aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2020-09-14T10:44:48Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11637xen: Special Register Buffer speculative side channel (CVE-2020-0543, XSA-320)2020-09-14T10:44:48ZAlicha CHxen: Special Register Buffer speculative side channel (CVE-2020-0543, XSA-320)Certain processor operations microarchitecturally need to read data from
outside the physical core (e.g. to communicate with the random number
generator). In some implementations, this operation is called a Special
Register Read.
In so...Certain processor operations microarchitecturally need to read data from
outside the physical core (e.g. to communicate with the random number
generator). In some implementations, this operation is called a Special
Register Read.
In some implementations, data are staged in a single shared buffer, and
a full cache line at a time is returned to the core which made the
Special Register Read. On parts vulnerable to MFBDS or TAA, an attacker
may be able to access stale data requested by other cores in the system.
Systems running all versions of Xen are affected.
#### Reference:
http://xenbits.xen.org/xsa/advisory-320.html
### Affected branches:
* [x] master (b180bcb262c13cfed0346d5b2ed0e85aa113e302)
* [x] 3.12-stable
* [x] 3.11-stable
* [x] 3.10-stable
* [x] 3.9-stableNatanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11930zeromq: Denial-of-Service on CURVE/ZAP-protected servers (CVE-2020-15166)2020-09-08T21:21:14ZAlicha CHzeromq: Denial-of-Service on CURVE/ZAP-protected servers (CVE-2020-15166)If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able to exchange any message. Handshakes complete successfully, and messages are delivered to the library,...If a raw TCP socket is opened and connected to an endpoint that is fully configured with CURVE/ZAP, legitimate clients will not be able to exchange any message. Handshakes complete successfully, and messages are delivered to the library, but the server application never receives them.
Affected Versions: zeromq <= 4.3.2
Fixed In Version: zeromq 4.3.3
#### References:
* https://www.openwall.com/lists/oss-security/2020/09/07/3
* https://github.com/zeromq/libzmq/security/advisories/GHSA-25wp-cf8g-938m
### Affected branches:
* [x] master (9c865ca694c9446bcee5154bf35ef227c1bc4d24)
* [x] 3.12-stable
* [x] 3.11-stable
* [x] 3.10-stable
* [x] 3.9-stable3.12.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11870postgresql: Multiple vulnerabilities (CVE-2020-14349, CVE-2020-14350)2020-09-08T09:48:43ZAlicha CHpostgresql: Multiple vulnerabilities (CVE-2020-14349, CVE-2020-14350)### CVE-2020-14349: uncontrolled search path element in logical replication
The PostgreSQL search_path setting determines schemas searched for tables, functions, operators, etc. The CVE-2018-1058 fix caused most PostgreSQL-provided cli...### CVE-2020-14349: uncontrolled search path element in logical replication
The PostgreSQL search_path setting determines schemas searched for tables, functions, operators, etc. The CVE-2018-1058 fix caused most PostgreSQL-provided client applications to sanitize search_path, but logical replication continued to leave search_path unchanged. Users of a replication publisher or subscriber database can create objects in the "public" schema and harness them to execute arbitrary SQL functions under the identity running replication, often a superuser. Installations having adopted a documented "secure schema usage pattern" are not vulnerable.
#### Fixed In Version:
postgresql 12.4, postgresql 11.9, postgresql 10.14
#### References:
* https://www.postgresql.org/about/news/2060/
* https://security-tracker.debian.org/tracker/CVE-2020-14349
#### Patches:
* https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=11da97024abbe76b8c81e3f2375b2a62e9717c67
* https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cec57b1a0fbcd3833086ba686897c5883e0a2afc
### CVE-2020-14350: uncontrolled search path element in CREATE EXTENSION
When a superuser issues certain CREATE EXTENSION statements, users may be able to execute arbitrary SQL functions under the identity of that superuser. The attacker must have permission to create objects in the new extension's schema or a schema of a prerequisite extension. Not all extensions are vulnerable. In addition to correcting the extensions provided with PostgreSQL, the project is issuing guidance for third-party extension authors to secure their own work.
