aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2019-07-23T14:05:08Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3180[v2.5] transmission: peer communication vulnerability (CVE-2014-4909)2019-07-23T14:05:08ZAlexander Belous[v2.5] transmission: peer communication vulnerability (CVE-2014-4909)Transmission version 2.84 fixes peer communication vulnerability (no
known exploits) reported by Ben Hawkes.
Changelog: http://trac.transmissionbt.com/wiki/Changes\#version-2.84
References:
https://bugs.gentoo.org/show\_bug.cgi?id=...Transmission version 2.84 fixes peer communication vulnerability (no
known exploits) reported by Ben Hawkes.
Changelog: http://trac.transmissionbt.com/wiki/Changes\#version-2.84
References:
https://bugs.gentoo.org/show\_bug.cgi?id=516822
https://bugzilla.redhat.com/show\_bug.cgi?id=1118290
http://seclists.org/oss-sec/2014/q3/137
*(from redmine: issue id 3180, created on 2014-07-18, closed on 2014-07-21)*
* Relations:
* parent #3179
* Changesets:
* Revision 070e5a669e2afaf7b2c7ac7a5d408fc468f2bca8 by Natanael Copa on 2014-07-21T09:40:32Z:
```
main/transmission: security upgrade to 2.84 (CVE-2014-4909)
fixes #3180
```Alpine 2.5.5Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3165[v2.5] php: sensitive information leak from process memory (CVE-2014-4721)2019-07-23T14:05:19ZAlexander Belous[v2.5] php: sensitive information leak from process memory (CVE-2014-4721)The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30
and 5.5.x before 5.5.14 does not ensure use of the string data type for
the PHP\_AUTH\_PW, PHP\_AUTH\_TYPE, PHP\_AUTH\_USER, and PHP\_SELF
variables, which might allo...The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30
and 5.5.x before 5.5.14 does not ensure use of the string data type for
the PHP\_AUTH\_PW, PHP\_AUTH\_TYPE, PHP\_AUTH\_USER, and PHP\_SELF
variables, which might allow context-dependent attackers to obtain
sensitive information from process memory by using the integer data type
with crafted values, related to a “type confusion” vulnerability, as
demonstrated by reading a private SSL key in an Apache HTTP Server
web-hosting environment with mod\_ssl and a PHP 5.3.x mod\_php.
•MISC: http://twitter.com/mikispag/statuses/485713462258302976
•MISC:
https://www.sektioneins.de/en/blog/14-07-04-phpinfo-infoleak.html
•CONFIRM: http://www.php.net/ChangeLog-5.php
•CONFIRM: https://bugs.php.net/bug.php?id=67498
*(from redmine: issue id 3165, created on 2014-07-17, closed on 2014-07-18)*
* Relations:
* parent #3164
* Changesets:
* Revision ca28f9f2b2d71543d8afa49b6568e61fd8b6513c by Natanael Copa on 2014-07-18T08:45:08Z:
```
main/php: fix CVE-2014-4721
fixes #3165
```Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3150[v2.5] ruby-rails: vulnerabilities in PostgreSQL adapter for Active Record (C...2019-07-23T14:05:30ZAlexander Belous[v2.5] ruby-rails: vulnerabilities in PostgreSQL adapter for Active Record (CVE-2014-3482 CVE-2014-3483)There are two distinct but related vulnerabilities in PostgreSQL adapter
for Active Record. These vulnerabilities have been assigned the CVE
identifiers CVE-2014-3482 and CVE-2014-3483.
Versions Affected: All Versions >2.0
Not affecte...There are two distinct but related vulnerabilities in PostgreSQL adapter
for Active Record. These vulnerabilities have been assigned the CVE
identifiers CVE-2014-3482 and CVE-2014-3483.
Versions Affected: All Versions >2.0
Not affected: Databases other than PostgreSQL
Fixed Versions: 3.2.19, 4.0.7 & 4.1.3
References:
CONFIRM: http://seclists.org/oss-sec/2014/q3/5
CONFIRM:
http://weblog.rubyonrails.org/2014/7/2/Rails\_3\_2\_19\_4\_0\_7\_and\_4\_1\_3\_have\_been\_released/
*(from redmine: issue id 3150, created on 2014-07-03, closed on 2015-05-07)*
* Relations:
* parent #3149Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3145[v2.5] dbus: bugs in file descriptor passing (CVE-2014-3532 CVE-2014-3533)2019-07-23T14:05:36ZAlexander Belous[v2.5] dbus: bugs in file descriptor passing (CVE-2014-3532 CVE-2014-3533)See the parent task for details.
*(from redmine: issue id 3145, created on 2014-07-03, closed on 2014-07-07)*
* Relations:
* parent #3144
* Changesets:
* Revision 4e5e63df910cb96a0b785a70b1bb7f1c19c6d37b by Natanael Copa on 2014-0...See the parent task for details.
