aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2020-07-28T13:46:30Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11788hylafaxplus: Multiple vulnerabilities (CVE-2020-15396, CVE-2020-15397)2020-07-28T13:46:30ZAlicha CHhylafaxplus: Multiple vulnerabilities (CVE-2020-15396, CVE-2020-15397)### CVE-2020-15396: Race condition in faxsetup utility could lead to privileges escalation
In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local...### CVE-2020-15396: Race condition in faxsetup utility could lead to privileges escalation
In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root.
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2020-15396
* https://sourceforge.net/p/hylafax/HylaFAX+/2534/
### CVE-2020-15397: Unsafe handling of user-writable directories could lead to privileged code execution
HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the uucp account). This allows these users to execute code in the context of the user calling these binaries (often root).
#### References:
* https://nvd.nist.gov/vuln/detail/2020-15397
* https://sourceforge.net/p/hylafax/HylaFAX+/2534/
### Affected branches:
* [x] master
* [x] 3.12-stable
* [x] 3.11-stable
* [x] 3.10-stable
* [x] 3.9-stableFrancesco ColistaFrancesco Colistahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11771libraw: lack of thumbnail size range check can lead to buffer overflow (CVE-2...2020-07-23T11:28:07ZAlicha CHlibraw: lack of thumbnail size range check can lead to buffer overflow (CVE-2020-15503)LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without va...LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength.
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2020-15503
* https://security-tracker.debian.org/tracker/CVE-2020-15503
#### Patch:
https://github.com/LibRaw/LibRaw/commit/20ad21c0d87ca80217aee47533d91e633ce1864d
### Affected branches:
* [x] master (502e9bf832496cc7fc8c340efe91cc4e499ddce4)
* [x] 3.12-stable (b27c83e867672f156275bc3cfa885d43a3d6d905)Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11763xrdp: buffer overflow via malicious payloads (CVE-2020-4044)2020-07-21T18:52:17ZAlicha CHxrdp: buffer overflow via malicious payloads (CVE-2020-4044)The xrdp-sesman service before version 0.9.13.1 can be crashed by connecting over port 3350 and supplying a malicious payload. Once the xrdp-sesman process is dead, an unprivileged attacker on the server could then proceed to start their...The xrdp-sesman service before version 0.9.13.1 can be crashed by connecting over port 3350 and supplying a malicious payload. Once the xrdp-sesman process is dead, an unprivileged attacker on the server could then proceed to start their own imposter sesman service listening on port 3350. This will allow them to capture any user credentials that are submitted to XRDP and approve or reject arbitrary login credentials. For xorgxrdp sessions in particular, this allows an unauthorized user to hijack an existing session. This is a buffer overflow attack, so there may be a risk of arbitrary code execution as well.
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2020-4044
* https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-j9fv-6fwf-p3g4
#### Patch:
https://github.com/neutrinolabs/xrdp/commit/e593f58a82bf79b556601ae08e9e25e366a662fb
### Affected branches:
* [x] master
* [x] 3.12-stablehttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11747jenkins: Multiple vulnerabilities (CVE-2020-2220, CVE-2020-2221, CVE-2020-222...2020-07-21T06:28:26ZAlicha CHjenkins: Multiple vulnerabilities (CVE-2020-2220, CVE-2020-2221, CVE-2020-2222, CVE-2020-2223)### CVE-2020-2220: Stored XSS vulnerability in job build time trend
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the agent name on build time trend pages. This results in a stored cross-site scripting (XSS) vulner...### CVE-2020-2220: Stored XSS vulnerability in job build time trend
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the agent name on build time trend pages. This results in a stored cross-site scripting (XSS) vulnerability exploitable by users with Agent/Configure permission.
### CVE-2020-2221: Stored XSS vulnerability in upstream cause
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the upstream job’s display name shown as part of a build cause. This results in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission.
### CVE-2020-2222: Stored XSS vulnerability in 'keep forever' badge icons
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the job name in the 'Keep this build forever' badge tooltip. This results in a stored cross-site scripting (XSS) vulnerability exploitable by users able to configure job names.