##### Fixed In Version:
postgresql 12.4, postgresql 11.9, postgresql 10.14, postgresql 9.6.19, postgresql and 9.5.23
#### References:
https://www.postgresql.org/about/news/2060/
#### Patch:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=7eeb1d9861b0a3f453f8b31c7648396cdd7f1e59
### Affected branches:
* [x] master
* [x] 3.12-stable
* [x] 3.11-stable
* [x] 3.10-stable
* [x] 3.9-stable3.12.1Jakub JirutkaJakub Jirutkahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11307ansible: Multiple vulnerabilities (CVE-2020-1737, CVE-2020-1739)2020-09-02T09:18:24ZAlicha CHansible: Multiple vulnerabilities (CVE-2020-1737, CVE-2020-1739)### CVE-2020-1737: Extract-Zip function in win_unzip module does not check extracted path
A flaw was found in the Ansible Engine when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if t...### CVE-2020-1737: Extract-Zip function in win_unzip module does not check extracted path
A flaw was found in the Ansible Engine when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal.
#### Fixed In Version:
ansible 2.7.17, 2.8.9, 2.9.6
#### References:
* https://github.com/ansible/ansible/issues/67795
* https://github.com/ansible/ansible/pull/67799
* https://nvd.nist.gov/vuln/detail/CVE-2020-1737
### CVE-2020-1739: svn module leaks password when specified as a parameter
A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.
#### Fixed In Version:
ansible 2.7.17, 2.8.9, 2.9.7
#### References:
* https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#v297
* https://github.com/ansible/ansible/issues/67797
* https://bugzilla.redhat.com/show_bug.cgi?id=1802178
### Affected branches:
* [x] master (e4542eb1cd224dd533ac2808658bf16561bcdc3b)
* [x] 3.11-stable (899a908f75043f9a408b168005ecc557d060f15e)
* [x] 3.10-stable (457913175597d4cf53123064b576a5527a9aa0de)
* [x] 3.9-stable (ec2f3b6aa9db9937f43c70b5c3caa8fbf7132575)
* [ ] 3.8-stablehttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11559unbound: Multiple vulnerabilities (CVE-2020-12662, CVE-2020-12663)2020-08-15T09:49:58ZAlicha CHunbound: Multiple vulnerabilities (CVE-2020-12662, CVE-2020-12663)#### CVE-2020-12662: Unbound can be tricked into amplifying an incoming query into a large number of queries directed to a target.
#### Affected Versions:
All version of Unbound up to and including 1.10.0
#### References:
* https:/...#### CVE-2020-12662: Unbound can be tricked into amplifying an incoming query into a large number of queries directed to a target.
#### Affected Versions:
All version of Unbound up to and including 1.10.0
#### References:
* https://www.openwall.com/lists/oss-security/2020/05/19/5
* https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt
### CVE-2020-12663: Malformed answers from upstream name servers can be used to make Unbound unresponsive.
#### Affected Versions:
All version of Unbound up to and including 1.10.0
#### References:
* https://www.openwall.com/lists/oss-security/2020/05/19/5
* https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt
### Affected branches:
* [x] master
* [x] 3.11-stable
* [x] 3.10-stable
* [x] 3.9-stable
* [ ] 3.8-stableNatanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11788hylafaxplus: Multiple vulnerabilities (CVE-2020-15396, CVE-2020-15397)2020-07-28T13:46:30ZAlicha CHhylafaxplus: Multiple vulnerabilities (CVE-2020-15396, CVE-2020-15397)### CVE-2020-15396: Race condition in faxsetup utility could lead to privileges escalation
In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local...### CVE-2020-15396: Race condition in faxsetup utility could lead to privileges escalation
In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root.
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2020-15396
* https://sourceforge.net/p/hylafax/HylaFAX+/2534/
### CVE-2020-15397: Unsafe handling of user-writable directories could lead to privileged code execution
HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the uucp account). This allows these users to execute code in the context of the user calling these binaries (often root).
#### References:
* https://nvd.nist.gov/vuln/detail/2020-15397
* https://sourceforge.net/p/hylafax/HylaFAX+/2534/
### Affected branches:
* [x] master
* [x] 3.12-stable
* [x] 3.11-stable
* [x] 3.10-stable
* [x] 3.9-stableFrancesco ColistaFrancesco Colistahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11680ngircd: Server-Server protocol implementation leads to out-of-bounds access (...2020-06-23T16:37:04ZAlicha CHngircd: Server-Server protocol implementation leads to out-of-bounds access (CVE-2020-14148)The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function.
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2020-14148
* https://security-trac...The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function.