*(from redmine: issue id 3145, created on 2014-07-03, closed on 2014-07-07)*
* Relations:
* parent #3144
* Changesets:
* Revision 4e5e63df910cb96a0b785a70b1bb7f1c19c6d37b by Natanael Copa on 2014-07-07T14:18:59Z:
```
main/dbus: security upgrade to 1.6.22 (CVE-2014-3532,CVE-2014-3533)
fixes #3145
```Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3120[v2.5] ffmpeg: vulnerability in lzo implementation (CVE-2014-4609 CVE-2014-4610)2019-07-23T14:05:57ZAlexander Belous[v2.5] ffmpeg: vulnerability in lzo implementation (CVE-2014-4609 CVE-2014-4610)A vulnerability has been identified in the FFmpeg LZO implementation.
This has been fixed in new releases: 2.2.4, 2.1.5, 2.0.5, 1.2.7, 1.1.12,
0.10.14. They also fix serveral other bugs.
ffmpeg in Alpine Linux should be upgraded.
Refe...A vulnerability has been identified in the FFmpeg LZO implementation.
This has been fixed in new releases: 2.2.4, 2.1.5, 2.0.5, 1.2.7, 1.1.12,
0.10.14. They also fix serveral other bugs.
ffmpeg in Alpine Linux should be upgraded.
References:
http://www.openwall.com/lists/oss-security/2014/06/26/23
https://www.ffmpeg.org/ (News of June 29, 2014, FFmpeg 2.2.4, 2.1.5,
2.0.5, 1.2.7, 1.1.12, 0.10.14)
https://www.ffmpeg.org/security.html
*(from redmine: issue id 3120, created on 2014-07-02, closed on 2014-07-17)*
* Relations:
* parent #3119
* Changesets:
* Revision 7d04d396a73884bae251805a075aa4935a9e7dce by Natanael Copa on 2014-07-16T11:57:41Z:
```
main/ffmpeg: security upgrade to 1.1.12 (CVE-2014-4609,CVE-2014-4610)
fixes #3120
```Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3093[v2.5] gnupg: infinite loop in g10/compress.c (CVE-2014-4617)2019-07-23T14:06:24ZAlexander Belous[v2.5] gnupg: infinite loop in g10/compress.c (CVE-2014-4617)The do\_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17
and 2.x before 2.0.24 allows context-dependent attackers to cause a
denial of service (infinite loop) via malformed compressed packets, as
demonstrated by an a3 01 ...The do\_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17
and 2.x before 2.0.24 allows context-dependent attackers to cause a
denial of service (infinite loop) via malformed compressed packets, as
demonstrated by an a3 01 5b ff byte sequence.
•MLIST:\[gnupg-announce\] 20140623 \[security fix\] GnuPG 1.4.17
released
•URL:
http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html
•MLIST:\[gnupg-announce\] 20140624 \[security fix\] GnuPG 2.0.24
released
•URL:
http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html
•CONFIRM:
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=014b2103fcb12f261135e3954f26e9e07b39e342
•CONFIRM:
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=11fdfcf82bd8d2b5bc38292a29876e10770f4b0a
*(from redmine: issue id 3093, created on 2014-06-26, closed on 2014-07-24)*
* Relations:
* parent #3092
* Changesets:
* Revision c2e6588bed21e706f32effde964aac688931a9a6 by Natanael Copa on 2014-07-22T09:21:18Z:
```
main/gnupg: security upgrade to 2.0.24 (CVE-2014-4617)
fixes #3093
```Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3082[v2.5] tiff: remote DoS and possibly arbitrary code execution (CVE-2013-4243)2019-07-23T14:06:34ZAlexander Belous[v2.5] tiff: remote DoS and possibly arbitrary code execution (CVE-2013-4243)Heap-based buffer overflow in the readgifimage function in the gif2tiff
tool in libtiff 4.0.3 and earlier allows remote attackers to cause a
denial of service (crash) and possibly execute arbitrary code via a
crafted height and width val...Heap-based buffer overflow in the readgifimage function in the gif2tiff
tool in libtiff 4.0.3 and earlier allows remote attackers to cause a
denial of service (crash) and possibly execute arbitrary code via a
crafted height and width values in a GIF image.
