aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2019-07-23T14:04:05Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3251[v2.5] cups: incomplete fix for CVE-2014-3537 (CVE-2014-5029 CVE-2014-5030 CV...2019-07-23T14:04:05ZAlexander Belous[v2.5] cups: incomplete fix for CVE-2014-3537 (CVE-2014-5029 CVE-2014-5030 CVE-2014-5031)Incomplete fix for CVE-2014-3537 (http://www.cups.org/str.php?L4450)
results in CVE-2014-5029/5030/5031.
Affected versions: could be CUPS before 1.7.4.
Patches are available for 2.0 and 1.7:
2.0: https://cups.org/strfiles.php/3370/st...Incomplete fix for CVE-2014-3537 (http://www.cups.org/str.php?L4450)
results in CVE-2014-5029/5030/5031.
Affected versions: could be CUPS before 1.7.4.
Patches are available for 2.0 and 1.7:
2.0: https://cups.org/strfiles.php/3370/str4455\_v2.patch
1.7: https://cups.org/strfiles.php/3371/str4455-1.7.patch
References:
https://cups.org/str.php?L4455
http://seclists.org/oss-sec/2014/q3/220
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5029
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5030
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5031
*(from redmine: issue id 3251, created on 2014-07-29, closed on 2014-08-22)*
* Relations:
* parent #3250
* Changesets:
* Revision e2856516886b7cf35fe1cf5be0eb646ea76ca687 by Natanael Copa on 2014-08-21T09:39:08Z:
```
main/cups: security fix (CVE-2014-3537,CVE-2014-5029,5030,5031)
fixes #3251
```Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3224[v2.5] file: remote DoS (CVE-2014-3538)2019-07-23T14:04:25ZAlexander Belous[v2.5] file: remote DoS (CVE-2014-3538)file before 5.19 does not properly restrict the amount of data read
during a regex search, which allows remote attackers to cause a denial
of service (CPU consumption) via a crafted file that triggers
backtracking during processing of an...file before 5.19 does not properly restrict the amount of data read
during a regex search, which allows remote attackers to cause a denial
of service (CPU consumption) via a crafted file that triggers
backtracking during processing of an awk rule. NOTE: this vulnerability
exists because of an incomplete fix for CVE-2013-7345.
•MLIST:\[file\] 20140612 file-5.19 is now available
•URL: http://mx.gw.com/pipermail/file/2014/001553.html
•MLIST:\[oss-security\] 20140630 changing CVE ID for RH Bugzilla 1098222
(from CVE-2014-0235)
•URL: http://openwall.com/lists/oss-security/2014/06/30/7
•CONFIRM: https://bugzilla.redhat.com/show\_bug.cgi?id=1098222
•CONFIRM:
https://github.com/file/file/commit/4a284c89d6ef11aca34da65da7d673050a5ea320
•CONFIRM:
https://github.com/file/file/commit/69a5a43b3b71f53b0577f41264a073f495799610
•CONFIRM:
https://github.com/file/file/commit/71a8b6c0d758acb0f73e2e51421a711b5e9d6668
•CONFIRM:
https://github.com/file/file/commit/74cafd7de9ec99a14f4480927580e501c8f852c3
•CONFIRM:
https://github.com/file/file/commit/758e066df72fb1ac08d2eea91ddc3973d259e991
*(from redmine: issue id 3224, created on 2014-07-21, closed on 2014-07-24)*
* Relations:
* parent #3223
* Changesets:
* Revision 1b61a767ec46a4a7eb1d76f2e4459de38eb97c28 by Natanael Copa on 2014-07-21T16:58:13Z:
```
main/file: security upgrade to 5.19 (CVE-2014-3538)
fixes #3224
```Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3219[v2.5] php: multiple issues fixed in new 5.5.142019-07-23T14:04:30ZAlexander Belous[v2.5] php: multiple issues fixed in new 5.5.14The PHP Development Team announces the immediate availability of PHP
5.5.14. This release fixes several bugs against PHP 5.5.13. Also, this
release fixes a total of 8 CVEs, half of them concerning the FileInfo
extension:
http://web.nvd....The PHP Development Team announces the immediate availability of PHP
5.5.14. This release fixes several bugs against PHP 5.5.13. Also, this
release fixes a total of 8 CVEs, half of them concerning the FileInfo
extension:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4698
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4670
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0207
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3478
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3479
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3480
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3487
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3515
References and downloads:
http://php.net/archive/2014.php\#id2014-06-27-1
http://php.net/downloads.php
*(from redmine: issue id 3219, created on 2014-07-21, closed on 2014-07-24)*
* Relations:
* parent #3218Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3214[v2.5] kernel: gain privileges in net/l2tp/l2tp_ppp.c (CVE-2014-4943)2019-07-23T14:04:35ZAlexander Belous[v2.5] kernel: gain privileges in net/l2tp/l2tp_ppp.c (CVE-2014-4943)The PPPoL2TP feature in net/l2tp/l2tp\_ppp.c in the Linux kernel through
3.15.6 allows local users to gain privileges by leveraging
data-structure differences between an l2tp socket and an inet socket.
