aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2019-07-23T11:15:17Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9920dovecot split protocol default config error2019-07-23T11:15:17Zalgitbotdovecot split protocol default config errorhttps://git.alpinelinux.org/aports/tree/main/dovecot/APKBUILD?id=e02aad8c475a7413777e720103c1694f0d5e8487\#n192
instead of concatenating with $protocols, it concatenates with $protocol
fix: append an s to $protocol
please fix before 3...https://git.alpinelinux.org/aports/tree/main/dovecot/APKBUILD?id=e02aad8c475a7413777e720103c1694f0d5e8487\#n192
instead of concatenating with $protocols, it concatenates with $protocol
fix: append an s to $protocol
please fix before 3.9 is released, because the default config is broken
now (complaint by doveconf)
*(from redmine: issue id 9920, created on 2019-01-26, closed on 2019-01-29)*
* Changesets:
* Revision 6cfc6137d7936ef4e37fa4ca269b560a001936ca by Jakub Jirutka on 2019-01-26T17:05:56Z:
```
main/dovecot: fix typo $protocol -> $protocols
Fixes #9920 (https://bugs.alpinelinux.org/issues/9920)
```3.9.0Jakub JirutkaJakub Jirutkahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9906[3.9] apache2: Multiple vulnerabilities (CVE-2018-17189, CVE-2018-17199, CVE-...2019-07-23T11:15:30ZAlicha CH[3.9] apache2: Multiple vulnerabilities (CVE-2018-17189, CVE-2018-17199, CVE-2019-0190)CVE-2018-17189: DoS for HTTP/2 connections via slow request bodies
------------------------------------------------------------------
By sending request bodies in a slow loris way to plain resources, the h2
stream for that request unnec...CVE-2018-17189: DoS for HTTP/2 connections via slow request bodies
------------------------------------------------------------------
By sending request bodies in a slow loris way to plain resources, the h2
stream for that request unnecessarily occupied a server
thread cleaning up that incoming data. This affects only HTTP/2
connections. A possible mitigation is to not enable the h2 protocol.
### Fixed In Version:
Apache httpd 2.4.38
### References:
https://httpd.apache.org/security/vulnerabilities\_24.html
CVE-2018-17199: mod\_session\_cookie does not respect expiry time
-----------------------------------------------------------------
In Apache HTTP Server 2.4 release 2.4.37 and prior, mod\_session checks
the session expiry time before decoding the session. This causes
session
expiry time to be ignored for mod\_session\_cookie sessions since the
expiry time is loaded when the session is decoded.
### Fixed In Version:
Apache httpd 2.4.38
### References:
https://httpd.apache.org/security/vulnerabilities\_24.html
CVE-2019-0190: mod\_ssl: remote DoS when used with OpenSSL 1.1.1
----------------------------------------------------------------
A bug exists in the way mod\_ssl handled client renegotiations. A remote
attacker could send a carefully crafted request that would cause
mod\_ssl to enter a loop leading to a denial of service. This bug can be
only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL
version 1.1.1 or later, due to an interaction in changes to handling of
renegotiation attempts.
### Fixed In Version:
Apache httpd 2.4.38
### References:
https://httpd.apache.org/security/vulnerabilities\_24.html
https://seclists.org/oss-sec/2019/q1/82
*(from redmine: issue id 9906, created on 2019-01-24, closed on 2019-01-28)*
* Relations:
* parent #9905
* Changesets:
* Revision e82176fd8bf8ac0c0089a9b3daedcd2c52dafea3 on 2019-01-25T19:34:59Z:
```
main/apache2: security upgrade to 2.4.38
fixes #9906
```3.9.0Kaarle RitvanenKaarle Ritvanenhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9903grub-mkconfig can't properly setup f2fs root fs2019-07-23T11:15:33ZTaner Tasgrub-mkconfig can't properly setup f2fs root fsMy Alpine (edge) system uses f2fs root file system. After new grub
trigger subsystem, my system became non bootable.
I noticed that grub.cfg configuration uses static device names instead
of partition UUID.
My file system is f2fs and ...My Alpine (edge) system uses f2fs root file system. After new grub
trigger subsystem, my system became non bootable.
I noticed that grub.cfg configuration uses static device names instead
of partition UUID.
My file system is f2fs and it seems this issue is not affected ext4 root
file system (tested).