### CVE-2020-2223: Stored XSS vulnerability in console links
Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the href attribute of links to downstream jobs displayed in the build console page. This results in a stored cross-site scripting (XSS) vulnerability exploitable by users with Job/Configure permission.
#### References:
* https://www.jenkins.io/security/advisory/2020-07-15/
* https://www.openwall.com/lists/oss-security/2020/07/15/5
### Affected branches:
* [x] master
* [x] 3.12-stableFrancesco ColistaFrancesco Colistahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11713firefox-esr: Multiple vulnerabilities (CVE-2020-12417, CVE-2020-12418, CVE-20...2020-07-03T14:51:31ZAlicha CHfirefox-esr: Multiple vulnerabilities (CVE-2020-12417, CVE-2020-12418, CVE-2020-12419, CVE-2020-12420, CVE-2020-12421)* CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64
* CVE-2020-12418: Information disclosure due to manipulated URL object
* CVE-2020-12419: Use-after-free in nsGlobalWindowInner
* CVE-2020-12420: Use...* CVE-2020-12417: Memory corruption due to missing sign-extension for ValueTags on ARM64
* CVE-2020-12418: Information disclosure due to manipulated URL object
* CVE-2020-12419: Use-after-free in nsGlobalWindowInner
* CVE-2020-12420: Use-After-Free when trying to connect to a STUN server
* CVE-2020-12421: Add-On updates did not respect the same certificate trust rules as software updates
#### Fixed In Version:
Firefox ESR 68.10
#### Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/
### Affected branches:
* [x] master
* [x] 3.12-stableRasmus Thomsenoss@cogitri.devRasmus Thomsenoss@cogitri.devhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11704ceph: HTTP header injection via CORS ExposeHeader tag (CVE-2020-10753)2021-04-05T21:56:03ZAlicha CHceph: HTTP header injection via CORS ExposeHeader tag (CVE-2020-10753)It was reported that "newline" character in the CORS xml configuration file in the ExposeHeader tag can lead to the header injection attack.
When the CORS request is made the response contain the injected header. Using newline characters...It was reported that "newline" character in the CORS xml configuration file in the ExposeHeader tag can lead to the header injection attack.
When the CORS request is made the response contain the injected header. Using newline characters injected into the HTTP headers, it is possible for the malicious user to add arbitrary headers such as Set-Cookie to set arbitrary cookies.
#### Fixed In Version:
ceph 14.2.10
#### References:
* https://ceph.io/releases/v14-2-10-nautilus-released/
* https://github.com/ceph/ceph/pull/35773
#### Patch:
[14.2.10] https://github.com/ceph/ceph/commit/46817f30cee60bc5df8354ab326762e7c783fe2c
### Affected branches:
* [x] master
* [x] 3.12-stablehttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11688python3: Hash collisions in IPv4Interface and IPv6Interface (CVE-2020-14422)2020-12-10T12:08:51ZArunpython3: Hash collisions in IPv4Interface and IPv6Interface (CVE-2020-14422)Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of...Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created.
Tool used white source scan
![1](/uploads/65d162f14169535c5ec3678650abab38/1.png)
![2](/uploads/199a6933fad2becb572bf4e354ced70d/2.png)
#### References:
* https://bugs.python.org/issue41004
### Affected branches:
* [x] master
* [x] v3.12
* [x] v3.11
* [x] v3.10
* [x] v3.9https://gitlab.alpinelinux.org/alpine/aports/-/issues/11682curl: Multiple vulnerabilities (CVE-2020-8169, CVE-2020-8177)2020-09-15T16:58:28ZAlicha CHcurl: Multiple vulnerabilities (CVE-2020-8169, CVE-2020-8177)### CVE-2020-8169: Partial password leak over DNS on HTTP redirect
Libcurl can be tricked to prepend a part of the password to the host name before it resolves it, potentially leaking the partial password over the network and to the DNS...### CVE-2020-8169: Partial password leak over DNS on HTTP redirect
Libcurl can be tricked to prepend a part of the password to the host name before it resolves it, potentially leaking the partial password over the network and to the DNS server(s).
libcurl can be given a username and password for HTTP authentication when requesting an HTTP resource - used for HTTP Authentication such as Basic, Digest, NTLM and similar. The credentials are set, either together with CURLOPT_USERPWD or separately with CURLOPT_USERNAME and CURLOPT_PASSWORD. Important detail: these strings are given to libcurl as plain C strings and they are not supposed to be URL encoded.
