aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2019-07-23T11:54:10Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7289[3.5] xen: Multiple issues (CVE-2017-8903, CVE-2017-8904)2019-07-23T11:54:10ZAlicha CH[3.5] xen: Multiple issues (CVE-2017-8903, CVE-2017-8904)**CVE-2017-8903, XSA-213**: x86: 64bit PV guest breakout via pagetable
use-after-mode-change
### Reference:
http://xenbits.xen.org/xsa/advisory-213.html
**CVE-2017-8904, XSA-214**: grant transfer allows PV guest to elevate
privileges
...**CVE-2017-8903, XSA-213**: x86: 64bit PV guest breakout via pagetable
use-after-mode-change
### Reference:
http://xenbits.xen.org/xsa/advisory-213.html
**CVE-2017-8904, XSA-214**: grant transfer allows PV guest to elevate
privileges
### References:
http://xenbits.xen.org/xsa/advisory-214.html
*(from redmine: issue id 7289, created on 2017-05-18, closed on 2017-06-16)*
* Relations:
* parent #7287
* Changesets:
* Revision 231b8648691a0c1f456d8f87e56bd6480fb4a0bc on 2017-06-15T13:00:38Z:
```
main/xen: security fixes #7289
CVE-2017-8903, CVE-2017-8904, CVE-2017-8905
```3.5.3Ariadne Conillariadne@ariadne.spaceAriadne Conillariadne@ariadne.spacehttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7293[3.5] libreoffice: Heap-buffer-overflow in WMF polygon processing and EMF fil...2019-07-23T11:54:06ZAlicha CH[3.5] libreoffice: Heap-buffer-overflow in WMF polygon processing and EMF filter (CVE-2017-7870, CVE-2016-10327)CVE-2017-7870 Heap-buffer-overflow in WMF polygon processing
------------------------------------------------------------
Windows Metafiles (WMF) can contain polygons which under certain
circumstances when processed (split) can result ...CVE-2017-7870 Heap-buffer-overflow in WMF polygon processing
------------------------------------------------------------
Windows Metafiles (WMF) can contain polygons which under certain
circumstances when processed (split) can result
in output polygons which have too many points to be represented by
LibreOffice’s internal polygon class.
### Fixed in:
LibreOffice 5.2.5/5.3.0
### Reference:
https://www.libreoffice.org/about-us/security/advisories/cve-2017-7870/
CVE-2016-10327 Heap-buffer-overflow in EMF filter
-------------------------------------------------
Enhanced Metafiles (EMF) can contain bitmap data preceded by a header
and a field with in that header which states the offset from the start
of the
header to the bitmap data. An emf can be crafted to provide an illegal
offset which if not tested for validity can trigger a heap buffer
overflow.
### Fixed in:
LibreOffice 5.2.5/5.3.0
### Reference:
https://www.libreoffice.org/about-us/security/advisories/cve-2016-10327/
*(from redmine: issue id 7293, created on 2017-05-18, closed on 2017-06-16)*
* Changesets:
* Revision 0c6f4a410898db316a1fd871fe4e73daaa3a3cc1 on 2017-06-16T06:21:17Z:
```
community/libreoffice: security update to 5.2.7.2 (CVE-2017-7870, CVE-2016-10327)
Fixes #7293
```3.5.3Timo TeräsTimo Teräshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7299[3.5] dropbear: Multiple vulnerabilities (CVE-2017-9078, CVE-2017-9079)2019-07-23T11:54:01ZAlicha CH[3.5] dropbear: Multiple vulnerabilities (CVE-2017-9078, CVE-2017-9079)**CVE-2017-9078** - The server in Dropbear before 2017.75 might allow
post-authentication
root remote code execution because of a double free in cleanup of TCP
listeners when the -a option is enabled.
**CVE-2017-9079** - Dropbear be...**CVE-2017-9078** - The server in Dropbear before 2017.75 might allow
post-authentication
root remote code execution because of a double free in cleanup of TCP
listeners when the -a option is enabled.
**CVE-2017-9079** - Dropbear before 2017.75 might allow local users to
read certain files
as root, if the file has the authorized\_keys file format with a
command= option. This occurs because ~/.ssh/authorized\_keys is read
with root privileges and symlinks are followed.