According to my working setup, grub.cfg must be generated as
`linux /vmlinuz-vanilla root=UUID=... rootfstype=f2fs` instead
`linux /vmlinuz-vanilla root=/dev/sdc3`
*(from redmine: issue id 9903, created on 2019-01-24, closed on 2019-01-29)*
* Changesets:
* Revision cb5d66dfdf57d13714e111eda2ef7f9f552d380d by Natanael Copa on 2019-01-24T18:01:30Z:
```
main/grub: add post-ugprade to import default config
import boot options to /etc/default/grub on upgrade to make sure we can
still boot.
ref #9903
```
* Revision 26b88dbce397bc282c399e39b55cec4579c3b42e by Natanael Copa on 2019-01-25T16:01:44Z:
```
main/grub: backport f2fs support
fixes #9903
```3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9884[3.9] gitolite: security issue in optional bundle helper ("rsync" command) (C...2019-07-23T11:15:46ZAlicha CH[3.9] gitolite: security issue in optional bundle helper ("rsync" command) (CVE-2018-20683)commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync,
mishandles the rsync command line, which allows
attackers to have a “bad” impact by triggering use of an option other
than -v, -n, -q, or -P.
### References:
ht...commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync,
mishandles the rsync command line, which allows
attackers to have a “bad” impact by triggering use of an option other
than -v, -n, -q, or -P.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-20683
https://github.com/sitaramc/gitolite/blob/master/CHANGELOG
### Patch:
https://github.com/sitaramc/gitolite/commit/5df2b817255ee919991da6c310239e08c8fcc1ae
*(from redmine: issue id 9884, created on 2019-01-21, closed on 2019-01-24)*
* Relations:
* parent #9883
* Changesets:
* Revision 87c443db8dd4907c90a4b6077c6d61946fc30816 by Natanael Copa on 2019-01-23T19:14:38Z:
```
main/gitolite: security upgrade to 3.6.11 (CVE-2018-20683)
fixes #9884
```3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9863[3.9] irssi: Use-after-free when hidden lines were expired from the scroll (C...2019-07-23T11:16:00ZAlicha CH[3.9] irssi: Use-after-free when hidden lines were expired from the scroll (CVE-2019-5882)Irssi 1.1.x before 1.1.2 has a use after free when hidden lines are
expired
from the scroll buffer.
### Fixed In Version:
Irssi 1.1.2
### References:
https://irssi.org/security/irssi\_sa\_2019\_01.txt
https://www.openwall.com/lis...Irssi 1.1.x before 1.1.2 has a use after free when hidden lines are
expired
from the scroll buffer.
### Fixed In Version:
Irssi 1.1.2
### References:
https://irssi.org/security/irssi\_sa\_2019\_01.txt
https://www.openwall.com/lists/oss-security/2019/01/10/1
*(from redmine: issue id 9863, created on 2019-01-17, closed on 2019-01-18)*
* Relations:
* parent #9862
* Changesets:
* Revision c4e35c92e1389de8f3e842a194ec98a50a96e219 by Natanael Copa on 2019-01-17T15:13:04Z:
```
main/irssi: security upgrade to 1.1.2 (CVE-2019-5882)
fixes #9863
```3.9.0Natanael CopaNatanael Copa2019-01-17https://gitlab.alpinelinux.org/alpine/aports/-/issues/9823[3.9] keepalived: Multiple vulnerabilities (CVE-2018-19044, CVE-2018-19045, C...2019-07-23T11:16:34ZAlicha CH[3.9] keepalived: Multiple vulnerabilities (CVE-2018-19044, CVE-2018-19045, CVE-2018-19046)**CVE-2018-19044**: kkeepalived before version 2.0.9 didn’t check for
pathnames with symlinks when writing data to a temporary file upon a
call to PrintData or PrintStats. This allowed local users to overwrite
arbitrary files if fs.prote...**CVE-2018-19044**: kkeepalived before version 2.0.9 didn’t check for
pathnames with symlinks when writing data to a temporary file upon a
call to PrintData or PrintStats. This allowed local users to overwrite
arbitrary files if fs.protected\_symlinks is set to 0, as demonstrated
by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to
/etc/passwd.
### Fixed In Version:
keepalived 2.0.9
### References:
https://github.com/acassen/keepalived/issues/1048
http://www.keepalived.org/changelog.html
### Patch:
https://github.com/acassen/keepalived/commit/04f2d32871bb3b11d7dc024039952f2fe2750306
**CVE-2018-19045**: keepalived 2.0.8 used mode 0666 when creating new
temporary files upon a call to PrintData
or PrintStats, potentially leaking sensitive information.