CONFIRM: https://bugzilla.redhat.c...The PPPoL2TP feature in net/l2tp/l2tp\_ppp.c in the Linux kernel through
3.15.6 allows local users to gain privileges by leveraging
data-structure differences between an l2tp socket and an inet socket.
CONFIRM: https://bugzilla.redhat.com/show\_bug.cgi?id=1119458
COMMIT:
https://github.com/torvalds/linux/commit/3cf521f7dc87c031617fd47e4b7aa2593c2f3daf
MLIST: http://openwall.com/lists/oss-security/2014/07/17/1
CONFIRM: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4943
*(from redmine: issue id 3214, created on 2014-07-21, closed on 2015-05-07)*
* Relations:
* parent #3213Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3209[v2.5] krb5: remote DoS (CVE-2014-4341 CVE-2014-4342)2019-07-23T14:04:39ZAlexander Belous[v2.5] krb5: remote DoS (CVE-2014-4341 CVE-2014-4342)MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause
a denial of service (buffer over-read and application crash) by
injecting invalid tokens into a GSSAPI application session
(CVE-2014-4341).
krb5 1.7.x through 1.12...MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to cause
a denial of service (buffer over-read and application crash) by
injecting invalid tokens into a GSSAPI application session
(CVE-2014-4341).
krb5 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause
a denial of service (buffer over-read or NULL pointer dereference, and
application crash) by injecting invalid tokens into a GSSAPI application
session (CVE-2014-4342).
References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4341
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4342
Patch (fixes the both issues):
https://github.com/krb5/krb5/commit/e6ae703ae597d798e310368d52b8f38ee11c6a73
*(from redmine: issue id 3209, created on 2014-07-21, closed on 2014-07-24)*
* Relations:
* parent #3208Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3204[v2.5] apache2: multiple issues (CVE-2014-0117 CVE-2014-0118 CVE-2014-0226 CV...2019-07-23T14:04:45ZAlexander Belous[v2.5] apache2: multiple issues (CVE-2014-0117 CVE-2014-0118 CVE-2014-0226 CVE-2014-0231)The mod\_proxy module in the Apache HTTP Server 2.4.x before 2.4.10,
when a reverse proxy is enabled, allows remote attackers to cause a
denial of service (child-process crash) via a crafted HTTP Connection
header (CVE-2014-0117).
The d...The mod\_proxy module in the Apache HTTP Server 2.4.x before 2.4.10,
when a reverse proxy is enabled, allows remote attackers to cause a
denial of service (child-process crash) via a crafted HTTP Connection
header (CVE-2014-0117).
The deflate\_in\_filter function in mod\_deflate.c in the mod\_deflate
module in the Apache HTTP Server before 2.4.10, when request body
decompression is enabled, allows remote attackers to cause a denial of
service (resource consumption) via crafted request data that
decompresses to a much larger size (CVE-2014-0117).
