aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2019-07-23T11:22:14Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9359[3.7] bind: A flaw in the "deny-answer-aliases" feature can cause an assertio...2019-07-23T11:22:14ZAlicha CH[3.7] bind: A flaw in the "deny-answer-aliases" feature can cause an assertion failure in named (CVE-2018-5740)“deny-answer-aliases” is a little-used feature intended to help
recursive server operators protect end users against DNS rebinding
attacks, a potential method of circumventing
the security model used by client browsers. However, a def...“deny-answer-aliases” is a little-used feature intended to help
recursive server operators protect end users against DNS rebinding
attacks, a potential method of circumventing
the security model used by client browsers. However, a defect in this
feature makes it easy, when the feature is in use, to experience an
assertion failure in name.c.
### Fixed In Version:
bind 9.9.13-P1, bind 9.10.8-P1, bind 9.11.4-P1, bind 9.12.2-P1, bind
9.11.3-S3
### Reference:
https://kb.isc.org/article/AA-01639/74/CVE-2018-5740
*(from redmine: issue id 9359, created on 2018-08-29, closed on 2018-09-10)*
* Relations:
* parent #9357
* Changesets:
* Revision 37ad006279f2ad8d29a3de1622a8d8e08e0d9814 by Natanael Copa on 2018-09-10T10:16:45Z:
```
main/bind: security upgrade to 9.11.4_p1 (CVE-2018-5740)
fixes #9359
```3.7.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9302[3.7] krb5: Multiple vulnerabilities (CVE-2017-15088, CVE-2018-5709, CVE-2018...2019-07-23T11:22:58ZAlicha CH[3.7] krb5: Multiple vulnerabilities (CVE-2017-15088, CVE-2018-5709, CVE-2018-5710)CVE-2017-15088: Buffer overflow in get\_matching\_data()
--------------------------------------------------------
plugins/preauth/pkinit/pkinit\_crypto\_openssl.c in MIT Kerberos 5 (aka
krb5) through 1.15.2 mishandles Distinguished Name...CVE-2017-15088: Buffer overflow in get\_matching\_data()
--------------------------------------------------------
plugins/preauth/pkinit/pkinit\_crypto\_openssl.c in MIT Kerberos 5 (aka
krb5) through 1.15.2 mishandles Distinguished Name
(DN) fields, which allows remote attackers to execute arbitrary code or
cause a denial of service (buffer overflow and application
crash) in situations involving untrusted X.509 data, related to the
get\_matching\_data and X509\_NAME\_oneline\_ex functions.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-15088
https://github.com/krb5/krb5/pull/707
### Patch:
https://github.com/krb5/krb5/commit/fbb687db1088ddd894d975996e5f6a4252b9a2b4
CVE-2018-5709: integer overflow in dbentry->n\_key\_data in kadmin/dbutil/dump.c
-----------------------------------------------------------------------------------
An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There
is a variable “dbentry->n\_key\_data” in kadmin/dbutil/dump.c
that can store 16-bit data but unknowingly the developer has assigned a
“u4” variable to it, which is for 32-bit data. An attacker can use
this
vulnerability to affect other artifacts of the database as we know that
a Kerberos database dump file contains trusted data.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-5709
https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities
CVE-2018-5710: null pointer deference in strlen function in plugins/kdb/ldap/libkdb\_ldap/ldap\_principal2.c
------------------------------------------------------------------------------------------------------------
An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The
pre-defined function “strlen” is getting a “NULL” string as a
parameter
value in plugins/kdb/ldap/libkdb\_ldap/ldap\_principal2.c in the Key
Distribution Center (KDC), which allows remote authenticated users
to cause a denial of service (NULL pointer dereference) via a modified
kadmin client.
### References:
https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Denial%20Of%20Service%28DoS%29
https://nvd.nist.gov/vuln/detail/CVE-2018-5710
*(from redmine: issue id 9302, created on 2018-08-21, closed on 2019-05-04)*
* Relations:
* copied_to #9299
* parent #9299
* Changesets:
* Revision 896ae53d1849faa57ea676acd47332399c11bae7 by Natanael Copa on 2018-08-21T14:37:39Z:
```
main/krb5: security upgrade to 1.15.3 (CVE-2017-15088,CVE-2018-5709,CVE-2018-5710)
fixes #9302
```3.7.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9288[3.7] unzip: Heap-based buffer overflow in password protected ZIP archives (C...2019-07-23T11:23:09ZAlicha CH[3.7] unzip: Heap-based buffer overflow in password protected ZIP archives (CVE-2018-1000035)A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00
in the processing of password-protected
archives that allows an attacker to perform a denial of service or to
possibly achieve code execution.
