aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2019-07-23T11:22:55Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9306[3.9] spice: Missing check in demarshal.py:write_validate_array_item() allows...2019-07-23T11:22:55ZAlicha CH[3.9] spice: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service (CVE-2018-10873)A vulnerability was discovered in SPICE before version 0.14.1 where the
generated code used for demarshalling messages
lacked sufficient bounds checks. A malicious client or server, after
authentication, could send specially crafted me...A vulnerability was discovered in SPICE before version 0.14.1 where the
generated code used for demarshalling messages
lacked sufficient bounds checks. A malicious client or server, after
authentication, could send specially crafted messages
to its peer which would result in a crash or, potentially, other
impacts.
### References:
http://openwall.com/lists/oss-security/2018/08/17/1
https://nvd.nist.gov/vuln/detail/CVE-2018-10873
### Patch:
https://gitlab.freedesktop.org/spice/spice-common/commit/bb15d4815ab586b4c4a20f4a565970a44824c42c
*(from redmine: issue id 9306, created on 2018-08-21, closed on 2018-11-08)*
* Relations:
* copied_to #9305
* parent #9305
* Changesets:
* Revision 4e1c871fdcc37ed141df6a2f53d3bd62fddd8fea on 2018-11-07T13:21:12Z:
```
main/spice: security upgrade to 0.14.1 (CVE-2018-10873)
Fixes #9306
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9249[3.9] samba: Multiple vulnerabilities (CVE-2018-10858, CVE-2018-10918, CVE-20...2019-07-23T11:23:41ZAlicha CH[3.9] samba: Multiple vulnerabilities (CVE-2018-10858, CVE-2018-10918, CVE-2018-10919, CVE-2018-1139, CVE-2018-1140)CVE-2018-10858: Insufficient input validation on client directory listing in libsmbclient.
------------------------------------------------------------------------------------------
Samba releases 3.2.0 to 4.8.3 (inclusive) contain an e...CVE-2018-10858: Insufficient input validation on client directory listing in libsmbclient.
------------------------------------------------------------------------------------------
Samba releases 3.2.0 to 4.8.3 (inclusive) contain an error in
libsmbclient that could allow a malicious server
to overwrite client heap memory by returning an extra long filename in a
directory listing.
### Fixed In Version:
samba 4.6.16, samba 4.7.9, samba 4.8.4
### References:
https://www.samba.org/samba/security/CVE-2018-10858.html
https://www.samba.org/samba/history/security.html
CVE-2018-10918: Denial of Service Attack on AD DC DRSUAPI server
----------------------------------------------------------------
All versions of Samba from 4.7.0 onwards are vulnerable to a denial of
service attack which can crash the “samba” process when Samba is an
Active Directory Domain Controller.
### Fixed In Version:
samba 4.7.9, samba 4.8.4
### References:
https://www.samba.org/samba/security/CVE-2018-10918.html
https://www.samba.org/samba/history/security.html
CVE-2018-10919: Confidential attribute disclosure via substring search
----------------------------------------------------------------------
All versions of the Samba Active Directory LDAP server from 4.0.0
onwards are vulnerable to the disclosure of confidential attribute
values, both of attributes where the schema SEARCH\_FLAG\_CONFIDENTIAL
(0x80) searchFlags bit and where an explicit Access Control Entry has
been specified on the ntSecurityDescriptor.
### Fixed In Version:
samba 4.6.16, samba 4.7.9, samba 4.8.4
### References:
https://www.samba.org/samba/security/CVE-2018-10919.html
https://www.samba.org/samba/history/security.html
CVE-2018-1139: Weak authentication protocol regression
------------------------------------------------------
Samba releases 4.7.0 to 4.8.3 (inclusive) contain an error which
allows authentication using NTLMv1 over an SMB1 transport (either
directory or via NETLOGON SamLogon calls from a member server), even
when NTLMv1 is explicitly disabled on the server.
Normally, the use of NTLMv1 is disabled by default in favor of NTLMv2.