•CONFIRM: http://bugzilla.maptools.org/show\_bug.cgi?id=2451
•CONFIRM: https://bugzilla.redhat.com/show\_bug.cgi?id=996052
•DEBIAN:DSA-2744
•URL: http://www.debian.org/security/2013/dsa-2744
•REDHAT:RHSA-2014:0223
•URL: http://rhn.redhat.com/errata/RHSA-2014-0223.html
•SECUNIA:54543
•URL: http://secunia.com/advisories/54543
•SECUNIA:54628
•URL: http://secunia.com/advisories/54628
*(from redmine: issue id 3082, created on 2014-06-24, closed on 2014-06-25)*
* Relations:
* parent #3081
* Changesets:
* Revision f8520f3b2d6f8f6138a2073fdf539024ab39c929 by Natanael Copa on 2014-06-24T14:32:40Z:
```
main/tiff: security fixes for CVE-2013-4243 and CVE-2013-4244
fixes #3082
```Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3077[v2.5] samba: remote information leak and DoS (CVE-2014-0178 CVE-2014-0244 CV...2019-07-23T14:06:39ZAlexander Belous[v2.5] samba: remote information leak and DoS (CVE-2014-0178 CVE-2014-0244 CVE-2014-3493)CVE-2014-0178:
Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8,
when a certain vfs shadow copy configuration is enabled, does not
properly initialize the SRV\_SNAPSHOT\_ARRAY response field, which
allows remote ...CVE-2014-0178:
Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8,
when a certain vfs shadow copy configuration is enabled, does not
properly initialize the SRV\_SNAPSHOT\_ARRAY response field, which
allows remote authenticated users to obtain potentially sensitive
information from process memory via a (1) FSCTL\_GET\_SHADOW\_COPY\_DATA
or (2) FSCTL\_SRV\_ENUMERATE\_SNAPSHOTS request.
•CONFIRM: http://www.samba.org/samba/security/CVE-2014-0178
•Bugtraq: http://seclists.org/bugtraq/2014/Jun/137
CVE-2014-0244:
Samba 3.6.x to 4.1.8 are affected by a denial of service attack on
unauthenticated nmbd NetBIOS name services.
•CONFIRM: http://www.samba.org/samba/security/CVE-2014-0244
CVE-2014-3493:
Samba 3.6.x to 4.1.8 are affected by a denial of service crash involving
overwriting memory on an authenticated connection to the smbd file
server.
•CONFIRM: http://www.samba.org/samba/security/CVE-2014-3493
*(from redmine: issue id 3077, created on 2014-06-24, closed on 2014-06-25)*
* Relations:
* parent #3076
* Changesets:
* Revision 309b701735b868b852f60a1d4a6cf6046a5982b9 by Natanael Copa on 2014-06-25T11:18:21Z:
```
main/samba: security upgrade to 3.6.24 (CVE-2014-0244,CVE-2014-3493)
fixes #3077
```Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3068[v2.5] php: buffer overflow on bad DNS TXT records (CVE-2014-4049)2019-07-23T14:06:47ZAlexander Belous[v2.5] php: buffer overflow on bad DNS TXT records (CVE-2014-4049)PHP heap-based buffer overflow in DNS TXT record parsing. \`dlen\` can
be small but then the chunk length could exceed it and overrun the
buffer.
An example site with this bug is berlin.polemb.net running this code:
$types = array(‘AA...PHP heap-based buffer overflow in DNS TXT record parsing. \`dlen\` can
be small but then the chunk length could exceed it and overrun the
buffer.
An example site with this bug is berlin.polemb.net running this code:
$types = array(‘AAAA’ =>1, ‘A’ =>1);
$records = dns\_get\_record(“berlin.polemb.net”,
DNS\_A | DNS\_TXT | DNS\_AAAA | DNS\_CNAME,
);
var\_dump($records);
Reference:
https://security-tracker.debian.org/tracker/CVE-2014-4049
CONFIRM: https://github.com/php/php-src/pull/690
COMMIT:
https://github.com/php/php-src/commit/4f73394fdd95d3165b4391e1b0dedd57fced8c3b
*(from redmine: issue id 3068, created on 2014-06-20, closed on 2014-06-24)*
* Relations:
* parent #3067Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3063[v2.5] nspr: remote arbitrary code execution or DoS (CVE-2014-1545)2019-07-23T14:06:52ZAlexander Belous[v2.5] nspr: remote arbitrary code execution or DoS (CVE-2014-1545)Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote
attackers to execute arbitrary code or cause a denial of service
(out-of-bounds write) via vectors involving the sprintf and console
functions.
•CONFIRM:
http://www.mo...Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote
attackers to execute arbitrary code or cause a denial of service
(out-of-bounds write) via vectors involving the sprintf and console
functions.
•CONFIRM:
http://www.mozilla.org/security/announce/2014/mfsa2014-55.html
•CONFIRM: https://bugzilla.mozilla.org/show\_bug.cgi?id=1018783
•CONFIRM: https://bugzilla.redhat.com/show\_bug.cgi?id=1107432
•BID:67975
•URL: http://www.securityfocus.com/bid/67975
•SECUNIA:58984
•URL: http://secunia.com/advisories/58984
*(from redmine: issue id 3063, created on 2014-06-20, closed on 2014-06-24)*
* Relations:
* parent #3062
* Changesets:
* Revision e247928fe478b2b12793939c54a70ec54aecc56d by Natanael Copa on 2014-06-23T16:30:02Z:
```
main/php: security fix for CVE-2014-4049
fixes #3063
```
* Revision caccfdcd05efe3e56ff2895b5d5349c69c729208 by Natanael Copa on 2014-06-23T16:36:48Z:
```
main/nspr: security upgrade to 4.10.6 (CVE-2014-1545)
fixes #3063
```Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3046[v2.5] asterisk: permission escalation (AST-2014-006 CVE-2014-4046)2019-07-23T14:07:03ZAlexander Belous[v2.5] asterisk: permission escalation (AST-2014-006 CVE-2014-4046)Manager users can execute arbitrary shell commands with the MixMonitor
manager action. Asterisk does not require system class authorization for
a manager user to use the MixMonitor action, so any manager user who is
permitted to use mana...Manager users can execute arbitrary shell commands with the MixMonitor
manager action. Asterisk does not require system class authorization for
a manager user to use the MixMonitor action, so any manager user who is
permitted to use manager commands can potentially execute shell commands
as the user executing the Asterisk process.