### References:
h...A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00
in the processing of password-protected
archives that allows an attacker to perform a denial of service or to
possibly achieve code execution.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-1000035
https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html
*(from redmine: issue id 9288, created on 2018-08-20, closed on 2018-08-22)*
* Relations:
* copied_to #9286
* parent #9286
* Changesets:
* Revision 72e1f06331bda12d25432e1c3c502a08c3e7529f by Natanael Copa on 2018-08-22T08:25:48Z:
```
main/unzip: fix various CVEs
- CVE-2014-8139
- CVE-2014-8140
- CVE-2014-8141
- CVE-2014-9636
- CVE-2014-9913
- CVE-2016-9844
- CVE-2018-1000035
fixes #9288
```3.7.1Timo TeräsTimo Teräshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9283[3.7] ncurses: NULL Pointer Dereference in _nc_parse_entry function in tinfo/...2019-07-23T11:23:15ZAlicha CH[3.7] ncurses: NULL Pointer Dereference in _nc_parse_entry function in tinfo/parse_entry.c. (CVE-2018-10754)A flaw was found in ncurses before 6.1.20180414, there is a NULL Pointer
Dereference in the \_nc\_parse\_entry function of tinfo/parse\_entry.c.
It could lead to
a remote denial of service if the terminfo library code is used to
proces...A flaw was found in ncurses before 6.1.20180414, there is a NULL Pointer
Dereference in the \_nc\_parse\_entry function of tinfo/parse\_entry.c.
It could lead to
a remote denial of service if the terminfo library code is used to
process untrusted terminfo data in which a use-name is invalid syntax.
### Fixed In Version:
ncurses 6.1.20180414
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-10754
*(from redmine: issue id 9283, created on 2018-08-20, closed on 2018-08-22)*
* Relations:
* copied_to #9281
* parent #9281
* Changesets:
* Revision ff4efecdcffad26aa12170ab4e4b867f8f1d4c62 by Natanael Copa on 2018-08-21T14:48:02Z:
```
main/ncurses: backport security fix (CVE-2018-10754)
fixes #9283
```3.7.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9269[3.7] python2: Multiple vulnerabilities (CVE-2018-1060, CVE-2018-1061)2019-07-23T11:23:23ZAlicha CH[3.7] python2: Multiple vulnerabilities (CVE-2018-1060, CVE-2018-1061)CVE-2018-1060: DOS via regular expression catastrophic backtracking in apop() method in pop3lib
-----------------------------------------------------------------------------------------------
Catastrophic backtracking vulnerability was ...CVE-2018-1060: DOS via regular expression catastrophic backtracking in apop() method in pop3lib
-----------------------------------------------------------------------------------------------
Catastrophic backtracking vulnerability was found in Python.
Exploitation of a regular expression in
pop3lib’s apop() method although limited by 2048 chars, can lead to
denial of service.
### Fixed In Version:
python 2.7.15, python 3.4.9, python 3.5.6, python 3.7.0
### References:
https://bugs.python.org/issue32981
https://nvd.nist.gov/vuln/detail/CVE-2018-1060
CVE-2018-1061: DOS via regular expression backtracking in difflib.IS\_LINE\_JUNK method in difflib
--------------------------------------------------------------------------------------------------
Catastrophic backtracking vulnerability was found in Python.
Exploitation of a regular expression in
difflib.IS\_LINE\_JUNK method in servers that use difflib can lead to
denial of service.
### Fixed In Version:
python 2.7.15, python 3.4.9, python 3.5.6, python 3.7.0
### Reference:
https://bugs.python.org/issue32981
*(from redmine: issue id 9269, created on 2018-08-17, closed on 2018-08-23)*
* Relations:
* copied_to #9268
* parent #9268
* Changesets:
* Revision 25ab1f448efbe2bedbf0ebce9eca8d5c154fad56 on 2018-08-22T13:23:25Z:
```
main/python2: security upgrade to 2.7.15 (CVE-2018-1060, CVE-2018-1061)
Fixes #9269
```
* Revision bb7e90cba82a54c1b78cfd28a8706fbc21c93431 on 2018-08-22T14:19:42Z:
```
main/python3: security upgrade to 3.6.5 (CVE-2018-1060, CVE-2018-1061)
Fixes #9269
```3.7.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9265[3.7] apache2: Multiple vulnerabilities (CVE-2018-1333, CVE-2018-8011)2019-07-23T11:23:28ZAlicha CH[3.7] apache2: Multiple vulnerabilities (CVE-2018-1333, CVE-2018-8011)CVE-2018-1333: DoS for HTTP/2 connections by crafted requests
-------------------------------------------------------------
By specially crafting HTTP/2 requests, workers would be allocated 60
seconds longer than necessary,
leading to...CVE-2018-1333: DoS for HTTP/2 connections by crafted requests
-------------------------------------------------------------
By specially crafting HTTP/2 requests, workers would be allocated 60
seconds longer than necessary,
leading to worker exhaustion and a denial of service.