This has been the default since Samba 4.5. A code restructuring in the
NTLM authentication implementation of Samba in 4.7.0 caused this
regression to occur.
### Fixed In Version:
samba 4.7.9, samba 4.8.4
### References:
https://www.samba.org/samba/security/CVE-2018-1139.html
https://www.samba.org/samba/history/security.html
CVE-2018-1140: Denial of Service Attack on DNS and LDAP server
--------------------------------------------------------------
All versions of Samba from 4.8.0 onwards are vulnerable to a denial of
service attack when Samba is an Active Directory Domain Controller.
### Fixed In Version:
samba 4.8.4
### References:
https://bugzilla.redhat.com/show\_bug.cgi?id=%20CVE-2018-1140
https://www.samba.org/samba/history/security.html
*(from redmine: issue id 9249, created on 2018-08-16, closed on 2018-08-23)*
* Relations:
* copied_to #9248
* parent #9248
* Changesets:
* Revision d773d4c9846c9af6fff4cf55c1942ce486760f82 by Andy Postnikov on 2018-08-20T14:33:06Z:
```
main/samba: security upgrade to 4.8.4
Fixes #9249
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9225[3.9] libmspack: Multiple vulnerabilities (CVE-2018-14679, CVE-2018-14680, CV...2019-07-23T11:23:57ZAlicha CH[3.9] libmspack: Multiple vulnerabilities (CVE-2018-14679, CVE-2018-14680, CVE-2018-14681, CVE-2018-14682)**CVE-2018-14679**: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha.
There is an off-by-one error in the CHM PMGI/PMGL chunk number validity
checks, which could lead
to denial of service (uninitialized data dere...**CVE-2018-14679**: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha.
There is an off-by-one error in the CHM PMGI/PMGL chunk number validity
checks, which could lead
to denial of service (uninitialized data dereference and application
crash).
### Fixed In Version:
libmspack 0.7alpha
### References:
http://www.openwall.com/lists/oss-security/2018/07/26/1
https://nvd.nist.gov/vuln/detail/CVE-2018-14679
### Patch:
https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a
**CVE-2018-14680**: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha.
It does not reject blank CHM filenames.
### Fixed In Version:
libmspack 0.7alpha
### References:
http://openwall.com/lists/oss-security/2018/07/28/1
### Patch:
https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a
**CVE-2018-14681**: An issue was discovered in kwajd\_read\_headers in
mspack/kwajd.c in libmspack before 0.7alpha.
A maliciously crafted KWAJ file header extensions could cause a one or
two byte overwrite.
### Fixed In Version:
libmspack 0.7alpha
### References:
http://www.openwall.com/lists/oss-security/2018/07/26/1
https://nvd.nist.gov/vuln/detail/CVE-2018-14681
### Patch:
https://github.com/kyz/libmspack/commit/0b0ef9344255ff5acfac6b7af09198ac9c9756c8
**CVE-2018-14682**: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha. There is an
off-by-one error in the TOLOWER() macro for CHM decompression.
### Fixed In Version:
libmspack 0.7alpha
### References:
http://openwall.com/lists/oss-security/2018/07/28/1
https://nvd.nist.gov/vuln/detail/CVE-2018-14682
### Patch:
https://github.com/kyz/libmspack/commit/4fd9ccaa54e1aebde1e4b95fb0163b699fd7bcc8
*(from redmine: issue id 9225, created on 2018-08-10, closed on 2018-08-23)*
* Relations:
* parent #9224
* Changesets:
* Revision 214cb233279c7ef0221557f24d0d0af79a46d3b7 by Natanael Copa on 2018-08-22T13:28:16Z:
```
main/libmspack: security upgrade to 0.7.1alpha
fixes #9225
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9219[3.9] wpa_supplicant: Unauthenticated EAPOL-Key decryption in wpa_supplicant ...2019-07-23T11:24:02ZAlicha CH[3.9] wpa_supplicant: Unauthenticated EAPOL-Key decryption in wpa_supplicant (CVE-2018-14526)An issue was discovered in rsn\_supp/wpa.c in wpa\_supplicant 2.0
through 2.6. Under certain conditions,
the integrity of EAPOL-Key messages is not checked, leading to a
decryption oracle. An attacker within
range of the Access Point...An issue was discovered in rsn\_supp/wpa.c in wpa\_supplicant 2.0
through 2.6. Under certain conditions,
the integrity of EAPOL-Key messages is not checked, leading to a
decryption oracle. An attacker within
range of the Access Point and client can abuse the vulnerability to
recover sensitive information.
