postgresql 9.6.3
### References:
https://www.postgresql.org/about/news/1746/
https://nvd.nist.gov/vuln/detail/CVE-2017-7484
CVE-2017-7485: libpq ignores PGREQUIRESSL environment variable
--------------------------------------------------------------
### Fixed In Version:
postgresql 9.4.12, **postgresql 9.5.7**, postgresql 9.6.3
### References:
https://www.postgresql.org/about/news/1746/
https://nvd.nist.gov/vuln/detail/CVE-2017-7485
CVE-2017-7486: pg\_user\_mappings view discloses foreign server passwords
-------------------------------------------------------------------------
### Fixed In Version:
postgresql 9.2.21, postgresql 9.3.17, postgresql 9.4.12, **postgresql
9.5.7**, postgresql 9.6.3
### References:
https://www.postgresql.org/about/news/1746/
https://nvd.nist.gov/vuln/detail/CVE-2017-7486
*(from redmine: issue id 7384, created on 2017-06-05, closed on 2017-06-13)*
* Relations:
* parent #7381
* Changesets:
* Revision 798e64986d80e885bfca2aa48a03160d000eea9c on 2017-06-13T07:27:11Z:
```
main/postgresql: security upgrade to 9.5.7 (CVE-2017-7484, CVE-2017-7485, CVE-2017-7486)
Fixes #7384
```Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7383[3.5] postgresql: Multiple vulnerabilities (CVE-2017-7484, CVE-2017-7485, CVE...2019-07-23T11:52:47ZAlicha CH[3.5] postgresql: Multiple vulnerabilities (CVE-2017-7484, CVE-2017-7485, CVE-2017-7486)CVE-2017-7484: selectivity estimators bypass SELECT privilege checks
--------------------------------------------------------------------
### Fixed In Version:
postgresql 9.4.12, postgresql 9.5.7, **postgresql 9.6.3**
### References:
...CVE-2017-7484: selectivity estimators bypass SELECT privilege checks
--------------------------------------------------------------------
### Fixed In Version:
postgresql 9.4.12, postgresql 9.5.7, **postgresql 9.6.3**
### References:
https://www.postgresql.org/about/news/1746/
https://nvd.nist.gov/vuln/detail/CVE-2017-7484
CVE-2017-7485: libpq ignores PGREQUIRESSL environment variable
--------------------------------------------------------------
### Fixed In Version:
postgresql 9.4.12, postgresql 9.5.7, **postgresql 9.6.3**
### References:
https://www.postgresql.org/about/news/1746/
https://nvd.nist.gov/vuln/detail/CVE-2017-7485
CVE-2017-7486: pg\_user\_mappings view discloses foreign server passwords
-------------------------------------------------------------------------
### Fixed In Version:
postgresql 9.2.21, postgresql 9.3.17, postgresql 9.4.12, postgresql
9.5.7, **postgresql 9.6.3**
### References:
https://www.postgresql.org/about/news/1746/
https://nvd.nist.gov/vuln/detail/CVE-2017-7486
*(from redmine: issue id 7383, created on 2017-06-05, closed on 2017-06-13)*
* Relations:
* parent #7381
* Changesets:
* Revision b450bf3980b7ea0d8f05b827cbd9e9db745f1410 on 2017-06-13T07:22:03Z:
```
main/postgresql: security upgrade to 9.6.3 (CVE-2017-7484, CVE-2017-7485, CVE-2017-7486)
Fixes #7383
```3.5.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7382[3.6] postgresql: Multiple vulnerabilities (CVE-2017-7484, CVE-2017-7485, CVE...2019-07-23T11:52:48ZAlicha CH[3.6] postgresql: Multiple vulnerabilities (CVE-2017-7484, CVE-2017-7485, CVE-2017-7486)CVE-2017-7484: selectivity estimators bypass SELECT privilege checks
--------------------------------------------------------------------
### Fixed In Version:
postgresql 9.4.12, postgresql 9.5.7, **postgresql 9.6.3**
### References:
...CVE-2017-7484: selectivity estimators bypass SELECT privilege checks
--------------------------------------------------------------------
### Fixed In Version:
postgresql 9.4.12, postgresql 9.5.7, **postgresql 9.6.3**
### References:
https://www.postgresql.org/about/news/1746/
https://nvd.nist.gov/vuln/detail/CVE-2017-7484
CVE-2017-7485: libpq ignores PGREQUIRESSL environment variable
--------------------------------------------------------------
### Fixed In Version:
postgresql 9.4.12, postgresql 9.5.7, **postgresql 9.6.3**
### References:
https://www.postgresql.org/about/news/1746/
https://nvd.nist.gov/vuln/detail/CVE-2017-7485
CVE-2017-7486: pg\_user\_mappings view discloses foreign server passwords
-------------------------------------------------------------------------
### Fixed In Version:
postgresql 9.2.21, postgresql 9.3.17, postgresql 9.4.12, postgresql
9.5.7, **postgresql 9.6.3**
### References:
https://www.postgresql.org/about/news/1746/