Race condition in the mod\_status module in the Apache HTTP Server
before 2.4.10 allows remote attackers to cause a denial of service
(heap-based buffer overflow), or possibly obtain sensitive credential
information or execute arbitrary code, via a crafted request that
triggers improper scoreboard handling within the status\_handler
function in modules/generators/mod\_status.c and the
lua\_ap\_scoreboard\_worker function in modules/lua/lua\_request.c
(CVE-2014-0226).
The mod\_cgid module in the Apache HTTP Server before 2.4.10 does not
have a timeout mechanism, which allows remote attackers to cause a
denial of service (process hang) via a request to a CGI script that does
not read from its stdin file descriptor (CVE-2014-0231).
References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0117
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0118
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0226
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0231
The latest version with the issues fixed:
http://httpd.apache.org/download.cgi\#apache24
*(from redmine: issue id 3204, created on 2014-07-21, closed on 2014-07-24)*
* Relations:
* parent #3203
* Changesets:
* Revision 4de2cfda9305bfb7c6d4ba3585d8197690d1f63e by Natanael Copa on 2014-07-22T08:29:56Z:
```
main/apache2: security upgrade to 2.4.10 (CVE-2014-0117,CVE-2014-0118,CVE-2014-0226,CVE-2014-0231)
fixes #3204
```Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3191[v2.5] perl-email-address: inefficient regular expressions could cause DoS (C...2019-07-23T14:04:57ZAlexander Belous[v2.5] perl-email-address: inefficient regular expressions could cause DoS (CVE-2014-0477 CVE-2014-4720)The parse function in Email::Address module before 1.905 for Perl uses
an inefficient regular expression, which allows remote attackers to
cause a denial of service (CPU consumption) via an empty quoted string
in an RFC 2822 address (CVE...The parse function in Email::Address module before 1.905 for Perl uses
an inefficient regular expression, which allows remote attackers to
cause a denial of service (CPU consumption) via an empty quoted string
in an RFC 2822 address (CVE-2014-0477).
References:
•MLIST:\[oss-security\] 20140618 CVE-2014-0477: Email::Address:
Denial-of-Service in Email::Address::parse
•URL: http://seclists.org/oss-sec/2014/q2/563
•CONFIRM:
https://github.com/rjbs/Email-Address/commit/83f8306117115729ac9346523762c0c396251eb5
Email::Address module before 1.904 for Perl uses an inefficient regular
expression, which allows remote attackers to cause a denial of service
(CPU consumption) via vectors related to “backtracking into the phrase”
(CVE-2014-4720).
References:
•MLIST:\[oss-security\] 20140614 CVE-2014-0477: Email::Address:
Denial-of-Service in Email::Address::parse
•URL: http://seclists.org/oss-sec/2014/q2/563
•CONFIRM: https://github.com/rjbs/Email-Address/blob/master/Changes
*(from redmine: issue id 3191, created on 2014-07-18, closed on 2014-07-21)*
* Relations:
* parent #3190
* Changesets:
* Revision 980b4d3ad245a073903b30836daa8c37ecdfdd7d by Natanael Copa on 2014-07-21T09:41:44Z:
```
main/perl-email-address: security upgrade to 1.905 (CVE-2014-0477,CVE-2014-4720)
fixes #3191
```Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3185[v2.5] mysql: SRINFOSC and SRCHAR related issues (CVE-2014-4258 CVE-2014-4260)2019-07-23T14:05:03ZAlexander Belous[v2.5] mysql: SRINFOSC and SRCHAR related issues (CVE-2014-4258 CVE-2014-4260)Unspecified vulnerability in the MySQL Server component in Oracle MySQL
5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated
users to affect confidentiality, integrity, and availability via vectors
related to SRINFOSC (C...Unspecified vulnerability in the MySQL Server component in Oracle MySQL
5.5.37 and earlier and 5.6.17 and earlier allows remote authenticated
users to affect confidentiality, integrity, and availability via vectors
related to SRINFOSC (CVE-2014-4258):
Access Vector: Network exploitable
Access Complexity: Low
Authentication: Required to exploit
Impact Type: Allows unauthorized disclosure of information; Allows
unauthorized modification; Allows disruption of service
Unspecified vulnerability in the MySQL Server component in Oracle MySQL
5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated
users to affect integrity and availability via vectors related to SRCHAR
(CVE-2014-4260):
Access Vector: Network exploitable
Access Complexity: Low
Authentication: Required to exploit
Impact Type: Allows unauthorized modification; Allows disruption of
service
New version 5.5.38 is available.