### References:
https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt
http://openwall.com/lists/oss-security/2018/08/08/3
https://nvd.nist.gov/vuln/detail/CVE-2018-14526
*(from redmine: issue id 9219, created on 2018-08-10, closed on 2018-08-22)*
* Relations:
* copied_to #9218
* parent #9218
* Changesets:
* Revision ecc28455ea46b5da17cc43d1250d6a16ebeba169 by Natanael Copa on 2018-08-21T13:55:16Z:
```
main/wpa_supplicant: security fix (CVE-2018-14526)
fixes #9219
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9208[3.9] libao: Invalid memory allocation in _tokenize_matrix function in audio_...2019-07-23T11:24:11ZAlicha CH[3.9] libao: Invalid memory allocation in _tokenize_matrix function in audio_out.c (CVE-2017-11548)The \_tokenize\_matrix function in audio\_out.c in Xiph.Org libao 1.2.0
allows remote attackers to cause
a denial of service (memory corruption) via a crafted MP3 file.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-11548 ...The \_tokenize\_matrix function in audio\_out.c in Xiph.Org libao 1.2.0
allows remote attackers to cause
a denial of service (memory corruption) via a crafted MP3 file.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-11548
http://seclists.org/fulldisclosure/2017/Jul/84
*(from redmine: issue id 9208, created on 2018-08-08, closed on 2019-01-01)*
* Relations:
* copied_to #9207
* parent #9207
* Changesets:
* Revision d25107e8a0abff1db592d5a79b4cd03b670ff905 by Natanael Copa on 2018-12-04T12:17:12Z:
```
main/libao: security fix for CVE-2017-11548
fixes #9208
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9181[3.9] kamailio: Security vulnerability in Kamailio core related to To header ...2019-07-23T11:24:29ZAlicha CH[3.9] kamailio: Security vulnerability in Kamailio core related to To header processing (CVE-2018-14767)In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message
with a double “To” header and an empty “To” tag causes
a segmentation fault and crash. The reason is missing input validation
in the “build\_res\_buf\_from\_sip\_re...In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message
with a double “To” header and an empty “To” tag causes
a segmentation fault and crash. The reason is missing input validation
in the “build\_res\_buf\_from\_sip\_req” core function.
This could result in denial of service and potentially the execution of
arbitrary code.
### References:
https://skalatan.de/blog/advisory-hw-2018-05
https://nvd.nist.gov/vuln/detail/CVE-2018-14767
*(from redmine: issue id 9181, created on 2018-08-02, closed on 2018-09-20)*
* Relations:
* copied_to #9180
* parent #91803.9.0Nathan AngelacosNathan Angelacoshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9174[3.9] py-django: Open redirect possibility in CommonMiddleware (CVE-2018-14574)2019-07-23T11:24:36ZAlicha CH[3.9] py-django: Open redirect possibility in CommonMiddleware (CVE-2018-14574)If the django.middleware.common.CommonMiddleware and the APPEND\_SLASH
setting are both enabled, and if the project
has a URL pattern that accepts any path ending in a slash (many content
management systems have such a pattern), then a...If the django.middleware.common.CommonMiddleware and the APPEND\_SLASH
setting are both enabled, and if the project
has a URL pattern that accepts any path ending in a slash (many content
management systems have such a pattern), then a request to
a maliciously crafted URL of that site could lead to a redirect to
another site, enabling phishing and other attacks.