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2020-14148
* https://security-tracker.debian.org/tracker/CVE-2020-14148
#### Patch:
https://github.com/ngircd/ngircd/commit/02cf31c0e267a4c9a7656d43ad3ad4eeb37fc9c5
### Affected branches:
* [x] master
* [x] 3.12-stable
* [x] 3.11-stable
* [x] 3.10-stable
* [x] 3.9-stableNatanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11658perl: Multiple vulnerabilities (CVE-2020-10543, CVE-2020-10878, CVE-2020-12723)2020-06-18T13:56:43ZAlicha CHperl: Multiple vulnerabilities (CVE-2020-10543, CVE-2020-10878, CVE-2020-12723)### CVE-2020-10543: Buffer overflow caused by a crafted regular expression
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.
#### Fixed In...### CVE-2020-10543: Buffer overflow caused by a crafted regular expression
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.
#### Fixed In Version:
perl 5.30.3, perl 5.28.3
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2020-10543
* https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod
#### Patch:
https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed
### CVE-2020-10878: Integer overflow via malformed bytecode produced by a crafted regular expression
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of
instruction injection.
#### Fixed In Version:
perl 5.30.3, perl 5.28.3
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2020-10878
* https://metacpan.org/pod/release/XSAWYERX/perl-5.28.3/pod/perldelta.pod
#### Patches:
* https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8
* https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c
### CVE-2020-12723: Buffer overflow caused by a crafted regular expression
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.
#### Fixed In Version:
perl 5.30.3, perl 5.28.3
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2020-12723
* https://metacpan.org/pod/release/XSAWYERX/perl-5.28.3/pod/perldelta.pod
* https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod
#### Patch:
https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a
### Affected branches:
* [x] master (6558e88239f2a9118445b596ddc619e2a43d8592)
* [x] 3.12-stable (2db22e01ffdcff6cb673b0f5660cb911cff79bc1)
* [x] 3.11-stable (f4e478f351ceedb178ec76b3b5ba2b2defdf99c8)
* [x] 3.10-stable (d5907c68b2341579983e3fc9a25ac4b67162c994)
* [x] 3.9-stable (2347c5642490c5f7dc79c2205fff672b7bf5a3f6)Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11626hostapd: UPnP SUBSCRIBE misbehavior in hostapd WPS AP (CVE-2020-12695)2020-06-10T02:53:19ZAlicha CHhostapd: UPnP SUBSCRIBE misbehavior in hostapd WPS AP (CVE-2020-12695)General security vulnerability in the way the callback URLs in the UPnP
SUBSCRIBE command are used were reported (VU#339275, CVE-2020-12695).
Some of the described issues may be applicable to the use of UPnP in WPS
AP mode functionality ...General security vulnerability in the way the callback URLs in the UPnP
SUBSCRIBE command are used were reported (VU#339275, CVE-2020-12695).
Some of the described issues may be applicable to the use of UPnP in WPS
AP mode functionality for supporting external registrars.
#### Vulnerable Versions:
All hostapd versions with WPS AP support with UPnP enabled in the build
parameters (CONFIG_WPS_UPNP=y) and in the runtime configuration
(upnp_iface).
#### References:
https://w1.fi/security/2020-1/upnp-subscribe-misbehavior-wps-ap.txt
#### Patches:
https://w1.fi/security/2020-1/
### Affected branches:
* [x] master
* [x] 3.12-stable
* [x] 3.11-stable
* [x] 3.10-stable
* [x] 3.9-stableNatanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11633axel: SSL Hostname verification (CVE-2020-13614)2020-06-09T22:59:04ZAlicha CHaxel: SSL Hostname verification (CVE-2020-13614)An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification.
#### References:
* https://github.com/axel-download-accelerator/axel/releases/tag/v2.17.8
* https://nvd.nist.gov/vuln/detail/...An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification.