References:
CONFIRM:
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
DOWNLOAD: ftp://sunsite.icm.edu.pl/pub/unix/mysql/Downloads/MySQL-5.5/
*(from redmine: issue id 3185, created on 2014-07-18, closed on 2014-07-21)*
* Relations:
* parent #3184
* Changesets:
* Revision a138c157fc3b2c1c9391b3ca429f587f89d5e0d1 by Natanael Copa on 2014-07-21T09:51:08Z:
```
main/mysql: security upgrade to 5.5.38 (CVE-2014-4258,CVE-2014-4260)
fixes #3185
```Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3180[v2.5] transmission: peer communication vulnerability (CVE-2014-4909)2019-07-23T14:05:08ZAlexander Belous[v2.5] transmission: peer communication vulnerability (CVE-2014-4909)Transmission version 2.84 fixes peer communication vulnerability (no
known exploits) reported by Ben Hawkes.
Changelog: http://trac.transmissionbt.com/wiki/Changes\#version-2.84
References:
https://bugs.gentoo.org/show\_bug.cgi?id=...Transmission version 2.84 fixes peer communication vulnerability (no
known exploits) reported by Ben Hawkes.
Changelog: http://trac.transmissionbt.com/wiki/Changes\#version-2.84
References:
https://bugs.gentoo.org/show\_bug.cgi?id=516822
https://bugzilla.redhat.com/show\_bug.cgi?id=1118290
http://seclists.org/oss-sec/2014/q3/137
*(from redmine: issue id 3180, created on 2014-07-18, closed on 2014-07-21)*
* Relations:
* parent #3179
* Changesets:
* Revision 070e5a669e2afaf7b2c7ac7a5d408fc468f2bca8 by Natanael Copa on 2014-07-21T09:40:32Z:
```
main/transmission: security upgrade to 2.84 (CVE-2014-4909)
fixes #3180
```Alpine 2.5.5Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3175[v2.5] kernel: shmem: fix faulting into a hole while it's punched (CVE-2014-4...2019-07-23T14:05:12ZAlexander Belous[v2.5] kernel: shmem: fix faulting into a hole while it's punched (CVE-2014-4171)mm/shmem.c in the Linux kernel through 3.15.1 does not properly
implement the interaction between range notification and hole punching,
which allows local users to cause a denial of service (i\_mutex hold) by
using the mmap system call t...mm/shmem.c in the Linux kernel through 3.15.1 does not properly
implement the interaction between range notification and hole punching,
which allows local users to cause a denial of service (i\_mutex hold) by
using the mmap system call to access a hole, as demonstrated by
interfering with intended shmem activity by blocking completion of (1)
an MADV\_REMOVE madvise call or (2) an FALLOC\_FL\_PUNCH\_HOLE fallocate
call.
Commit that fixes the issue is attached. Seems to be the same for
kernels 3.6.y, 3.10.y, 3.14.y. Please see the parent issue for details.
*(from redmine: issue id 3175, created on 2014-07-17, closed on 2015-05-07)*
* Relations:
* parent #3174Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3170[v2.5] kernel: force IRET path after a ptrace_stop() (CVE-2014-4699)2019-07-23T14:05:15ZAlexander Belous[v2.5] kernel: force IRET path after a ptrace_stop() (CVE-2014-4699)The Linux kernel before 3.15.4 on Intel processors does not properly
restrict use of a non-canonical value for the saved RIP address in the
case of a system call that does not use IRET, which allows local users
to leverage a race conditi...The Linux kernel before 3.15.4 on Intel processors does not properly
restrict use of a non-canonical value for the saved RIP address in the
case of a system call that does not use IRET, which allows local users
to leverage a race condition and gain privileges, or cause a denial of
service (double fault), via a crafted application that makes ptrace and
fork system calls.
Details: see the parent issue.