### Fixed In Version:
Django 1.11.15 and Django 2.0.8
### References:
https://www.djangoproject.com/weblog/2018/aug/01/security-releases/
http://openwall.com/lists/oss-security/2018/08/01/2
### Patch:
https://github.com/django/django/commit/d6eaee092709aad477a9894598496c6deec532ff
*(from redmine: issue id 9174, created on 2018-08-02, closed on 2018-08-07)*
* Relations:
* copied_to #9173
* parent #9173
* Changesets:
* Revision be7e22246de0916a68b640d89fc11fa95ea548b5 by Natanael Copa on 2018-08-06T15:15:13Z:
```
main/py-django: security upgrade to 1.11.15 (CVE-2018-14574)
fixes #9174
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9158[3.9] wireshark: Multiple vulnerabilities (CVE-2018-14339, CVE-2018-14340, CV...2019-07-23T11:24:50ZAlicha CH[3.9] wireshark: Multiple vulnerabilities (CVE-2018-14339, CVE-2018-14340, CVE-2018-14341, CVE-2018-14342, CVE-2018-14343, CVE-2018-14344, CVE-2018-14367, CVE-2018-14368, CVE-2018-14369, CVE-2018-14370)**CVE-2018-14339**: MMSE dissector infinite loop
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-38.html
**CVE-...**CVE-2018-14339**: MMSE dissector infinite loop
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-38.html
**CVE-2018-14340**: Multiple dissectors could crash
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-36.html
**CVE-2018-14341**: DICOM dissector large loop
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-39.html
**CVE-2018-14342**: BGP dissector large loop
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-34.html
**CVE-2018-14343**: ASN.1 BER and related dissectors crash.
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-37.html
**CVE-2018-14344**: ISMP dissector crash.
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-35.html
**CVE-2018-14367**: CoAP dissector crash
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7
Fixed versions: 2.6.2, 2.4.8
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-42.html
**CVE-2018-14368**: Bazaar dissector infinite loop
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-40.html
**CVE-2018-14369**: HTTP2 dissector crash
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-41.html
**CVE-2018-14370**: IEEE 802.11 dissector crash
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7
Fixed versions: 2.6.2, 2.4.8
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-43.html
*(from redmine: issue id 9158, created on 2018-07-30, closed on 2018-07-31)*
* Relations:
* copied_to #9157
* parent #91573.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9151[3.9] fuse: bypass of the "user_allow_other" restriction when SELinux is acti...2019-07-23T11:24:57ZAlicha CH[3.9] fuse: bypass of the "user_allow_other" restriction when SELinux is active (CVE-2018-10906)In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is
vulnerable to a restriction bypass when SELinux is active. This allows
non-root users to mount a FUSE file system with the ‘allow\_other’
mount
option regardless of ...In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is
vulnerable to a restriction bypass when SELinux is active. This allows
non-root users to mount a FUSE file system with the ‘allow\_other’
mount
option regardless of whether ‘user\_allow\_other’ is set in the fuse
configuration. An attacker may use this flaw to mount a FUSE file
system,
accessible by other users, and trick them into accessing files on that
file
system, possibly causing Denial of Service or other unspecified effects.
### References:
http://openwall.com/lists/oss-security/2018/07/24/1
https://nvd.nist.gov/vuln/detail/CVE-2018-10906
### Patches:
https://github.com/libfuse/libfuse/commit/28bdae3d113ef479c1660a581ef720cdc33bf466
https://github.com/libfuse/libfuse/commit/5018a0c016495155ee598b7e0167b43d5d902414
*(from redmine: issue id 9151, created on 2018-07-30, closed on 2018-07-31)*
* Relations:
* copied_to #9150
* parent #9150
* Changesets:
* Revision cab094ae856f8729453475a6c5fff8e35d8844ab by Natanael Copa on 2018-07-30T16:03:32Z:
```
main/fuse: security upgrade to 2.9.8 (CVE-2018-10906)
fixes #9151
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9140[3.9] libvorbis: heap buffer overflow in mapping0_forward function (CVE-2018-...2019-07-23T11:25:07ZAlicha CH[3.9] libvorbis: heap buffer overflow in mapping0_forward function (CVE-2018-10392)A flaw was found in libvorbis 1.3.6. The mapping0\_forward function in
mapping0.c file in Xiph.Org does not validate the number of channels,
which allows remote attackers to cause a denial of service (heap-based
buffer overflow or over...A flaw was found in libvorbis 1.3.6. The mapping0\_forward function in
mapping0.c file in Xiph.Org does not validate the number of channels,
which allows remote attackers to cause a denial of service (heap-based
buffer overflow or over-read) via a crafted file.