### Fixed In Version:
dropbear 2017.75
### References:
http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2017q2/001985.html
https://nvd.nist.gov/vuln/detail/CVE-2017-9078
https://nvd.nist.gov/vuln/detail/CVE-2017-9079
*(from redmine: issue id 7299, created on 2017-05-22, closed on 2017-06-15)*
* Relations:
* parent #7297
* Changesets:
* Revision b798fc52c6aa85782652617ee817f26a9412f861 on 2017-06-13T12:14:54Z:
```
main/dropbear: security upgrade to 2017.75 (CVE-2017-9078, CVE-2017-9079)
Fixes #7299
```3.5.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7305[3.5] nss: Write beyond bounds caused by bugs in Base64 de/encoding in nssb64...2019-07-23T11:53:54ZAlicha CH[3.5] nss: Write beyond bounds caused by bugs in Base64 de/encoding in nssb64d.c and nssb64e.c (CVE-2017-5461)Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through
3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1
allows remote attackers to cause a denial of service (out-of-bounds
write) or possibly have unsp...Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through
3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1
allows remote attackers to cause a denial of service (out-of-bounds
write) or possibly have unspecified other impact by leveraging incorrect
base64 operations.
### References:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/\#CVE-2017-5461
https://nvd.nist.gov/vuln/detail/CVE-2017-5461
*(from redmine: issue id 7305, created on 2017-05-22, closed on 2017-08-22)*
* Relations:
* parent #7304
* Changesets:
* Revision c93128728f142e10428fe6d7318413ff0069a9be by Natanael Copa on 2017-08-22T18:16:36Z:
```
main/nss: upgrade to 3.28.4
fixes #7305
```3.5.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7310[3.5] ghostscript: Multiple vulnerabilities (CVE-2016-10217, CVE-2016-10218, ...2019-07-23T11:53:49ZAlicha CH[3.5] ghostscript: Multiple vulnerabilities (CVE-2016-10217, CVE-2016-10218, CVE-2016-10219, CVE-2016-10220, CVE-2017-5951, CVE-2017-7207, CVE-2017-8291)**CVE-2016-10217**: The pdf14\_open function in base/gdevp14.c in
Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause
a denial of service
(use-after-free and application crash) via a crafted file that is
mishandled...**CVE-2016-10217**: The pdf14\_open function in base/gdevp14.c in
Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause
a denial of service
(use-after-free and application crash) via a crafted file that is
mishandled in the color management module.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2016-10217
### Patch:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=90fd0c7ca3efc1ddff64a86f4104b13b3ac969eb
**CVE-2016-10218**: The pdf14\_pop\_transparency\_group function in
base/gdevp14.c in the PDF Transparency module in Artifex Software, Inc.
Ghostscript 9.20
allows remote attackers to cause a denial of service (NULL pointer
dereference and application crash) via a crafted file.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2016-10218
### Patch:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d621292fb2c8157d9899dcd83fd04dd250e30fe4
**CVE-2016-10219**: The intersect function in base/gxfill.c in Artifex
Software, Inc. Ghostscript 9.20 allows remote attackers to cause a
denial of service (divide-by-zero error and application crash) via a
crafted file.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2016-10219
### Patch:
http://git.ghostscript.com/?p=ghostpdl.git;h=4bef1a1d32e29b68855616020dbff574b9cda08f
**CVE-2016-10220**: The gs\_makewordimagedevice function in
base/gsdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote
attackers
to cause a denial of service (NULL pointer dereference and application
crash) via a crafted file that is mishandled in the PDF Transparency
module.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2016-10220
### Patch:
http://git.ghostscript.com/?p=ghostpdl.git;h=daf85701dab05f17e924a48a81edc9195b4a04e8
**CVE-2017-5951**: The mem\_get\_bits\_rectangle function in
base/gdevmem.c in Artifex Software, Inc. Ghostscript 9.20
allows remote attackers to cause a denial of service (NULL pointer
dereference and application crash) via a crafted file.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-5951
### Patch:
http://git.ghostscript.com/?p=user/chrisl/ghostpdl.git;a=commitdiff;h=bfa6b2ecbe48edc69a7d9d22a12419aed25960b8
**CVE-2017-7207**: The mem\_get\_bits\_rectangle function in Artifex
Software, Inc. Ghostscript 9.20 allows remote
attackers to cause a denial of service (NULL pointer dereference) via a
crafted PostScript document.
