aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2020-09-15T11:18:34Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11953libproxy: pac server can trigger unbounded recursion in url.cpp recvline() (C...2020-09-15T11:18:34ZAlicha CHlibproxy: pac server can trigger unbounded recursion in url.cpp recvline() (CVE-2020-25219)url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion.
#### R...url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion.
#### References:
* https://github.com/libproxy/libproxy/issues/134
* https://nvd.nist.gov/vuln/detail/CVE-2020-25219
### Affected branches:
* [x] master
* [x] 3.12-stableNatanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11928gnupg: AEAD preference list overflow (CVE-2020-25125)2020-09-11T18:54:54ZAlicha CHgnupg: AEAD preference list overflow (CVE-2020-25125)Importing a key with AEAD preferences with GnuPG 2.2 can lead to an array overflow. This is not trivial to exploit because the attacker can control only each second byte with the first byte being fixed at 0x04. But it can be exploited.
...Importing a key with AEAD preferences with GnuPG 2.2 can lead to an array overflow. This is not trivial to exploit because the attacker can control only each second byte with the first byte being fixed at 0x04. But it can be exploited.
Affected versions are GnuPG 2.2.21 and 2.2.22. GnuPG 2.3 and versions before 2.2.21 are not affected.
Fixed In Version: gnupg 2.2.23
#### References:
* https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.html
* https://dev.gnupg.org/T5050
#### Patch:
https://dev.gnupg.org/rGaeb8272ca8aad403a4baac33b8d5673719cfd8f0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11916py3-django: Multiple vulnerabilities (CVE-2020-24583, CVE-2020-24584)2020-12-11T05:34:07ZAlicha CHpy3-django: Multiple vulnerabilities (CVE-2020-24583, CVE-2020-24584)### CVE-2020-24583: Incorrect permissions on intermediate-level directories on Python 3.7+
On Python 3.7+, ``FILE_UPLOAD_DIRECTORY_PERMISSIONS`` mode was not
applied to intermediate-level directories created in the process of uploading
...### CVE-2020-24583: Incorrect permissions on intermediate-level directories on Python 3.7+
On Python 3.7+, ``FILE_UPLOAD_DIRECTORY_PERMISSIONS`` mode was not
applied to intermediate-level directories created in the process of uploading
files and to intermediate-level collected static directories when using the
``collectstatic`` management command.
#### Fixed In Version:
Django 3.0.10
#### References:
* https://docs.djangoproject.com/en/dev/releases/3.0.10/
* https://www.openwall.com/lists/oss-security/2020/09/01/2
#### Patch:
https://github.com/django/django/commit/08892bffd275c79ee1f8f67639eb170aaaf1181e
### CVE-2020-24584: Permission escalation in intermediate-level directories of the file system cache on Python 3.7+
On Python 3.7+, the intermediate-level directories of the file system cache had
the system's standard umask rather than ``0o077`` (no group or others
permissions).
#### Fixed In Version:
Django 3.0.10
#### References:
* https://docs.djangoproject.com/en/dev/releases/3.0.10/
* https://www.openwall.com/lists/oss-security/2020/09/01/2
#### Patch:
https://github.com/django/django/commit/cdb367c92a0ba72ddc0cbd13ff42b0e6df709554Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11903wireshark: Kafka dissector crash (CVE-2020-17498)2020-08-31T23:56:11ZAlicha CHwireshark: Kafka dissector crash (CVE-2020-17498)It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
Affected versions: 3.2.0 to 3.2.5
Fixed in version: 3.2.6
#### References:
* htt...It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
Affected versions: 3.2.0 to 3.2.5
Fixed in version: 3.2.6
#### References:
* https://www.wireshark.org/security/wnpa-sec-2020-10.html
* https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16672
### Affected branches:
* [x] master
* [x] 3.12-stableNatanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11898curl - multiple vulnerabilities (CVE-2020-8169, CVE-2020-8177, CVE-2020-8231)2020-12-09T22:05:13ZNagasudhancurl - multiple vulnerabilities (CVE-2020-8169, CVE-2020-8177, CVE-2020-8231)## CVE-2020-8169:Partial password leak over DNS on HTTP redirect
libcurl can be tricked to prepend a part of the password to the host name before it resolves it, potentially leaking the partial password over the network and to the DNS s...## CVE-2020-8169:Partial password leak over DNS on HTTP redirect
libcurl can be tricked to prepend a part of the password to the host name before it resolves it, potentially leaking the partial password over the network and to the DNS server(s).