https://nvd.nist.gov/vuln/detail/CVE-2017-7486
*(from redmine: issue id 7382, created on 2017-06-05, closed on 2017-06-13)*
* Relations:
* parent #7381
* Changesets:
* Revision bc37dfd1ae2ed873d08a885a0e9bf2e1e059e28a on 2017-06-13T07:05:53Z:
```
main/postgresql: security upgrade to 9.6.3 (CVE-2017-7484, CVE-2017-7485, CVE-2017-7486)
Fixes #7382
```3.6.2Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7381postgresql: Multiple vulnerabilities (CVE-2017-7484, CVE-2017-7485, CVE-2017-...2019-07-23T11:52:49ZAlicha CHpostgresql: Multiple vulnerabilities (CVE-2017-7484, CVE-2017-7485, CVE-2017-7486)CVE-2017-7484: selectivity estimators bypass SELECT privilege checks
--------------------------------------------------------------------
### Fixed In Version:
postgresql 9.4.12, postgresql 9.5.7, **postgresql 9.6.3**
### References:
...CVE-2017-7484: selectivity estimators bypass SELECT privilege checks
--------------------------------------------------------------------
### Fixed In Version:
postgresql 9.4.12, postgresql 9.5.7, **postgresql 9.6.3**
### References:
https://www.postgresql.org/about/news/1746/
https://nvd.nist.gov/vuln/detail/CVE-2017-7484
CVE-2017-7485: libpq ignores PGREQUIRESSL environment variable
--------------------------------------------------------------
### Fixed In Version:
postgresql 9.4.12, postgresql 9.5.7, **postgresql 9.6.3**
### References:
https://www.postgresql.org/about/news/1746/
https://nvd.nist.gov/vuln/detail/CVE-2017-7485
CVE-2017-7486: pg\_user\_mappings view discloses foreign server passwords
-------------------------------------------------------------------------
### Fixed In Version:
postgresql 9.2.21, postgresql 9.3.17, postgresql 9.4.12, postgresql
9.5.7, **postgresql 9.6.3**
### References:
https://www.postgresql.org/about/news/1746/
https://nvd.nist.gov/vuln/detail/CVE-2017-7486
*(from redmine: issue id 7381, created on 2017-06-05, closed on 2017-06-13)*
* Relations:
* child #7382
* child #7383
* child #7384
* child #7385Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7380[3.3] wireshark: Multiple vulnerabilities (CVE-2017-9343, CVE-2017-9344, CVE-...2019-07-23T11:52:50ZAlicha CH[3.3] wireshark: Multiple vulnerabilities (CVE-2017-9343, CVE-2017-9344, CVE-2017-9345, CVE-2017-9346, CVE-2017-9347, CVE-2017-9348, CVE-2017-9349, CVE-2017-9350, CVE-2017-9351, CVE-2017-9352, CVE-2017-9354)CVE-2017-9343: MSNIP dissector crash
------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-30.htm...CVE-2017-9343: MSNIP dissector crash
------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-30.html
CVE-2017-9344: BT L2CAP dissector divide by zero
------------------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-29.html
CVE-2017-9345: DNS dissector infinite loop
------------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-26.html
CVE-2017-9346: SoulSeek dissector infinite loop
-----------------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-25.html
CVE-2017-9347: ROS dissector crash
----------------------------------
**Affected versions**: 2.2.0 to 2.2.12
**Fixed versions**: 2.2.7
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-31.html
CVE-2017-9348: DOF dissector read overflow
------------------------------------------
**Affected versions**: 2.2.0 to 2.2.12
**Fixed versions**: 2.2.7
### References:
https://www.wireshark.org/security/wnpa-sec-2017-23.html
CVE-2017-9349: DICOM dissector infinite loop
--------------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-27.html
CVE-2017-9350: openSAFETY dissector memory exhaustion
-----------------------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-28.html
**CVE-2017-9351**: DHCP dissector read overflow
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-24.html
CVE-2017-9352: Bazaar dissector infinite loop
---------------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-22.html
CVE-2017-9354: RGMP dissector crash
-----------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-32.html
*(from redmine: issue id 7380, created on 2017-06-05, closed on 2017-06-15)*
* Relations:
* parent #7375
* Changesets:
* Revision 9a266b0bdb88c3710446f1c69818d9ecf8ce4d75 on 2017-06-13T09:47:45Z:
```
community/wireshark: security upgrade to 2.0.13
CVE-2017-9343, CVE-2017-9344, CVE-2017-9345, CVE-2017-9346,
CVE-2017-9347, CVE-2017-9348, CVE-2017-9349, CVE-2017-9350,