References:
•CONFIRM:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b9cd18de4db3c9ffa7e17b0dc0ca99ed5aa4d43a
(seems work for 3.6.y, 3.10.y, 3.14.y as well)
•CONFIRM: http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.4
•CONFIRM: https://bugzilla.redhat.com/show\_bug.cgi?id=1115927
•CONFIRM:
https://github.com/torvalds/linux/commit/b9cd18de4db3c9ffa7e17b0dc0ca99ed5aa4d43a
*(from redmine: issue id 3170, created on 2014-07-17, closed on 2015-05-07)*
* Relations:
* parent #3169Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3165[v2.5] php: sensitive information leak from process memory (CVE-2014-4721)2019-07-23T14:05:19ZAlexander Belous[v2.5] php: sensitive information leak from process memory (CVE-2014-4721)The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30
and 5.5.x before 5.5.14 does not ensure use of the string data type for
the PHP\_AUTH\_PW, PHP\_AUTH\_TYPE, PHP\_AUTH\_USER, and PHP\_SELF
variables, which might allo...The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30
and 5.5.x before 5.5.14 does not ensure use of the string data type for
the PHP\_AUTH\_PW, PHP\_AUTH\_TYPE, PHP\_AUTH\_USER, and PHP\_SELF
variables, which might allow context-dependent attackers to obtain
sensitive information from process memory by using the integer data type
with crafted values, related to a “type confusion” vulnerability, as
demonstrated by reading a private SSL key in an Apache HTTP Server
web-hosting environment with mod\_ssl and a PHP 5.3.x mod\_php.
•MISC: http://twitter.com/mikispag/statuses/485713462258302976
•MISC:
https://www.sektioneins.de/en/blog/14-07-04-phpinfo-infoleak.html
•CONFIRM: http://www.php.net/ChangeLog-5.php
•CONFIRM: https://bugs.php.net/bug.php?id=67498
*(from redmine: issue id 3165, created on 2014-07-17, closed on 2014-07-18)*
* Relations:
* parent #3164
* Changesets:
* Revision ca28f9f2b2d71543d8afa49b6568e61fd8b6513c by Natanael Copa on 2014-07-18T08:45:08Z:
```
main/php: fix CVE-2014-4721
fixes #3165
```Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3150[v2.5] ruby-rails: vulnerabilities in PostgreSQL adapter for Active Record (C...2019-07-23T14:05:30ZAlexander Belous[v2.5] ruby-rails: vulnerabilities in PostgreSQL adapter for Active Record (CVE-2014-3482 CVE-2014-3483)There are two distinct but related vulnerabilities in PostgreSQL adapter
for Active Record. These vulnerabilities have been assigned the CVE
identifiers CVE-2014-3482 and CVE-2014-3483.
Versions Affected: All Versions >2.0
Not affecte...There are two distinct but related vulnerabilities in PostgreSQL adapter
for Active Record. These vulnerabilities have been assigned the CVE
identifiers CVE-2014-3482 and CVE-2014-3483.
Versions Affected: All Versions >2.0
Not affected: Databases other than PostgreSQL
Fixed Versions: 3.2.19, 4.0.7 & 4.1.3
References:
CONFIRM: http://seclists.org/oss-sec/2014/q3/5
CONFIRM:
http://weblog.rubyonrails.org/2014/7/2/Rails\_3\_2\_19\_4\_0\_7\_and\_4\_1\_3\_have\_been\_released/
*(from redmine: issue id 3150, created on 2014-07-03, closed on 2015-05-07)*
* Relations:
* parent #3149Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3145[v2.5] dbus: bugs in file descriptor passing (CVE-2014-3532 CVE-2014-3533)2019-07-23T14:05:36ZAlexander Belous[v2.5] dbus: bugs in file descriptor passing (CVE-2014-3532 CVE-2014-3533)See the parent task for details.
*(from redmine: issue id 3145, created on 2014-07-03, closed on 2014-07-07)*
* Relations:
* parent #3144
* Changesets:
* Revision 4e5e63df910cb96a0b785a70b1bb7f1c19c6d37b by Natanael Copa on 2014-0...See the parent task for details.