In addition, libcurl also allows the credentials to be set in the URL, using the standard RFC 3986 format: http://user:password@host/path. In this case, the name and password are URL encoded as that's how they appear in URLs.
* Affected versions: libcurl 7.62.0 to and including 7.70.0
* Not affected versions: libcurl < 7.62.0
#### Fixed In Version:
curl 7.71.0
#### References:
* https://curl.haxx.se/docs/CVE-2020-8169.html
* https://www.openwall.com/lists/oss-security/2020/06/24/1
### CVE-2020-8177: curl overwrite local file with -J
Curl can be tricked my a malicious server to overwrite a local file when using
`-J` (`--remote-header-name`) and `-i` (`--head`) in the same command line.
The command line tool offers the `-J` option that saves a remote file using
the file name present in the `Content-Disposition:` response header. curl then
refuses to overwrite an existing local file using the same name, if one
already exists in the current directory.
The `-J` flag is designed to save a response body, and so it doesn't work
together with `-i` and there's logic that forbids it. However, the check is
flawed and doesn't properly check for when the options are used in the
reversed order: first using `-J` and then `-i` were mistakenly accepted.
* Affected versions: curl 7.20.0 to and including 7.70.0
* Not affected versions: curl < 7.20.0 and curl >= 7.71.0
#### Fixed In Version:
curl 7.71.0
#### References:
* https://curl.haxx.se/docs/CVE-2020-8177.html
* https://www.openwall.com/lists/oss-security/2020/06/24/2
### Affected branches:
* [x] master
* [x] 3.12-stable
* [x] 3.11-stable
* [x] 3.10-stable
* [x] 3.9-stableNatanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11681chromium: Multiple vulnerabilities (CVE-2020-6505, CVE-2020-6506, CVE-2020-65...2020-11-27T09:22:47ZAlicha CHchromium: Multiple vulnerabilities (CVE-2020-6505, CVE-2020-6506, CVE-2020-6507, CVE-2020-6509)* CVE-2020-6505: Use after free in speech.
* CVE-2020-6506: Insufficient policy enforcement in WebView.
* CVE-2020-6507: Out of bounds write in V8.
Fixed In Version:
chromium 83.0.4103.106
Reference:
https://chromereleases.google...* CVE-2020-6505: Use after free in speech.
* CVE-2020-6506: Insufficient policy enforcement in WebView.
* CVE-2020-6507: Out of bounds write in V8.
Fixed In Version:
chromium 83.0.4103.106
Reference:
https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop_15.html
CVE-2020-6509: Use after free in extensions.
Fixed In Version:
chromium 83.0.4103.116
Reference:
https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop_22.html?m=1
### Affected branches:
* [x] master (d458817a5891a75e29740a1cd6d29317691bdd10)
* [x] 3.12-stable (45f0d495cc9725bb39fdd397103625bf0d2e7c02)Rasmus Thomsenoss@cogitri.devRasmus Thomsenoss@cogitri.devhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11680ngircd: Server-Server protocol implementation leads to out-of-bounds access (...2020-06-23T16:37:04ZAlicha CHngircd: Server-Server protocol implementation leads to out-of-bounds access (CVE-2020-14148)The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function.
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2020-14148
* https://security-trac...The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function.
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2020-14148
* https://security-tracker.debian.org/tracker/CVE-2020-14148
#### Patch:
https://github.com/ngircd/ngircd/commit/02cf31c0e267a4c9a7656d43ad3ad4eeb37fc9c5
### Affected branches:
* [x] master
* [x] 3.12-stable
* [x] 3.11-stable
* [x] 3.10-stable
* [x] 3.9-stableNatanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11676libjpeg-turbo: heap-based buffer over-read in get_rgb_row() in rdppm.c (CVE-2...2020-06-22T12:15:14ZAlicha CHlibjpeg-turbo: heap-based buffer over-read in get_rgb_row() in rdppm.c (CVE-2020-13790)libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.
#### References:
* https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433
* https://nvd.nist.gov...libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.
