aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2019-07-23T11:06:05Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10672Cannot install php7 libraries2019-07-23T11:06:05ZAario ShahbanyCannot install php7 librariesJust same as:
https://bugs.alpinelinux.org/issues/8780
When installing php7 libraries from Alpine 3.10 repositories, you get
errors like:
<code class="c">
PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib/p...Just same as:
https://bugs.alpinelinux.org/issues/8780
When installing php7 libraries from Alpine 3.10 repositories, you get
errors like:
<code class="c">
PHP Warning: PHP Startup: Unable to load dynamic library '/usr/lib/php7/modules/pdo_mysql.so' - Error relocating /usr/lib/php7/modules/pdo_mysql.so: mysqlnd_allocator: symbol not found in Unknown on line 0
</code>
As a result, php7.2 alpine docker images are now useless:
https://github.com/docker-library/php/blob/66234ccc01849f2ce1a6b18428d4a7215921d647/7.2/alpine3.10/fpm/Dockerfile
This is why I see it as high priority.
*(from redmine: issue id 10672, created on 2019-07-11, closed on 2019-07-11)*3.10.1https://gitlab.alpinelinux.org/alpine/aports/-/issues/10666[3.10] squid: XSS via user_name or auth parameter in cachemgr.cgi (CVE-2019-1...2019-07-16T11:21:06ZAlicha CH[3.10] squid: XSS via user_name or auth parameter in cachemgr.cgi (CVE-2019-13345)The cachemgr.cgi web module of Squid through 4.7 has
XSS via the user\_name or auth parameter.
### References:
https://bugs.squid-cache.org/show\_bug.cgi?id=4957
https://github.com/squid-cache/squid/pull/429
*(from redmine: issue...The cachemgr.cgi web module of Squid through 4.7 has
XSS via the user\_name or auth parameter.
### References:
https://bugs.squid-cache.org/show\_bug.cgi?id=4957
https://github.com/squid-cache/squid/pull/429
*(from redmine: issue id 10666, created on 2019-07-09)*
* Relations:
* parent #10664
* Changesets:
* Revision a93510d1c69bc8f6e6fd0e2781ffcad140585f08 by Natanael Copa on 2019-07-11T16:36:30Z:
```
main/squid: upgrade to 4.8 (CVE-2019-13345)
fixes #10666
```3.10.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10655[3.10] irssi: Use after free when sending SASL login to the server (CVE-2019-...2019-07-23T11:06:09ZAlicha CH[3.10] irssi: Use after free when sending SASL login to the server (CVE-2019-13045)Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when
SASL is enabled,
has a use after free when sending SASL login to the server.
### Fixed In Version:
Irssi 1.0.8, 1.1.3, 1.2.1
### References:
https://irssi.org/sec...Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when
SASL is enabled,
has a use after free when sending SASL login to the server.
### Fixed In Version:
Irssi 1.0.8, 1.1.3, 1.2.1
### References:
https://irssi.org/security/irssi\_sa\_2019\_06.txt
https://www.openwall.com/lists/oss-security/2019/06/29/1
*(from redmine: issue id 10655, created on 2019-07-04, closed on 2019-07-04)*
* Relations:
* parent #10653
* Changesets:
* Revision 4a1b35f961328ede5ec6d878950b6f368b83a75d by Natanael Copa on 2019-07-04T10:37:24Z:
```
main/irssi: security upgrade to 1.2.1 (CVE-2019-13045)
fixes #10655
```3.10.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10651History command doesn't clear and HISTSIZE is ignored2019-07-23T11:06:13ZXavier AriasHistory command doesn't clear and HISTSIZE is ignoredThe history command does not work properly:
docker run -it alpine:3.10
/ # history
0 history
/ # export HISTSIZE=0
/ # history -c
0 history
1 export HISTSIZE=0
2 history -c
/ # ls
bin ...The history command does not work properly:
docker run -it alpine:3.10
/ # history
0 history
/ # export HISTSIZE=0
/ # history -c
0 history
1 export HISTSIZE=0
2 history -c
/ # ls
bin dev etc home lib media mnt opt proc root run sbin srv sys tmp usr var
/ # history -c
0 history
1 export HISTSIZE=0
2 history -c
3 ls
4 history -c
/ #
*(from redmine: issue id 10651, created on 2019-07-03, closed on 2019-07-03)*3.10.1https://gitlab.alpinelinux.org/alpine/aports/-/issues/10649Add Argon2 support for PHP 7.32019-07-23T11:06:14ZAlbert CasademontAdd Argon2 support for PHP 7.3Hi,
It would be great that now that Alpine has the Argon2 libraries, the PHP
package could be compiled with Argon2 support. AFAIK it’s only a matter
of adding a “—with-password-argon2” in the “./configure” options before
compiling.