#### References:
* https://github.com/axel-download-accelerator/axel/releases/tag/v2.17.8
* https://nvd.nist.gov/vuln/detail/CVE-2020-13614
### Affected branches:
* [x] master (547f39d61605e6fcd5268f7670de96086f9c4061)
* [x] 3.12-stable (547f39d61605e6fcd5268f7670de96086f9c4061)
* [x] 3.11-stable
* [x] 3.10-stable
* [x] 3.9-stableNatanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11617main/nodejs: ftbfs on ppc64le2020-06-09T08:48:27ZKevin Daudtmain/nodejs: ftbfs on ppc64lenodejs fails due build due to compile errors:
```
../src/node_http_parser.cc: In function 'void node::{anonymous}::InitMaxHttpHeaderSizeOnce()':
../src/node_http_parser.cc:784:3: error: 'http_parser_set_max_header_size' was not declared...nodejs fails due build due to compile errors:
```
../src/node_http_parser.cc: In function 'void node::{anonymous}::InitMaxHttpHeaderSizeOnce()':
../src/node_http_parser.cc:784:3: error: 'http_parser_set_max_header_size' was not declared in this scope
http_parser_set_max_header_size(max_http_header_size);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```
```
../src/node_os.cc: In function 'void node::os::GetOSRelease(const v8::FunctionCallbackInfo<v8::Value>&)':
../src/node_os.cc:106:3: error: 'uv_utsname_t' was not declared in this scope
uv_utsname_t info;
^~~~~~~~~~~~
../src/node_os.cc:106:3: note: suggested alternative: 'uv_rusage_t'
uv_utsname_t info;
^~~~~~~~~~~~
uv_rusage_t
../src/node_os.cc:107:26: error: 'info' was not declared in this scope
int err = uv_os_uname(&info);
^~~~
../src/node_os.cc:107:26: note: suggested alternative: 'int'
int err = uv_os_uname(&info);
^~~~
int
../src/node_os.cc:107:13: error: 'uv_os_uname' was not declared in this scope
int err = uv_os_uname(&info);
^~~~~~~~~~~
```Jakub JirutkaJakub Jirutkahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11627gnutls: session resumption works without master key allowing MITM (CVE-2020-1...2020-06-09T08:33:22ZAlicha CHgnutls: session resumption works without master key allowing MITM (CVE-2020-13777)GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an err...GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application.
#### Fixed In Version:
GnuTLS 3.6.14 or later versions.
#### References:
* https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03
* https://nvd.nist.gov/vuln/detail/CVE-2020-13777
#### Patches:
* https://gitlab.com/gnutls/gnutls/-/merge_requests/1275/diffs?commit_id=c2646aeee94e71cb15c90a3147cf3b5b0ca158ca
* https://gitlab.com/gnutls/gnutls/-/merge_requests/1275/diffs?commit_id=3d7fae761e65e9d0f16d7247ee8a464d4fe002da
### Affected branches:
* [x] master (184bdcdae88dadac240902be8a85c234a429d36c)
* [x] 3.12-stable (0e4d4e3558218c9018bc6c022f1af5441e0f3f7a)
* [x] 3.11-stable (271cc04541887a5e075721bba033b0c7dc5eda8c)
* [x] 3.10-stable (7eb9ebd56a745bcffb9e8e6539914a04dbc75a32)
* [x] 3.9-stable (9b3acf4771f5aca10335e0374abc9b66661e8c9c)Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11581json-c: integer overflow and out-of-bounds write (CVE-2020-12762)2020-05-28T13:01:32ZAlicha CHjson-c: integer overflow and out-of-bounds write (CVE-2020-12762)json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2020-12762
* https://cve.mitre.org/cgi-bin/cvenam...json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2020-12762
* https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-12762
#### Patches:
* https://github.com/json-c/json-c/pull/608 (0.14)
* https://github.com/json-c/json-c/pull/607 (0.13.x)
### Affected branches:
* [x] master
* [x] 3.11-stable
* [x] 3.10-stable
* [x] 3.9-stableNatanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11557dovecot: Multiple vulnerabilities (CVE-2020-10957, CVE-2020-10958, CVE-2020-1...2020-05-22T10:35:22ZAlicha CHdovecot: Multiple vulnerabilities (CVE-2020-10957, CVE-2020-10958, CVE-2020-10967)### CVE-2020-10957: NULL pointer dereference
In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp.
#### Refer...### CVE-2020-10957: NULL pointer dereference
In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp.
#### References:
* https://dovecot.org/pipermail/dovecot-news/2020-May/000438.html
* https://nvd.nist.gov/vuln/detail/CVE-2020-10957
### CVE-2020-10958: Improper handling of input data
In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command.
#### References:
* https://dovecot.org/pipermail/dovecot-news/2020-May/000438.html
* https://nvd.nist.gov/vuln/detail/CVE-2020-10958
### CVE-2020-10967: Improper input validation
In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart.