#### References:
* https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433
* https://nvd.nist.gov/vuln/detail/CVE-2020-13790
#### Patch:
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a
### Affected branches:
* [x] master
* [x] 3.12-stable
* [x] 3.11-stable
* [x] 3.10-stableLeoLeohttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11657icinga2: prepare-dirs script allows for symlink attack in the icinga user con...2020-06-17T04:01:23ZAlicha CHicinga2: prepare-dirs script allows for symlink attack in the icinga user context (CVE-2020-14004)An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of the icinga2 systemd service) executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/i...An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of the icinga2 systemd service) executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrary files can be changed to mode 2750 by the unprivileged icinga2 user.
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2020-14004
* https://www.openwall.com/lists/oss-security/2020/06/12/1
#### Patch:
https://github.com/Icinga/icinga2/commit/2f0f2e8c355b75fa4407d23f85feea037d2bc4b6
### Affected branches:
* [x] master
* [x] 3.12-stableFrancesco ColistaFrancesco Colistahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11639freerdp: Out-of-bounds write in crypto.c (CVE-2020-13398)2020-06-11T18:08:43ZAlicha CHfreerdp: Out-of-bounds write in crypto.c (CVE-2020-13398)An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c.
#### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2020-13398
#### Pat...An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c.
#### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2020-13398
#### Patches:
https://github.com/FreeRDP/FreeRDP/commit/8305349a943c68b1bc8c158f431dc607655aadea
https://github.com/FreeRDP/FreeRDP/commit/8fb6336a4072abcee8ce5bd6ae91104628c7bb69
### Affected branches:
* [x] master
* [x] 3.12-stableNatanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11631graphicsmagick: A heap-based buffer overflow in ReadMNGImage in coders/png.c ...2020-06-11T15:07:10ZAlicha CHgraphicsmagick: A heap-based buffer overflow in ReadMNGImage in coders/png.c (CVE-2020-12672)GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c.
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2020-12672
* https://security-tracker.debian.org/tracker/CVE-2020-12672
#### Pat...GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c.
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2020-12672
* https://security-tracker.debian.org/tracker/CVE-2020-12672
#### Patch:
https://sourceforge.net/p/graphicsmagick/code/ci/50395430a37188d0d197e71bd85ed6dd0f649ee3/
### Affected branches:
* [x] master
* [x] 3.12-stableFrancesco ColistaFrancesco Colistahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11626hostapd: UPnP SUBSCRIBE misbehavior in hostapd WPS AP (CVE-2020-12695)2020-06-10T02:53:19ZAlicha CHhostapd: UPnP SUBSCRIBE misbehavior in hostapd WPS AP (CVE-2020-12695)General security vulnerability in the way the callback URLs in the UPnP
SUBSCRIBE command are used were reported (VU#339275, CVE-2020-12695).
Some of the described issues may be applicable to the use of UPnP in WPS
AP mode functionality ...General security vulnerability in the way the callback URLs in the UPnP
SUBSCRIBE command are used were reported (VU#339275, CVE-2020-12695).
Some of the described issues may be applicable to the use of UPnP in WPS
AP mode functionality for supporting external registrars.
#### Vulnerable Versions:
All hostapd versions with WPS AP support with UPnP enabled in the build
parameters (CONFIG_WPS_UPNP=y) and in the runtime configuration
(upnp_iface).
#### References:
https://w1.fi/security/2020-1/upnp-subscribe-misbehavior-wps-ap.txt
#### Patches:
https://w1.fi/security/2020-1/
### Affected branches:
* [x] master
* [x] 3.12-stable
* [x] 3.11-stable
* [x] 3.10-stable
* [x] 3.9-stableNatanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11581json-c: integer overflow and out-of-bounds write (CVE-2020-12762)2020-05-28T13:01:32ZAlicha CHjson-c: integer overflow and out-of-bounds write (CVE-2020-12762)json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2020-12762
* https://cve.mitre.org/cgi-bin/cvenam...json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2020-12762
* https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-12762
#### Patches:
* https://github.com/json-c/json-c/pull/608 (0.14)
* https://github.com/json-c/json-c/pull/607 (0.13.x)
### Affected branches:
* [x] master
* [x] 3.11-stable
* [x] 3.10-stable
* [x] 3.9-stableNatanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11566wireshark: NFS dissector crash (CVE-2020-13164)2020-05-21T07:40:22ZAlicha CHwireshark: NFS dissector crash (CVE-2020-13164)In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. This was addressed in epan/dissectors/packet-nfs.c by preventing excessive recursion, such as for a cycle in the directory graph on a files...In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. This was addressed in epan/dissectors/packet-nfs.c by preventing excessive recursion, such as for a cycle in the directory graph on a filesystem.