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-7207
### Patch:
http://git.ghostscript.com/?p=ghostpdl.git;h=309eca4e0a31ea70dcc844812691439312dad091
**CVE-2017-8291**: Artifex Ghostscript through 2017-04-26 allows -dSAFER
bypass and remote command execution via .
rsdparams type confusion with a “/OutputFile (pipe” substring in a
crafted .eps document that is an input to the gs program, as exploited
in the wild in April 2017.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-8291
### Patches:
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=04b37bbce1
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4f83478c88
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=57f20719
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=ccfd2c75ac
*(from redmine: issue id 7310, created on 2017-05-22, closed on 2017-05-30)*
* Relations:
* parent #73093.5.3Francesco ColistaFrancesco Colistahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7321[3.5] samba: Remote code execution from a writable share (CVE-2017-7494)2019-07-23T11:53:41ZAlicha CH[3.5] samba: Remote code execution from a writable share (CVE-2017-7494)All versions of Samba from 3.5.0 onwards are vulnerable to a remote
code execution vulnerability, allowing a malicious client to upload a
shared library to a writable share, and then cause the server to load
and execute it.
Samba ...All versions of Samba from 3.5.0 onwards are vulnerable to a remote
code execution vulnerability, allowing a malicious client to upload a
shared library to a writable share, and then cause the server to load
and execute it.
Samba 4.6.4, 4.5.10 and 4.4.14 have been issued as
security releases to correct the defect.
### References:
https://www.samba.org/samba/security/CVE-2017-7494.html
https://www.samba.org/samba/history/security.html
*(from redmine: issue id 7321, created on 2017-05-25, closed on 2017-05-25)*
* Relations:
* parent #7319
* Changesets:
* Revision fcc2d0a8f7aaf4fafdae753b7cd8bae2aa1e5208 on 2017-05-25T12:34:01Z:
```
main/samba: upgrade to 4.5.10. Fixes #7321
```3.5.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7329[3.5] libtasn1: asn1_find_node() based stackoverflow (CVE-2017-6891)2019-07-23T11:53:33ZAlicha CH[3.5] libtasn1: asn1_find_node() based stackoverflow (CVE-2017-6891)Two errors in the “asn1\_find\_node()” function (lib/parser\_aux.c)
within GnuTLS libtasn1 version 4.10 can be exploited to cause a
stacked-based
buffer overflow by tricking a user into processing a specially crafted
assignments file v...Two errors in the “asn1\_find\_node()” function (lib/parser\_aux.c)
within GnuTLS libtasn1 version 4.10 can be exploited to cause a
stacked-based
buffer overflow by tricking a user into processing a specially crafted
assignments file via the e.g. asn1Coding utility.
### References:
https://secuniaresearch.flexerasoftware.com/secunia\_research/2017-11/
https://nvd.nist.gov/vuln/detail/CVE-2017-6891
### Patch:
http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;h=5520704d075802df25ce4ffccc010ba1641bd484
*(from redmine: issue id 7329, created on 2017-05-25, closed on 2017-05-25)*
* Relations:
* parent #7326
* Changesets:
* Revision f3deae790a5e13e6419c1bf4f0c5f62c4d5206db on 2017-05-25T13:46:54Z:
```
main/libtasn1: security fix for CVE-2017-6891. Fixes #7329
```3.5.3Francesco ColistaFrancesco Colistahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7348[3.5] strongswan: Multiple vulnerabilities (CVE-2017-9022, CVE-2017-9023)2019-07-23T11:53:22ZAlicha CH[3.5] strongswan: Multiple vulnerabilities (CVE-2017-9022, CVE-2017-9023)CVE-2017-9022: Insufficient validation of RSA public keys passed to the gmp plugin
----------------------------------------------------------------------------------
RSA public keys passed to the gmp plugin aren’t validated sufficiently...CVE-2017-9022: Insufficient validation of RSA public keys passed to the gmp plugin
----------------------------------------------------------------------------------
RSA public keys passed to the gmp plugin aren’t validated sufficiently
before attempting signature verification, so that invalid input might
lead to a floating point
exception and crash of the process. A certificate with an appropriately
prepared public key sent by a peer could be used for a denial-of-service
attack.
### Affected versions:
All versions since 4.4.0, up to and including 5.5.2.