### Fixed In Version:
keepalived 2.0.9
### References:
https://github.com/acassen/keepalived/issues/1048
https://nvd.nist.gov/vuln/detail/CVE-2018-19045
### Patches:
https://github.com/acassen/keepalived/commit/5241e4d7b177d0b6f073cfc9ed5444bf51ec89d6
https://github.com/acassen/keepalived/commit/c6247a9ef2c7b33244ab1d3aa5d629ec49f0a067
**CVE-2018-19046**: keepalived before version 2.0.10 didn’t check for
existing plain files when writing data to a temporary file upon a call
to PrintData or PrintStats. If a local attacker had previously created a
file with the expected name (e.g., /tmp/keepalived.data or
/tmp/keepalived.stats), with read access for the attacker and write
access for the keepalived process, then this potentially leaked
sensitive information.
### Fixed In Version:
keepalived 2.0.10
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-19046
https://github.com/acassen/keepalived/issues/1048
### Patches:
https://github.com/acassen/keepalived/commit/ac8e2ef053de273ce7a0cf0cb611e599dca4b298
https://github.com/acassen/keepalived/commit/26c8d6374db33bcfcdcd758b1282f12ceef4b94f
https://github.com/acassen/keepalived/commit/17f944144b3d9c5131569b1cc988cc90fd676671
*(from redmine: issue id 9823, created on 2019-01-02, closed on 2019-01-09)*
* Relations:
* parent #9822
* Changesets:
* Revision d5456c04c54ef1071228fe009595f420a2dd7e42 on 2019-01-08T11:02:05Z:
```
community/keepalived: security upgrade to 2.0.11
CVE-2018-19044, CVE-2018-19045, CVE-2018-19046
Fixes #9823
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9817[3.9] wget: Information exposure in set_file_metadata function in xattr.c (CV...2019-07-23T11:16:40ZAlicha CH[3.9] wget: Information exposure in set_file_metadata function in xattr.c (CVE-2018-20483)set\_file\_metadata in xattr.c in GNU Wget before 1.20.1 stores a file’s
origin URL in the user.xdg.origin.url metadata attribute of the extended
attributes of the
downloaded file, which allows local users to obtain sensitive
informati...set\_file\_metadata in xattr.c in GNU Wget before 1.20.1 stores a file’s
origin URL in the user.xdg.origin.url metadata attribute of the extended
attributes of the
downloaded file, which allows local users to obtain sensitive
information (e.g., credentials contained in the URL) by reading this
attribute, as demonstrated by getfattr.
This also applies to Referer information in the user.xdg.referrer.url
metadata attribute. According to 2016-07-22 in the Wget ChangeLog,
user.xdg.origin.url was
partially based on the behavior of fwrite\_xattr in tool\_xattr.c in
curl.
### Fixed In Version:
wget 1.20.1
### References:
http://git.savannah.gnu.org/cgit/wget.git/tree/NEWS
https://nvd.nist.gov/vuln/detail/CVE-2018-20483
### Patches:
Introduced by:
https://git.savannah.gnu.org/cgit/wget.git/commit/?id=a933bdd31eee9c956a3b5cc142f004ef1fa94cb3
(v1.19)
http://git.savannah.gnu.org/cgit/wget.git/commit/?id=c125d24762962d91050d925fbbd9e6f30b2302f8
http://git.savannah.gnu.org/cgit/wget.git/commit/?id=3cdfb594cf75f11cdbb9702ac5e856c332ccacfa
*(from redmine: issue id 9817, created on 2019-01-01, closed on 2019-01-09)*
* Relations:
* parent #9816
* Changesets:
* Revision e6404a21b246558e15ba90e0a54011392d26c497 on 2019-01-03T07:51:58Z:
```
main/wget: security upgrade to 1.20.1 (CVE-2018-20483)
Fixes #9817
```3.9.0Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9815Firefox: tidy-up for Alpine 3.9 release2020-01-18T00:12:52ZRep HFirefox: tidy-up for Alpine 3.9 releaseHello folks.
I have a few comments on Firefox state on Alpine and suggestions for
tidying up.
First, package firefox-esr (52.9.0 on Alpine) lives in community but
firefox (62.0.3 on Alpine) lives in testing.
Well, firefox should be ...Hello folks.
I have a few comments on Firefox state on Alpine and suggestions for
tidying up.
First, package firefox-esr (52.9.0 on Alpine) lives in community but
firefox (62.0.3 on Alpine) lives in testing.
Well, firefox should be in community too. The packages are very similar
besides the rust/cargo dependency and both have been shown to work.
When you go to firefox.com, the default is Alpine’s @testing version.