### References
https://curl.haxx.se/docs/CVE-2020-8169.html
## CVE-2020-8177: curl overwrite local file with -J
curl can be tricked by a malicious server to overwrite a local file when using -J (--remote-header-name) and -i (--include) in the same command line.
### References
https://curl.haxx.se/docs/CVE-2020-8177.html
## CVE-2020-8231: libcurl: wrong connect-only connection
An application that performs multiple requests with libcurl's multi API and sets the CURLOPT_CONNECT_ONLY option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection - and instead pick another one the application has created since then.
### References
https://curl.haxx.se/docs/CVE-2020-8231.html
## Affected versions
libcurl 7.29.0 to and including 7.71.1
## Recommendation
Upgrade to curl 7.72.0
### Affected branches:
* [x] master
* [x] 3.12-stable
* [x] 3.11-stable
* [x] 3.10-stable
* [x] 3.9-stable3.12.2https://gitlab.alpinelinux.org/alpine/aports/-/issues/11896squid: Multiple issues (CVE-2020-15810, CVE-2020-15811, CVE-2020-24606)2020-10-29T11:19:24ZAlicha CHsquid: Multiple issues (CVE-2020-15810, CVE-2020-15811, CVE-2020-24606)### CVE-2020-15810: HTTP Request Smuggling could result in cache poisoning
Due to incorrect data validation Squid is vulnerable to HTTP Request Smuggling
attacks against HTTP and HTTPS traffic. This leads to cache poisoning.
Affected V...### CVE-2020-15810: HTTP Request Smuggling could result in cache poisoning
Due to incorrect data validation Squid is vulnerable to HTTP Request Smuggling
attacks against HTTP and HTTPS traffic. This leads to cache poisoning.
Affected Versions: 2.5-3.5.28, 4.0-4.12, 5.0.1-5.0.3
Fixed Versions: 4.13, 5.0.4
#### Reference:
https://github.com/squid-cache/squid/security/advisories/GHSA-3365-q9qx-f98m
#### Patch:
https://github.com/squid-cache/squid/commit/9c8e2a71aa1d3c159a319d9365c346c48dc783a5
### CVE-2020-15811: HTTP Request Splitting could result in cache poisoning
Due to incorrect data validation Squid is vulnerable to HTTP Request Splitting
attacks against HTTP and HTTPS traffic. This leads to cache poisoning.
Affected Versions: 2.7-3.5.28, 4.0-4.12, 5.0.1-5.0.3
Fixed Versions: 4.13, 5.0.4
#### Reference:
https://github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv
#### Patch:
https://github.com/squid-cache/squid/commit/fd68382860633aca92065e6c343cfd1b12b126e7
#### CVE-2020-24606: Improper Input Validation could result in a DoS
Due to Improper Input Validation Squid is vulnerable to a Denial of Service attack
against the machine operating Squid.
