aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2019-07-23T11:16:00Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9863[3.9] irssi: Use-after-free when hidden lines were expired from the scroll (C...2019-07-23T11:16:00ZAlicha CH[3.9] irssi: Use-after-free when hidden lines were expired from the scroll (CVE-2019-5882)Irssi 1.1.x before 1.1.2 has a use after free when hidden lines are
expired
from the scroll buffer.
### Fixed In Version:
Irssi 1.1.2
### References:
https://irssi.org/security/irssi\_sa\_2019\_01.txt
https://www.openwall.com/lis...Irssi 1.1.x before 1.1.2 has a use after free when hidden lines are
expired
from the scroll buffer.
### Fixed In Version:
Irssi 1.1.2
### References:
https://irssi.org/security/irssi\_sa\_2019\_01.txt
https://www.openwall.com/lists/oss-security/2019/01/10/1
*(from redmine: issue id 9863, created on 2019-01-17, closed on 2019-01-18)*
* Relations:
* parent #9862
* Changesets:
* Revision c4e35c92e1389de8f3e842a194ec98a50a96e219 by Natanael Copa on 2019-01-17T15:13:04Z:
```
main/irssi: security upgrade to 1.1.2 (CVE-2019-5882)
fixes #9863
```3.9.0Natanael CopaNatanael Copa2019-01-17https://gitlab.alpinelinux.org/alpine/aports/-/issues/9935ca-certificates is broken and needs an update2019-07-23T11:15:10ZJohn Smithca-certificates is broken and needs an updateAlpine 3.8 has ‘20171114-r3’ version of ‘ca-certificates’ package, which
is quite old and looks like it is broken:
mail server mail.amur-cit.ru:587 uses self-signed certificate, which I
need to add to the list of trusted ones on Alpine ...Alpine 3.8 has ‘20171114-r3’ version of ‘ca-certificates’ package, which
is quite old and looks like it is broken:
mail server mail.amur-cit.ru:587 uses self-signed certificate, which I
need to add to the list of trusted ones on Alpine for the connection to
succeed.
1. get their certificate via this command:
openssl s\_client -starttls smtp -showcerts -connect
mail.amur-cit.ru:587
from the output of that command I copy 1st (well, 0th in terms of that
command’s output) certificate from the certificate chain.
2. save it into a file on Alpine node as
/usr/local/share/ca-certificates/mail.amur-cit.ru.crt
3. run update-ca-certificates
result:
WARNING: ca-certificates.crt does not contain exactly one certificate or
CRL: skipping
On a Debian-based node that was enough to add the certificate to the
list of trusted ones, the output there was the following:
Updating certificates in /etc/ssl/certs…
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d…
done.
*(from redmine: issue id 9935, created on 2019-01-29, closed on 2019-01-29)*
* Changesets:
* Revision e52ca18af87015baba0756530ff0fd6b7b6ea081 by Natanael Copa on 2019-01-29T16:26:25Z:
```
main/ca-certificates: upgrade to 20190108
fixes #9935
```
* Revision ef889967982b9e04edc9a0dbb02231e47e41f03c by Natanael Copa on 2019-05-27T12:31:10Z:
```
main/ca-certificates: upgrade to 20190108
fixes #9935
```
* Revision acbc0e0a89f2c917c5c949d5e3ece043c8a9ec58 by Natanael Copa on 2019-05-27T12:35:15Z:
```
main/ca-certificates: upgrade to 20190108
fixes #9935
```3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9920dovecot split protocol default config error2019-07-23T11:15:17Zalgitbotdovecot split protocol default config errorhttps://git.alpinelinux.org/aports/tree/main/dovecot/APKBUILD?id=e02aad8c475a7413777e720103c1694f0d5e8487\#n192
instead of concatenating with $protocols, it concatenates with $protocol
fix: append an s to $protocol
please fix before 3...https://git.alpinelinux.org/aports/tree/main/dovecot/APKBUILD?id=e02aad8c475a7413777e720103c1694f0d5e8487\#n192
instead of concatenating with $protocols, it concatenates with $protocol
fix: append an s to $protocol
please fix before 3.9 is released, because the default config is broken
now (complaint by doveconf)
*(from redmine: issue id 9920, created on 2019-01-26, closed on 2019-01-29)*
* Changesets:
* Revision 6cfc6137d7936ef4e37fa4ca269b560a001936ca by Jakub Jirutka on 2019-01-26T17:05:56Z:
```
main/dovecot: fix typo $protocol -> $protocols
Fixes #9920 (https://bugs.alpinelinux.org/issues/9920)
```3.9.0Jakub JirutkaJakub Jirutkahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9906[3.9] apache2: Multiple vulnerabilities (CVE-2018-17189, CVE-2018-17199, CVE-...2019-07-23T11:15:30ZAlicha CH[3.9] apache2: Multiple vulnerabilities (CVE-2018-17189, CVE-2018-17199, CVE-2019-0190)CVE-2018-17189: DoS for HTTP/2 connections via slow request bodies
------------------------------------------------------------------
By sending request bodies in a slow loris way to plain resources, the h2
stream for that request unnec...CVE-2018-17189: DoS for HTTP/2 connections via slow request bodies
------------------------------------------------------------------
By sending request bodies in a slow loris way to plain resources, the h2
stream for that request unnecessarily occupied a server
thread cleaning up that incoming data. This affects only HTTP/2
connections. A possible mitigation is to not enable the h2 protocol.