OK, second point.
For Alpine release 3.9 it would be great if those packages could be
upgraded.
firefox-esr is already on version 60 upstream and firefox is on version
64.
firefox-esr needs to stay low because rust on Alpine is x64 only for
now.
I think the latest firefox that didn’t need rust was firefox 53.
firefox on the other hand can be upgraded all the way to version 64.
That’s it…
Just an idea to get firefox in shape to the 3.9 release.
Even more important now then ever.
*(from redmine: issue id 9815, created on 2018-12-31, closed on 2019-01-10)*3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9802[3.9] krb5: Ignore password attributes for S4U2Self requests (CVE-2018-20217)2019-07-23T11:16:51ZAlicha CH[3.9] krb5: Ignore password attributes for S4U2Self requests (CVE-2018-20217)A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5
(aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket
using
an older encryption type (single-DES, triple-DES, or RC4), the attacker
can crash the KDC b...A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5
(aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket
using
an older encryption type (single-DES, triple-DES, or RC4), the attacker
can crash the KDC by making an S4U2Self request.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-20217
http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763
### Patch:
https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086
*(from redmine: issue id 9802, created on 2018-12-27, closed on 2019-01-09)*
* Relations:
* parent #9801
* Changesets:
* Revision bd4ce5b0529e8f12a984bdfd4d231664a613454a on 2019-01-07T07:52:42Z:
```
main/krb5: upgrade to 1.15.4, security fix for CVE-2018-20217
Fixes #9802
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9797[3.9] openjpeg: Multiple vulnerabilities (CVE-2018-14423, CVE-2018-6616)2019-07-23T11:16:57ZAlicha CH[3.9] openjpeg: Multiple vulnerabilities (CVE-2018-14423, CVE-2018-6616)**CVE-2018-14423**: Division-by-zero vulnerabilities in the functions
pi\_next\_pcrl, pi\_next\_cprl, and pi\_next\_rpcl in
lib/openjp3d/pi.c
in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of
service (application cr...**CVE-2018-14423**: Division-by-zero vulnerabilities in the functions
pi\_next\_pcrl, pi\_next\_cprl, and pi\_next\_rpcl in
lib/openjp3d/pi.c
in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of
service (application crash).
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-14423
https://github.com/uclouvain/openjpeg/issues/1123
### Patch:
https://github.com/uclouvain/openjpeg/commit/bd88611ed9ad7144ec4f3de54790cd848175891b
**CVE-2018-6616**: In OpenJPEG 2.3.0, there is excessive iteration in
the opj\_t1\_encode\_cblks function of openjp2/t1.c. Remote
attackers could leverage this vulnerability to cause a denial of service
via a crafted bmp file.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-6616
https://github.com/uclouvain/openjpeg/issues/1059
### Patch:
https://github.com/hlef/openjpeg/commit/8ee335227bbcaf1614124046aa25e53d67b11ec3
*(from redmine: issue id 9797, created on 2018-12-27, closed on 2019-01-01)*
* Relations:
* parent #9796
* Changesets:
* Revision 50f991efc36983c48ef31001e2cb0433b2745479 by Francesco Colista on 2019-01-01T07:33:41Z:
```
main/openjpeg: security fixes
- CVE-2018-14423
- CVE-2018-6616
this commit fixes #9797
```3.9.0Francesco ColistaFrancesco Colistahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9785[3.9] phpmyadmin: Multiple vulnerabilities (CVE-2018-19968, CVE-2018-19969, C...2019-07-23T11:17:09ZAlicha CH[3.9] phpmyadmin: Multiple vulnerabilities (CVE-2018-19968, CVE-2018-19969, CVE-2018-19970)CVE-2018-19968: Local file inclusion through transformation feature.
--------------------------------------------------------------------
A flaw has been found where an attacker can exploit phpMyAdmin to leak
the contents of a local fil...CVE-2018-19968: Local file inclusion through transformation feature.
--------------------------------------------------------------------
A flaw has been found where an attacker can exploit phpMyAdmin to leak
the contents of a local file. The attacker must have access
to the phpMyAdmin Configuration Storage tables, although these can
easily be created in any database to which the attacker has access.
An attacker must have valid credentials to log in to phpMyAdmin; this
vulnerability does not allow an attacker to circumvent the login system.