Affected Versions: 3.0-4.12, 5.0.1-5.0.3
Fixed Versions: 4.13, 5.0.4
#### Reference:
https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg
### Affected branches:
* [x] master (1b1174f4734079258cf68f23cd87f03db61f8bb4)
* [x] 3.12-stable (e724957f3efcb46781ea97e6a818c83f3f11fcca)
* [x] 3.11-stable (7300bf0a9813153ef15f97952cfb41a06e65769c)
* [x] 3.10-stable (dd335d7b73b301ef247eab133d8784257b87bb06)
* [x] 3.9-stable (99db9460e9bbcdfb2c8cb20976a3d7e89e7d859d)3.12.2Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11893qemu: out-of-bounds r/w access issue while processing usb packets (CVE-2020-1...2020-09-24T04:53:18ZDaniel Nériqemu: out-of-bounds r/w access issue while processing usb packets (CVE-2020-14364, XSA-335)Vulnerable packages:
* [community/qemu](https://www.openwall.com/lists/oss-security/2020/08/24/3)
* [main/xen](https://xenbits.xen.org/xsa/advisory-335.html)
## Affected branches
### Xen
* [x] master
* [x] 3.12-stable
* [x] 3.11-stabl...Vulnerable packages:
* [community/qemu](https://www.openwall.com/lists/oss-security/2020/08/24/3)
* [main/xen](https://xenbits.xen.org/xsa/advisory-335.html)
## Affected branches
### Xen
* [x] master
* [x] 3.12-stable
* [x] 3.11-stable
* [x] 3.10-stable
* [x] 3.9-stable
### Qemu
* [x] master
* [x] 3.12-stable3.12.1https://gitlab.alpinelinux.org/alpine/aports/-/issues/11884bind: Multiple vulnerabilities (CVE-2020-8620, CVE-2020-8621, CVE-2020-8622,...2021-03-31T16:17:59ZAlicha CHbind: Multiple vulnerabilities (CVE-2020-8620, CVE-2020-8621, CVE-2020-8622, CVE-2020-8623, and CVE-2020-8624)### CVE-2020-8620: A specially crafted large TCP payload can trigger an assertion failure in tcpdns.c
In versions of BIND that use the libuv network manager (9.16.x is the only stable branch affected) an incorrectly specified maximum bu...### CVE-2020-8620: A specially crafted large TCP payload can trigger an assertion failure in tcpdns.c
In versions of BIND that use the libuv network manager (9.16.x is the only stable branch affected) an incorrectly specified maximum buffer size allows a specially crafted large TCP payload to trigger an assertion failure when it is received.
Affected Versions: BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3
Fixed In Version: BIND 9.16.6, BIND 9.17.4
#### References:
* https://kb.isc.org/docs/cve-2020-8620
* https://www.openwall.com/lists/oss-security/2020/08/20/2
### CVE-2020-8621: Attempting QNAME minimization after forwarding can lead to an assertion failure in resolver.c
While query forwarding and QNAME minimization are mutually incompatible, BIND did sometimes allow QNAME minimization when continuing with recursion after 'forward first' did not result in an answer. In these cases the data used by QNAME minimization might be inconsistent, leading to an assertion failure, causing the server to exit.
Affected Versions: BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3
Fixed In versions: BIND 9.16.6, BIND 9.17.4
#### References:
* https://kb.isc.org/docs/cve-2020-8621
* https://www.openwall.com/lists/oss-security/2020/08/20/2
### CVE-2020-8622: A truncated TSIG response can lead to an assertion failure
An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit.
Affected Versions: BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition
Fixed In versions: BIND 9.11.22, BIND 9.16.6, BIND 9.17.4
#### References:
* https://kb.isc.org/docs/cve-2020-8622
* https://www.openwall.com/lists/oss-security/2020/08/20/2
### CVE-2020-8623: A flaw in native PKCS#11 code can lead to a remotely triggerable assertion failure in pk11.c
If BIND is built with "--enable-native-pkcs11" then a specially crafted query for a zone signed with RSA can trigger an assertion failure.
Affected Versions: BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition
Fixed In versions: BIND 9.11.22, BIND 9.16.6, BIND 9.17.4
#### References:
* https://kb.isc.org/docs/cve-2020-8623
* https://www.openwall.com/lists/oss-security/2020/08/20/2
### CVE-2020-8624: update-policy rules of type "subdomain" are enforced incorrectly
Change 4885 inadvertently caused "update-policy" rules of type "subdomain" to be treated as if they were of type "zonesub", allowing updates to all parts of the zone along with the intended subdomain.