### Fixed In Version:
Apache httpd 2.4.38
### References:
https://httpd.apache.org/security/vulnerabilities\_24.html
CVE-2018-17199: mod\_session\_cookie does not respect expiry time
-----------------------------------------------------------------
In Apache HTTP Server 2.4 release 2.4.37 and prior, mod\_session checks
the session expiry time before decoding the session. This causes
session
expiry time to be ignored for mod\_session\_cookie sessions since the
expiry time is loaded when the session is decoded.
### Fixed In Version:
Apache httpd 2.4.38
### References:
https://httpd.apache.org/security/vulnerabilities\_24.html
CVE-2019-0190: mod\_ssl: remote DoS when used with OpenSSL 1.1.1
----------------------------------------------------------------
A bug exists in the way mod\_ssl handled client renegotiations. A remote
attacker could send a carefully crafted request that would cause
mod\_ssl to enter a loop leading to a denial of service. This bug can be
only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL
version 1.1.1 or later, due to an interaction in changes to handling of
renegotiation attempts.
### Fixed In Version:
Apache httpd 2.4.38
### References:
https://httpd.apache.org/security/vulnerabilities\_24.html
https://seclists.org/oss-sec/2019/q1/82
*(from redmine: issue id 9906, created on 2019-01-24, closed on 2019-01-28)*
* Relations:
* parent #9905
* Changesets:
* Revision e82176fd8bf8ac0c0089a9b3daedcd2c52dafea3 on 2019-01-25T19:34:59Z:
```
main/apache2: security upgrade to 2.4.38
fixes #9906
```3.9.0Kaarle RitvanenKaarle Ritvanenhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9903grub-mkconfig can't properly setup f2fs root fs2019-07-23T11:15:33ZTaner Tasgrub-mkconfig can't properly setup f2fs root fsMy Alpine (edge) system uses f2fs root file system. After new grub
trigger subsystem, my system became non bootable.
I noticed that grub.cfg configuration uses static device names instead
of partition UUID.
My file system is f2fs and ...My Alpine (edge) system uses f2fs root file system. After new grub
trigger subsystem, my system became non bootable.
I noticed that grub.cfg configuration uses static device names instead
of partition UUID.
My file system is f2fs and it seems this issue is not affected ext4 root
file system (tested).
According to my working setup, grub.cfg must be generated as
`linux /vmlinuz-vanilla root=UUID=... rootfstype=f2fs` instead
`linux /vmlinuz-vanilla root=/dev/sdc3`
*(from redmine: issue id 9903, created on 2019-01-24, closed on 2019-01-29)*
* Changesets:
* Revision cb5d66dfdf57d13714e111eda2ef7f9f552d380d by Natanael Copa on 2019-01-24T18:01:30Z:
```
main/grub: add post-ugprade to import default config
import boot options to /etc/default/grub on upgrade to make sure we can
still boot.
ref #9903
```
* Revision 26b88dbce397bc282c399e39b55cec4579c3b42e by Natanael Copa on 2019-01-25T16:01:44Z:
```
main/grub: backport f2fs support
fixes #9903
```3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9884[3.9] gitolite: security issue in optional bundle helper ("rsync" command) (C...2019-07-23T11:15:46ZAlicha CH[3.9] gitolite: security issue in optional bundle helper ("rsync" command) (CVE-2018-20683)commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync,
mishandles the rsync command line, which allows
attackers to have a “bad” impact by triggering use of an option other
than -v, -n, -q, or -P.