### References:
https://gitlab.xiph.org/xiph/vorbis/issues/2335
https://nvd.nist.gov/vuln/detail/CVE-2018-10392
### Patch:
https://gitlab.xiph.org/xiph/vorbis/commit/112d3bd0aaacad51305e1464d4b381dabad0e88b
*(from redmine: issue id 9140, created on 2018-07-27, closed on 2018-07-30)*
* Relations:
* copied_to #9139
* parent #91393.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9128[3.9] mutt: Multiple vulnerabilities (CVE-2018-14349, CVE-2018-14350, CVE-201...2019-07-23T11:25:15ZAlicha CH[3.9] mutt: Multiple vulnerabilities (CVE-2018-14349, CVE-2018-14350, CVE-2018-14351, CVE-2018-14352, CVE-2018-14353, CVE-2018-14354, CVE-2018-14355, CVE-2018-14356, CVE-2018-14357, CVE-2018-14358, CVE-2018-14359, CVE-2018-14362)CVE-2018-14349: Heap Overflow in imap/command.c
-----------------------------------------------
### Fixed In Version:
mutt 1.10.1
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-14349
### Patches:
https://gitlab.com/muttm...CVE-2018-14349: Heap Overflow in imap/command.c
-----------------------------------------------
### Fixed In Version:
mutt 1.10.1
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-14349
### Patches:
https://gitlab.com/muttmua/mutt/commit/9347b5c01dc52682cb6be11539d9b7ebceae4416
CVE-2018-14350: stack-based buffer overflow in imap/message.c
-------------------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-14349
### Patch:
https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870
CVE-2018-14351: IMAP status mailbox literal mishandled in imap/command.c
------------------------------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### References:
http://www.mutt.org/news.html
https://nvd.nist.gov/vuln/detail/CVE-2018-14351
### Patch:
https://gitlab.com/muttmua/mutt/commit/e57a8602b45f58edf7b3ffb61bb17525d75dfcb1
CVE-2018-14352: stack-based buffer overflow in imap/util.c
----------------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14352
### Patch:
https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d
CVE-2018-14353: integer underflow in imap/util.c
------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### References:
http://www.mutt.org/news.html
https://nvd.nist.gov/vuln/detail/CVE-2018-14353
### Patch:
https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d
CVE-2018-14354: Remote code injection vulnerability to an IMAP mailbox
----------------------------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14354
### Patch:
https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d
CVE-2018-14355: IMAP header caching path traversal vulnerability
----------------------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14355
### Patch:
https://gitlab.com/muttmua/mutt/commit/31eef6c766f47df8281942d19f76e35f475c781d
CVE-2018-14356: mishandles a zero-length UID in pop.c
-----------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14356
### Patch:
https://gitlab.com/muttmua/mutt/commit/e154cba1b3fc52bb8cb8aa846353c0db79b5d9c6
CVE-2018-14357: Remote Code Execution via backquote characters
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14357
### Patch:
https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d
CVE-2018-14358: stack-based buffer overflow in imap/message.c
-------------------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14358
### Patch:
https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870
CVE-2018-14359: buffer overflow via base64 data
-----------------------------------------------
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14359
### Patch:
https://gitlab.com/muttmua/mutt/commit/3d9028fec8f4d08db2251096307c0bbbebce669a
CVE-2018-14362: POP body caching path traversal vulnerability
-------------------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14362
### Patch:
https://gitlab.com/muttmua/mutt/commit/6aed28b40a0410ec47d40c8c7296d8d10bae7576