*(from redmine: issue id 3145, created on 2014-07-03, closed on 2014-07-07)*
* Relations:
* parent #3144
* Changesets:
* Revision 4e5e63df910cb96a0b785a70b1bb7f1c19c6d37b by Natanael Copa on 2014-07-07T14:18:59Z:
```
main/dbus: security upgrade to 1.6.22 (CVE-2014-3532,CVE-2014-3533)
fixes #3145
```Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3131[v2.5] nagios-plugins: multiple fixes (CVE-2014-4701 CVE-2014-4702 CVE-2014-4...2019-07-23T14:05:47ZAlexander Belous[v2.5] nagios-plugins: multiple fixes (CVE-2014-4701 CVE-2014-4702 CVE-2014-4703)CVE-2014-4701/CVE-2014-4701:
Dawid Golunski discovered a flaw in the Nagios check\_dhcp plugin that
allows “Malicious user that has local access to a system where
check\_dhcp plugin is installed with SUID could exploit this
vulnerabili...CVE-2014-4701/CVE-2014-4701:
Dawid Golunski discovered a flaw in the Nagios check\_dhcp plugin that
allows “Malicious user that has local access to a system where
check\_dhcp plugin is installed with SUID could exploit this
vulnerability to read any INI format config files owned by root and
potentially extract some sensitive information.”
Malicious user that has local access to a system where check\_dhcp
plugin is installed with SUID could exploit this vulnerability to read
any INI format config files owned by root and potentially extract some
sensitive information.
Affected:
————————————-
Systems with check\_dhcp SUID binary installed as a part of Nagios
Plugins 2.0.1 or older are vulnerable.
Solution:
————————————-
Remove SETUID permission bit from the check\_dhcp binary file if the
plugin is not used. Vendor has been informed about the vulnerability
prior to release of this advisory. Install a newer version of the plugin
when released by vendor.
Fixed in:
————————————-
Nagios Plugins 2.0.2
References:
————————————-
http://seclists.org/fulldisclosure/2014/May/74
http://seclists.org/oss-sec/2014/q2/709
http://nagios-plugins.org/nagios-plugins-2-0-2-released/
CVE-2014-4703:
check\_dhcp plugin (part of the official Nagios Plugins package)
contained a vulnerability that allowed a malicious attacker to read
parts of INI config files belonging to root on a local system. It
allowed an attacker to obtain sensitive information like passwords that
should only be accessible by root user (see above).
The vulnerability was quickly patched by vendor in the release of nagios
plugins version 2.0.2 however the security measures in the patch are not
sufficient and the code is vulnerable to Race Condition attack. Race
Condition makes it possible for an arbitrary user to read parts of a
root-owned file despite the checks.
Affected:
————————————-
Nagios Plugins 2.0.2
Fixed in:
————————————-
Nagios Plugins 2.0.3
References:
————————————-
http://seclists.org/fulldisclosure/2014/Jun/141
http://seclists.org/oss-sec/2014/q2/709
http://nagios-plugins.org/nagios-plugins-2-0-3-released/
*(from redmine: issue id 3131, created on 2014-07-02, closed on 2015-05-07)*
* Relations:
* parent #3130Alpine 2.5.5Jeff Bilykjbilyk@gmail.comJeff Bilykjbilyk@gmail.comhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3120[v2.5] ffmpeg: vulnerability in lzo implementation (CVE-2014-4609 CVE-2014-4610)2019-07-23T14:05:57ZAlexander Belous[v2.5] ffmpeg: vulnerability in lzo implementation (CVE-2014-4609 CVE-2014-4610)A vulnerability has been identified in the FFmpeg LZO implementation.
This has been fixed in new releases: 2.2.4, 2.1.5, 2.0.5, 1.2.7, 1.1.12,
0.10.14. They also fix serveral other bugs.
ffmpeg in Alpine Linux should be upgraded.
Refe...A vulnerability has been identified in the FFmpeg LZO implementation.
This has been fixed in new releases: 2.2.4, 2.1.5, 2.0.5, 1.2.7, 1.1.12,
0.10.14. They also fix serveral other bugs.
ffmpeg in Alpine Linux should be upgraded.