### Affected Versions:
phpMyAdmin versions from at least 4.0 through 4.8.3 are affected
Reference:
https://www.phpmyadmin.net/security/PMASA-2018-6/
Patch:
https://github.com/phpmyadmin/phpmyadmin/commit/6a1ba61e29002f0305a9322a8af4eaaeb11c0732
CVE-2018-19969: XSRF/CSRF vulnerability
---------------------------------------
By deceiving a user to click on a crafted URL, it is possible to perform
harmful SQL operations such as renaming databases, creating new
tables/routines, deleting designer pages, adding/deleting users,
updating user passwords, killing SQL processes, etc.
### Affected Versions
phpMyAdmin versions 4.7.0 through 4.7.6 and 4.8.0 through 4.8.3 are
affected.
### Reference:
https://www.phpmyadmin.net/security/PMASA-2018-7/
### Patches:
see https://www.phpmyadmin.net/security/PMASA-2018-7/
CVE-2018-19970: XSS vulnerability in navigation tree
----------------------------------------------------
A Cross-Site Scripting vulnerability was found in the navigation tree,
where an attacker can deliver
a payload to a user through a specially-crafted database/table name.
### Affected Versions
phpMyAdmin versions from at least 4.0 through 4.8.3 are affected
### Reference:
https://www.phpmyadmin.net/security/PMASA-2018-8/
### Patch:
https://github.com/phpmyadmin/phpmyadmin/commit/b293ff5f234ef493336ed8638f623a12164d359e
*(from redmine: issue id 9785, created on 2018-12-24, closed on 2019-01-09)*
* Relations:
* parent #9784
* Changesets:
* Revision 327df2ce21328db30da75277c323014af26c0b5c on 2019-01-08T10:44:14Z:
```
community/phpmyadmin: security upgrade to 4.8.4
CVE-2018-19968, CVE-2018-19969, CVE-2018-19970
Fixes #9785
```3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9778busybox-initscripts: add ttyUSB[0-9] to dialout group2019-07-23T11:17:14ZMilan P. Stanićbusybox-initscripts: add ttyUSB[0-9] to dialout groupAdd /dev/ttyUSB\[0-9\] to dialout group in /etc/mdev.conf, so normal
users can use attached devices in programs like ‘screen’, ‘minicom’ etc.
without need for su or sudo. One line patch is posted at the next url:
https://patchwork.alpi...Add /dev/ttyUSB\[0-9\] to dialout group in /etc/mdev.conf, so normal
users can use attached devices in programs like ‘screen’, ‘minicom’ etc.
without need for su or sudo. One line patch is posted at the next url:
https://patchwork.alpinelinux.org/patch/4283/
*(from redmine: issue id 9778, created on 2018-12-20, closed on 2019-01-10)*3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9777init.d/urandom: increase saved entropy2019-07-23T11:17:15ZSteffen Nurpmesoinit.d/urandom: increase saved entropymy startup (whether on real hardware or my server VM) currently involves
long hangs of sshd, and warnings on uninitialized random reads by
dnsmasq.
When i look into init.d/urandom i see mysterious calculations which
result in 512 bytes...my startup (whether on real hardware or my server VM) currently involves
long hangs of sshd, and warnings on uninitialized random reads by
dnsmasq.
When i look into init.d/urandom i see mysterious calculations which
result in 512 bytes to be saved for restoring purposes, and i wonder why
this is so.
I would assume that the kernel passes data fed in to seed the PRNG
through (possibly even multiple) sophisticated algorithms.., and uses
conservative guessing on the quality of bytes fed into urandom.
Hence my suggestion to increase the number of bytes saved in between
reboots, e.g., like so (untested):
save\_seed()
{
local ibs=1024
if \[ -e /proc/sys/kernel/random/poolsize \]; then
ibs=$(cat /proc/sys/kernel/random/poolsize)
fi
( \# sub shell to prevent umask pollution
umask 077
dd if=/dev/urandom of=“$urandom\_seed” \\
ibs=$ibs count=1 2>/dev/null
)
}
*(from redmine: issue id 9777, created on 2018-12-19, closed on 2019-01-08)*3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9774Qemu Guest Agent can't shut down Alpine2019-07-23T11:17:16ZAdam CrowderQemu Guest Agent can't shut down AlpineBecause Alpine doesn’t use posix shutdown, the Qemu Guest Agent is
unable to perform a system shutdown (as it is hardcoded to use
/sbin/shutdown)
A patch needs to be made for qga/commands-posix.c (from the qemu source)
which modifies th...Because Alpine doesn’t use posix shutdown, the Qemu Guest Agent is
unable to perform a system shutdown (as it is hardcoded to use
/sbin/shutdown)
A patch needs to be made for qga/commands-posix.c (from the qemu source)
which modifies the qmp\_guest\_shutdown function to shutdown alpine
(with /sbin/poweroff) appropriately.