### Fixed In Version:
Apache HTTP Server 2.4.34
### References:
https://httpd.apache.org/security/vulnerabilities\_24.html\#CVE-2018-1333
http://www.openwall.com/lists/oss-security/2018/07/18/1
CVE-2018-8011: mod\_md, DoS via Coredumps on specially crafted requests
-----------------------------------------------------------------------
By specially crafting HTTP requests, the mod\_md challenge handler would
dereference a NULL pointer
and cause the child process to segfault. This could be used to DoS the
server.
### Fixed In Version:
Apache HTTP Server 2.4.34
### Reference:
https://httpd.apache.org/security/vulnerabilities\_24.html\#CVE-2018-8011
http://www.openwall.com/lists/oss-security/2018/07/18/2
*(from redmine: issue id 9265, created on 2018-08-17, closed on 2018-08-20)*
* Relations:
* copied_to #9263
* parent #9263
* Changesets:
* Revision 38def58c62a70b5f2aa75a8fc493e6cf6789a84f by Andy Postnikov on 2018-08-20T10:43:54Z:
```
main/apache2: security upgrade to 2.4.34
fixes #9265
```3.7.1Kaarle RitvanenKaarle Ritvanenhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9257[3.7] ldb: Denial of Service Attack on DNS and LDAP server (CVE-2018-1140)2019-07-23T11:23:32ZAlicha CH[3.7] ldb: Denial of Service Attack on DNS and LDAP server (CVE-2018-1140)Missing input sanitization checks on some of the input parameters to
LDB database layer cause the LDAP server and DNS server to crash when
following a NULL pointer.
### Fixed In Version:
ldb 1.4.1, ldb 1.3.5
### References:
https...Missing input sanitization checks on some of the input parameters to
LDB database layer cause the LDAP server and DNS server to crash when
following a NULL pointer.
### Fixed In Version:
ldb 1.4.1, ldb 1.3.5
### References:
https://www.samba.org/samba/security/CVE-2018-1140.html
https://www.samba.org/samba/history/security.html
*(from redmine: issue id 9257, created on 2018-08-16, closed on 2018-08-23)*
* Relations:
* copied_to #9254
* parent #9254
* Changesets:
* Revision 8c6e5428a4982898bfe0a8d6e2c6c64d4f3f653f on 2018-08-22T11:55:31Z:
```
main/ldb: security fix (CVE-2018-1140)
Fixes #9257
```3.7.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9251[3.7] samba: Multiple vulnerabilities (CVE-2018-10858, CVE-2018-10918, CVE-20...2019-07-23T11:23:38ZAlicha CH[3.7] samba: Multiple vulnerabilities (CVE-2018-10858, CVE-2018-10918, CVE-2018-10919, CVE-2018-1139)CVE-2018-10858: Insufficient input validation on client directory listing in libsmbclient.
------------------------------------------------------------------------------------------
Samba releases 3.2.0 to 4.8.3 (inclusive) contain an e...CVE-2018-10858: Insufficient input validation on client directory listing in libsmbclient.
------------------------------------------------------------------------------------------
Samba releases 3.2.0 to 4.8.3 (inclusive) contain an error in
libsmbclient that could allow a malicious server
to overwrite client heap memory by returning an extra long filename in a
directory listing.
### Fixed In Version:
samba 4.6.16, samba 4.7.9, samba 4.8.4
### References:
https://www.samba.org/samba/security/CVE-2018-10858.html
https://www.samba.org/samba/history/security.html
CVE-2018-10918: Denial of Service Attack on AD DC DRSUAPI server
----------------------------------------------------------------
All versions of Samba from 4.7.0 onwards are vulnerable to a denial of
service attack which can crash the “samba” process when Samba is an
Active Directory Domain Controller.