Tha...Hi,
It would be great that now that Alpine has the Argon2 libraries, the PHP
package could be compiled with Argon2 support. AFAIK it’s only a matter
of adding a “—with-password-argon2” in the “./configure” options before
compiling.
Thanks!
*(from redmine: issue id 10649, created on 2019-07-02, closed on 2019-07-11)*
* Changesets:
* Revision 43d556c0cb086ef5d94e22fc362c779cd2268042 by Andy Postnikov on 2019-07-06T18:57:20Z:
```
community/php7: add argon2 support
Closes #10649
```
* Revision 0a97585438e0dcc3f84c179edb26426db1e950b4 by Andy Postnikov on 2019-07-08T09:37:38Z:
```
community/php7: add argon2 support
Closes #10649
(cherry picked from commit 43d556c0cb086ef5d94e22fc362c779cd2268042)
```3.10.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10644[3.10] bzip2: out-of-bounds write in function BZ2_decompress (CVE-2019-12900)2019-07-23T11:06:19ZAlicha CH[3.10] bzip2: out-of-bounds write in function BZ2_decompress (CVE-2019-12900)BZ2\_decompress in decompress.c in bzip2 through 1.0.6 has an
out-of-bounds
write when there are many selectors.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-12900
https://security-tracker.debian.org/tracker/CVE-2019-1...BZ2\_decompress in decompress.c in bzip2 through 1.0.6 has an
out-of-bounds
write when there are many selectors.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-12900
https://security-tracker.debian.org/tracker/CVE-2019-12900
### Patch:
https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc
*(from redmine: issue id 10644, created on 2019-07-02, closed on 2019-07-09)*
* Relations:
* parent #10642
* Changesets:
* Revision f47a9e1da5b7f33cf5d46c0541deb454729eee51 on 2019-07-04T19:24:02Z:
```
main/bzip2: add patch for CVE-2019-12900
Adding the upstream bzip2 security patch to fix the out of bounds security
vulnerability in bzip2.
fixes #10644
```3.10.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10630[3.10] expat: large number of colons in input makes parser consume high amoun...2019-07-23T11:06:30ZAlicha CH[3.10] expat: large number of colons in input makes parser consume high amount of resources, leading to DoS (CVE-2018-20843)In libexpat in Expat before 2.2.7, XML input including XML names that
contain a large number of colons could make the XML
parser consume a high amount of RAM and CPU resources while processing
(enough to be usable for denial-of-service...In libexpat in Expat before 2.2.7, XML input including XML names that
contain a large number of colons could make the XML
parser consume a high amount of RAM and CPU resources while processing
(enough to be usable for denial-of-service attacks).
### Fixed In Version:
expat 2.2.7
### References:
https://github.com/libexpat/libexpat/issues/186
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931031
*(from redmine: issue id 10630, created on 2019-06-28, closed on 2019-07-02)*
* Relations:
* parent #10629
* Changesets:
* Revision 8ac1f86999bc295c903af1be590a9e898605e2cc by Natanael Copa on 2019-06-30T12:20:14Z:
```
main/expat: security upgrade to 2.2.7 (CVE-2018-20843)
fixes #10630
```3.10.1Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10623[3.10] evince: uninitialized memory use in function tiff_document_render() an...2019-07-23T11:06:32ZAlicha CH[3.10] evince: uninitialized memory use in function tiff_document_render() and tiff_document_get_thumbnail() (CVE-2019-11459)The tiff\_document\_render() and tiff\_document\_get\_thumbnail()
functions in the TIFF document backend in GNOME Evince through 3.32.0
did
not handle errors from TIFFReadRGBAImageOriented(), leading to
uninitialized memory use when pr...The tiff\_document\_render() and tiff\_document\_get\_thumbnail()
functions in the TIFF document backend in GNOME Evince through 3.32.0
did
not handle errors from TIFFReadRGBAImageOriented(), leading to
uninitialized memory use when processing certain TIFF image files.