*(from redmine: issue id 9774, created on 2018-12-19, closed on 2018-12-25)*
* Changesets:
* Revision 76b81b486480fd9c3294cd420bcf2df01c27790d by Natanael Copa on 2018-12-20T16:21:11Z:
```
main/qemu: fix shutdown from guest agent
we dont have /sbin/shutdown so provide a fallback to the busybox
/sbin/poweroff, /sbin/halt and /sbin/reboot.
fixes #9774
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9763[3.9] wireshark: Multiple vulnerabilities (CVE-2018-19622, CVE-2018-19623, CV...2019-07-23T11:17:23ZAlicha CH[3.9] wireshark: Multiple vulnerabilities (CVE-2018-19622, CVE-2018-19623, CVE-2018-19624, CVE-2018-19625 CVE-2018-19626, CVE-2018-19627, CVE-2018-19628)### CVE-2018-19622: MMSE dissector infinite loop
Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10
Fixed versions: 2.6.5, 2.4.11
### References:
https://www.wireshark.org/security/wnpa-sec-2018-54.html
https://bugs.wireshark.org/...### CVE-2018-19622: MMSE dissector infinite loop
Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10
Fixed versions: 2.6.5, 2.4.11
### References:
https://www.wireshark.org/security/wnpa-sec-2018-54.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15250
### CVE-2018-19623: LBMPDM dissector crash
Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10
Fixed versions: 2.6.5, 2.4.11
### References:
https://www.wireshark.org/security/wnpa-sec-2018-53.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15132
### CVE-2018-19624: PVFS dissector crash
Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10
Fixed versions: 2.6.5, 2.4.11
### References:
https://www.wireshark.org/security/wnpa-sec-2018-56.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15280
### CVE-2018-19625: Wireshark dissection engine crash
Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10
Fixed versions: 2.6.5, 2.4.11
### References:
https://www.wireshark.org/security/wnpa-sec-2018-51.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=14466
### CVE-2018-19626: DCOM dissector crash
Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10
Fixed versions: 2.6.5, 2.4.11
### References:
https://www.wireshark.org/security/wnpa-sec-2018-52.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15130
### CVE-2018-19627: IxVeriWave file parser crash.
Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10
Fixed versions: 2.6.5, 2.4.11
### References:
https://www.wireshark.org/security/wnpa-sec-2018-55.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15279
### CVE-2018-19628: ZigBee ZCL dissector crash
Affected versions: 2.6.0 to 2.6.4
Fixed versions: 2.6.5
### References:
https://www.wireshark.org/security/wnpa-sec-2018-57.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15281
*(from redmine: issue id 9763, created on 2018-12-12, closed on 2019-01-01)*
* Relations:
* parent #9762
* Changesets:
* Revision d0f7f9ff6bb890cdeda8dcc9bce15ad49d4d8205 by Milan P. Stanić on 2019-01-01T08:48:05Z:
```
community/wireshark: security upgrade to 2.6.5
CVE-2018-19622, CVE-2018-19623, CVE-2018-19624, CVE-2018-19625
CVE-2018-19626, CVE-2018-19627, CVE-2018-19628
Fixes #9763
Signed-off-by: Leonardo Arena <rnalrd@alpinelinux.org>
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9727[3.9] perl: Multiple vulnerabilities (CVE-2018-18311, CVE-2018-18312, CVE-201...2019-07-23T11:17:48ZAlicha CH[3.9] perl: Multiple vulnerabilities (CVE-2018-18311, CVE-2018-18312, CVE-2018-18313, CVE-2018-18314)CVE-2018-18311: Integer overflow leading to buffer overflow
-----------------------------------------------------------
A flaw was found in Perl versions 5.8.0 through 5.28. An Integer
overflow leading to buffer overflow
in Perl\_my\_...CVE-2018-18311: Integer overflow leading to buffer overflow
-----------------------------------------------------------
A flaw was found in Perl versions 5.8.0 through 5.28. An Integer
overflow leading to buffer overflow
in Perl\_my\_setenv function in util.c
### Fixed In Version:
perl 5.29.1, perl 5.26.3
### Reference:
https://rt.perl.org/Public/Bug/Display.html?id=133204
### Patch:
https://github.com/Perl/perl5/commit/34716e2a6ee2af96078d62b065b7785c001194be
Introduced by:
https://perl5.git.perl.org/perl.git/commitdiff/e658793210bbe632a5e80a876acfcd0984c46b87
CVE-2018-18312: Heap-buffer-overflow write / reg\_node overrun
--------------------------------------------------------------
A flaw was found in Perl versions 5.18 through 5.26. A
Heap-buffer-overflow write / reg\_node overrun
### Fixed In Version:
perl 5.26.3, perl 5.28.1
### References:
https://rt.perl.org/Ticket/Display.html?id=133423
https://security-tracker.debian.org/tracker/CVE-2018-18312
CVE-2018-18313: Heap-buffer-overflow read in regcomp.c
------------------------------------------------------
A flaw was found in Perl versions 5.22 through 5.26.