### Fixed In Version:
strongswan 5.5.3
### References:
https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-(cve-2017-9022).html
### Patches:
https://download.strongswan.org/security/CVE-2017-9022/
CVE-2017-9023: Incorrect Handling of CHOICE types in ASN.1 parser and x509 plugin
---------------------------------------------------------------------------------
ASN.1 CHOICE types are not correctly handled by the ASN.1 parser when
parsing X.509 certificates with extensions that use such types.
This could lead to infinite looping of the thread parsing a specifically
crafted certificate.
### Affected versions:
All strongSwan versions up to and including 5.5.2
### Fixed In Version:
strongswan 5.5.3
### References:
https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-(cve-2017-9023).html
### Patches:
https://download.strongswan.org/security/CVE-2017-9023/
*(from redmine: issue id 7348, created on 2017-05-31, closed on 2017-06-15)*
* Relations:
* parent #7346
* Changesets:
* Revision 82ccbbfff5cbbf01b74519ddd9bc16c487b449e6 by Natanael Copa on 2017-05-31T14:02:55Z:
```
main/strongswan: security upgrade to 5.5.3 (CVE-2017-9022,CVE-2017-9023)
fixes #7348
```3.5.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7357[3.5] zlib: Multiple vulnerabilities (CVE-2016-9840, CVE-2016-9841, CVE-2016-...2019-07-23T11:53:14ZAlicha CH[3.5] zlib: Multiple vulnerabilities (CVE-2016-9840, CVE-2016-9841, CVE-2016-9842, CVE-2016-9843)**CVE-2016-9840**: inftrees.c in zlib 1.2.8 might allow
context-dependent attackers to have unspecified impact by leveraging
improper pointer arithmetic.
### References:
http://seclists.org/oss-sec/2016/q4/602
https://nvd.nist.gov/vu...**CVE-2016-9840**: inftrees.c in zlib 1.2.8 might allow
context-dependent attackers to have unspecified impact by leveraging
improper pointer arithmetic.
### References:
http://seclists.org/oss-sec/2016/q4/602
https://nvd.nist.gov/vuln/detail/CVE-2016-9840
### Patch:
https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0
**CVE-2016-9841**: inffast.c in zlib 1.2.8 might allow context-dependent
attackers to have unspecified impact by leveraging improper pointer
arithmetic.
### References:
http://seclists.org/oss-sec/2016/q4/602
https://nvd.nist.gov/vuln/detail/CVE-2016-9841
### Patch:
https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb
**CVE-2016-9842**: The inflateMark function in inflate.c in zlib 1.2.8
might allow context-dependent attackers to have unspecified impact
via vectors involving left shifts of negative integers.
### References:
http://seclists.org/oss-sec/2016/q4/602
https://nvd.nist.gov/vuln/detail/CVE-2016-9842
### Patch:
https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958
**CVE-2016-9843**: The crc32\_big function in crc32.c in zlib 1.2.8
might allow context-dependent attackers to have unspecified impact via
vectors involving big-endian CRC calculation.
### References:
http://seclists.org/oss-sec/2016/q4/602
https://nvd.nist.gov/vuln/detail/CVE-2016-9843
### Patch:
https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811
*(from redmine: issue id 7357, created on 2017-06-01, closed on 2017-06-01)*
* Relations:
* parent #7356
* Changesets:
* Revision 7976522ac026c1430e4dfe2ac2bf27d9e624d57b by Natanael Copa on 2017-06-01T11:23:41Z:
```
main/zlib: security upgrade to 1.2.11
CVE-2016-9840
CVE-2016-9841
CVE-2016-9842
CVE-2016-9843
fixes #7357
```3.5.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7363[3.5] openldap: Double free vulnerability in servers/slapd/back-mdb/search.c ...2019-07-23T11:53:07ZAlicha CH[3.5] openldap: Double free vulnerability in servers/slapd/back-mdb/search.c (CVE-2017-9287)servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a
double free vulnerability. A user with access to search the
directory can crash slapd by issuing a search including the Paged
Results control with a page size of ...servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a
double free vulnerability. A user with access to search the
directory can crash slapd by issuing a search including the Paged
Results control with a page size of 0.