CVE-2017-9351, CVE-2017-9352, CVE-2017-9354
Fixes #7380
```3.3.4Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7379[3.4] wireshark: Multiple vulnerabilities (CVE-2017-9343, CVE-2017-9344, CVE-...2019-07-23T11:52:51ZAlicha CH[3.4] wireshark: Multiple vulnerabilities (CVE-2017-9343, CVE-2017-9344, CVE-2017-9345, CVE-2017-9346, CVE-2017-9347, CVE-2017-9348, CVE-2017-9349, CVE-2017-9350, CVE-2017-9351, CVE-2017-9352, CVE-2017-9354)CVE-2017-9343: MSNIP dissector crash
------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-30.htm...CVE-2017-9343: MSNIP dissector crash
------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-30.html
CVE-2017-9344: BT L2CAP dissector divide by zero
------------------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-29.html
CVE-2017-9345: DNS dissector infinite loop
------------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-26.html
CVE-2017-9346: SoulSeek dissector infinite loop
-----------------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-25.html
CVE-2017-9347: ROS dissector crash
----------------------------------
**Affected versions**: 2.2.0 to 2.2.12
**Fixed versions**: 2.2.7
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-31.html
CVE-2017-9348: DOF dissector read overflow
------------------------------------------
**Affected versions**: 2.2.0 to 2.2.12
**Fixed versions**: 2.2.7
### References:
https://www.wireshark.org/security/wnpa-sec-2017-23.html
CVE-2017-9349: DICOM dissector infinite loop
--------------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-27.html
CVE-2017-9350: openSAFETY dissector memory exhaustion
-----------------------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-28.html
**CVE-2017-9351**: DHCP dissector read overflow
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-24.html
CVE-2017-9352: Bazaar dissector infinite loop
---------------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-22.html
CVE-2017-9354: RGMP dissector crash
-----------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-32.html
*(from redmine: issue id 7379, created on 2017-06-05, closed on 2017-06-15)*
* Relations:
* parent #7375
* Changesets:
* Revision c391ebdf94fe2d08dd67176f88fa086e00472396 on 2017-06-13T09:46:52Z:
```
community/wireshark: security upgrade to 2.0.13
CVE-2017-9343, CVE-2017-9344, CVE-2017-9345, CVE-2017-9346,
CVE-2017-9347, CVE-2017-9348, CVE-2017-9349, CVE-2017-9350,
CVE-2017-9351, CVE-2017-9352, CVE-2017-9354
Fixes #7379
```3.4.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7378[3.5] wireshark: Multiple vulnerabilities (CVE-2017-9343, CVE-2017-9344, CVE-...2019-07-23T11:52:52ZAlicha CH[3.5] wireshark: Multiple vulnerabilities (CVE-2017-9343, CVE-2017-9344, CVE-2017-9345, CVE-2017-9346, CVE-2017-9347, CVE-2017-9348, CVE-2017-9349, CVE-2017-9350, CVE-2017-9351, CVE-2017-9352, CVE-2017-9353, CVE-2017-9354)CVE-2017-9343: MSNIP dissector crash
------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-30.htm...CVE-2017-9343: MSNIP dissector crash
------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-30.html
CVE-2017-9344: BT L2CAP dissector divide by zero
------------------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-29.html
CVE-2017-9345: DNS dissector infinite loop
------------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-26.html
CVE-2017-9346: SoulSeek dissector infinite loop
-----------------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-25.html
CVE-2017-9347: ROS dissector crash
----------------------------------
**Affected versions**: 2.2.0 to 2.2.12
**Fixed versions**: 2.2.7
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-31.html
CVE-2017-9348: DOF dissector read overflow
------------------------------------------
**Affected versions**: 2.2.0 to 2.2.12
**Fixed versions**: 2.2.7
### References:
https://www.wireshark.org/security/wnpa-sec-2017-23.html
CVE-2017-9349: DICOM dissector infinite loop
--------------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-27.html
CVE-2017-9350: openSAFETY dissector memory exhaustion
-----------------------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-28.html
**CVE-2017-9351**: DHCP dissector read overflow
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-24.html
CVE-2017-9352: Bazaar dissector infinite loop
---------------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-22.html