### Fixed In Version:
samba 4.7.9, samba 4.8.4
### References:
https://www.samba.org/samba/security/CVE-2018-10918.html
https://www.samba.org/samba/history/security.html
CVE-2018-10919: Confidential attribute disclosure via substring search
----------------------------------------------------------------------
All versions of the Samba Active Directory LDAP server from 4.0.0
onwards are vulnerable to the disclosure of confidential attribute
values, both of attributes where the schema SEARCH\_FLAG\_CONFIDENTIAL
(0x80) searchFlags bit and where an explicit Access Control Entry has
been specified on the ntSecurityDescriptor.
### Fixed In Version:
samba 4.6.16, samba 4.7.9, samba 4.8.4
### References:
https://www.samba.org/samba/security/CVE-2018-10919.html
https://www.samba.org/samba/history/security.html
CVE-2018-1139: Weak authentication protocol regression
------------------------------------------------------
Samba releases 4.7.0 to 4.8.3 (inclusive) contain an error which
allows authentication using NTLMv1 over an SMB1 transport (either
directory or via NETLOGON SamLogon calls from a member server), even
when NTLMv1 is explicitly disabled on the server.
Normally, the use of NTLMv1 is disabled by default in favor of NTLMv2.
This has been the default since Samba 4.5. A code restructuring in the
NTLM authentication implementation of Samba in 4.7.0 caused this
regression to occur.
### Fixed In Version:
samba 4.7.9, samba 4.8.4
### References:
https://www.samba.org/samba/security/CVE-2018-1139.html
https://www.samba.org/samba/history/security.html
*(from redmine: issue id 9251, created on 2018-08-16, closed on 2018-08-23)*
* Relations:
* copied_to #9248
* parent #9248
* Changesets:
* Revision 2a5d0006bdb59356b99ca90d9b2b6147c0d526f6 on 2018-08-22T11:55:31Z:
```
main/samba: securiti fixes
CVE-2018-10858, CVE-2018-10918, CVE-2018-10919, CVE-2018-1139
Fixes #9251
```3.7.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9227[3.7] libmspack: Multiple vulnerabilities (CVE-2018-14679, CVE-2018-14680, CV...2019-07-23T11:23:55ZAlicha CH[3.7] libmspack: Multiple vulnerabilities (CVE-2018-14679, CVE-2018-14680, CVE-2018-14681, CVE-2018-14682)**CVE-2018-14679**: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha.
There is an off-by-one error in the CHM PMGI/PMGL chunk number validity
checks, which could lead
to denial of service (uninitialized data dere...**CVE-2018-14679**: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha.
There is an off-by-one error in the CHM PMGI/PMGL chunk number validity
checks, which could lead
to denial of service (uninitialized data dereference and application
crash).
### Fixed In Version:
libmspack 0.7alpha
### References:
http://www.openwall.com/lists/oss-security/2018/07/26/1
https://nvd.nist.gov/vuln/detail/CVE-2018-14679
### Patch:
https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a
**CVE-2018-14680**: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha.
It does not reject blank CHM filenames.
### Fixed In Version:
libmspack 0.7alpha
### References:
http://openwall.com/lists/oss-security/2018/07/28/1
### Patch:
https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a
**CVE-2018-14681**: An issue was discovered in kwajd\_read\_headers in
mspack/kwajd.c in libmspack before 0.7alpha.
A maliciously crafted KWAJ file header extensions could cause a one or
two byte overwrite.
### Fixed In Version:
libmspack 0.7alpha
### References:
http://www.openwall.com/lists/oss-security/2018/07/26/1
https://nvd.nist.gov/vuln/detail/CVE-2018-14681
### Patch:
https://github.com/kyz/libmspack/commit/0b0ef9344255ff5acfac6b7af09198ac9c9756c8
**CVE-2018-14682**: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha. There is an
off-by-one error in the TOLOWER() macro for CHM decompression.
### Fixed In Version:
libmspack 0.7alpha
### References:
http://openwall.com/lists/oss-security/2018/07/28/1
https://nvd.nist.gov/vuln/detail/CVE-2018-14682
### Patch:
https://github.com/kyz/libmspack/commit/4fd9ccaa54e1aebde1e4b95fb0163b699fd7bcc8
*(from redmine: issue id 9227, created on 2018-08-10, closed on 2018-08-23)*
* Relations:
* parent #9224
* Changesets:
* Revision c854dba4b5bde88f1673002621ab2bb8e0f66d4b by Natanael Copa on 2018-08-22T13:30:28Z:
```
main/libmspack: security upgrade to 0.7.1alpha
fixes #9227
```3.7.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9221[3.7] wpa_supplicant: Unauthenticated EAPOL-Key decryption in wpa_supplicant ...2019-07-23T11:24:00ZAlicha CH[3.7] wpa_supplicant: Unauthenticated EAPOL-Key decryption in wpa_supplicant (CVE-2018-14526)An issue was discovered in rsn\_supp/wpa.c in wpa\_supplicant 2.0
through 2.6. Under certain conditions,
the integrity of EAPOL-Key messages is not checked, leading to a
decryption oracle. An attacker within
range of the Access Point...An issue was discovered in rsn\_supp/wpa.c in wpa\_supplicant 2.0
through 2.6. Under certain conditions,
the integrity of EAPOL-Key messages is not checked, leading to a
decryption oracle. An attacker within
range of the Access Point and client can abuse the vulnerability to
recover sensitive information.