Heap-buffer-overflow read in regcomp.c
### Fixed In Version:
perl 5.26.3, perl 5.28.1
### Reference:
https://rt.perl.org/Public/Bug/Display.html?id=133192
### Patch:
https://github.com/Perl/perl5/commit/43b2f4ef399e2fd7240b4eeb0658686ad95f8e62
CVE-2018-18314: Heap-based buffer overflow
------------------------------------------
A flaw was found in Perl versions 5.18 through 5.28. A Heap-based buffer
overflow
### Fixed In Version:
perl 5.26.3, perl 5.28.1
### Reference:
https://rt.perl.org/Public/Bug/Display.html?id=131649
### Patch:
https://github.com/Perl/perl5/commit/19a498a461d7c81ae3507c450953d1148efecf4f
*(from redmine: issue id 9727, created on 2018-12-04, closed on 2018-12-06)*
* Relations:
* parent #9726
* Changesets:
* Revision 13074bff64787b9251ec396b8ac6ecd18718d2a0 by Natanael Copa on 2018-12-04T14:46:15Z:
```
main/perl: security upgrade to 5.26.3
CVE-2018-18311, CVE-2018-18312, CVE-2018-18313, CVE-2018-18314
fixes #9727
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9715[3.9] tiff: Multiple vulnerabilities (CVE-2018-12900, CVE-2018-18557, CVE-201...2019-07-23T11:17:58ZAlicha CH[3.9] tiff: Multiple vulnerabilities (CVE-2018-12900, CVE-2018-18557, CVE-2018-18661)CVE-2018-12900: Heap-based buffer overflow in the cpSeparateBufToContigBuf function resulting in a denial of service
--------------------------------------------------------------------------------------------------------------------
He...CVE-2018-12900: Heap-based buffer overflow in the cpSeparateBufToContigBuf function resulting in a denial of service
--------------------------------------------------------------------------------------------------------------------
Heap-based buffer overflow in the cpSeparateBufToContigBuf function in
tiffcp.c in LibTIFF 4.0.9 allows remote
attackers to cause a denial of service (crash) or possibly have
unspecified other impact via a crafted TIFF file.
### References:
http://bugzilla.maptools.org/show\_bug.cgi?id=2798
https://nvd.nist.gov/vuln/detail/CVE-2018-12900
CVE-2018-18557: Out-of-bounds write in tif\_jbig.c
--------------------------------------------------
LibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a
buffer,
ignoring the buffer size, which leads to a tif\_jbig.c JBIGDecode
out-of-bounds write.
### References:
https://bugs.chromium.org/p/project-zero/issues/detail?id=1697
https://nvd.nist.gov/vuln/detail/CVE-2018-18557
CVE-2018-18661: tiff2bw tool failed memory allocation leads to crash
--------------------------------------------------------------------
An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer
dereference in the function
LZWDecode in the file tif\_lzw.c.
### References:
http://bugzilla.maptools.org/show\_bug.cgi?id=2819
https://nvd.nist.gov/vuln/detail/CVE-2018-18661
### Patch:
https://gitlab.com/libtiff/libtiff/commit/99b10edde9a0fc28cc0e7b7757aa18ac4c8c225f
*(from redmine: issue id 9715, created on 2018-11-29, closed on 2018-12-07)*
* Relations:
* parent #9714
* Changesets:
* Revision 0c504ed6ce49ffab8f4090a5a3ddaeeda27ecbf5 by Natanael Copa on 2018-11-30T11:58:02Z:
```
main/tiff: security upgrade to 4.0.10
CVE-2018-12900, CVE-2018-18557, CVE-2018-18661
fixes #9715
```3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9704[3.9] webkit2gtk: Multiple memory corruption issues (CVE-2018-4372)2020-06-23T23:02:11ZAlicha CH[3.9] webkit2gtk: Multiple memory corruption issues (CVE-2018-4372)Processing maliciously crafted web content may lead to arbitrary code
execution. Multiple memory
corruption issues were addressed with improved memory handling.