Affected: Alpine Linux v2.5 and v2.6 could be vulnerable.
Resolution: upgrade to a version with the patch integrated, apply the
patch, or do not allow users who should not have permission to run shell
commands to use AMI.
References and fixes:
http://downloads.asterisk.org/pub/security/AST-2014-006.html
*(from redmine: issue id 3046, created on 2014-06-16, closed on 2014-06-19)*
* Relations:
* parent #3045
* Changesets:
* Revision de55133bd1474e9684c2b288e2ccfd89a7535afc by Natanael Copa on 2014-06-17T11:37:35Z:
```
main/asterisk: fix permission escalation (AST-2014-006 CVE-2014-4046)
fixes #3046
```Alpine 2.5.5Timo TeräsTimo Teräshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3034[v2.5] bind: BIND named can crash due to a defect in EDNS printing processing...2019-07-23T14:07:14ZAlexander Belous[v2.5] bind: BIND named can crash due to a defect in EDNS printing processing (CVE-2014-3859)A query specially crafted to exploit a defect in EDNS option processing
can cause named to terminate with an assertion failure.
Impact:
Both authoritative and recursive servers are vulnerable to this defect.
Exploitation of this condit...A query specially crafted to exploit a defect in EDNS option processing
can cause named to terminate with an assertion failure.
Impact:
Both authoritative and recursive servers are vulnerable to this defect.
Exploitation of this condition can cause a denial of service in
nameservers running affected versions of BIND 9.10. Access Control Lists
do not provide protection.
The bug which causes this condition is in libdns; consequently in
addition to the named server process other applications (for example:
dig and delv) built using the libdns library from the affected source
distributions can also be forced to crash with assertion failures
triggered in the same fashion.
Solution:
Upgrade to the patched release most closely related to your current
version of BIND. Open source versions can all be downloaded from
http://www.isc.org/downloads. BIND 9 version 9.10.0-P2
*(from redmine: issue id 3034, created on 2014-06-12, closed on 2014-06-12)*
* Relations:
* parent #3033Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3021[v2.5] php: remote DoS, Fileinfo component (CVE-2014-0237 CVE-2014-0238)2019-07-23T14:07:26ZAlexander Belous[v2.5] php: remote DoS, Fileinfo component (CVE-2014-0237 CVE-2014-0238)CVE-2014-0237 / CVE-2014-0238:
The cdf\_unpack\_summary\_info function in cdf.c in the Fileinfo
component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote
attackers to cause a denial of service (performance degradation) by
tr...CVE-2014-0237 / CVE-2014-0238:
The cdf\_unpack\_summary\_info function in cdf.c in the Fileinfo
component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote
attackers to cause a denial of service (performance degradation) by
triggering many file\_printf calls.
The cdf\_read\_property\_info function in cdf.c in the Fileinfo
component in PHP before 5.4.29 and 5.5.x before 5.5.13 allows remote
attackers to cause a denial of service (infinite loop or out-of-bounds
memory access) via a vector that (1) has zero length or (2) is too long.
•CONFIRM: http://www.php.net/ChangeLog-5.php
•CONFIRM: https://bugs.php.net/bug.php?id=67328
•CONFIRM:
https://github.com/file/file/commit/b8acc83781d5a24cc5101e525d15efe0482c280d
•CONFIRM: https://bugs.php.net/bug.php?id=67327
•CONFIRM:
https://github.com/file/file/commit/f97486ef5dc3e8735440edc4fc8808c63e1a3ef0
*(from redmine: issue id 3021, created on 2014-06-10, closed on 2014-06-11)*
* Relations:
* parent #3020
* Changesets:
* Revision e7659c5301c5528eea5fd8201177a4463faee9b8 by Natanael Copa on 2014-06-10T15:55:33Z:
```
main/php: security fixes for CVE-2014-0237,CVE-2014-0238
fixes #3021
```Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3015[v2.5] gnutls: gnutls_x509_dn_oid_name NULL pointer dereference (CVE-2014-3465)2019-07-23T14:07:33ZAlexander Belous[v2.5] gnutls: gnutls_x509_dn_oid_name NULL pointer dereference (CVE-2014-3465)A NULL pointer dereference flaw was discovered in GnuTLS’s
gnutls\_x509\_dn\_oid\_name(). The function, when called with the
GNUTLS\_X509\_DN\_OID\_RETURN\_OID flag, should not return NULL to its
caller. However, it could previously retu...A NULL pointer dereference flaw was discovered in GnuTLS’s
gnutls\_x509\_dn\_oid\_name(). The function, when called with the
GNUTLS\_X509\_DN\_OID\_RETURN\_OID flag, should not return NULL to its
caller. However, it could previously return NULL when parsed X.509
certificates included specific OIDs.