### References:
ht...commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync,
mishandles the rsync command line, which allows
attackers to have a “bad” impact by triggering use of an option other
than -v, -n, -q, or -P.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-20683
https://github.com/sitaramc/gitolite/blob/master/CHANGELOG
### Patch:
https://github.com/sitaramc/gitolite/commit/5df2b817255ee919991da6c310239e08c8fcc1ae
*(from redmine: issue id 9884, created on 2019-01-21, closed on 2019-01-24)*
* Relations:
* parent #9883
* Changesets:
* Revision 87c443db8dd4907c90a4b6077c6d61946fc30816 by Natanael Copa on 2019-01-23T19:14:38Z:
```
main/gitolite: security upgrade to 3.6.11 (CVE-2018-20683)
fixes #9884
```3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9823[3.9] keepalived: Multiple vulnerabilities (CVE-2018-19044, CVE-2018-19045, C...2019-07-23T11:16:34ZAlicha CH[3.9] keepalived: Multiple vulnerabilities (CVE-2018-19044, CVE-2018-19045, CVE-2018-19046)**CVE-2018-19044**: kkeepalived before version 2.0.9 didn’t check for
pathnames with symlinks when writing data to a temporary file upon a
call to PrintData or PrintStats. This allowed local users to overwrite
arbitrary files if fs.prote...**CVE-2018-19044**: kkeepalived before version 2.0.9 didn’t check for
pathnames with symlinks when writing data to a temporary file upon a
call to PrintData or PrintStats. This allowed local users to overwrite
arbitrary files if fs.protected\_symlinks is set to 0, as demonstrated
by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to
/etc/passwd.
### Fixed In Version:
keepalived 2.0.9
### References:
https://github.com/acassen/keepalived/issues/1048
http://www.keepalived.org/changelog.html
### Patch:
https://github.com/acassen/keepalived/commit/04f2d32871bb3b11d7dc024039952f2fe2750306
**CVE-2018-19045**: keepalived 2.0.8 used mode 0666 when creating new
temporary files upon a call to PrintData
or PrintStats, potentially leaking sensitive information.
### Fixed In Version:
keepalived 2.0.9
### References:
https://github.com/acassen/keepalived/issues/1048
https://nvd.nist.gov/vuln/detail/CVE-2018-19045
### Patches:
https://github.com/acassen/keepalived/commit/5241e4d7b177d0b6f073cfc9ed5444bf51ec89d6
https://github.com/acassen/keepalived/commit/c6247a9ef2c7b33244ab1d3aa5d629ec49f0a067
**CVE-2018-19046**: keepalived before version 2.0.10 didn’t check for
existing plain files when writing data to a temporary file upon a call
to PrintData or PrintStats. If a local attacker had previously created a
file with the expected name (e.g., /tmp/keepalived.data or
/tmp/keepalived.stats), with read access for the attacker and write
access for the keepalived process, then this potentially leaked
sensitive information.
### Fixed In Version:
keepalived 2.0.10
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-19046
https://github.com/acassen/keepalived/issues/1048
### Patches:
https://github.com/acassen/keepalived/commit/ac8e2ef053de273ce7a0cf0cb611e599dca4b298
https://github.com/acassen/keepalived/commit/26c8d6374db33bcfcdcd758b1282f12ceef4b94f
https://github.com/acassen/keepalived/commit/17f944144b3d9c5131569b1cc988cc90fd676671
*(from redmine: issue id 9823, created on 2019-01-02, closed on 2019-01-09)*
* Relations:
* parent #9822
* Changesets:
* Revision d5456c04c54ef1071228fe009595f420a2dd7e42 on 2019-01-08T11:02:05Z:
```
community/keepalived: security upgrade to 2.0.11
CVE-2018-19044, CVE-2018-19045, CVE-2018-19046
Fixes #9823
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9817[3.9] wget: Information exposure in set_file_metadata function in xattr.c (CV...2019-07-23T11:16:40ZAlicha CH[3.9] wget: Information exposure in set_file_metadata function in xattr.c (CVE-2018-20483)set\_file\_metadata in xattr.c in GNU Wget before 1.20.1 stores a file’s
origin URL in the user.xdg.origin.url metadata attribute of the extended
attributes of the
downloaded file, which allows local users to obtain sensitive
informati...set\_file\_metadata in xattr.c in GNU Wget before 1.20.1 stores a file’s
origin URL in the user.xdg.origin.url metadata attribute of the extended
attributes of the
downloaded file, which allows local users to obtain sensitive
information (e.g., credentials contained in the URL) by reading this
attribute, as demonstrated by getfattr.
This also applies to Referer information in the user.xdg.referrer.url
metadata attribute. According to 2016-07-22 in the Wget ChangeLog,
user.xdg.origin.url was
partially based on the behavior of fwrite\_xattr in tool\_xattr.c in
curl.