### Reference:
https://gitlab.gnome.org/GNOME/evince/issues/1129
### Patch:
https://gitlab.gnome.org/GNOME/evince/commit/234f034a4d15cd46dd556f4945f99fbd57ef5f15
*(from redmine: issue id 10623, created on 2019-06-25, closed on 2019-07-09)*
* Relations:
* parent #10621
* Changesets:
* Revision c0566a6218a27e10bfdb13b56c92fe18ff7b71c7 by Natanael Copa on 2019-07-08T12:57:17Z:
```
community/evince: fix CVE-2019-11459
remove unused patch
fixes #10623
```3.10.1https://gitlab.alpinelinux.org/alpine/aports/-/issues/10617[3.10] libvirt: Multiple vulnerabilities (CVE-2019-10161, CVE-2019-10166, CVE...2019-07-23T11:06:38ZAlicha CH[3.10] libvirt: Multiple vulnerabilities (CVE-2019-10161, CVE-2019-10166, CVE-2019-10167, CVE-2019-10168)CVE-2019-10161: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API
-----------------------------------------------------------------------------
It was discovered that libvirtd would permit readonly clients to use
the
virDo...CVE-2019-10161: arbitrary file read/exec via virDomainSaveImageGetXMLDesc API
-----------------------------------------------------------------------------
It was discovered that libvirtd would permit readonly clients to use
the
virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which
would be accessed with the permissions of the libvirtd process. An
attacker with access to the libvirtd socket could use this to probe
the
existence of arbitrary files, cause denial of service or cause
libvirtd
to execute arbitrary programs.
This vulnerability was first present in libvirt v0.9.4.
### Fixed In Version:
libvirt 4.10.1, libvirt 5.4.1
### References:
https://security-tracker.debian.org/tracker/CVE-2019-10161
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2019-10161
### Patch:
https://libvirt.org/git/?p=libvirt.git;a=commit;h=aed6a032cead4386472afb24b16196579e239580
CVE-2019-10166: virDomainManagedSaveDefineXML API exposed to readonly clients
-----------------------------------------------------------------------------
It was discovered that libvirtd would permit readonly clients to use
the
virDomainManagedSaveDefineXML() API, which would permit them to modify
managed save state files. If a managed save had already been created
by
a privileged user, a local attacker could modify this file such that
libvirtd would execute an arbitrary program when the domain was resumed.
This vulnerability was first present in libvirt v3.6.1.
### Fixed In Version:
libvirt 4.10.1, libvirt 5.4.1
### References:
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2019-10166
https://security-tracker.debian.org/tracker/CVE-2019-10166
### Patch:
https://libvirt.org/git/?p=libvirt.git;a=commit;h=db0b78457f183e4c7ac45bc94de86044a1e2056a
CVE-2019-10167: arbitrary command execution via virConnectGetDomainCapabilities API
-----------------------------------------------------------------------------------
The virConnectGetDomainCapabilities() libvirt API accepts an
“emulatorbin”
argument to specify the program providing emulation for a domain.