CVE-2017-9353: IPv6 dissector crash
-----------------------------------
**Affected versions**: 2.2.0 to 2.2.6
**Fixed versions**: 2.2.7
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-33.html
CVE-2017-9354: RGMP dissector crash
-----------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-32.html
*(from redmine: issue id 7378, created on 2017-06-05, closed on 2017-06-15)*
* Relations:
* parent #7375
* Changesets:
* Revision 429bab63b290e2cd8589f4f83a4c369c72460450 on 2017-06-13T09:43:34Z:
```
community/wireshark: security upgrade to 2.2.7
CVE-2017-9343, CVE-2017-9344, CVE-2017-9345, CVE-2017-9346,
CVE-2017-9347, CVE-2017-9348, CVE-2017-9349, CVE-2017-9350,
CVE-2017-9351, CVE-2017-9352, CVE-2017-9353, CVE-2017-9354
Fixes #7378
```3.5.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7377[3.6] wireshark: Multiple vulnerabilities (CVE-2017-9343, CVE-2017-9344, CVE-...2019-07-23T11:52:54ZAlicha CH[3.6] wireshark: Multiple vulnerabilities (CVE-2017-9343, CVE-2017-9344, CVE-2017-9345, CVE-2017-9346, CVE-2017-9347, CVE-2017-9348, CVE-2017-9349, CVE-2017-9350, CVE-2017-9351, CVE-2017-9352, CVE-2017-9353, CVE-2017-9354)CVE-2017-9343: MSNIP dissector crash
------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-30.htm...CVE-2017-9343: MSNIP dissector crash
------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-30.html
CVE-2017-9344: BT L2CAP dissector divide by zero
------------------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-29.html
CVE-2017-9345: DNS dissector infinite loop
------------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-26.html
CVE-2017-9346: SoulSeek dissector infinite loop
-----------------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-25.html
CVE-2017-9347: ROS dissector crash
----------------------------------
**Affected versions**: 2.2.0 to 2.2.12
**Fixed versions**: 2.2.7
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-31.html
CVE-2017-9348: DOF dissector read overflow
------------------------------------------
**Affected versions**: 2.2.0 to 2.2.12
**Fixed versions**: 2.2.7
### References:
https://www.wireshark.org/security/wnpa-sec-2017-23.html
CVE-2017-9349: DICOM dissector infinite loop
--------------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-27.html
CVE-2017-9350: openSAFETY dissector memory exhaustion
-----------------------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-28.html
**CVE-2017-9351**: DHCP dissector read overflow
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-24.html
CVE-2017-9352: Bazaar dissector infinite loop
---------------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-22.html
CVE-2017-9353: IPv6 dissector crash
-----------------------------------
**Affected versions**: 2.2.0 to 2.2.6
**Fixed versions**: 2.2.7
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-33.html
CVE-2017-9354: RGMP dissector crash
-----------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-32.html
*(from redmine: issue id 7377, created on 2017-06-05, closed on 2017-06-15)*
* Relations:
* parent #73753.6.2Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7376[3.7] wireshark: Multiple vulnerabilities (CVE-2017-9343, CVE-2017-9344, CVE-...2019-07-23T11:52:55ZAlicha CH[3.7] wireshark: Multiple vulnerabilities (CVE-2017-9343, CVE-2017-9344, CVE-2017-9345, CVE-2017-9346, CVE-2017-9347, CVE-2017-9348, CVE-2017-9349, CVE-2017-9350, CVE-2017-9351, CVE-2017-9352, CVE-2017-9353, CVE-2017-9354)CVE-2017-9343: MSNIP dissector crash
------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-30.htm...CVE-2017-9343: MSNIP dissector crash
------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-30.html
CVE-2017-9344: BT L2CAP dissector divide by zero
------------------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-29.html
CVE-2017-9345: DNS dissector infinite loop
------------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-26.html
CVE-2017-9346: SoulSeek dissector infinite loop
-----------------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-25.html
CVE-2017-9347: ROS dissector crash
----------------------------------
**Affected versions**: 2.2.0 to 2.2.12
**Fixed versions**: 2.2.7
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-31.html
CVE-2017-9348: DOF dissector read overflow
------------------------------------------