The issue was corrected upstream using the following commit:
https://www.gitorious.org/gnutls/gnutls/commit/d3648ebb04b650e6d20a2ec1fb839256b30b9fc6
The fix was first included in upstream versions 3.1.20 and 3.2.10:
http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7251
http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7250
Affected function was introduced in GnuTLS version 3.0:
http://gnutls.org/manual/html\_node/X509-certificate-API.html\#gnutls\_005fx509\_005fdn\_005foid\_005fname-1
*(from redmine: issue id 3015, created on 2014-06-09, closed on 2014-06-19)*
* Relations:
* parent #3014Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2996[v2.5] openssl: multiple issues (CVE-2014-0224 CVE-2014-0221 CVE-2014-0195 CV...2019-07-23T14:07:51ZAlexander Belous[v2.5] openssl: multiple issues (CVE-2014-0224 CVE-2014-0221 CVE-2014-0195 CVE-2014-0198 CVE-2010-5298 CVE-2014-3470 )SSL/TLS MITM vulnerability (CVE-2014-0224) ===
An attacker using a carefully crafted handshake can force the use of
weak keying material in OpenSSL SSL/TLS clients and servers. This can be
exploited by a Man-in-the-middle (MITM) attack ...SSL/TLS MITM vulnerability (CVE-2014-0224) ===
An attacker using a carefully crafted handshake can force the use of
weak keying material in OpenSSL SSL/TLS clients and servers. This can be
exploited by a Man-in-the-middle (MITM) attack where the attacker can
decrypt and modify traffic from the attacked client and server.
The attack can only be performed between a vulnerable client and server.
OpenSSL clients are vulnerable in all versions of OpenSSL. Servers are
only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users of
OpenSSL servers earlier than 1.0.1 are advised to upgrade as a
precaution.
OpenSSL 0.9.8 SSL/TLS users (client and/or server) should upgrade to
0.9.8za.
OpenSSL 1.0.0 SSL/TLS users (client and/or server) should upgrade to
1.0.0m.
OpenSSL 1.0.1 SSL/TLS users (client and/or server) should upgrade to
1.0.1h.
Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for discovering and
researching this issue. This issue was reported to OpenSSL on 1st May
2014 via JPCERT/CC.
The fix was developed by Stephen Henson of the OpenSSL core team partly
based on an original patch from KIKUCHI Masashi.
DTLS recursion flaw (CVE-2014-0221)
By sending an invalid DTLS handshake to an OpenSSL DTLS client the code
can be made to recurse eventually crashing in a DoS attack.
Only applications using OpenSSL as a DTLS client are affected.
OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za
OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m.
OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h.
Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue. This
issue was reported to OpenSSL on 9th May 2014.
The fix was developed by Stephen Henson of the OpenSSL core team.
DTLS invalid fragment vulnerability (CVE-2014-0195)
A buffer overrun attack can be triggered by sending invalid DTLS
fragments to an OpenSSL DTLS client or server. This is potentially
exploitable to run arbitrary code on a vulnerable client or server.
Only applications using OpenSSL as a DTLS client or server affected.
OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8za
OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0m.
OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1h.
Thanks to Jüri Aedla for reporting this issue. This issue was reported
to OpenSSL on 23rd April 2014 via HP ZDI.
The fix was developed by Stephen Henson of the OpenSSL core team.
SSL\_MODE\_RELEASE\_BUFFERS NULL pointer dereference (CVE-2014-0198) =
A flaw in the do\_ssl3\_write function can allow remote attackers to
cause a denial of service via a NULL pointer dereference. This flaw only
affects OpenSSL 1.0.0 and 1.0.1 where SSL\_MODE\_RELEASE\_BUFFERS is
enabled, which is not the default and not common.
OpenSSL 1.0.0 users should upgrade to 1.0.0m.
OpenSSL 1.0.1 users should upgrade to 1.0.1h.
This issue was reported in public. The fix was developed by Matt Caswell
of the OpenSSL development team.
SSL\_MODE\_RELEASE\_BUFFERS session injection or denial of service
(CVE-2010-5298) ===
A race condition in the ssl3\_read\_bytes function can allow remote
attackers to inject data across sessions or cause a denial of service.