Affected Versions: BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition
Fixed In versions: BIND 9.11.22, BIND 9.16.6, BIND 9.17.4
References:
https://kb.isc.org/docs/cve-2020-8624
https://www.openwall.com/lists/oss-security/2020/08/20/2
### Affected branches:
* [x] master (552c946)
* [x] 3.12-stable (8bacbe7)
* [x] 3.11-stable
* [x] 3.10-stable
* [ ] 3.9-stable (EOL)3.12.6Kevin DaudtKevin Daudthttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11883sane-backends: Multiple vulnerabilities (CVE-2020-12862, CVE-2020-12863, CVE-...2020-12-09T23:19:17ZAlicha CHsane-backends: Multiple vulnerabilities (CVE-2020-12862, CVE-2020-12863, CVE-2020-12865, CVE-2020-12867)### CVE-2020-12862: Out-of-bounds read in decode_binary
A flaw was found in sane-backends before version 1.0.30. An out-of-bounds read in decode_binary may lead to disclosure of information.
#### References:
* https://gitlab.com/sane-...### CVE-2020-12862: Out-of-bounds read in decode_binary
A flaw was found in sane-backends before version 1.0.30. An out-of-bounds read in decode_binary may lead to disclosure of information.
#### References:
* https://gitlab.com/sane-project/backends/-/releases
* https://nvd.nist.gov/vuln/detail/CVE-2020-12862
#### Patch:
https://gitlab.com/sane-project/backends/-/commit/3d005c2570a71fe93a63192d9c47ee54cb39049b
### CVE-2020-12863: Out-of-bounds read in esci2_check_header
A flaw was found in sane-backends before version 1.0.30. An out-of-bounds read in esci2_check_header function may lead to disclosure of information.
#### References:
* https://gitlab.com/sane-project/backends/-/releases
* https://nvd.nist.gov/vuln/detail/CVE-2020-12863
#### Patch:
https://gitlab.com/sane-project/backends/-/commit/226d9c92899facf4b22b98c73be6ad2cd0effc4a
### CVE-2020-12865: Heap buffer overflow in esci2_img
A flaw was found in sane-backends before version 1.0.30. A heap buffer overflow in esci2_img function may lead to remote code execution.
#### References:
* https://gitlab.com/sane-project/backends/-/issues/279
* https://nvd.nist.gov/vuln/detail/CVE-2020-12865
#### Patch:
https://gitlab.com/sane-project/backends/-/commit/b9b0173409df73e235da2aa0dae5edd21fb55967
### CVE-2020-12867: NULL pointer dereference in sanei_epson_net_read function
A NULL pointer dereference in sanei_epson_net_read in SANE Backends through 1.0.29 allows a malicious device connected
to the same local network as the victim to cause a denial of service, aka GHSL-2020-075.
#### References:
* https://gitlab.com/sane-project/backends/-/issues/279
* https://nvd.nist.gov/vuln/detail/CVE-2020-12867
#### Patch:
https://gitlab.com/sane-project/backends/-/commit/4c9e4efd4a82214719eeb1377a900e3a85c1c369
### Affected branches:
* [x] master
* [x] 3.12-stable3.12.2Valery KartelValery Kartelhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11882curl: wrong connect-only connection (CVE-2020-8231)2020-12-09T22:05:07ZAlicha CHcurl: wrong connect-only connection (CVE-2020-8231)An application that performs multiple requests with libcurl's multi API and sets the CURLOPT_CONNECT_ONLY option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and ...An application that performs multiple requests with libcurl's multi API and sets the CURLOPT_CONNECT_ONLY option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection - and instead pick another one the application has created since then.