### References:
https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt
http://openwall.com/lists/oss-security/2018/08/08/3
https://nvd.nist.gov/vuln/detail/CVE-2018-14526
*(from redmine: issue id 9221, created on 2018-08-10, closed on 2018-08-22)*
* Relations:
* copied_to #9218
* parent #9218
* Changesets:
* Revision 662ff3103b7273a29d47f90ac9e63cae39b4d000 by Natanael Copa on 2018-08-21T14:01:32Z:
```
main/wpa_supplicant: security fix (CVE-2018-14526)
fixes #9221
```3.7.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9201[3.7] myrepos: missing URL sanitization (CVE-2018-7032)2019-07-23T11:24:15ZAlicha CH[3.7] myrepos: missing URL sanitization (CVE-2018-7032)webcheckout in myrepos through 1.20171231 does not sanitize URLs that
are passed to git clone, allowing a malicious website operator or a
MitM
attacker to take advantage of it for arbitrary code execution, as
demonstrated by an “ext::s...webcheckout in myrepos through 1.20171231 does not sanitize URLs that
are passed to git clone, allowing a malicious website operator or a
MitM
attacker to take advantage of it for arbitrary code execution, as
demonstrated by an “ext::sh -c” attack or an option injection attack.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-7032
### Patch:
http://source.myrepos.branchable.com/?p=source.git;a=commitdiff;h=40a3df21c73f1bb1b6915cc6fa503f50814664c8
*(from redmine: issue id 9201, created on 2018-08-07, closed on 2018-08-23)*
* Relations:
* copied_to #9199
* parent #9199
* Changesets:
* Revision b8aa48b63f0e9c71ac7f32c88567de03ee626f78 by Natanael Copa on 2018-08-22T09:50:24Z:
```
main/myrepos: security upgrade to 1.20180726 (CVE-2018-7032)
fixes #9201
```3.7.1https://gitlab.alpinelinux.org/alpine/aports/-/issues/9183[3.7] kamailio: Security vulnerability in Kamailio core related to To header ...2019-07-23T11:24:27ZAlicha CH[3.7] kamailio: Security vulnerability in Kamailio core related to To header processing (CVE-2018-14767)In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message
with a double “To” header and an empty “To” tag causes
a segmentation fault and crash. The reason is missing input validation
in the “build\_res\_buf\_from\_sip\_re...In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message
with a double “To” header and an empty “To” tag causes
a segmentation fault and crash. The reason is missing input validation
in the “build\_res\_buf\_from\_sip\_req” core function.
This could result in denial of service and potentially the execution of
arbitrary code.
### References:
https://skalatan.de/blog/advisory-hw-2018-05
https://nvd.nist.gov/vuln/detail/CVE-2018-14767
*(from redmine: issue id 9183, created on 2018-08-02, closed on 2018-09-20)*
* Relations:
* copied_to #9180
* parent #91803.7.1Nathan AngelacosNathan Angelacoshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9176[3.7] py-django: Open redirect possibility in CommonMiddleware (CVE-2018-14574)2019-07-23T11:24:34ZAlicha CH[3.7] py-django: Open redirect possibility in CommonMiddleware (CVE-2018-14574)If the django.middleware.common.CommonMiddleware and the APPEND\_SLASH
setting are both enabled, and if the project
has a URL pattern that accepts any path ending in a slash (many content
management systems have such a pattern), then a...If the django.middleware.common.CommonMiddleware and the APPEND\_SLASH
setting are both enabled, and if the project
has a URL pattern that accepts any path ending in a slash (many content
management systems have such a pattern), then a request to
a maliciously crafted URL of that site could lead to a redirect to
another site, enabling phishing and other attacks.