This flaw only affects multithreaded applications using OpenSSL 1.0.0
and 1.0.1, where SSL\_MODE\_RELEASE\_BUFFERS is enabled, which is not
the default and not common.
OpenSSL 1.0.0 users should upgrade to 1.0.0m.
OpenSSL 1.0.1 users should upgrade to 1.0.1h.
This issue was reported in public.
Anonymous ECDH denial of service (CVE-2014-3470)
OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to
a denial of service attack.
OpenSSL 0.9.8 users should upgrade to 0.9.8za
OpenSSL 1.0.0 users should upgrade to 1.0.0m.
OpenSSL 1.0.1 users should upgrade to 1.0.1h.
Thanks to Felix Gröbert and Ivan Fratrić at Google for discovering this
issue. This issue was reported to OpenSSL on 28th May 2014.
The fix was developed by Stephen Henson of the OpenSSL core team.
Other issues
OpenSSL 1.0.0m and OpenSSL 0.9.8za also contain a fix for CVE-2014-0076:
Fix for the attack described in the paper “Recovering OpenSSL ECDSA
Nonces Using the FLUSH+RELOAD Cache Side-channel Attack” Reported by
Yuval Yarom and Naomi Benger. This issue was previously fixed in OpenSSL
1.0.1g.
References ==
URL for this Security Advisory:
http://www.openssl.org/news/secadv\_20140605.txt
*(from redmine: issue id 2996, created on 2014-06-05, closed on 2014-06-10)*
* Relations:
* parent #2995
* Changesets:
* Revision aa4115dd62ec022e57e9b8597b56df600c48240b by Timo Teräs on 2014-06-09T16:43:14Z:
```
main/openssl: security upgrade to 1.0.1h (multiple CVE)
Newly fixed CVEs:
CVE-2014-0224 SSL/TLS MITM vulnerability
CVE-2014-0221 DTLS recursion flaw
CVE-2014-0195 DTLS invalid fragment vulnerability
Previously fixed in Alpine by cherry picks:
CVE-2014-0198 SSL_MODE_RELEASE_BUFFERS NULL pointer dereference
(cherry picked from commit 120a0ce7ae2b324c46ba9e47fb64feaa13913582)
Conflicts:
main/openssl/APKBUILD
fixes #2996
```Alpine 2.5.5Timo TeräsTimo Teräshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2988[v2.5] gnutls: Memory corruption before 3.1.25, 3.2.15 and 3.3.4 (CVE-2014-3466)2019-07-23T14:07:59ZNatanael Copa[v2.5] gnutls: Memory corruption before 3.1.25, 3.2.15 and 3.3.4 (CVE-2014-3466)http://www.gnutls.org/security.html\#GNUTLS-SA-2014-3
This vulnerability affects the client side of the gnutls library. A
server that sends a specially crafted ServerHello could corrupt the
memory of a requesting client.
Analysis at
[...http://www.gnutls.org/security.html\#GNUTLS-SA-2014-3
This vulnerability affects the client side of the gnutls library. A
server that sends a specially crafted ServerHello could corrupt the
memory of a requesting client.
Analysis at
[radare.today](http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/)
Recommendation: Upgrade to the latest gnutls version (3.1.25, 3.2.15 or
3.3.4)
*(from redmine: issue id 2988, created on 2014-06-04, closed on 2014-06-09)*
* Relations:
* copied_to #2987
* parent #2985
* Changesets:
* Revision 8babed16194248a6c94c250d48fd59474ed0ef25 by Timo Teräs on 2014-06-04T10:36:16Z:
```
main/gnutls: security upgrade to 3.1.25 (CVE-2014-3466)
fixes #2988
```Alpine 2.5.5https://gitlab.alpinelinux.org/alpine/aports/-/issues/2961[v2.5] qemu: multiple issues (CVE-2014-2894 CVE-2013-4344)2019-07-23T14:08:24ZAlexander Belous[v2.5] qemu: multiple issues (CVE-2014-2894 CVE-2013-4344)CVE-2014-2894:
Off-by-one error in the cmd\_smart function in the smart self test in
hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified
impact via a SMART EXECUTE OFFLINE command that triggers a buffer
underflow an...CVE-2014-2894:
Off-by-one error in the cmd\_smart function in the smart self test in
hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified
impact via a SMART EXECUTE OFFLINE command that triggers a buffer
underflow and memory corruption.