**Affected versions**: 2.2.0 to 2.2.12
**Fixed versions**: 2.2.7
### References:
https://www.wireshark.org/security/wnpa-sec-2017-23.html
CVE-2017-9349: DICOM dissector infinite loop
--------------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-27.html
CVE-2017-9350: openSAFETY dissector memory exhaustion
-----------------------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-28.html
**CVE-2017-9351**: DHCP dissector read overflow
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-24.html
CVE-2017-9352: Bazaar dissector infinite loop
---------------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-22.html
CVE-2017-9353: IPv6 dissector crash
-----------------------------------
**Affected versions**: 2.2.0 to 2.2.6
**Fixed versions**: 2.2.7
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-33.html
CVE-2017-9354: RGMP dissector crash
-----------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-32.html
*(from redmine: issue id 7376, created on 2017-06-05, closed on 2017-06-15)*
* Relations:
* parent #7375
* Changesets:
* Revision 012e5b8ddaa5ad3353e0df651fd6b2f2097705ab on 2017-06-13T09:12:10Z:
```
community/wireshark: security upgrade to 2.2.7
CVE-2017-9343, CVE-2017-9344, CVE-2017-9345, CVE-2017-9346,
CVE-2017-9347, CVE-2017-9348, CVE-2017-9349, CVE-2017-9350,
CVE-2017-9351, CVE-2017-9352, CVE-2017-9353, CVE-2017-9354
Fixes #7376
```
* Revision e60cdc58fdbbe1c315e9327497e04e61dd8bd4b4 on 2017-06-13T09:23:53Z:
```
community/wireshark: security upgrade to 2.2.7
CVE-2017-9343, CVE-2017-9344, CVE-2017-9345, CVE-2017-9346,
CVE-2017-9347, CVE-2017-9348, CVE-2017-9349, CVE-2017-9350,
CVE-2017-9351, CVE-2017-9352, CVE-2017-9353, CVE-2017-9354
Fixes #7376
```3.7.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7375wireshark: Multiple vulnerabilities (CVE-2017-9343, CVE-2017-9344, CVE-2017-9...2019-07-23T11:52:56ZAlicha CHwireshark: Multiple vulnerabilities (CVE-2017-9343, CVE-2017-9344, CVE-2017-9345, CVE-2017-9346, CVE-2017-9347, CVE-2017-9348, CVE-2017-9349, CVE-2017-9350, CVE-2017-9351, CVE-2017-9352, CVE-2017-9353, CVE-2017-9354)CVE-2017-9343: MSNIP dissector crash
------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-30.htm...CVE-2017-9343: MSNIP dissector crash
------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-30.html
CVE-2017-9344: BT L2CAP dissector divide by zero
------------------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-29.html
CVE-2017-9345: DNS dissector infinite loop
------------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-26.html
CVE-2017-9346: SoulSeek dissector infinite loop
-----------------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-25.html
CVE-2017-9347: ROS dissector crash
----------------------------------
**Affected versions**: 2.2.0 to 2.2.12
**Fixed versions**: 2.2.7
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-31.html
CVE-2017-9348: DOF dissector read overflow
------------------------------------------
**Affected versions**: 2.2.0 to 2.2.12
**Fixed versions**: 2.2.7
### References:
https://www.wireshark.org/security/wnpa-sec-2017-23.html
CVE-2017-9349: DICOM dissector infinite loop
--------------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-27.html
CVE-2017-9350: openSAFETY dissector memory exhaustion
-----------------------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-28.html
**CVE-2017-9351**: DHCP dissector read overflow
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-24.html
CVE-2017-9352: Bazaar dissector infinite loop
---------------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-22.html
CVE-2017-9353: IPv6 dissector crash
-----------------------------------
**Affected versions**: 2.2.0 to 2.2.6
**Fixed versions**: 2.2.7
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-33.html
CVE-2017-9354: RGMP dissector crash
-----------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-32.html
*(from redmine: issue id 7375, created on 2017-06-05, closed on 2017-06-15)*
* Relations:
* child #7376
* child #7377
* child #7378
* child #7379
* child #7380Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7371[3.3] git: Escape out of git-shell (CVE-2017-8386)2019-07-23T11:52:59ZAlicha CH[3.3] git: Escape out of git-shell (CVE-2017-8386)A vulnerability was found in git concerning the git shell. A user who
comes over SSH could run an
interactive pager by causing it to spawn “git upload-pack —help”.