### Fixed In Version:
Django 1.11.15 and Django 2.0.8
### References:
https://www.djangoproject.com/weblog/2018/aug/01/security-releases/
http://openwall.com/lists/oss-security/2018/08/01/2
### Patch:
https://github.com/django/django/commit/d6eaee092709aad477a9894598496c6deec532ff
*(from redmine: issue id 9176, created on 2018-08-02, closed on 2018-08-07)*
* Relations:
* copied_to #9173
* parent #9173
* Changesets:
* Revision 8398d6707c886fd25c0ced7b0e0c8e3232f62295 by Natanael Copa on 2018-08-06T15:33:38Z:
```
main/py-django: security upgrade to 1.11.15 (CVE-2018-14574)
fixes #9176
```3.7.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9169[3.7] clamav: Multiple vulnerabilities (CVE-2018-0360, CVE-2018-0361)2019-07-23T11:24:40ZAlicha CH[3.7] clamav: Multiple vulnerabilities (CVE-2018-0360, CVE-2018-0361)**CVE-2018-0360**: ClamAV before 0.100.1 has an HWP integer overflow
with a resultant infinite loop via
a crafted Hangul Word Processor file. This is in parsehwp3\_paragraph()
in libclamav/hwp.c.
### References:
https://blog.clamav.n...**CVE-2018-0360**: ClamAV before 0.100.1 has an HWP integer overflow
with a resultant infinite loop via
a crafted Hangul Word Processor file. This is in parsehwp3\_paragraph()
in libclamav/hwp.c.
### References:
https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html
https://nvd.nist.gov/vuln/detail/CVE-2018-0360
**CVE-2018-0361**: ClamAV before 0.100.1 lacks a PDF object length
check, resulting in
an unreasonably long time to parse a relatively small file.
### References:
https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html
https://nvd.nist.gov/vuln/detail/CVE-2018-0361
*(from redmine: issue id 9169, created on 2018-07-31, closed on 2018-08-22)*
* Relations:
* copied_to #9167
* parent #9167
* Changesets:
* Revision 1e7eec478d53d671eb7faf3c64e6bfe8e540877b by Natanael Copa on 2018-08-21T14:17:44Z:
```
main/clamav: security upgrade to 0.100.1 (CVE-2017-16932,CVE-2018-0360,CVE-2018-0361)
fixes #9169
```3.7.1Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9164[3.7] tiff: Multiple vulnerabilities (CVE-2017-9935, CVE-2017-11613, CVE-2018...2019-07-23T11:24:45ZAlicha CH[3.7] tiff: Multiple vulnerabilities (CVE-2017-9935, CVE-2017-11613, CVE-2018-10963)**CVE-2017-9935**: In LibTIFF 4.0.8, there is a heap-based buffer
overflow in the t2p\_write\_pdf function in tools/tiff2pdf.c. This heap
overflow
could lead to different damages. For example, a crafted TIFF document
can lead to an out...**CVE-2017-9935**: In LibTIFF 4.0.8, there is a heap-based buffer
overflow in the t2p\_write\_pdf function in tools/tiff2pdf.c. This heap
overflow
could lead to different damages. For example, a crafted TIFF document
can lead to an out-of-bounds read in TIFFCleanup, an invalid free in
TIFFClose or t2p\_free, memory corruption in t2p\_readwrite\_pdf\_image,
or a double free in t2p\_free.
Given these possibilities, it probably could cause arbitrary code
execution.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-9935
http://bugzilla.maptools.org/show\_bug.cgi?id=2704
**CVE-2017-11613**: In LibTIFF 4.0.8, there is a denial of service
vulnerability in the TIFFOpen function. A crafted input will lead to a
denial of
service attack. During the TIFFOpen process, td\_imagelength is not
checked. The value of td\_imagelength can be directly controlled by an
input file.
In the ChopUpSingleUncompressedStrip function, the \_TIFFCheckMalloc
function is called based on td\_imagelength. If we set the value of
td\_imagelength close to the amount of system memory, it will hang the
system or trigger the OOM killer.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-11613