### Fixed In Version:
wget 1.20.1
### References:
http://git.savannah.gnu.org/cgit/wget.git/tree/NEWS
https://nvd.nist.gov/vuln/detail/CVE-2018-20483
### Patches:
Introduced by:
https://git.savannah.gnu.org/cgit/wget.git/commit/?id=a933bdd31eee9c956a3b5cc142f004ef1fa94cb3
(v1.19)
http://git.savannah.gnu.org/cgit/wget.git/commit/?id=c125d24762962d91050d925fbbd9e6f30b2302f8
http://git.savannah.gnu.org/cgit/wget.git/commit/?id=3cdfb594cf75f11cdbb9702ac5e856c332ccacfa
*(from redmine: issue id 9817, created on 2019-01-01, closed on 2019-01-09)*
* Relations:
* parent #9816
* Changesets:
* Revision e6404a21b246558e15ba90e0a54011392d26c497 on 2019-01-03T07:51:58Z:
```
main/wget: security upgrade to 1.20.1 (CVE-2018-20483)
Fixes #9817
```3.9.0Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9802[3.9] krb5: Ignore password attributes for S4U2Self requests (CVE-2018-20217)2019-07-23T11:16:51ZAlicha CH[3.9] krb5: Ignore password attributes for S4U2Self requests (CVE-2018-20217)A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5
(aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket
using
an older encryption type (single-DES, triple-DES, or RC4), the attacker
can crash the KDC b...A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5
(aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket
using
an older encryption type (single-DES, triple-DES, or RC4), the attacker
can crash the KDC by making an S4U2Self request.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-20217
http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763
### Patch:
https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086
*(from redmine: issue id 9802, created on 2018-12-27, closed on 2019-01-09)*
* Relations:
* parent #9801
* Changesets:
* Revision bd4ce5b0529e8f12a984bdfd4d231664a613454a on 2019-01-07T07:52:42Z:
```
main/krb5: upgrade to 1.15.4, security fix for CVE-2018-20217
Fixes #9802
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9797[3.9] openjpeg: Multiple vulnerabilities (CVE-2018-14423, CVE-2018-6616)2019-07-23T11:16:57ZAlicha CH[3.9] openjpeg: Multiple vulnerabilities (CVE-2018-14423, CVE-2018-6616)**CVE-2018-14423**: Division-by-zero vulnerabilities in the functions
pi\_next\_pcrl, pi\_next\_cprl, and pi\_next\_rpcl in
lib/openjp3d/pi.c
in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of
service (application cr...**CVE-2018-14423**: Division-by-zero vulnerabilities in the functions
pi\_next\_pcrl, pi\_next\_cprl, and pi\_next\_rpcl in
lib/openjp3d/pi.c
in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of
service (application crash).
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-14423
https://github.com/uclouvain/openjpeg/issues/1123
### Patch:
https://github.com/uclouvain/openjpeg/commit/bd88611ed9ad7144ec4f3de54790cd848175891b
**CVE-2018-6616**: In OpenJPEG 2.3.0, there is excessive iteration in
the opj\_t1\_encode\_cblks function of openjp2/t1.c. Remote
attackers could leverage this vulnerability to cause a denial of service
via a crafted bmp file.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-6616
https://github.com/uclouvain/openjpeg/issues/1059
### Patch:
https://github.com/hlef/openjpeg/commit/8ee335227bbcaf1614124046aa25e53d67b11ec3
*(from redmine: issue id 9797, created on 2018-12-27, closed on 2019-01-01)*
* Relations:
* parent #9796
* Changesets:
* Revision 50f991efc36983c48ef31001e2cb0433b2745479 by Francesco Colista on 2019-01-01T07:33:41Z:
```
main/openjpeg: security fixes
- CVE-2018-14423
- CVE-2018-6616
this commit fixes #9797
```3.9.0Francesco ColistaFrancesco Colistahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9785[3.9] phpmyadmin: Multiple vulnerabilities (CVE-2018-19968, CVE-2018-19969, C...2019-07-23T11:17:09ZAlicha CH[3.9] phpmyadmin: Multiple vulnerabilities (CVE-2018-19968, CVE-2018-19969, CVE-2018-19970)CVE-2018-19968: Local file inclusion through transformation feature.
--------------------------------------------------------------------
A flaw has been found where an attacker can exploit phpMyAdmin to leak
the contents of a local fil...CVE-2018-19968: Local file inclusion through transformation feature.
--------------------------------------------------------------------
A flaw has been found where an attacker can exploit phpMyAdmin to leak
the contents of a local file. The attacker must have access
to the phpMyAdmin Configuration Storage tables, although these can
easily be created in any database to which the attacker has access.
An attacker must have valid credentials to log in to phpMyAdmin; this
vulnerability does not allow an attacker to circumvent the login system.
### Affected Versions:
phpMyAdmin versions from at least 4.0 through 4.8.3 are affected
Reference:
https://www.phpmyadmin.net/security/PMASA-2018-6/
Patch:
https://github.com/phpmyadmin/phpmyadmin/commit/6a1ba61e29002f0305a9322a8af4eaaeb11c0732
CVE-2018-19969: XSRF/CSRF vulnerability
---------------------------------------
By deceiving a user to click on a crafted URL, it is possible to perform
harmful SQL operations such as renaming databases, creating new
tables/routines, deleting designer pages, adding/deleting users,
updating user passwords, killing SQL processes, etc.
### Affected Versions
phpMyAdmin versions 4.7.0 through 4.7.6 and 4.8.0 through 4.8.3 are
affected.