CURLOPT_CONNECT_ONLY is the option to tell libcurl to not perform an actual transfer, only connect. When that operation is completed, libcurl remembers which connection it used for that transfer and "easy handle". It remembers the connection using a pointer to the internal connectdata struct in memory.
* Affected versions: libcurl 7.29.0 to and including 7.71.1
* Not affected versions: libcurl < 7.29.0 and libcurl >= 7.72.0
#### References:
* https://curl.haxx.se/docs/CVE-2020-8231.html
* https://www.openwall.com/lists/oss-security/2020/08/19/1
#### Patch:
https://github.com/curl/curl/commit/3c9e021f86872baae412a427e807fbfa2f3e8
### Affected branches:
* [x] master
* [x] 3.12-stable
* [x] 3.11-stable
* [x] 3.10-stable
* [x] 3.9-stable3.12.2Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11872luajit: out-of-bounds read because __gc handler frame traversal is mishandled...2020-12-10T10:46:36ZAlicha CHluajit: out-of-bounds read because __gc handler frame traversal is mishandled (CVE-2020-15890 )LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame traversal is mishandled.
#### References:
* https://github.com/LuaJIT/LuaJIT/issues/601
* https://nvd.nist.gov/vuln/detail/CVE-2020-15890
### Affected bra...LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame traversal is mishandled.
#### References:
* https://github.com/LuaJIT/LuaJIT/issues/601
* https://nvd.nist.gov/vuln/detail/CVE-2020-15890
### Affected branches:
* [x] master
* [ ] 3.12-stable
* [ ] 3.11-stable
* [ ] 3.10-stable
* [ ] 3.9-stable3.12.2Jakub JirutkaJakub Jirutkahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11871qt5-qtbase: buffer over-read in read_xbm_body in gui/image/qxbmhandler.cpp (C...2021-02-23T19:45:46ZAlicha CHqt5-qtbase: buffer over-read in read_xbm_body in gui/image/qxbmhandler.cpp (CVE-2020-17507)An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.
#### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2020-17507
### Affected bra...An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read.
#### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2020-17507
### Affected branches:
* [x] master
* [x] 3.12-stable3.12.1Bart RibbersBart Ribbershttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11870postgresql: Multiple vulnerabilities (CVE-2020-14349, CVE-2020-14350)2020-09-08T09:48:43ZAlicha CHpostgresql: Multiple vulnerabilities (CVE-2020-14349, CVE-2020-14350)### CVE-2020-14349: uncontrolled search path element in logical replication
The PostgreSQL search_path setting determines schemas searched for tables, functions, operators, etc. The CVE-2018-1058 fix caused most PostgreSQL-provided cli...### CVE-2020-14349: uncontrolled search path element in logical replication
The PostgreSQL search_path setting determines schemas searched for tables, functions, operators, etc. The CVE-2018-1058 fix caused most PostgreSQL-provided client applications to sanitize search_path, but logical replication continued to leave search_path unchanged. Users of a replication publisher or subscriber database can create objects in the "public" schema and harness them to execute arbitrary SQL functions under the identity running replication, often a superuser. Installations having adopted a documented "secure schema usage pattern" are not vulnerable.
#### Fixed In Version:
postgresql 12.4, postgresql 11.9, postgresql 10.14
#### References:
* https://www.postgresql.org/about/news/2060/
* https://security-tracker.debian.org/tracker/CVE-2020-14349
#### Patches:
* https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=11da97024abbe76b8c81e3f2375b2a62e9717c67
* https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cec57b1a0fbcd3833086ba686897c5883e0a2afc
### CVE-2020-14350: uncontrolled search path element in CREATE EXTENSION
When a superuser issues certain CREATE EXTENSION statements, users may be able to execute arbitrary SQL functions under the identity of that superuser. The attacker must have permission to create objects in the new extension's schema or a schema of a prerequisite extension. Not all extensions are vulnerable. In addition to correcting the extensions provided with PostgreSQL, the project is issuing guidance for third-party extension authors to secure their own work.