### Fixed In Version:
git 2.4.12, git 2.5.6, **git 2.6.7**, git 2.7.5...A vulnerability was found in git concerning the git shell. A user who
comes over SSH could run an
interactive pager by causing it to spawn “git upload-pack —help”.
### Fixed In Version:
git 2.4.12, git 2.5.6, **git 2.6.7**, git 2.7.5, git 2.8.5, git 2.9.4,
git 2.10.3, git 2.11.2, git 2.12.3
### References:
https://insinuator.net/2017/05/git-shell-bypass-by-abusing-less-cve-2017-8386/
http://public-inbox.org/git/xmqq8tm5ziat.fsf@gitster.mtv.corp.google.com/
### Patch:
https://kernel.googlesource.com/pub/scm/git/git/+/3ec804490a265f4c418a321428c12f3f18b7eff5
*(from redmine: issue id 7371, created on 2017-06-01, closed on 2017-06-15)*
* Changesets:
* Revision b19d4f7c7955578261c61cb2f7272c4a54e28381 on 2017-06-15T12:37:57Z:
```
main/git: security fixes #7371 (CVE-2017-8386)
```3.3.4Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7370[3.3] mosquitto: Pattern based ACLs can be bypassed (CVE-2017-7650)2019-07-23T11:53:00ZAlicha CH[3.3] mosquitto: Pattern based ACLs can be bypassed (CVE-2017-7650)A vulnerability exists in Mosquitto versions 0.15 to 1.4.11.
Pattern based ACLs can be bypassed by clients that set their
username/client id to ‘\#’ or ‘+’. This allows locally or remotely
connected clients to access MQTT
topics that ...A vulnerability exists in Mosquitto versions 0.15 to 1.4.11.
Pattern based ACLs can be bypassed by clients that set their
username/client id to ‘\#’ or ‘+’. This allows locally or remotely
connected clients to access MQTT
topics that they do have the rights to. The same issue may be present in
third party authentication/access control plugins for Mosquitto.
The vulnerability only comes into effect where pattern based ACLs are in
use, or potentially where third party plugins are in use.
### Fixed In Version:
mosquitto 1.4.12
### Reference:
http://mosquitto.org/2017/05/security-advisory-cve-2017-7650/
### Patch:
https://mosquitto.org/files/cve/2017-7650/
*(from redmine: issue id 7370, created on 2017-06-01, closed on 2017-06-15)*
* Relations:
* parent #7366
* Changesets:
* Revision 7b5929125122b280baf78cf8b7f2466dcf4d79d2 on 2017-06-15T10:13:58Z:
```
main/mosquitto: security upgrade to 1.4.12 (CVE-2017-7650)
Fixes #7370
```3.3.4Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7369[3.4] mosquitto: Pattern based ACLs can be bypassed (CVE-2017-7650)2019-07-23T11:53:01ZAlicha CH[3.4] mosquitto: Pattern based ACLs can be bypassed (CVE-2017-7650)A vulnerability exists in Mosquitto versions 0.15 to 1.4.11.
Pattern based ACLs can be bypassed by clients that set their
username/client id to ‘\#’ or ‘+’. This allows locally or remotely
connected clients to access MQTT
topics that ...A vulnerability exists in Mosquitto versions 0.15 to 1.4.11.
Pattern based ACLs can be bypassed by clients that set their
username/client id to ‘\#’ or ‘+’. This allows locally or remotely
connected clients to access MQTT
topics that they do have the rights to. The same issue may be present in
third party authentication/access control plugins for Mosquitto.
The vulnerability only comes into effect where pattern based ACLs are in
use, or potentially where third party plugins are in use.