### Reference:
https://www.phpmyadmin.net/security/PMASA-2018-7/
### Patches:
see https://www.phpmyadmin.net/security/PMASA-2018-7/
CVE-2018-19970: XSS vulnerability in navigation tree
----------------------------------------------------
A Cross-Site Scripting vulnerability was found in the navigation tree,
where an attacker can deliver
a payload to a user through a specially-crafted database/table name.
### Affected Versions
phpMyAdmin versions from at least 4.0 through 4.8.3 are affected
### Reference:
https://www.phpmyadmin.net/security/PMASA-2018-8/
### Patch:
https://github.com/phpmyadmin/phpmyadmin/commit/b293ff5f234ef493336ed8638f623a12164d359e
*(from redmine: issue id 9785, created on 2018-12-24, closed on 2019-01-09)*
* Relations:
* parent #9784
* Changesets:
* Revision 327df2ce21328db30da75277c323014af26c0b5c on 2019-01-08T10:44:14Z:
```
community/phpmyadmin: security upgrade to 4.8.4
CVE-2018-19968, CVE-2018-19969, CVE-2018-19970
Fixes #9785
```3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9774Qemu Guest Agent can't shut down Alpine2019-07-23T11:17:16ZAdam CrowderQemu Guest Agent can't shut down AlpineBecause Alpine doesn’t use posix shutdown, the Qemu Guest Agent is
unable to perform a system shutdown (as it is hardcoded to use
/sbin/shutdown)
A patch needs to be made for qga/commands-posix.c (from the qemu source)
which modifies th...Because Alpine doesn’t use posix shutdown, the Qemu Guest Agent is
unable to perform a system shutdown (as it is hardcoded to use
/sbin/shutdown)
A patch needs to be made for qga/commands-posix.c (from the qemu source)
which modifies the qmp\_guest\_shutdown function to shutdown alpine
(with /sbin/poweroff) appropriately.
*(from redmine: issue id 9774, created on 2018-12-19, closed on 2018-12-25)*
* Changesets:
* Revision 76b81b486480fd9c3294cd420bcf2df01c27790d by Natanael Copa on 2018-12-20T16:21:11Z:
```
main/qemu: fix shutdown from guest agent
we dont have /sbin/shutdown so provide a fallback to the busybox
/sbin/poweroff, /sbin/halt and /sbin/reboot.
fixes #9774
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9763[3.9] wireshark: Multiple vulnerabilities (CVE-2018-19622, CVE-2018-19623, CV...2019-07-23T11:17:23ZAlicha CH[3.9] wireshark: Multiple vulnerabilities (CVE-2018-19622, CVE-2018-19623, CVE-2018-19624, CVE-2018-19625 CVE-2018-19626, CVE-2018-19627, CVE-2018-19628)### CVE-2018-19622: MMSE dissector infinite loop
Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10
Fixed versions: 2.6.5, 2.4.11
### References:
https://www.wireshark.org/security/wnpa-sec-2018-54.html
https://bugs.wireshark.org/...### CVE-2018-19622: MMSE dissector infinite loop
Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10
Fixed versions: 2.6.5, 2.4.11
### References:
https://www.wireshark.org/security/wnpa-sec-2018-54.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15250
### CVE-2018-19623: LBMPDM dissector crash
Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10
Fixed versions: 2.6.5, 2.4.11
### References:
https://www.wireshark.org/security/wnpa-sec-2018-53.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15132
### CVE-2018-19624: PVFS dissector crash
Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10
Fixed versions: 2.6.5, 2.4.11
### References:
https://www.wireshark.org/security/wnpa-sec-2018-56.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15280
### CVE-2018-19625: Wireshark dissection engine crash
Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10
Fixed versions: 2.6.5, 2.4.11
### References:
https://www.wireshark.org/security/wnpa-sec-2018-51.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=14466
### CVE-2018-19626: DCOM dissector crash
Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10
Fixed versions: 2.6.5, 2.4.11
### References:
https://www.wireshark.org/security/wnpa-sec-2018-52.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15130