References:
http://www.openwall.com/lists/oss-security/2014/06/26/23
https://www.ffmpeg.org/ (News of June 29, 2014, FFmpeg 2.2.4, 2.1.5,
2.0.5, 1.2.7, 1.1.12, 0.10.14)
https://www.ffmpeg.org/security.html
*(from redmine: issue id 3120, created on 2014-07-02, closed on 2014-07-17)*
* Relations:
* parent #3119
* Changesets:
* Revision 7d04d396a73884bae251805a075aa4935a9e7dce by Natanael Copa on 2014-07-16T11:57:41Z:
```
main/ffmpeg: security upgrade to 1.1.12 (CVE-2014-4609,CVE-2014-4610)
fixes #3120
```Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3114[v2.5] kernel: integer overflow in kernels with LZO support (CVE-2014-4608)2019-07-23T14:06:02ZAlexander Belous[v2.5] kernel: integer overflow in kernels with LZO support (CVE-2014-4608)A vulnerability has been identified in the Linux kernel implementation
of
the LZO algorithm. Please find the bug report inline.
CVE ID: CVE-2014-4608
Researcher Name: Don A. Bailey
Researcher Organization: Lab Mouse Security
Rese...A vulnerability has been identified in the Linux kernel implementation
of
the LZO algorithm. Please find the bug report inline.
CVE ID: CVE-2014-4608
Researcher Name: Don A. Bailey
Researcher Organization: Lab Mouse Security
Researcher Email: donb at securitymouse.com
Researcher Website: www.securitymouse.com
Vulnerability Status: Patched
Vulnerability Embargo: Broken
Vulnerability Class: Integer Overflow
Vulnerability Effect: Memory Corruption
Vulnerability Impact: DoS, OOW
Vulnerability DoS Practicality: Practical
Vulnerability OOW Practicality: Impractical
Vulnerability Criticality: Moderate
Vulnerability Scope:
All versions of the Linux kernel (3x/2x) with LZO support (lib/lzo)
that
set the HAVE\_EFFICIENT\_UNALIGNED\_ACCESS configuration option.
Currently,
this seems to include PowerPC and i386.
Functions Affected:
lib/lzo/lzo1x\_decompress\_safe.c:lzo1x\_decompress\_safe
Vulnerability Resolution
————————————
To resolve this issue, the HAVE\_OP and HAVE\_IP macros should be
enhanced to
detect for integer overflow. This is the most reasonable and efficient
location for catching corrupted or instrumented payloads. By testing
for
overflow here, an attacker is simply wasting time by forcing the
function
to process a large amount of zero bytes.
References:
http://www.openwall.com/lists/oss-security/2014/06/26/21
https://security-tracker.debian.org/tracker/CVE-2014-4608
COMMIT:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=206a81c18401c0cde6e579164f752c4b147324ce
https://access.redhat.com/security/cve/CVE-2014-4608
*(from redmine: issue id 3114, created on 2014-07-01, closed on 2015-05-07)*
* Relations:
* parent #3113Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3093[v2.5] gnupg: infinite loop in g10/compress.c (CVE-2014-4617)2019-07-23T14:06:24ZAlexander Belous[v2.5] gnupg: infinite loop in g10/compress.c (CVE-2014-4617)The do\_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17
and 2.x before 2.0.24 allows context-dependent attackers to cause a
denial of service (infinite loop) via malformed compressed packets, as
demonstrated by an a3 01 ...The do\_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17
and 2.x before 2.0.24 allows context-dependent attackers to cause a
denial of service (infinite loop) via malformed compressed packets, as
demonstrated by an a3 01 5b ff byte sequence.