Since
v1.2.19, libvirt will execute that program to probe the domain’s
capabilities. Read-only clients could specify an arbitrary path for
this
argument, causing libvirtd to execute a crafted executable with its own
### Fixed In Version:
libvirt 4.10.1, libvirt 5.4.1
### References:
https://security-tracker.debian.org/tracker/CVE-2019-10167
### Patch:
https://libvirt.org/git/?p=libvirt.git;a=commit;h=8afa68bac0cf99d1f8aaa6566685c43c22622f26
CVE-2019-10168: arbitrary command execution via virConnectBaselineHypervisorCPU and virConnectCompareHypervisorCPU APIs
-----------------------------------------------------------------------------------------------------------------------
The virConnectBaselineHypervisorCPU() and
virConnectCompareHypervisorCPU()
libvirt APIs accept an “emulator” argument to specify the program
providing
emulation for a domain. Since v1.2.19, libvirt will execute that program
to
probe the domain’s capabilities. Read-only clients could specify an
arbitrary
path for this argument, causing libvirtd to execute a crafted executable
with
its own privileges.
### Fixed In Version:
libvirt 4.10.1, libvirt 5.4.1
### References:
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2019-10168
https://security-tracker.debian.org/tracker/CVE-2019-10168
### Patch:
https://libvirt.org/git/?p=libvirt.git;a=commit;h=bf6c2830b6c338b1f5699b095df36f374777b291
*(from redmine: issue id 10617, created on 2019-06-25, closed on 2019-07-04)*
* Relations:
* parent #10615
* Changesets:
* Revision d8c86688b6afbadd18a78b88a430ed4cabe78e7c by Francesco Colista on 2019-07-03T09:39:08Z:
```
main/libvirt: security upgrade to 5.5.0
This upgrade fixes the following CVE:
- CVE-2019-10168
- CVE-2019-10167
- CVE-2019-10166
- CVE-2019-10161
Fixes #10617
```3.10.1Francesco ColistaFrancesco Colistahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10602[3.10] firefox-esr: sandbox escape using Prompt:Open (CVE-2019-11708)2019-07-23T11:06:44ZAlicha CH[3.10] firefox-esr: sandbox escape using Prompt:Open (CVE-2019-11708)Insufficient vetting of parameters passed with the \`Prompt:Open\`
IPC message between child and parent processes can result in the
non-sandboxed
parent process opening web content chosen by a compromised child
process.
When combin...Insufficient vetting of parameters passed with the \`Prompt:Open\`
IPC message between child and parent processes can result in the
non-sandboxed
parent process opening web content chosen by a compromised child
process.
When combined with additional vulnerabilities
this could result in executing arbitrary code on the user’s computer.
### Fixed In Version:
Firefox ESR 60.7.2
### Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/
*(from redmine: issue id 10602, created on 2019-06-21, closed on 2019-06-28)*
* Relations:
* parent #10600
* Changesets:
* Revision f1f49be1c7278df89e43c698ccc2e30659902683 on 2019-06-27T14:48:06Z:
```
community/firefox-esr: security upgrade to 60.7.2 (CVE-2019-11708)
fixes #10602
```3.10.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10591Polkit segmentation fault based on libmozjs-60.so.0 - polkitd crashing2019-07-23T11:06:47ZMark CoolenPolkit segmentation fault based on libmozjs-60.so.0 - polkitd crashingI’ve been using Alpine for awhile to host VMs using KVM and libvirt. I
connect to Alpine using virt-manager over QEMU+SSH. It worked fine until
I upgraded to 3.10. I followed the instructions on the Wiki for setting
up KVM with polkit au...I’ve been using Alpine for awhile to host VMs using KVM and libvirt. I
connect to Alpine using virt-manager over QEMU+SSH. It worked fine until
I upgraded to 3.10. I followed the instructions on the Wiki for setting
up KVM with polkit authentication over SSH and it worked beautifully
until now.
Since I upgraded to 3.10 libvirt works fine and I can use virsh after
connecting via SSH, but I can’t connect with virt-manager from my
Manjaro-based system. It throws:
Unable to connect to libvirt qemu+ssh://——`192.168.--.--/system.
error from service: CheckAuthorization: Process org.freedesktop.PolicyKit1 received signal 9
Verify that the 'libvirtd' daemon is running on the remote host.