*(from redmine: issue id 9128, created on 2018-07-24, closed on 2018-07-27)*
* Relations:
* copied_to #9127
* parent #9127
* Changesets:
* Revision ed115862c323b563d378a0ca48ef4f6e7cf55388 by Natanael Copa on 2018-07-24T15:23:25Z:
```
main/mutt: security upgrade to 1.10.1
CVE-2018-14349, CVE-2018-14350, CVE-2018-14351, CVE-2018-14352,
CVE-2018-14353, CVE-2018-14354, CVE-2018-14355, CVE-2018-14356,
CVE-2018-14357, CVE-2018-14358, CVE-2018-14359, CVE-2018-14362
fixes #9128
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9115[3.9] ffmpeg: Multiple vulnerabilities (CVE-2018-7557, CVE-2018-10001, CVE-20...2019-07-23T11:25:22ZAlicha CH[3.9] ffmpeg: Multiple vulnerabilities (CVE-2018-7557, CVE-2018-10001, CVE-2018-12458, CVE-2018-13300, CVE-2018-13302)**CVE-2018-7557**: The decode\_init function in libavcodec/utvideodec.c
in FFmpeg through 3.4.2 allows remote attackers
to cause a denial of service (Out of array read) via an AVI file with
crafted dimensions within chroma subsampling ...**CVE-2018-7557**: The decode\_init function in libavcodec/utvideodec.c
in FFmpeg through 3.4.2 allows remote attackers
to cause a denial of service (Out of array read) via an AVI file with
crafted dimensions within chroma subsampling data.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-7557
### Patch:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/7414d0bda7763f9bd69c26c068e482ab297c1c96
**CVE-2018-10001**: The decode\_init function in libavcodec/utvideodec.c
in FFmpeg through 3.4.2 allows
remote attackers to cause a denial of service (out of array read) via an
AVI file.
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-10001
### Patch:
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=47b7c68ae54560e2308bdb6be4fb076c73b93081
**CVE-2018-12458**: An improper integer type in the
mpeg4\_encode\_gop\_header function in libavcodec/mpeg4videoenc.c in
FFmpeg 4.0 may trigger an assertion violation while converting a crafted
AVI file to MPEG4, leading to a denial of service.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-12458
### Patch:
https://github.com/FFmpeg/FFmpeg/commit/e1182fac1afba92a4975917823a5f644bee7e6e8
**CVE-2018-13300**: In FFmpeg 4.0.1, an improper argument
(AVCodecParameters) passed to the avpriv\_request\_sample
function in the handle\_eac3 function in libavformat/movenc.c may
trigger an out-of-array read while converting a
crafted AVI file to MPEG4, leading to a denial of service and possibly
an information disclosure.
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-13300
### Patch:
https://github.com/FFmpeg/FFmpeg/commit/95556e27e2c1d56d9e18f5db34d6f756f3011148
**CVE-2018-13302**: In FFmpeg 4.0.1, improper handling of frame types
(other than EAC3\_FRAME\_TYPE\_INDEPENDENT) that
have multiple independent substreams in the handle\_eac3 function in
libavformat/movenc.c may trigger an out-of-array access
while converting a crafted AVI file to MPEG4, leading to a denial of
service or possibly unspecified other impact.
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-13302
### Patch:
https://github.com/FFmpeg/FFmpeg/commit/ed22dc22216f74c75ee7901f82649e1ff725ba50
*(from redmine: issue id 9115, created on 2018-07-19, closed on 2018-08-29)*
* Relations:
* copied_to #9114
* parent #9114
* Changesets:
* Revision 2a92300f12bdc3ed7fc960459e6b5a37868da059 by Natanael Copa on 2018-08-28T13:49:05Z:
```
community/ffmpeg: security upgrade to 3.4.4
fixes #9115
fixes #9353
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9100[3.9] znc: Multiple vulnerabilities (CVE-2018-14055, CVE-2018-14056)2019-07-23T11:25:35ZAlicha CH[3.9] znc: Multiple vulnerabilities (CVE-2018-14055, CVE-2018-14056)**CVE-2018-14055**: ZNC before 1.7.1-rc1 does not properly validate
untrusted lines coming from the
network, allowing a non-admin user to escalate his privilege and inject
rogue values into znc.conf.