### CVE-2018-19627: IxVeriWave file parser crash.
Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10
Fixed versions: 2.6.5, 2.4.11
### References:
https://www.wireshark.org/security/wnpa-sec-2018-55.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15279
### CVE-2018-19628: ZigBee ZCL dissector crash
Affected versions: 2.6.0 to 2.6.4
Fixed versions: 2.6.5
### References:
https://www.wireshark.org/security/wnpa-sec-2018-57.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15281
*(from redmine: issue id 9763, created on 2018-12-12, closed on 2019-01-01)*
* Relations:
* parent #9762
* Changesets:
* Revision d0f7f9ff6bb890cdeda8dcc9bce15ad49d4d8205 by Milan P. Stanić on 2019-01-01T08:48:05Z:
```
community/wireshark: security upgrade to 2.6.5
CVE-2018-19622, CVE-2018-19623, CVE-2018-19624, CVE-2018-19625
CVE-2018-19626, CVE-2018-19627, CVE-2018-19628
Fixes #9763
Signed-off-by: Leonardo Arena <rnalrd@alpinelinux.org>
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9727[3.9] perl: Multiple vulnerabilities (CVE-2018-18311, CVE-2018-18312, CVE-201...2019-07-23T11:17:48ZAlicha CH[3.9] perl: Multiple vulnerabilities (CVE-2018-18311, CVE-2018-18312, CVE-2018-18313, CVE-2018-18314)CVE-2018-18311: Integer overflow leading to buffer overflow
-----------------------------------------------------------
A flaw was found in Perl versions 5.8.0 through 5.28. An Integer
overflow leading to buffer overflow
in Perl\_my\_...CVE-2018-18311: Integer overflow leading to buffer overflow
-----------------------------------------------------------
A flaw was found in Perl versions 5.8.0 through 5.28. An Integer
overflow leading to buffer overflow
in Perl\_my\_setenv function in util.c
### Fixed In Version:
perl 5.29.1, perl 5.26.3
### Reference:
https://rt.perl.org/Public/Bug/Display.html?id=133204
### Patch:
https://github.com/Perl/perl5/commit/34716e2a6ee2af96078d62b065b7785c001194be
Introduced by:
https://perl5.git.perl.org/perl.git/commitdiff/e658793210bbe632a5e80a876acfcd0984c46b87
CVE-2018-18312: Heap-buffer-overflow write / reg\_node overrun
--------------------------------------------------------------
A flaw was found in Perl versions 5.18 through 5.26. A
Heap-buffer-overflow write / reg\_node overrun
### Fixed In Version:
perl 5.26.3, perl 5.28.1
### References:
https://rt.perl.org/Ticket/Display.html?id=133423
https://security-tracker.debian.org/tracker/CVE-2018-18312
CVE-2018-18313: Heap-buffer-overflow read in regcomp.c
------------------------------------------------------
A flaw was found in Perl versions 5.22 through 5.26.
Heap-buffer-overflow read in regcomp.c
### Fixed In Version:
perl 5.26.3, perl 5.28.1
### Reference:
https://rt.perl.org/Public/Bug/Display.html?id=133192
### Patch:
https://github.com/Perl/perl5/commit/43b2f4ef399e2fd7240b4eeb0658686ad95f8e62
CVE-2018-18314: Heap-based buffer overflow
------------------------------------------
A flaw was found in Perl versions 5.18 through 5.28. A Heap-based buffer
overflow
### Fixed In Version:
perl 5.26.3, perl 5.28.1
### Reference:
https://rt.perl.org/Public/Bug/Display.html?id=131649
### Patch:
https://github.com/Perl/perl5/commit/19a498a461d7c81ae3507c450953d1148efecf4f
*(from redmine: issue id 9727, created on 2018-12-04, closed on 2018-12-06)*
* Relations:
* parent #9726
* Changesets:
* Revision 13074bff64787b9251ec396b8ac6ecd18718d2a0 by Natanael Copa on 2018-12-04T14:46:15Z:
```
main/perl: security upgrade to 5.26.3
CVE-2018-18311, CVE-2018-18312, CVE-2018-18313, CVE-2018-18314
fixes #9727
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9715[3.9] tiff: Multiple vulnerabilities (CVE-2018-12900, CVE-2018-18557, CVE-201...2019-07-23T11:17:58ZAlicha CH[3.9] tiff: Multiple vulnerabilities (CVE-2018-12900, CVE-2018-18557, CVE-2018-18661)CVE-2018-12900: Heap-based buffer overflow in the cpSeparateBufToContigBuf function resulting in a denial of service
--------------------------------------------------------------------------------------------------------------------
He...CVE-2018-12900: Heap-based buffer overflow in the cpSeparateBufToContigBuf function resulting in a denial of service
--------------------------------------------------------------------------------------------------------------------
Heap-based buffer overflow in the cpSeparateBufToContigBuf function in
tiffcp.c in LibTIFF 4.0.9 allows remote
attackers to cause a denial of service (crash) or possibly have
unspecified other impact via a crafted TIFF file.
### References:
http://bugzilla.maptools.org/show\_bug.cgi?id=2798
https://nvd.nist.gov/vuln/detail/CVE-2018-12900
CVE-2018-18557: Out-of-bounds write in tif\_jbig.c
--------------------------------------------------
LibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a
buffer,
ignoring the buffer size, which leads to a tif\_jbig.c JBIGDecode
out-of-bounds write.