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-9287
### Patch:
https://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=0cee1ffb6021b1aae3fcc9581699da1c85a6dd6e
*(from redmine: issue id 7363, created on 2017-06-01, closed on 2017-06-15)*
* Relations:
* parent #7360
* Changesets:
* Revision 98cfa8f1e22a941d95c96dc21c025a4a49ffd7a0 by Natanael Copa on 2017-06-15T09:53:40Z:
```
main/openldap: sec fix for CVE-2017-9287
fixes #7363
```3.5.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7368[3.5] mosquitto: Pattern based ACLs can be bypassed (CVE-2017-7650)2019-07-23T11:53:02ZAlicha CH[3.5] mosquitto: Pattern based ACLs can be bypassed (CVE-2017-7650)A vulnerability exists in Mosquitto versions 0.15 to 1.4.11.
Pattern based ACLs can be bypassed by clients that set their
username/client id to ‘\#’ or ‘+’. This allows locally or remotely
connected clients to access MQTT
topics that ...A vulnerability exists in Mosquitto versions 0.15 to 1.4.11.
Pattern based ACLs can be bypassed by clients that set their
username/client id to ‘\#’ or ‘+’. This allows locally or remotely
connected clients to access MQTT
topics that they do have the rights to. The same issue may be present in
third party authentication/access control plugins for Mosquitto.
The vulnerability only comes into effect where pattern based ACLs are in
use, or potentially where third party plugins are in use.
### Fixed In Version:
mosquitto 1.4.12
### Reference:
http://mosquitto.org/2017/05/security-advisory-cve-2017-7650/
### Patch:
https://mosquitto.org/files/cve/2017-7650/
*(from redmine: issue id 7368, created on 2017-06-01, closed on 2017-06-15)*
* Relations:
* parent #7366
* Changesets:
* Revision 478ed45621953f401511c76d48e3196bb7ef7813 on 2017-06-15T10:06:33Z:
```
main/mosquitto: security upgrade to 1.4.12 (CVE-2017-7650)
Fixes #7368
```3.5.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7378[3.5] wireshark: Multiple vulnerabilities (CVE-2017-9343, CVE-2017-9344, CVE-...2019-07-23T11:52:52ZAlicha CH[3.5] wireshark: Multiple vulnerabilities (CVE-2017-9343, CVE-2017-9344, CVE-2017-9345, CVE-2017-9346, CVE-2017-9347, CVE-2017-9348, CVE-2017-9349, CVE-2017-9350, CVE-2017-9351, CVE-2017-9352, CVE-2017-9353, CVE-2017-9354)CVE-2017-9343: MSNIP dissector crash
------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-30.htm...CVE-2017-9343: MSNIP dissector crash
------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-30.html
CVE-2017-9344: BT L2CAP dissector divide by zero
------------------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-29.html
CVE-2017-9345: DNS dissector infinite loop
------------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-26.html
CVE-2017-9346: SoulSeek dissector infinite loop
-----------------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-25.html
CVE-2017-9347: ROS dissector crash
----------------------------------
**Affected versions**: 2.2.0 to 2.2.12
**Fixed versions**: 2.2.7
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-31.html
CVE-2017-9348: DOF dissector read overflow
------------------------------------------
**Affected versions**: 2.2.0 to 2.2.12
**Fixed versions**: 2.2.7
### References:
https://www.wireshark.org/security/wnpa-sec-2017-23.html
CVE-2017-9349: DICOM dissector infinite loop
--------------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-27.html
CVE-2017-9350: openSAFETY dissector memory exhaustion
-----------------------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-28.html
**CVE-2017-9351**: DHCP dissector read overflow
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-24.html
CVE-2017-9352: Bazaar dissector infinite loop
---------------------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-22.html
CVE-2017-9353: IPv6 dissector crash
-----------------------------------
**Affected versions**: 2.2.0 to 2.2.6
**Fixed versions**: 2.2.7
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-33.html