Versions affected: WebKitGTK+ before 2.22.4
### Reference:
https://webk...Processing maliciously crafted web content may lead to arbitrary code
execution. Multiple memory
corruption issues were addressed with improved memory handling.
Versions affected: WebKitGTK+ before 2.22.4
### Reference:
https://webkitgtk.org/security/WSA-2018-0008.html
*(from redmine: issue id 9704, created on 2018-11-27, closed on 2018-11-28)*
* Changesets:
* Revision 041fef015184af46bcc6eb6e421bdc5e3259c709 by Natanael Copa on 2018-11-27T13:38:59Z:
```
community/webkit2gtk: security upgrade to 2.22.4 (CVE-2018-4372)
fixes #9704
```3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9696[3.9] roundcubemail: Cross-site Scripting issue in email attachments (CVE-201...2019-07-23T11:18:10ZAlicha CH[3.9] roundcubemail: Cross-site Scripting issue in email attachments (CVE-2018-19206)steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of
<svg>
<style>
, as demonstrated by
an onload attribute in a BODY element, within an HTML attachment.
### References:
https://github.com/roundcube/roundcubemai...steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of
<svg>
<style>
, as demonstrated by
an onload attribute in a BODY element, within an HTML attachment.
### References:
https://github.com/roundcube/roundcubemail/issues/6410
https://nvd.nist.gov/vuln/detail/CVE-2018-19206
### Patch:
https://github.com/roundcube/roundcubemail/commit/102fbf1169116fef32a940b9fb1738bc45276059
*(from redmine: issue id 9696, created on 2018-11-26, closed on 2018-12-04)*
* Relations:
* parent #9695
* Changesets:
* Revision 1d5dbd01274ff36d9839dac79b36803262c62bfa by Natanael Copa on 2018-11-29T14:42:08Z:
```
community/roundcubemail: security upgrade to 1.3.8 (CVE-2018-19206)
fixes #9696
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9690[3.9] ghostscript: Multiple vulnerabilities: (CVE-2018-19409, CVE-2018-19475,...2019-07-23T11:18:16ZAlicha CH[3.9] ghostscript: Multiple vulnerabilities: (CVE-2018-19409, CVE-2018-19475, CVE-2018-19476, CVE-2018-19477)**CVE-2018-19409**: An issue was discovered in Artifex Ghostscript
before 9.26. LockSafetyParams is not
checked correctly if another device is used.
### Fixed In Version:
ghostscript 9.26
### References:
https://www.ghostscript.com...**CVE-2018-19409**: An issue was discovered in Artifex Ghostscript
before 9.26. LockSafetyParams is not
checked correctly if another device is used.
### Fixed In Version:
ghostscript 9.26
### References:
https://www.ghostscript.com/doc/9.26/History9.htm\#Version9.26
https://nvd.nist.gov/vuln/detail/CVE-2018-19409
### Patches:
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=661e8d8fb
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=ea1b3ef43
**CVE-2018-19475**: psi/zdevice2.c in Artifex Ghostscript before 9.26
allows remote attackers to bypass intended access restrictions because
available stack space is not checked when the device remains the same.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-19475
https://bugs.ghostscript.com/show\_bug.cgi?id=700153
### Patches:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3005fcb9bb160af199e761e03bc70a9f249a987e
(ghostscript-9.26)
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=aeea342904978c9fe17d85f4906a0f6fcce2d315
(master)
**CVE-2018-19476**: psi/zicc.c in Artifex Ghostscript before 9.26 allows
remote attackers to bypass intended
access restrictions because of a setcolorspace type confusion.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-19476
https://bugs.ghostscript.com/show\_bug.cgi?id=700169
### Patches:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=67d760ab775dae4efe803b5944b0439aa3c0b04a
(ghostscript-9.26)
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=434753adbe8be5534bfb9b7d91746023e8073d16
(master)
**CVE-2018-19477**: psi/zfjbig2.c in Artifex Ghostscript before 9.26
allows remote attackers to bypass intended access restrictions because
of a JBIG2Decode type confusion.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-19477
https://bugs.ghostscript.com/show\_bug.cgi?id=700168
### Patches:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ef252e7dc214bcbd9a2539216aab9202848602bb
(ghostscript-9.26)
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=606a22e77e7f081781e99e44644cd0119f559e03
(master)
*(from redmine: issue id 9690, created on 2018-11-26, closed on 2018-12-07)*
* Relations:
* parent #96893.9.0