##### Fixed In Version:
postgresql 12.4, postgresql 11.9, postgresql 10.14, postgresql 9.6.19, postgresql and 9.5.23
#### References:
https://www.postgresql.org/about/news/2060/
#### Patch:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=7eeb1d9861b0a3f453f8b31c7648396cdd7f1e59
### Affected branches:
* [x] master
* [x] 3.12-stable
* [x] 3.11-stable
* [x] 3.10-stable
* [x] 3.9-stable3.12.1Jakub JirutkaJakub Jirutkahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11869libetpan: response injection via STARTTLS in IMAP (CVE-2020-15953)2020-10-12T15:42:15ZAlicha CHlibetpan: response injection via STARTTLS in IMAP (CVE-2020-15953)LibEtPan through 1.9.4, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a meddler-in-the-middle attacker) and evaluates it in a TL...LibEtPan through 1.9.4, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a meddler-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection."
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2020-15953
* https://github.com/dinhvh/libetpan/issues/386
### Affected branches:
* [x] master (f6b8c8ff1924324b5ae18ea879086deec396c9e5)
* [x] 3.12-stable (6a5de63175a42ed6ee6359d5c1692975503353da)3.12.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11855libcroco: Stack overflow in cr_parser_parse_any_core in cr-parser.c (CVE-2020...2020-08-17T11:29:03ZAlicha CHlibcroco: Stack overflow in cr_parser_parse_any_core in cr-parser.c (CVE-2020-12825)libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption.
#### References:
* https://gitlab.gnome.org/Archive/libcroco/-/issues/8
* https://security-tracker.debian.org/tra...libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption.
#### References:
* https://gitlab.gnome.org/Archive/libcroco/-/issues/8
* https://security-tracker.debian.org/tracker/CVE-2020-12825
### Affected branches:
* [x] master
* [x] 3.12-stableNatanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11845go: ReadUvarint and ReadVarint can read an unlimited number of bytes from inv...2020-10-12T14:30:02ZAlicha CHgo: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (CVE-2020-16845)Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.
#### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2020-16845
#### Patch:
https://go.goog...Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs.
#### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2020-16845
#### Patch:
https://go.googlesource.com/go/+/027d7241ce050d197e7fabea3d541ffbe3487258%5E%21/
### Affected branches:
* [x] master (4428c5f3aba5a502ee460b3f6b33585a0ed123ea)
* [x] 3.12-stable (904dd561a5a325f33766cde3ef26a62738f71a92)3.12.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11844jenkins: Multiple vulnerabilities (CVE-2020-2229, CVE-2020-2230, CVE-2020-2231)2020-08-13T09:18:45ZAlicha CHjenkins: Multiple vulnerabilities (CVE-2020-2229, CVE-2020-2230, CVE-2020-2231)### CVE-2020-2229: Stored XSS vulnerability in help icons.
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons. Tooltip values can be contributed by plugins, some of which use user-specif...### CVE-2020-2229: Stored XSS vulnerability in help icons.
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the tooltip content of help icons. Tooltip values can be contributed by plugins, some of which use user-specified values.
### CVE-2020-2230: Stored XSS vulnerability in project naming strategy.
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the project naming strategy description that is displayed on item creation.
### CVE-2020-2231: Stored XSS vulnerability in 'Trigger builds remotely’.
Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the remote address of the host starting a build via 'Trigger builds remotely'.
#### References:
* https://www.jenkins.io/security/advisory/2020-08-12/
* https://www.openwall.com/lists/oss-security/2020/08/12/4Francesco ColistaFrancesco Colistahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11839ark: maliciously crafted archive can install files anywhere in the user's hom...2020-08-13T09:32:09ZAlicha CHark: maliciously crafted archive can install files anywhere in the user's home directory (CVE-2020-16116)In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal.
#### Reference:
https://kde.org/info/security/advisory-20200730-1.txt
#### Patch:
http...In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal.