Libvirt URI is: qemu+ssh://----`192.168.—.—/system
Traceback (most recent call last):
File “/usr/share/virt-manager/virtManager/connection.py”, line 1012, in
\_do\_open
self.\_backend.open(connectauth.creds\_dialog, self)
File “/usr/share/virt-manager/virtinst/connection.py”, line 138, in
open
open\_flags)
File “/usr/lib/python3.7/site-packages/libvirt.py”, line 104, in
openAuth
if ret is None:raise libvirtError(‘virConnectOpenAuth() failed’)
libvirt.libvirtError: error from service: CheckAuthorization: Process
org.freedesktop.PolicyKit1 received signal 9
*(from redmine: issue id 10591, created on 2019-06-20, closed on 2019-07-11)*3.10.1Rasmus Thomsenoss@cogitri.devRasmus Thomsenoss@cogitri.devhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10590[3.10] samba: Multiple vulnerabilities (CVE-2019-12435, CVE-2019-12436)2019-07-23T11:06:48ZAlicha CH[3.10] samba: Multiple vulnerabilities (CVE-2019-12435, CVE-2019-12436)CVE-2019-12435: Samba AD DC Denial of Service in DNS management server (dnsserver)
----------------------------------------------------------------------------------
The (poorly named) dnsserver RPC pipe provides administrative
facili...CVE-2019-12435: Samba AD DC Denial of Service in DNS management server (dnsserver)
----------------------------------------------------------------------------------
The (poorly named) dnsserver RPC pipe provides administrative
facilities to modify DNS records and zones.
An authenticated user can crash the RPC server process via a NULL
pointer de-reference.
There is no further vulnerability associated with this issue, merely a
denial of service.
### Affected Versions:
Samba 4.9 and 4.10
### Fixed In Version:
Samba 4.9.9 and 4.10.5
### References:
https://www.samba.org/samba/security/CVE-2019-12435.html
https://www.samba.org/samba/history/security.html
### Patches:
https://download.samba.org/pub/samba/patches/security/samba-4.9.8-security-2019-06-19.patch
https://download.samba.org/pub/samba/patches/security/samba-4.10.4-security-2019-06-19.patch
CVE-2019-12436: Samba AD DC LDAP server crash (paged searches)
--------------------------------------------------------------
A user with read access to the LDAP server can crash the LDAP
server process. Depending on the Samba version and the choice
of process model, this may crash only the user’s own connection.
Specifically, while in Samba 4.10 the default is for one process per
connected client, site-specific configuration trigger can change
this.
Samba 4.10 also supports the ‘prefork’ process model and by
using the -M option to ‘samba’ and a ‘single’ process model.
Both of these share on process between multiple clients.
### Affected Versions:
All versions of Samba since Samba 4.10.0
### Fixed In Version:
Samba 4.10.5
### References:
https://www.samba.org/samba/security/CVE-2019-12436.html
### Patch:
https://download.samba.org/pub/samba/patches/security/samba-4.10.4-security-2019-06-19.patch
*(from redmine: issue id 10590, created on 2019-06-20, closed on 2019-06-21)*
* Relations:
* parent #105883.10.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10587enable kernel options for x86_64 hw error event reporting2019-07-23T11:06:51ZHenrik Riomarenable kernel options for x86_64 hw error event reportingSee PR: https://github.com/alpinelinux/aports/pull/8221
*(from redmine: issue id 10587, created on 2019-06-19, closed on 2019-07-11)*See PR: https://github.com/alpinelinux/aports/pull/8221
*(from redmine: issue id 10587, created on 2019-06-19, closed on 2019-07-11)*3.10.1https://gitlab.alpinelinux.org/alpine/aports/-/issues/10558[3.10] py-django: AdminURLFieldWidget XSS (CVE-2019-12308)2019-07-23T11:07:10ZAlicha CH[3.10] py-django: AdminURLFieldWidget XSS (CVE-2019-12308)An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9,
and 2.2 before 2.2.2. The clickable Current URL
value displayed by the AdminURLFieldWidget displays the provided value
without validating it as a safe URL. Thus, ...An issue was discovered in Django 1.11 before 1.11.21, 2.1 before 2.1.9,
and 2.2 before 2.2.2. The clickable Current URL
value displayed by the AdminURLFieldWidget displays the provided value
without validating it as a safe URL. Thus, an unvalidated
value stored in the database, or a value provided as a URL query
parameter payload, could result in an clickable JavaScript link.