**CVE-2018-10963**: A flaw was found in LibTIFF through 4.0.9.
TIFFWriteDirectorySec() function in tif\_dirwrite.c allows remote
attackers
to cause a denial of service (assertion failure and application crash)
via a crafted file.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-10963
### Patch:
https://gitlab.com/libtiff/libtiff/commit/de144fd228e4be8aa484c3caf3d814b6fa88c6d9
*(from redmine: issue id 9164, created on 2018-07-31, closed on 2018-08-02)*
* Relations:
* copied_to #9162
* parent #9162
* Changesets:
* Revision dc9b38d5feecbb2fcf0dd40261d5a5e958792b2b by Natanael Copa on 2018-08-02T05:58:23Z:
```
main/tiff: various security fixes
- CVE-2017-9935
- CVE-2017-11613
- CVE-2017-17095
- CVE-2018-10963
fixes #8241
fixes #9164
```3.7.1https://gitlab.alpinelinux.org/alpine/aports/-/issues/9153[3.7] fuse: bypass of the "user_allow_other" restriction when SELinux is acti...2019-07-23T11:24:56ZAlicha CH[3.7] fuse: bypass of the "user_allow_other" restriction when SELinux is active (CVE-2018-10906)In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is
vulnerable to a restriction bypass when SELinux is active. This allows
non-root users to mount a FUSE file system with the ‘allow\_other’
mount
option regardless of ...In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is
vulnerable to a restriction bypass when SELinux is active. This allows
non-root users to mount a FUSE file system with the ‘allow\_other’
mount
option regardless of whether ‘user\_allow\_other’ is set in the fuse
configuration. An attacker may use this flaw to mount a FUSE file
system,
accessible by other users, and trick them into accessing files on that
file
system, possibly causing Denial of Service or other unspecified effects.
### References:
http://openwall.com/lists/oss-security/2018/07/24/1
https://nvd.nist.gov/vuln/detail/CVE-2018-10906
### Patches:
https://github.com/libfuse/libfuse/commit/28bdae3d113ef479c1660a581ef720cdc33bf466
https://github.com/libfuse/libfuse/commit/5018a0c016495155ee598b7e0167b43d5d902414
*(from redmine: issue id 9153, created on 2018-07-30, closed on 2018-07-31)*
* Relations:
* copied_to #9150
* parent #9150
* Changesets:
* Revision cb703b0b3b7418593d294739cd51d7f2a711c12a by Natanael Copa on 2018-07-30T16:25:15Z:
```
main/fuse: security upgrade to 2.9.8 (CVE-2018-10906)
fixes #9153
```3.7.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9142[3.7] libvorbis: heap buffer overflow in mapping0_forward function (CVE-2018-...2019-07-23T11:25:05ZAlicha CH[3.7] libvorbis: heap buffer overflow in mapping0_forward function (CVE-2018-10392)A flaw was found in libvorbis 1.3.6. The mapping0\_forward function in
mapping0.c file in Xiph.Org does not validate the number of channels,
which allows remote attackers to cause a denial of service (heap-based
buffer overflow or over...A flaw was found in libvorbis 1.3.6. The mapping0\_forward function in
mapping0.c file in Xiph.Org does not validate the number of channels,
which allows remote attackers to cause a denial of service (heap-based
buffer overflow or over-read) via a crafted file.
### References:
https://gitlab.xiph.org/xiph/vorbis/issues/2335
https://nvd.nist.gov/vuln/detail/CVE-2018-10392
### Patch:
https://gitlab.xiph.org/xiph/vorbis/commit/112d3bd0aaacad51305e1464d4b381dabad0e88b
*(from redmine: issue id 9142, created on 2018-07-27, closed on 2018-07-30)*
* Relations:
* copied_to #9139
* parent #91393.7.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9130[3.7] mutt: Multiple vulnerabilities (CVE-2018-14349, CVE-2018-14350, CVE-201...2019-07-23T11:25:12ZAlicha CH[3.7] mutt: Multiple vulnerabilities (CVE-2018-14349, CVE-2018-14350, CVE-2018-14351, CVE-2018-14352, CVE-2018-14353, CVE-2018-14354, CVE-2018-14355, CVE-2018-14356, CVE-2018-14357, CVE-2018-14358, CVE-2018-14359, CVE-2018-14362)CVE-2018-14349: Heap Overflow in imap/command.c
-----------------------------------------------
### Fixed In Version:
mutt 1.10.1
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-14349
### Patches:
https://gitlab.com/muttm...CVE-2018-14349: Heap Overflow in imap/command.c
-----------------------------------------------
### Fixed In Version:
mutt 1.10.1
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-14349
### Patches:
https://gitlab.com/muttmua/mutt/commit/9347b5c01dc52682cb6be11539d9b7ebceae4416
CVE-2018-14350: stack-based buffer overflow in imap/message.c
-------------------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-14349
### Patch:
https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870
CVE-2018-14351: IMAP status mailbox literal mishandled in imap/command.c
------------------------------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### References:
http://www.mutt.org/news.html
https://nvd.nist.gov/vuln/detail/CVE-2018-14351
### Patch:
https://gitlab.com/muttmua/mutt/commit/e57a8602b45f58edf7b3ffb61bb17525d75dfcb1