### Fixed In Version:
mosquitto 1.4.12
### Reference:
http://mosquitto.org/2017/05/security-advisory-cve-2017-7650/
### Patch:
https://mosquitto.org/files/cve/2017-7650/
*(from redmine: issue id 7369, created on 2017-06-01, closed on 2017-06-15)*
* Relations:
* parent #7366
* Changesets:
* Revision 320ecd9d42687d45b7c82d0d14ac9e92a5b9b1e3 on 2017-06-15T10:08:18Z:
```
main/mosquitto: security upgrade to 1.4.12 (CVE-2017-7650)
Fixes #7369
```3.4.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7368[3.5] mosquitto: Pattern based ACLs can be bypassed (CVE-2017-7650)2019-07-23T11:53:02ZAlicha CH[3.5] mosquitto: Pattern based ACLs can be bypassed (CVE-2017-7650)A vulnerability exists in Mosquitto versions 0.15 to 1.4.11.
Pattern based ACLs can be bypassed by clients that set their
username/client id to ‘\#’ or ‘+’. This allows locally or remotely
connected clients to access MQTT
topics that ...A vulnerability exists in Mosquitto versions 0.15 to 1.4.11.
Pattern based ACLs can be bypassed by clients that set their
username/client id to ‘\#’ or ‘+’. This allows locally or remotely
connected clients to access MQTT
topics that they do have the rights to. The same issue may be present in
third party authentication/access control plugins for Mosquitto.
The vulnerability only comes into effect where pattern based ACLs are in
use, or potentially where third party plugins are in use.
### Fixed In Version:
mosquitto 1.4.12
### Reference:
http://mosquitto.org/2017/05/security-advisory-cve-2017-7650/
### Patch:
https://mosquitto.org/files/cve/2017-7650/
*(from redmine: issue id 7368, created on 2017-06-01, closed on 2017-06-15)*
* Relations:
* parent #7366
* Changesets:
* Revision 478ed45621953f401511c76d48e3196bb7ef7813 on 2017-06-15T10:06:33Z:
```
main/mosquitto: security upgrade to 1.4.12 (CVE-2017-7650)
Fixes #7368
```3.5.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7367[3.6] mosquitto: Pattern based ACLs can be bypassed (CVE-2017-7650)2019-07-23T11:53:03ZAlicha CH[3.6] mosquitto: Pattern based ACLs can be bypassed (CVE-2017-7650)A vulnerability exists in Mosquitto versions 0.15 to 1.4.11.
Pattern based ACLs can be bypassed by clients that set their
username/client id to ‘\#’ or ‘+’. This allows locally or remotely
connected clients to access MQTT
topics that ...A vulnerability exists in Mosquitto versions 0.15 to 1.4.11.
Pattern based ACLs can be bypassed by clients that set their
username/client id to ‘\#’ or ‘+’. This allows locally or remotely
connected clients to access MQTT
topics that they do have the rights to. The same issue may be present in
third party authentication/access control plugins for Mosquitto.
The vulnerability only comes into effect where pattern based ACLs are in
use, or potentially where third party plugins are in use.
### Fixed In Version:
mosquitto 1.4.12
### Reference:
http://mosquitto.org/2017/05/security-advisory-cve-2017-7650/
### Patch:
https://mosquitto.org/files/cve/2017-7650/
*(from redmine: issue id 7367, created on 2017-06-01, closed on 2017-06-15)*
* Relations:
* parent #7366
* Changesets:
* Revision 79170b170d09fe898c6c937ba588dc214dabb05c by Natanael Copa on 2017-06-01T13:03:28Z:
```
main/mosquitto: security upgrade to 1.4.12 (CVE-2017-7650)
fixes #7367
```3.6.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7366mosquitto: Pattern based ACLs can be bypassed (CVE-2017-7650)2019-07-23T11:53:04ZAlicha CHmosquitto: Pattern based ACLs can be bypassed (CVE-2017-7650)A vulnerability exists in Mosquitto versions 0.15 to 1.4.11.
Pattern based ACLs can be bypassed by clients that set their
username/client id to ‘\#’ or ‘+’. This allows locally or remotely
connected clients to access MQTT
topics that ...A vulnerability exists in Mosquitto versions 0.15 to 1.4.11.
Pattern based ACLs can be bypassed by clients that set their
username/client id to ‘\#’ or ‘+’. This allows locally or remotely
connected clients to access MQTT
topics that they do have the rights to. The same issue may be present in
third party authentication/access control plugins for Mosquitto.
The vulnerability only comes into effect where pattern based ACLs are in
use, or potentially where third party plugins are in use.