#### Reference:
https://kde.org/info/security/advisory-20200730-1.txt
#### Patch:
https://invent.kde.org/utilities/ark/-/commit/0df592524fed305d6fbe74ddf8a196bc9ffdb92f
### Affected branches:
* [x] master
* [x] 3.12-stableBart RibbersBart Ribbershttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11831apache2: Multiple vulnerabilities (CVE-2020-9490, CVE-2020-11984, CVE-2020-11...2021-02-23T19:48:09ZAlicha CHapache2: Multiple vulnerabilities (CVE-2020-9490, CVE-2020-11984, CVE-2020-11993)### CVE-2020-9490: Push Diary Crash on Specifically Crafted HTTP/2 Header
A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afte...### CVE-2020-9490: Push Diary Crash on Specifically Crafted HTTP/2 Header
A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards.
Versions Affected: 2.4.20 to 2.4.43
#### Reference:
https://httpd.apache.org/security/vulnerabilities_24.html
### CVE-2020-11984: mod_uwsgi buffer overlow
mod_proxy_uwsgi info disclosure and possible RCE.
Versions Affected: 2.4.32 to 2.4.44
#### References:
* https://www.openwall.com/lists/oss-security/2020/08/07/1
* https://httpd.apache.org/security/vulnerabilities_24.html
### CVE-2020-11993: Push Diary Crash on Specifically Crafted HTTP/2 Header
When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools.
Versions Affected: 2.4.20 to 2.4.43
#### Reference:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-11993
### Affected branches:
* [x] master
* [x] 3.12-stable
* [x] 3.11-stable
* [x] 3.10-stable
* [x] 3.9-stableKaarle RitvanenKaarle Ritvanenhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11792webkit2gtk: Multiple vulnerabilities (CVE-2020-9862, CVE-2020-9893, CVE-2020-...2020-07-30T08:59:13ZAlicha CHwebkit2gtk: Multiple vulnerabilities (CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, CVE-2020-9925)#### CVE-2020-9862
* Copying a URL from Web Inspector may lead to command injection.
* A command injection issue existed in Web Inspector. This issue was addressed with improved escaping.
* Versions affected: WebKitGTK before 2.28.4 an...#### CVE-2020-9862
* Copying a URL from Web Inspector may lead to command injection.
* A command injection issue existed in Web Inspector. This issue was addressed with improved escaping.
* Versions affected: WebKitGTK before 2.28.4 and WPE WebKit before 2.28.4.
#### CVE-2020-9893
* A remote attacker may be able to cause unexpected application termination or arbitrary code execution.
* An use-after-free issue was addressed with improved memory management.
* Versions affected: WebKitGTK before 2.28.4 and WPE WebKit before 2.28.4.
#### CVE-2020-9894
* A remote attacker may be able to cause unexpected application termination or arbitrary code execution.
* An out-of-bounds read was addressed with improved input validation.
* Versions affected: WebKitGTK before 2.28.4 and WPE WebKit before 2.28.4.
#### CVE-2020-9895
* A remote attacker may be able to cause unexpected application termination or arbitrary code execution.
* An use-after-free issue was addressed with improved memory management.
* Versions affected: WebKitGTK before 2.28.4 and WPE WebKit before 2.28.4.
#### CVE-2020-9915
* Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
* An access issue existed in Content Security Policy. This issue was addressed with improved access restrictions.
* Versions affected: WebKitGTK before 2.28.4 and WPE WebKit before 2.28.4.
#### CVE-2020-9925
* Processing maliciously crafted web content may lead to universal cross site scripting.
* A logic issue was addressed with improved state management.
* Versions affected: WebKitGTK before 2.28.4 and WPE WebKit before 2.28.4.
#### Reference:
https://webkitgtk.org/security/WSA-2020-0007.html
### Affected branches:
* [x] master
* [x] 3.12-stableRasmus Thomsenoss@cogitri.devRasmus Thomsenoss@cogitri.dev