### References:
https://bugs.chromium.org/p/project-zero/issues/detail?id=1697
https://nvd.nist.gov/vuln/detail/CVE-2018-18557
CVE-2018-18661: tiff2bw tool failed memory allocation leads to crash
--------------------------------------------------------------------
An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer
dereference in the function
LZWDecode in the file tif\_lzw.c.
### References:
http://bugzilla.maptools.org/show\_bug.cgi?id=2819
https://nvd.nist.gov/vuln/detail/CVE-2018-18661
### Patch:
https://gitlab.com/libtiff/libtiff/commit/99b10edde9a0fc28cc0e7b7757aa18ac4c8c225f
*(from redmine: issue id 9715, created on 2018-11-29, closed on 2018-12-07)*
* Relations:
* parent #9714
* Changesets:
* Revision 0c504ed6ce49ffab8f4090a5a3ddaeeda27ecbf5 by Natanael Copa on 2018-11-30T11:58:02Z:
```
main/tiff: security upgrade to 4.0.10
CVE-2018-12900, CVE-2018-18557, CVE-2018-18661
fixes #9715
```3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9704[3.9] webkit2gtk: Multiple memory corruption issues (CVE-2018-4372)2020-06-23T23:02:11ZAlicha CH[3.9] webkit2gtk: Multiple memory corruption issues (CVE-2018-4372)Processing maliciously crafted web content may lead to arbitrary code
execution. Multiple memory
corruption issues were addressed with improved memory handling.
Versions affected: WebKitGTK+ before 2.22.4
### Reference:
https://webk...Processing maliciously crafted web content may lead to arbitrary code
execution. Multiple memory
corruption issues were addressed with improved memory handling.
Versions affected: WebKitGTK+ before 2.22.4
### Reference:
https://webkitgtk.org/security/WSA-2018-0008.html
*(from redmine: issue id 9704, created on 2018-11-27, closed on 2018-11-28)*
* Changesets:
* Revision 041fef015184af46bcc6eb6e421bdc5e3259c709 by Natanael Copa on 2018-11-27T13:38:59Z:
```
community/webkit2gtk: security upgrade to 2.22.4 (CVE-2018-4372)
fixes #9704
```3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9696[3.9] roundcubemail: Cross-site Scripting issue in email attachments (CVE-201...2019-07-23T11:18:10ZAlicha CH[3.9] roundcubemail: Cross-site Scripting issue in email attachments (CVE-2018-19206)steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of
<svg>
<style>
, as demonstrated by
an onload attribute in a BODY element, within an HTML attachment.
### References:
https://github.com/roundcube/roundcubemai...steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of
<svg>
<style>
, as demonstrated by
an onload attribute in a BODY element, within an HTML attachment.
### References:
https://github.com/roundcube/roundcubemail/issues/6410
https://nvd.nist.gov/vuln/detail/CVE-2018-19206
### Patch:
https://github.com/roundcube/roundcubemail/commit/102fbf1169116fef32a940b9fb1738bc45276059
*(from redmine: issue id 9696, created on 2018-11-26, closed on 2018-12-04)*
* Relations:
* parent #9695
* Changesets:
* Revision 1d5dbd01274ff36d9839dac79b36803262c62bfa by Natanael Copa on 2018-11-29T14:42:08Z:
```
community/roundcubemail: security upgrade to 1.3.8 (CVE-2018-19206)
fixes #9696
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9690[3.9] ghostscript: Multiple vulnerabilities: (CVE-2018-19409, CVE-2018-19475,...2019-07-23T11:18:16ZAlicha CH[3.9] ghostscript: Multiple vulnerabilities: (CVE-2018-19409, CVE-2018-19475, CVE-2018-19476, CVE-2018-19477)**CVE-2018-19409**: An issue was discovered in Artifex Ghostscript
before 9.26. LockSafetyParams is not
checked correctly if another device is used.
### Fixed In Version:
ghostscript 9.26
### References:
https://www.ghostscript.com...**CVE-2018-19409**: An issue was discovered in Artifex Ghostscript
before 9.26. LockSafetyParams is not
checked correctly if another device is used.