CVE-2018-14352: stack-based buffer overflow in imap/util.c
----------------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14352
### Patch:
https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d
CVE-2018-14353: integer underflow in imap/util.c
------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### References:
http://www.mutt.org/news.html
https://nvd.nist.gov/vuln/detail/CVE-2018-14353
### Patch:
https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d
CVE-2018-14354: Remote code injection vulnerability to an IMAP mailbox
----------------------------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14354
### Patch:
https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d
CVE-2018-14355: IMAP header caching path traversal vulnerability
----------------------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14355
### Patch:
https://gitlab.com/muttmua/mutt/commit/31eef6c766f47df8281942d19f76e35f475c781d
CVE-2018-14356: mishandles a zero-length UID in pop.c
-----------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14356
### Patch:
https://gitlab.com/muttmua/mutt/commit/e154cba1b3fc52bb8cb8aa846353c0db79b5d9c6
CVE-2018-14357: Remote Code Execution via backquote characters
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14357
### Patch:
https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d
CVE-2018-14358: stack-based buffer overflow in imap/message.c
-------------------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14358
### Patch:
https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870
CVE-2018-14359: buffer overflow via base64 data
-----------------------------------------------
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14359
### Patch:
https://gitlab.com/muttmua/mutt/commit/3d9028fec8f4d08db2251096307c0bbbebce669a
CVE-2018-14362: POP body caching path traversal vulnerability
-------------------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14362
### Patch:
https://gitlab.com/muttmua/mutt/commit/6aed28b40a0410ec47d40c8c7296d8d10bae7576
*(from redmine: issue id 9130, created on 2018-07-24, closed on 2018-07-27)*
* Relations:
* copied_to #9127
* parent #9127
* Changesets:
* Revision 7b76ef5a44a34f2aa0ab6dcbd05653a7f384d5cd by Natanael Copa on 2018-07-24T15:33:35Z:
```
main/mutt: security upgrade to 1.10.1
CVE-2018-14349, CVE-2018-14350, CVE-2018-14351, CVE-2018-14352,
CVE-2018-14353, CVE-2018-14354, CVE-2018-14355, CVE-2018-14356,
CVE-2018-14357, CVE-2018-14358, CVE-2018-14359, CVE-2018-14362
fixes #9130
```3.7.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9102[3.7] znc: Multiple vulnerabilities (CVE-2018-14055, CVE-2018-14056)2020-06-23T23:02:11ZAlicha CH[3.7] znc: Multiple vulnerabilities (CVE-2018-14055, CVE-2018-14056)**CVE-2018-14055**: ZNC before 1.7.1-rc1 does not properly validate
untrusted lines coming from the
network, allowing a non-admin user to escalate his privilege and inject
rogue values into znc.conf.
### Reference:
https://nvd.nist.g...**CVE-2018-14055**: ZNC before 1.7.1-rc1 does not properly validate
untrusted lines coming from the
network, allowing a non-admin user to escalate his privilege and inject
rogue values into znc.conf.
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14055
### Patches:
https://github.com/znc/znc/commit/a7bfbd93812950b7444841431e8e297e62cb524e
https://github.com/znc/znc/commit/d22fef8620cdd87490754f607e7153979731c69d
**CVE-2018-14056**: ZNC before 1.7.1-rc1 is prone to a path traversal
flaw via ../ in a web
skin name to access files outside of the intended skins directories.
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14056
### Patch:
https://github.com/znc/znc/commit/a4a5aeeb17d32937d8c7d743dae9a4cc755ce773
*(from redmine: issue id 9102, created on 2018-07-17, closed on 2018-07-19)*
* Relations:
* copied_to #9099
* parent #9099
* Changesets:
* Revision 98215e479882b7bbf540e8afb166a2b5c3504ed8 by Natanael Copa on 2018-07-18T07:57:46Z:
```
main/znc: security upgrade to 1.7.1 (CVE-2018-14055,CVE-2018-14056)
fixes #9102
```3.7.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9045Tidylibs got deleted from main repository?2019-07-23T11:25:55ZChingis STidylibs got deleted from main repository?I’m maintaining docker php images based on alpine and use tidyhtml-libs
for php tidy extension. Suddenly, today build started to fail and I
found out there’s no tidylibs package anymore in 3.7 main repo.
Has it been done by mistake? Or ...I’m maintaining docker php images based on alpine and use tidyhtml-libs
for php tidy extension. Suddenly, today build started to fail and I
found out there’s no tidylibs package anymore in 3.7 main repo.
Has it been done by mistake? Or was it moved to edge intentionally?
*(from redmine: issue id 9045, created on 2018-06-29, closed on 2018-07-08)*3.7.1