### Fixed In Version:
Django 2.2.2, Django 2.1.9, Django 1.11.21
### References:
https://docs.djangoproject.com/en/dev/releases/1.11.21/
https://www.openwall.com/lists/oss-security/2019/06/03/2
### Patch:
https://github.com/django/django/commit/c238701859a52d584f349cce15d56c8e8137c52b
*(from redmine: issue id 10558, created on 2019-06-13, closed on 2019-06-26)*
* Relations:
* parent #10557
* Changesets:
* Revision 3192c106fcf98faea0a2e8554ba5b4be87ca45b8 by Natanael Copa on 2019-06-25T21:05:03Z:
```
main/py-django: security upgrade to 1.11.21 (CVE-2019-12308)
fixes #10558
```3.10.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10552[3.10] heimdal: man-in-the-middle attack in function krb5_init_creds_step in ...2019-07-16T11:25:06ZAlicha CH[3.10] heimdal: man-in-the-middle attack in function krb5_init_creds_step in lib/krb5/init_creds_pw.c (CVE-2019-12098)In the client side of Heimdal before 7.6.0, failure to verify anonymous
PKINIT PA-PKINIT-KX key exchange permits a
man-in-the-middle attack. This issue is in krb5\_init\_creds\_step in
lib/krb5/init\_creds\_pw.c.
### References:
http...In the client side of Heimdal before 7.6.0, failure to verify anonymous
PKINIT PA-PKINIT-KX key exchange permits a
man-in-the-middle attack. This issue is in krb5\_init\_creds\_step in
lib/krb5/init\_creds\_pw.c.
### References:
http://www.h5l.org/pipermail/heimdal-announce/2019-May/000009.html
https://nvd.nist.gov/vuln/detail/CVE-2019-12098
### Patch:
Fixed by:
https://github.com/heimdal/heimdal/commit/2f7f3d9960aa6ea21358bdf3687cee5149aa35cf
(7.6.0)
Introduced by:
https://github.com/heimdal/heimdal/commit/a1ef548600c5bb51cf52a9a9ea12676506ede19f
(1.4.0)
*(from redmine: issue id 10552, created on 2019-06-12)*
* Relations:
* parent #10551
* Changesets:
* Revision 7f6e6b03d2536a389bb79a29915bd3a8fe881517 by Natanael Copa on 2019-07-11T16:02:02Z:
```
main/heimdal: security fix for CVE-2019-12098
fixes #10552
```3.10.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10426[3.10] tcpflow: stack-based buffer over-read exists in setbit() at iptree.h (...2019-07-16T11:50:29ZAlicha CH[3.10] tcpflow: stack-based buffer over-read exists in setbit() at iptree.h (CVE-2018-18409)A stack-based buffer over-read exists in setbit() at iptree.h of TCPFLOW
1.5.0, due to received incorrect values causing incorrect computation,
leading to denial of service during an address\_histogram call or a
get\_histogram call.
#...A stack-based buffer over-read exists in setbit() at iptree.h of TCPFLOW
1.5.0, due to received incorrect values causing incorrect computation,
leading to denial of service during an address\_histogram call or a
get\_histogram call.
### References:
https://github.com/simsong/tcpflow/issues/195
https://nvd.nist.gov/vuln/detail/CVE-2018-18409
### Patch:
https://github.com/simsong/tcpflow/commit/89c04b4fb0e46b3c4f1388686e83966e531cbea9
*(from redmine: issue id 10426, created on 2019-05-08)*
* Relations:
* parent #10425
* Changesets:
* Revision 4018db3cdac1d0eef1ad039d1a9120fa79e04b58 by Natanael Copa on 2019-07-08T14:18:59Z:
```
main/tcpflow: backport fix for CVE-2018-18409
and remove unused patch
ref #10426
```3.10.1Natanael CopaNatanael Copa