CVE-2017-9354: RGMP dissector crash
-----------------------------------
**Affected versions**: 2.2.0 to 2.2.6, 2.0.0 to 2.0.12
**Fixed versions**: 2.2.7, 2.0.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2017-32.html
*(from redmine: issue id 7378, created on 2017-06-05, closed on 2017-06-15)*
* Relations:
* parent #7375
* Changesets:
* Revision 429bab63b290e2cd8589f4f83a4c369c72460450 on 2017-06-13T09:43:34Z:
```
community/wireshark: security upgrade to 2.2.7
CVE-2017-9343, CVE-2017-9344, CVE-2017-9345, CVE-2017-9346,
CVE-2017-9347, CVE-2017-9348, CVE-2017-9349, CVE-2017-9350,
CVE-2017-9351, CVE-2017-9352, CVE-2017-9353, CVE-2017-9354
Fixes #7378
```3.5.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7383[3.5] postgresql: Multiple vulnerabilities (CVE-2017-7484, CVE-2017-7485, CVE...2019-07-23T11:52:47ZAlicha CH[3.5] postgresql: Multiple vulnerabilities (CVE-2017-7484, CVE-2017-7485, CVE-2017-7486)CVE-2017-7484: selectivity estimators bypass SELECT privilege checks
--------------------------------------------------------------------
### Fixed In Version:
postgresql 9.4.12, postgresql 9.5.7, **postgresql 9.6.3**
### References:
...CVE-2017-7484: selectivity estimators bypass SELECT privilege checks
--------------------------------------------------------------------
### Fixed In Version:
postgresql 9.4.12, postgresql 9.5.7, **postgresql 9.6.3**
### References:
https://www.postgresql.org/about/news/1746/
https://nvd.nist.gov/vuln/detail/CVE-2017-7484
CVE-2017-7485: libpq ignores PGREQUIRESSL environment variable
--------------------------------------------------------------
### Fixed In Version:
postgresql 9.4.12, postgresql 9.5.7, **postgresql 9.6.3**
### References:
https://www.postgresql.org/about/news/1746/
https://nvd.nist.gov/vuln/detail/CVE-2017-7485
CVE-2017-7486: pg\_user\_mappings view discloses foreign server passwords
-------------------------------------------------------------------------
### Fixed In Version:
postgresql 9.2.21, postgresql 9.3.17, postgresql 9.4.12, postgresql
9.5.7, **postgresql 9.6.3**
### References:
https://www.postgresql.org/about/news/1746/
https://nvd.nist.gov/vuln/detail/CVE-2017-7486
*(from redmine: issue id 7383, created on 2017-06-05, closed on 2017-06-13)*
* Relations:
* parent #7381
* Changesets:
* Revision b450bf3980b7ea0d8f05b827cbd9e9db745f1410 on 2017-06-13T07:22:03Z:
```
main/postgresql: security upgrade to 9.6.3 (CVE-2017-7484, CVE-2017-7485, CVE-2017-7486)
Fixes #7383
```3.5.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7396[3.5] irssi: Multiple vulnerabilities (CVE-2017-9468, CVE-2017-9469)2019-07-23T11:52:35ZAlicha CH[3.5] irssi: Multiple vulnerabilities (CVE-2017-9468, CVE-2017-9469)**CVE-2017-9468**: When receiving a DCC message without source
nick/host, Irssi would
attempt to dereference a NULL pointer.
### Fixed in:
Irssi 1.0.3
### Reference:
https://irssi.org/security/irssi\_sa\_2017\_06.txt
### Patch
ht...**CVE-2017-9468**: When receiving a DCC message without source
nick/host, Irssi would
attempt to dereference a NULL pointer.
### Fixed in:
Irssi 1.0.3
### Reference:
https://irssi.org/security/irssi\_sa\_2017\_06.txt
### Patch
https://github.com/irssi/irssi/commit/fb08fc7f1aa6b2e616413d003bf021612301ad55
**CVE-2017-9469**: When receiving certain incorrectly quoted DCC files,
Irssi would
try to find the terminating quote one byte before the allocated memory.
### Fixed in:
Irssi 1.0.3
### Reference:
https://irssi.org/security/irssi\_sa\_2017\_06.txt
### Patch
https://github.com/irssi/irssi/commit/fb08fc7f1aa6b2e616413d003bf021612301ad55
*(from redmine: issue id 7396, created on 2017-06-07, closed on 2017-06-15)*
* Relations:
* parent #7393
* Changesets:
* Revision 0cd6b82ab0565b03af3afd13944a6c2a806191a6 on 2017-06-15T11:43:51Z:
```
main/irssi: security fixes (CVE-2017-9468)
Fixes #7396. Not affected by CVE-2017-9469.