•MLIST:\[Qemu-devel\] 20140412 \[PATCH for 2.0\] ide: Correct improper
smart self test c
•URL:
https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02016.html
•MLIST:\[Qemu-devel\] 20140414 Re: \[PATCH for 2.0\] ide: Correct
improper smart self test c
•URL:
https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02152.html
•MLIST:\[Qemu-devel\] 20140414 Re: \[PATCH for 2.0\] ide: Correct
improper smart self test c
•URL:
https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02095.html
•MLIST:\[oss-security\] 20140415 CVE request Qemu: out of bounds buffer
access, guest triggerable via IDE SMART
•URL: http://www.openwall.com/lists/oss-security/2014/04/15/4
•MLIST:\[oss-security\] 20140418 Re: CVE request Qemu: out of bounds
buffer access, guest triggerable via IDE SMART
•URL: http://www.openwall.com/lists/oss-security/2014/04/18/5
•UBUNTU:USN-2182-1
•URL: http://www.ubuntu.com/usn/USN-2182-1
•BID:66932
•URL: http://www.securityfocus.com/bid/66932
•SECUNIA:57945
•URL: http://secunia.com/advisories/57945
•SECUNIA:58191
•URL: http://secunia.com/advisories/58191
CVE-2013-4344:
Buffer overflow in the SCSI implementation in QEMU, as used in Xen, when
a SCSI controller has more than 256 attached devices, allows local users
to gain privileges via a small transfer buffer in a REPORT LUNS command.
•MLIST:\[oss-security\] 20131002 Xen Security Advisory 65
(CVE-2013-4344) - qemu SCSI REPORT LUNS buffer overflow
•URL: http://www.openwall.com/lists/oss-security/2013/10/02/2
•MLIST:\[qemu-devel\] 20131009 \[ANNOUNCE\] QEMU 1.6.1 Stable released
•URL: http://article.gmane.org/gmane.comp.emulators.qemu/237191
•REDHAT:RHSA-2013:1553
•URL: http://rhn.redhat.com/errata/RHSA-2013-1553.html
•REDHAT:RHSA-2013:1754
•URL: http://rhn.redhat.com/errata/RHSA-2013-1754.html
•UBUNTU:USN-2092-1
•URL: http://www.ubuntu.com/usn/USN-2092-1
•BID:62773
•URL: http://www.securityfocus.com/bid/62773
•OSVDB:98028
•URL: http://osvdb.org/98028
*(from redmine: issue id 2961, created on 2014-05-23, closed on 2014-06-18)*
* Relations:
* parent #2960Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2957[v2.5] dovecot: remote DoS via an incomplete SSL/TLS handshake (CVE-2014-3430)2019-07-23T14:08:29ZAlexander Belous[v2.5] dovecot: remote DoS via an incomplete SSL/TLS handshake (CVE-2014-3430)Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before
2.2.12.12 does not properly close old connections, which allows remote
attackers to cause a denial of service (resource consumption) via an
incomplete SSL/TLS hands...Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before
2.2.12.12 does not properly close old connections, which allows remote
attackers to cause a denial of service (resource consumption) via an
incomplete SSL/TLS handshake for an IMAP/POP3 connection.
•MLIST:\[Dovecot-news\] 20140511 v2.2.13 released
•URL: http://dovecot.org/pipermail/dovecot-news/2014-May/000273.html
•MLIST:\[dovecot\] 20140508 Denial of Service attacks against Dovecot
v1.1+
•URL: http://permalink.gmane.org/gmane.mail.imap.dovecot/77499
•MLIST:\[oss-security\] 20140509 CVE request: Denial of Service attacks
against Dovecot v1.1+
•URL: http://www.openwall.com/lists/oss-security/2014/05/09/4
•MLIST:\[oss-security\] 20140509 Re: CVE request: Denial of Service
attacks against Dovecot v1.1+
•URL: http://www.openwall.com/lists/oss-security/2014/05/09/8
•UBUNTU:USN-2213-1
•URL: http://www.ubuntu.com/usn/USN-2213-1
•BID:67306
•URL: http://www.securityfocus.com/bid/67306
*(from redmine: issue id 2957, created on 2014-05-23, closed on 2014-06-10)*
* Relations:
* parent #2956
* Changesets:
* Revision e5b2b6940e39b79c09524115ad0eaacc30e179fd by Natanael Copa on 2014-06-10T11:31:51Z:
```
main/dovecot: security fix for CVE-2014-3430
fixes #2957
```Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2953[v2.5] libvirt: multiple issues (CVE-2013-6456 CVE-2014-0179)2019-07-23T14:08:33ZAlexander Belous[v2.5] libvirt: multiple issues (CVE-2013-6456 CVE-2014-0179)CVE-2013-6456:
The LXC driver (lxc/lxc\_driver.c) in libvirt 1.0.1 through 1.2.1 allows
local users to (1) delete arbitrary host devices via the
virDomainDeviceDettach API and a symlink attack on /dev in the
container; (2) create arbit...CVE-2013-6456:
The LXC driver (lxc/lxc\_driver.c) in libvirt 1.0.1 through 1.2.1 allows
local users to (1) delete arbitrary host devices via the
virDomainDeviceDettach API and a symlink attack on /dev in the
container; (2) create arbitrary nodes (mknod) via the
virDomainDeviceAttach API and a symlink attack on /dev in the container;
and cause a denial of service (shutdown or reboot host OS) via the (3)
virDomainShutdown or (4) virDomainReboot API and a symlink attack on
/dev/initctl in the container, related to “paths under /proc/$PID/root”
and the virInitctlSetRunLevel function.