#### Fixed In Version:
wireshark 3.2.4, 3.0.11, 2.6.17
#### References:
* https://www.wireshark.org/security/wnpa-sec-2020-08.html
* https://nvd.nist.gov/vuln/detail/CVE-2020-13164
### Affected branches:
* [x] master (0b37cbd02887cb5521c7b47e2a90e97edf0fcff4)
* [x] 3.11-stable (61d804a5f413dd24d29443b34c5295dd9cbfc302)Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11565knot-resolver: NXNSAttack mitigation (CVE-2020-12667)2020-05-21T06:36:10ZAlicha CHknot-resolver: NXNSAttack mitigation (CVE-2020-12667)Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.
#### References:
* ht...Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2020-12667
* https://www.openwall.com/lists/oss-security/2020/05/19/2
#### Patch:
https://www.openwall.com/lists/oss-security/2020/05/19/2/1
### Affected branches:
* [x] master
* [x] 3.11-stableJakub JirutkaJakub Jirutkahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11564pdns-recursor: Multiple vulnerabilities(CVE-2020-10995, CVE-2020-12244)2020-05-21T06:39:10ZAlicha CHpdns-recursor: Multiple vulnerabilities(CVE-2020-10995, CVE-2020-12244)### CVE-2020-10995: Denial of Service.
An issue in the DNS protocol has been found that allows
malicious parties to use recursive DNS services to attack third party
authoritative name servers.
#### Affected Versions:
PowerDNS Recurs...### CVE-2020-10995: Denial of Service.
An issue in the DNS protocol has been found that allows
malicious parties to use recursive DNS services to attack third party
authoritative name servers.
#### Affected Versions:
PowerDNS Recursor from 4.1.0 up to and including 4.3.0.
#### Fixed In Version:
PowerDNS Recursor 4.3.1, 4.2.2. and 4.1.16
References:
* https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-01.html
* https://www.openwall.com/lists/oss-security/2020/05/19/3
### CVE-2020-12244: Insufficient validation of DNSSEC signatures.
An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer. This would allow an attacker in position of man-in-the-middle to send a NXDOMAIN answer for a name that does exist, bypassing DNSSEC validation.
#### Fixed In Version:
PowerDNS Recursor 4.3.1, 4.2.2. and 4.1.16
#### References:
* https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-02.html
* https://www.openwall.com/lists/oss-security/2020/05/19/3
### Affected branches:
* [x] master
* [x] 3.11-stablehttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11559unbound: Multiple vulnerabilities (CVE-2020-12662, CVE-2020-12663)2020-08-15T09:49:58ZAlicha CHunbound: Multiple vulnerabilities (CVE-2020-12662, CVE-2020-12663)#### CVE-2020-12662: Unbound can be tricked into amplifying an incoming query into a large number of queries directed to a target.
#### Affected Versions:
All version of Unbound up to and including 1.10.0
#### References:
* https:/...#### CVE-2020-12662: Unbound can be tricked into amplifying an incoming query into a large number of queries directed to a target.
#### Affected Versions:
All version of Unbound up to and including 1.10.0
#### References:
* https://www.openwall.com/lists/oss-security/2020/05/19/5
* https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt
### CVE-2020-12663: Malformed answers from upstream name servers can be used to make Unbound unresponsive.
#### Affected Versions:
All version of Unbound up to and including 1.10.0
#### References:
* https://www.openwall.com/lists/oss-security/2020/05/19/5
* https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt
### Affected branches:
* [x] master
* [x] 3.11-stable
* [x] 3.10-stable
* [x] 3.9-stable
* [ ] 3.8-stableNatanael CopaNatanael Copa