### Fixed In Version:
ghostscript 9.26
### References:
https://www.ghostscript.com/doc/9.26/History9.htm\#Version9.26
https://nvd.nist.gov/vuln/detail/CVE-2018-19409
### Patches:
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=661e8d8fb
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=ea1b3ef43
**CVE-2018-19475**: psi/zdevice2.c in Artifex Ghostscript before 9.26
allows remote attackers to bypass intended access restrictions because
available stack space is not checked when the device remains the same.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-19475
https://bugs.ghostscript.com/show\_bug.cgi?id=700153
### Patches:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3005fcb9bb160af199e761e03bc70a9f249a987e
(ghostscript-9.26)
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=aeea342904978c9fe17d85f4906a0f6fcce2d315
(master)
**CVE-2018-19476**: psi/zicc.c in Artifex Ghostscript before 9.26 allows
remote attackers to bypass intended
access restrictions because of a setcolorspace type confusion.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-19476
https://bugs.ghostscript.com/show\_bug.cgi?id=700169
### Patches:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=67d760ab775dae4efe803b5944b0439aa3c0b04a
(ghostscript-9.26)
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=434753adbe8be5534bfb9b7d91746023e8073d16
(master)
**CVE-2018-19477**: psi/zfjbig2.c in Artifex Ghostscript before 9.26
allows remote attackers to bypass intended access restrictions because
of a JBIG2Decode type confusion.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-19477
https://bugs.ghostscript.com/show\_bug.cgi?id=700168
### Patches:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ef252e7dc214bcbd9a2539216aab9202848602bb
(ghostscript-9.26)
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=606a22e77e7f081781e99e44644cd0119f559e03
(master)
*(from redmine: issue id 9690, created on 2018-11-26, closed on 2018-12-07)*
* Relations:
* parent #96893.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9685[3.9] clamav: Multiple vulnerabilities (CVE-2018-15378, CVE-2018-14680, CVE-2...2019-07-23T11:18:21ZAlicha CH[3.9] clamav: Multiple vulnerabilities (CVE-2018-15378, CVE-2018-14680, CVE-2018-14681, CVE-2018-14682)### Fixes for the following ClamAV vulnerabilities:
**CVE-2018-15378**: Vulnerability in ClamAV’s MEW unpacking feature that
could allow an unauthenticated,
remote attacker to cause a denial of service (DoS) condition on an
affected d...### Fixes for the following ClamAV vulnerabilities:
**CVE-2018-15378**: Vulnerability in ClamAV’s MEW unpacking feature that
could allow an unauthenticated,
remote attacker to cause a denial of service (DoS) condition on an
affected device.
### Fixes for the following vulnerabilities in bundled third-party libraries:
**CVE-2018-14680**: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha. It does not reject blank CHM filenames.
**CVE-2018-14681**: An issue was discovered in kwajd\_read\_headers in
mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header
extensions could cause a one or two byte overwrite.
**CVE-2018-14682**: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER()
macro for CHM decompression.
### Fixed In Version:
clamav 0.100.2
### References:
https://github.com/Cisco-Talos/clamav-devel/blob/dev/0.100/NEWS.md\#01002
http://lists.clamav.net/pipermail/clamav-announce/2018/000033.html
*(from redmine: issue id 9685, created on 2018-11-26, closed on 2018-11-28)*
* Relations:
* parent #9684
* Changesets:
* Revision 5412962cc2f34d4bb2f2996918e1384eda223946 on 2018-11-27T15:19:52Z:
```
main/clamav: security upgrade to 0.100.2 - CVE-2018-15378 - CVE-2018-14680 - CVE-2018-14681 - CVE-2018-14682
fixes #9685
```3.9.0Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9679[3.9] openjpeg: Multiple vulnerabilities (CVE-2017-17480, CVE-2018-18088)2019-07-23T11:18:28ZAlicha CH[3.9] openjpeg: Multiple vulnerabilities (CVE-2017-17480, CVE-2018-18088)CVE-2018-18088: NULL pointer dereference in the imagetopnm function of jp2/convert.c
------------------------------------------------------------------------------------
A flaw was found in OpenJPEG 2.3.0. A NULL pointer dereference for...CVE-2018-18088: NULL pointer dereference in the imagetopnm function of jp2/convert.c
------------------------------------------------------------------------------------
A flaw was found in OpenJPEG 2.3.0. A NULL pointer dereference for “red”
in the
imagetopnm function of jp2/convert.c
### References:
https://github.com/uclouvain/openjpeg/issues/1152
https://nvd.nist.gov/vuln/detail/CVE-2018-18088
### Patch:
https://github.com/uclouvain/openjpeg/commit/cab352e249ed3372dd9355c85e837613fff98fa2
CVE-2017-17480: Stack-buffer overflow in the pgxtovolume function
-----------------------------------------------------------------
In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the
pgxtovolume function in jp3d/convert.c. The vulnerability
causes an out-of-bounds write, which may lead to remote denial of
service or possibly remote code execution.
### References:
https://github.com/uclouvain/openjpeg/issues/1044
https://security-tracker.debian.org/tracker/CVE-2017-17480
### Patch:
https://github.com/uclouvain/openjpeg/commit/0bc90e4062a5f9258c91eca018c019b179066c62
*(from redmine: issue id 9679, created on 2018-11-22, closed on 2018-11-26)*
* Relations:
* parent #9678
* Changesets:
* Revision 5b27b635acbe69cadaffce1fbe4b69d8256c1315 by Natanael Copa on 2018-11-22T15:57:59Z:
```
main/openjpeg: security fix for CVE-2017-17480
also remove unused patches
fixes #9679
```3.9.0Francesco ColistaFrancesco Colista