•MISC: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732394
•CONFIRM: http://libvirt.org/git/?p=libvirt.git;a=commit;h=5fc590ad9f4
•CONFIRM: http://libvirt.org/news.html
•CONFIRM: http://security.libvirt.org/2013/0018.html
•CONFIRM: https://bugzilla.redhat.com/show\_bug.cgi?id=1045643
•FEDORA:FEDORA-2014-2864
•URL:
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/129199.html
•SUSE:openSUSE-SU-2014:0593
•URL: http://lists.opensuse.org/opensuse-updates/2014-05/msg00004.html
•BID:65743
•URL: http://www.securityfocus.com/bid/65743
•SECUNIA:56187
•URL: http://secunia.com/advisories/56187
•SECUNIA:56215
•URL: http://secunia.com/advisories/56215
CVE-2014-0179:
When parsing XML documents, libvirt passes the XML\_PARSE\_NOENT flag to
libxml2 which instructs it to expand all entities in the XML document
during parsing. This can be used to insert the contents of host OS files
in the resulting parsed content. Although the flaw was introduced in
0.0.5, it was dormant having no ill effects, since the APIs involved all
required the user to authenticate with privileges equivalent to root. In
version 0.7.5 or later the virConnectCompareCPU / virConnectBaselineCPU
methods activate the dormant bug, allowing for denial of service. In
version 1.0.0 or later, if the admin opts in to using the new fine
grained access control feature, there is potential for unprivileged
information disclosure.
References:
http://security.libvirt.org/2014/0003.html
CONFIRM:
http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=d6b27d3e4c40946efa79e91d134616b41b1666c4;hp=96eb7523e4a20605cc498d221c20ca6f18f5d3bb
*(from redmine: issue id 2953, created on 2014-05-23, closed on 2014-06-10)*
* Relations:
* parent #2952
* Changesets:
* Revision 26212b3bdd85d0b4ed7835b789519507f3d54a56 by Natanael Copa on 2014-06-10T14:05:19Z:
```
main/libvirt: security upgrade to 1.0.5.9 fixes various CVEs
CVE-2013-6458
CVE-2014-1447
CVE-2013-6456
CVE-2014-0179
fixes #2535
fixes #2953
```Alpine 2.5.5Leonardo ArenaLeonardo Arenahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2949[v2.5] cups: multiple fixes (CVE-2013-6891 CVE-2014-2856)2019-07-23T14:08:37ZAlexander Belous[v2.5] cups: multiple fixes (CVE-2013-6891 CVE-2014-2856)CVE-2013-6891:
lppasswd in CUPS before 1.7.1, when running with setuid privileges,
allows local users to read portions of arbitrary files via a modified
HOME environment variable and a symlink attack involving
.cups/client.conf.
•CONF...CVE-2013-6891:
lppasswd in CUPS before 1.7.1, when running with setuid privileges,
allows local users to read portions of arbitrary files via a modified
HOME environment variable and a symlink attack involving
.cups/client.conf.
•CONFIRM: http://www.cups.org/blog.php?L704
•CONFIRM: http://www.cups.org/str.php?L4319
•CONFIRM: http://advisories.mageia.org/MGASA-2014-0021.html
•MANDRIVA:MDVSA-2014:015
•URL: http://www.mandriva.com/security/advisories?name=MDVSA-2014:015
•UBUNTU:USN-2082-1
•URL: http://www.ubuntu.com/usn/USN-2082-1
•SECUNIA:56531
•URL: http://secunia.com/advisories/56531
CVE-2014-2856:
Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common
Unix Printing System (CUPS) before 1.7.2 allows remote attackers to
inject arbitrary web script or HTML via the URL path, related to the
is\_path\_absolute function.
•MLIST:\[oss-security\] 20140414 CVE request: cross-site scripting issue
fixed in CUPS 1.7.2
•URL: http://www.openwall.com/lists/oss-security/2014/04/14/2
•MLIST:\[oss-security\] 20140415 Re: CVE request: cross-site scripting
issue fixed in CUPS 1.7.2
•URL: http://www.openwall.com/lists/oss-security/2014/04/15/3
•CONFIRM: http://www.cups.org/documentation.php/relnotes.html
•CONFIRM: http://www.cups.org/str.php?L4356
•SECUNIA:57880
•URL: http://secunia.com/advisories/57880
*(from redmine: issue id 2949, created on 2014-05-23, closed on 2014-06-24)*
* Relations:
* parent #2948
* Changesets:
* Revision d55a9f01b6894e54eaadb528fd3c1eb058268774 on 2014-06-18T13:18:25Z:
```
main/cups: security fix (CVE-2014-2856). Fixes #2949
```Alpine 2.5.5Natanael CopaNatanael Copa