•MLIST:\[gnupg-announce\] 20140623 \[security fix\] GnuPG 1.4.17
released
•URL:
http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html
•MLIST:\[gnupg-announce\] 20140624 \[security fix\] GnuPG 2.0.24
released
•URL:
http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html
•CONFIRM:
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=014b2103fcb12f261135e3954f26e9e07b39e342
•CONFIRM:
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=11fdfcf82bd8d2b5bc38292a29876e10770f4b0a
*(from redmine: issue id 3093, created on 2014-06-26, closed on 2014-07-24)*
* Relations:
* parent #3092
* Changesets:
* Revision c2e6588bed21e706f32effde964aac688931a9a6 by Natanael Copa on 2014-07-22T09:21:18Z:
```
main/gnupg: security upgrade to 2.0.24 (CVE-2014-4617)
fixes #3093
```Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3082[v2.5] tiff: remote DoS and possibly arbitrary code execution (CVE-2013-4243)2019-07-23T14:06:34ZAlexander Belous[v2.5] tiff: remote DoS and possibly arbitrary code execution (CVE-2013-4243)Heap-based buffer overflow in the readgifimage function in the gif2tiff
tool in libtiff 4.0.3 and earlier allows remote attackers to cause a
denial of service (crash) and possibly execute arbitrary code via a
crafted height and width val...Heap-based buffer overflow in the readgifimage function in the gif2tiff
tool in libtiff 4.0.3 and earlier allows remote attackers to cause a
denial of service (crash) and possibly execute arbitrary code via a
crafted height and width values in a GIF image.
•CONFIRM: http://bugzilla.maptools.org/show\_bug.cgi?id=2451
•CONFIRM: https://bugzilla.redhat.com/show\_bug.cgi?id=996052
•DEBIAN:DSA-2744
•URL: http://www.debian.org/security/2013/dsa-2744
•REDHAT:RHSA-2014:0223
•URL: http://rhn.redhat.com/errata/RHSA-2014-0223.html
•SECUNIA:54543
•URL: http://secunia.com/advisories/54543
•SECUNIA:54628
•URL: http://secunia.com/advisories/54628
*(from redmine: issue id 3082, created on 2014-06-24, closed on 2014-06-25)*
* Relations:
* parent #3081
* Changesets:
* Revision f8520f3b2d6f8f6138a2073fdf539024ab39c929 by Natanael Copa on 2014-06-24T14:32:40Z:
```
main/tiff: security fixes for CVE-2013-4243 and CVE-2013-4244
fixes #3082
```Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3077[v2.5] samba: remote information leak and DoS (CVE-2014-0178 CVE-2014-0244 CV...2019-07-23T14:06:39ZAlexander Belous[v2.5] samba: remote information leak and DoS (CVE-2014-0178 CVE-2014-0244 CVE-2014-3493)CVE-2014-0178:
Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8,
when a certain vfs shadow copy configuration is enabled, does not
properly initialize the SRV\_SNAPSHOT\_ARRAY response field, which
allows remote ...CVE-2014-0178:
Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8,
when a certain vfs shadow copy configuration is enabled, does not
properly initialize the SRV\_SNAPSHOT\_ARRAY response field, which
allows remote authenticated users to obtain potentially sensitive
information from process memory via a (1) FSCTL\_GET\_SHADOW\_COPY\_DATA
or (2) FSCTL\_SRV\_ENUMERATE\_SNAPSHOTS request.
•CONFIRM: http://www.samba.org/samba/security/CVE-2014-0178
•Bugtraq: http://seclists.org/bugtraq/2014/Jun/137
CVE-2014-0244:
Samba 3.6.x to 4.1.8 are affected by a denial of service attack on
unauthenticated nmbd NetBIOS name services.
•CONFIRM: http://www.samba.org/samba/security/CVE-2014-0244
CVE-2014-3493:
Samba 3.6.x to 4.1.8 are affected by a denial of service crash involving
overwriting memory on an authenticated connection to the smbd file
server.
•CONFIRM: http://www.samba.org/samba/security/CVE-2014-3493
*(from redmine: issue id 3077, created on 2014-06-24, closed on 2014-06-25)*
* Relations:
* parent #3076
* Changesets:
* Revision 309b701735b868b852f60a1d4a6cf6046a5982b9 by Natanael Copa on 2014-06-25T11:18:21Z:
```
main/samba: security upgrade to 3.6.24 (CVE-2014-0244,CVE-2014-3493)
fixes #3077
```Alpine 2.5.5Natanael CopaNatanael Copa