### Reference:
https://nvd.nist.g...**CVE-2018-14055**: ZNC before 1.7.1-rc1 does not properly validate
untrusted lines coming from the
network, allowing a non-admin user to escalate his privilege and inject
rogue values into znc.conf.
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14055
### Patches:
https://github.com/znc/znc/commit/a7bfbd93812950b7444841431e8e297e62cb524e
https://github.com/znc/znc/commit/d22fef8620cdd87490754f607e7153979731c69d
**CVE-2018-14056**: ZNC before 1.7.1-rc1 is prone to a path traversal
flaw via ../ in a web
skin name to access files outside of the intended skins directories.
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14056
### Patch:
https://github.com/znc/znc/commit/a4a5aeeb17d32937d8c7d743dae9a4cc755ce773
*(from redmine: issue id 9100, created on 2018-07-17, closed on 2018-07-19)*
* Relations:
* copied_to #9099
* parent #9099
* Changesets:
* Revision bd4fb24c372fc0a49ab402a6773ad26ee7314d80 by Natanael Copa on 2018-07-18T07:33:45Z:
```
main/znc: security upgrade to 1.7.1 (CVE-2018-14055,CVE-2018-14056)
fixes #9100
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9092[3.9] phpmyadmin: Multiple vulnerabilities (CVE-2018-12581, CVE-2018-12613)2019-07-23T11:25:43ZAlicha CH[3.9] phpmyadmin: Multiple vulnerabilities (CVE-2018-12581, CVE-2018-12613)CVE-2018-12581: XSS in Designer feature
---------------------------------------
A Cross-Site Scripting vulnerability was found in the Designer feature,
where an attacker can
deliver a payload to a user through a specially-crafted data...CVE-2018-12581: XSS in Designer feature
---------------------------------------
A Cross-Site Scripting vulnerability was found in the Designer feature,
where an attacker can
deliver a payload to a user through a specially-crafted database name.
### Affected Versions:
phpMyAdmin versions prior to 4.8.2.
### Reference:
https://www.phpmyadmin.net/security/PMASA-2018-3/
### Patch:
https://github.com/phpmyadmin/phpmyadmin/commit/6943fff87324bd54c3a37a5160a5fb77498c355e
CVE-2018-12613: File inclusion and remote code execution attack
---------------------------------------------------------------
A flaw has been discovered where an attacker can include (view and
potentially execute) files on the server.
The vulnerability comes from a portion of code where pages are
redirected and loaded within phpMyAdmin, and an improper test for
whitelisted pages.
An attacker must be authenticated, except in these situations:
- $cfg\[‘AllowArbitraryServer’\] = true: attacker can specify any host
he/she is already in control of, and execute arbitrary code on
phpMyAdmin
- $cfg\[‘ServerDefault’\] = 0: this bypasses the login and runs the
vulnerable code without any authentication
### Affected Versions:
phpMyAdmin 4.8.0 and 4.8.1 are affected.
### Reference:
https://www.phpmyadmin.net/security/PMASA-2018-4/
### Patch:
https://github.com/phpmyadmin/phpmyadmin/commit/7662d02939fb3cf6f0d9ec32ac664401dcfe7490
*(from redmine: issue id 9092, created on 2018-07-16, closed on 2018-07-17)*
* Relations:
* copied_to #9091
* parent #9091
* Changesets:
* Revision 7b247d9a30036bc793da142933227d7148840609 by Natanael Copa on 2018-07-16T17:52:52Z:
```
community/phpmyadmin: security upgrade to 4.8.2 (CVE-2018-12581,CVE-2018-12613)
fixes #9092
```3.9.0