#### References:
* https://dovecot.org/pipermail/dovecot-news/2020-May/000438.html
* https://nvd.nist.gov/vuln/detail/CVE-2020-10967
### Affected branches:
* [x] master
* [x] 3.11-stable
* [x] 3.10-stable
* [x] 3.9-stable
* [x] 3.8-stableLeonardo ArenaLeonardo Arenahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11541iproute2: Use-after-free (CVE-2019-20795)2020-05-21T10:38:53ZAlicha CHiproute2: Use-after-free (CVE-2019-20795)iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c.
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2019-20795
* https://security-tracker.debian.org/tracker/CVE-2019-2079
* Introduced in: htt...iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c.
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2019-20795
* https://security-tracker.debian.org/tracker/CVE-2019-2079
* Introduced in: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=86bf43c7c2fdc33d7c021b4a1add1c8facbca51c (v4.15.0)
#### Patch:
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=9bf2c538a0eb10d66e2365a655bf6c52f5ba3d10
### Affected branches:
* [x] master (04ff1e80f29b49189cfa18e59ec2e328b33222df)
* [x] 3.11-stable (04ff1e80f29b49189cfa18e59ec2e328b33222df)
* [x] 3.10-stable
* [x] 3.9-stableNatanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11539libexif: Multiple vulnerabilities (CVE-2018-20030, CVE-2020-12767)2020-05-19T11:59:55ZAlicha CHlibexif: Multiple vulnerabilities (CVE-2018-20030, CVE-2020-12767)### CVE-2018-20030: Input validation issue resulting in a denial of service
An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU resources....### CVE-2018-20030: Input validation issue resulting in a denial of service
An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU resources.
#### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-20030
#### Patch:
https://github.com/libexif/libexif/commit/6aa11df549114ebda520dde4cdaea2f9357b2c89
### CVE-2020-12767: divide-by-zero in exif_entry_get_value function in exif-entry.c
Exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error.
#### References:
* https://github.com/libexif/libexif/issues/31
* https://nvd.nist.gov/vuln/detail/CVE-2020-12767
#### Patch:
https://github.com/libexif/libexif/pull/32/commits/4431cd0d67c2b17bf764fa9c253f11051ae8355a
### Affected branches:
* [x] master (9959b863135bbaa1251dbddfa038c9256e155702)
* [x] 3.11-stable (7d1a8137daa5c1f5312ad957dc1857027b8999df)
* [x] 3.10-stable (726529dabef044127d02831c4b26fa6c6fc9d5f5)
* [x] 3.9-stable (cc9c8ab403cd5dfa204be58c326dd98d0702d70c)
* [x] 3.8-stable (5dea23e076ed7123339473f529d74d8a9362e7c6)Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11526libvirt: Multiple vulnerabilities (CVE-2020-10703, CVE-2020-12430)2020-05-14T06:51:56ZAlicha CHlibvirt: Multiple vulnerabilities (CVE-2020-10703, CVE-2020-12430)### CVE-2020-10703: Potential denial of service via active pool without target path
A flaw was found in libvirt. A pool created without a target path may lead to segmentation fault and denial of service. This issue may be triggered by a...### CVE-2020-10703: Potential denial of service via active pool without target path
A flaw was found in libvirt. A pool created without a target path may lead to segmentation fault and denial of service. This issue may be triggered by a read only user.
#### Fixed In Version:
libvirt 6.0.0
#### Reference:
https://security-tracker.debian.org/tracker/CVE-2020-10703
#### Patch:
https://libvirt.org/git/?p=libvirt.git;a=commit;h=dfff16a7c261f8d28e3abe60a47165f845fa952f
### CVE-2020-12430: memory leak in domstats may allow read-only user to perform DoS attack
An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the domstats command, resulting in a potential denial of service.
#### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2020-12430
#### Patch:
https://libvirt.org/git/?p=libvirt.git;a=commit;h=9bf9e0ae6af38c806f4672ca7b12a6b38d5a9581
### Affected branches:
* [x] master (7734b4b3e750791216f1558be58f0b51607e788d)
* [x] 3.11-stable
* [x] 3.10-stable
* [x] 3.9-stable
* [x] 3.8-stableFrancesco ColistaFrancesco Colistahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10943fribidi: Stack-based buffer overflow (CVE-2019-18397)2020-05-09T20:19:56ZAlicha CHfribidi: Stack-based buffer overflow (CVE-2019-18397)The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in GNU fribidi when processing a large number of unicode isolate directional characters. A remote...The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in GNU fribidi when processing a large number of unicode isolate directional characters. A remote attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
#### Affected Versions:
From 1.0.0 to 1.0.7
#### References:
* https://seclists.org/oss-sec/2019/q4/59
* https://security-tracker.debian.org/tracker/CVE-2019-18397
Patch:
* Fixed by: https://github.com/fribidi/fribidi/commit/034c6e9a1d296286305f4cfd1e0072b879f52568
* Introduced by: https://github.com/fribidi/fribidi/commit/f20b6480b9cd46dae8d82a6f95d9c53558fcfd20 (v1.0.0)
### Affected branches:
* [x] master (0cac76661fd3b286f052ef3d4343a5458b71b306)
* [x] 3.10-stable (056e278147ebf0f3781926c395e533081eb8c0f9)
* [x] 3.9-stable (e245657e6ddf7511c3bb512238a8b2fc8df56be3)
* [x] 3.8-stable (f49f79ef74f6410eadb866875ab2c2e95bd96ba8)LeoLeohttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10996tiff: memory leak in TIFFFdOpen function in tif_unix.c when using pal2rgb (CV...2020-05-09T20:19:55ZAlicha CHtiff: memory leak in TIFFFdOpen function in tif_unix.c when using pal2rgb (CVE-2019-6128)The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.
#### References:
* http://bugzilla.maptools.org/show_bug.cgi?id=2836
* https://nvd.nist.gov/vuln/detail/CVE-2019-6128
#### Patch:...The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.
#### References:
* http://bugzilla.maptools.org/show_bug.cgi?id=2836
* https://nvd.nist.gov/vuln/detail/CVE-2019-6128
#### Patch:
https://gitlab.com/libtiff/libtiff/commit/ae0bed1fe530a82faf2e9ea1775109dbf301a971
### Affected branches:
* [x] master (b6b472198d2967129bb8e42d7ddf72aa6c803567)
* [x] 3.10-stable (967440f6a7)
* [x] 3.9-stable (c99c0aa831ae95cde868a15fc9714c4e57ddca5a)
* [x] 3.8-stable (035d2d008545b9061386ab12de0263222558a272)
https://gitlab.alpinelinux.org/alpine/aports/-/issues/10968xen: Multiple vulnerabilities (CVE-2018-12207, CVE-2019-18421, CVE-2019-18422...2020-05-09T20:19:55ZAlicha CHxen: Multiple vulnerabilities (CVE-2018-12207, CVE-2019-18421, CVE-2019-18422, CVE-2019-18423, CVE-2019-18424, CVE-2019-18425, CVE-2019-11135)### CVE-2019-18425, XSA-298: missing descriptor table limit checking in x86 PV emulation.
Xen versions from at least 3.2 onwards are affected.
#### Reference:
http://xenbits.xen.org/xsa/advisory-298.html
### CVE-2019-18421, XSA-299: ...### CVE-2019-18425, XSA-298: missing descriptor table limit checking in x86 PV emulation.
Xen versions from at least 3.2 onwards are affected.
#### Reference:
http://xenbits.xen.org/xsa/advisory-298.html
### CVE-2019-18421, XSA-299: Issues with restartable PV type change operations
#### Reference:
http://xenbits.xen.org/xsa/advisory-299.html
### CVE-2019-18423, XSA-301: add-to-physmap can be abused to DoS Arm hosts
#### Reference:
http://xenbits.xen.org/xsa/advisory-301.html
### CVE-2019-18424, XSA-302: passed through PCI devices may corrupt host memory after deassignment
#### Reference:
http://xenbits.xen.org/xsa/advisory-302.html
### CVE-2019-18422, XSA-303: ARM: Interrupts are unconditionally unmasked in exception handlers
#### Reference:
http://xenbits.xen.org/xsa/advisory-303.html
### CVE-2018-12207, XSA-304: x86: Machine Check Error on Page Size Change DoS
#### Reference:
http://xenbits.xen.org/xsa/advisory-304.html
### CVE-2019-11135, XSA-305: TSX Asynchronous Abort speculative side channel
#### Reference:
http://xenbits.xen.org/xsa/advisory-305.html
### Affected branches:
* [x] master
* [x] 3.10-stable
* [x] 3.9-stable
* [x] 3.8-stableLeonardo ArenaLeonardo Arena