### Fixed In Version:
mosquitto 1.4.12
### Reference:
http://mosquitto.org/2017/05/security-advisory-cve-2017-7650/
### Patch:
https://mosquitto.org/files/cve/2017-7650/
*(from redmine: issue id 7366, created on 2017-06-01, closed on 2017-06-15)*
* Relations:
* child #7367
* child #7368
* child #7369
* child #7370Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7365[3.3] openldap: Double free vulnerability in servers/slapd/back-mdb/search.c ...2019-07-23T11:53:06ZAlicha CH[3.3] openldap: Double free vulnerability in servers/slapd/back-mdb/search.c (CVE-2017-9287)servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a
double free vulnerability. A user with access to search the
directory can crash slapd by issuing a search including the Paged
Results control with a page size of ...servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a
double free vulnerability. A user with access to search the
directory can crash slapd by issuing a search including the Paged
Results control with a page size of 0.
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-9287
### Patch:
https://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=0cee1ffb6021b1aae3fcc9581699da1c85a6dd6e
*(from redmine: issue id 7365, created on 2017-06-01, closed on 2017-06-15)*
* Relations:
* parent #7360
* Changesets:
* Revision ce5f47063612ef0e5420119ffa7931ff7ca86740 by Natanael Copa on 2017-06-15T10:03:11Z:
```
main/openldap: sec fix for CVE-2017-9287
fixes #7365
```3.3.4Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7364[3.4] openldap: Double free vulnerability in servers/slapd/back-mdb/search.c ...2019-07-23T11:53:07ZAlicha CH[3.4] openldap: Double free vulnerability in servers/slapd/back-mdb/search.c (CVE-2017-9287)servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a
double free vulnerability. A user with access to search the
directory can crash slapd by issuing a search including the Paged
Results control with a page size of ...servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a
double free vulnerability. A user with access to search the
directory can crash slapd by issuing a search including the Paged
Results control with a page size of 0.
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-9287
### Patch:
https://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=0cee1ffb6021b1aae3fcc9581699da1c85a6dd6e
*(from redmine: issue id 7364, created on 2017-06-01, closed on 2017-06-15)*
* Relations:
* parent #7360
* Changesets:
* Revision ab7ef519db00f89a4171c728fb955ef3e6579952 by Natanael Copa on 2017-06-15T09:55:26Z:
```
main/openldap: sec fix for CVE-2017-9287
fixes #7364
```3.4.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7363[3.5] openldap: Double free vulnerability in servers/slapd/back-mdb/search.c ...2019-07-23T11:53:07ZAlicha CH[3.5] openldap: Double free vulnerability in servers/slapd/back-mdb/search.c (CVE-2017-9287)servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a
double free vulnerability. A user with access to search the
directory can crash slapd by issuing a search including the Paged
Results control with a page size of ...servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a
double free vulnerability. A user with access to search the
directory can crash slapd by issuing a search including the Paged
Results control with a page size of 0.
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-9287
### Patch:
https://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=0cee1ffb6021b1aae3fcc9581699da1c85a6dd6e
*(from redmine: issue id 7363, created on 2017-06-01, closed on 2017-06-15)*
* Relations:
* parent #7360
* Changesets:
* Revision 98cfa8f1e22a941d95c96dc21c025a4a49ffd7a0 by Natanael Copa on 2017-06-15T09:53:40Z:
```
main/openldap: sec fix for CVE-2017-9287
fixes #7363
```3.5.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7362[3.6] openldap: Double free vulnerability in servers/slapd/back-mdb/search.c ...2019-07-23T11:53:09ZAlicha CH[3.6] openldap: Double free vulnerability in servers/slapd/back-mdb/search.c (CVE-2017-9287)servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a
double free vulnerability. A user with access to search the
directory can crash slapd by issuing a search including the Paged
Results control with a page size of ...servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a
double free vulnerability. A user with access to search the
directory can crash slapd by issuing a search including the Paged
Results control with a page size of 0.
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-9287
### Patch:
https://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=0cee1ffb6021b1aae3fcc9581699da1c85a6dd6e
*(from redmine: issue id 7362, created on 2017-06-01, closed on 2017-06-15)*
* Relations:
* parent #7360
* Changesets:
* Revision 70711fe484191a3cb0f1fded665524c40f4d51dc by Natanael Copa on 2017-06-01T11:14:08Z:
```
main/openldap: sec fix for CVE-2017-9287
fixes #7362
```3.6.1Natanael CopaNatanael Copa