```3.5.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7407PHP 7.0.16-r0 has a bug: Could not gather sufficient random data2019-07-23T11:52:28ZMichael MartinPHP 7.0.16-r0 has a bug: Could not gather sufficient random dataThe version of PHP available in the Community branch of v3.5 has a known
bug. (Could not gather sufficient random data)
This is resolved in later versions of php 7.0
*(from redmine: issue id 7407, created on 2017-06-09, closed on 2018...The version of PHP available in the Community branch of v3.5 has a known
bug. (Could not gather sufficient random data)
This is resolved in later versions of php 7.0
*(from redmine: issue id 7407, created on 2017-06-09, closed on 2018-08-10)*3.5.3https://gitlab.alpinelinux.org/alpine/aports/-/issues/7413[3.5] openvpn: Multiple vulnerabilities (CVE-2017-7478, CVE-2017-7479)2019-07-23T11:52:24ZAlicha CH[3.5] openvpn: Multiple vulnerabilities (CVE-2017-7478, CVE-2017-7479)**CVE-2017-7478**: OpenVPN version 2.3.12 and newer is vulnerable to
unauthenticated Denial of Service of server via received large control
packet.
### Fixed In Version:
**openvpn 2.3.15**, openvpn 2.4.2
References:
https://community...**CVE-2017-7478**: OpenVPN version 2.3.12 and newer is vulnerable to
unauthenticated Denial of Service of server via received large control
packet.
### Fixed In Version:
**openvpn 2.3.15**, openvpn 2.4.2
References:
https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7478
Patch:
https://github.com/OpenVPN/openvpn/commit/feb35ee5cac605edddd6e9dc62941e2c53f96fb3
**CVE-2017-7479**: OpenVPN versions before 2.3.15 and before 2.4.2 are
vulnerable to reachable assertion when packet-ID
counter rolls over resulting into Denial of Service of server by
authenticated attacker.
### Fixed In Version:
**openvpn 2.3.15**, openvpn 2.4.2
### References:
https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits
https://nvd.nist.gov/vuln/detail/CVE-2017-7479
### Patch:
https://github.com/OpenVPN/openvpn/commit/b727643cdf4e078f132a90e1c474a879a5760578
*(from redmine: issue id 7413, created on 2017-06-11, closed on 2017-06-14)*
* Changesets:
* Revision 039751f5ad720c2660cf25b5d8c2e36579668098 on 2017-06-13T09:50:46Z:
```
main/openvpn: security upgrade to 2.3.15 (CVE-2017-7478, CVE-2017-7479). Fixes #7413
```3.5.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7418[3.5] gnutls: Crash upon receiving well-formed status_request extension (CVE-...2019-07-23T11:52:21ZAlicha CH[3.5] gnutls: Crash upon receiving well-formed status_request extension (CVE-2017-7507)### Fixed in:
gnutls 3.5.13
### Reference:
https://www.gnutls.org/security.html\#GNUTLS-SA-2017-4
### Patches:
https://gitlab.com/gnutls/gnutls/commit/4c4d35264fada08b6536425c051fb8e0b05ee86b
https://gitlab.com/gnutls/gnutls/commi...### Fixed in:
gnutls 3.5.13
### Reference:
https://www.gnutls.org/security.html\#GNUTLS-SA-2017-4
### Patches:
https://gitlab.com/gnutls/gnutls/commit/4c4d35264fada08b6536425c051fb8e0b05ee86b
https://gitlab.com/gnutls/gnutls/commit/3efb6c5fd0e3822ec11879d5bcbea0e8d322cd03
https://gitlab.com/gnutls/gnutls/commit/e1d6c59a7b0392fb3b8b75035614084a53e2c8c9
*(from redmine: issue id 7418, created on 2017-06-12, closed on 2017-06-14)*
* Relations:
* parent #7416
* Changesets:
* Revision 1a7a0bb86ac263a19cc8a474a3cf99ef533f54a1 on 2017-06-13T11:57:42Z:
```
main/gnutls: security fixes #7418 (CVE-2017-7507)
```3.5.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7428[3.5] graphite2: Multiple vulnerabilities (CVE-2017-7771, CVE-2017-7772, CVE-...2019-07-23T11:52:13ZAlicha CH[3.5] graphite2: Multiple vulnerabilities (CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778)A number of security vulnerabilities in the Graphite 2 library including
out-of-bounds reads, buffer overflow reads and writes,
and the use of uninitialized memory. These issues were addressed in
Graphite 2 version 1.3.10.
### Referen...A number of security vulnerabilities in the Graphite 2 library including
out-of-bounds reads, buffer overflow reads and writes,
and the use of uninitialized memory. These issues were addressed in
Graphite 2 version 1.3.10.
### Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/\#CVE-2017-7778
*(from redmine: issue id 7428, created on 2017-06-15, closed on 2017-08-22)*
* Relations:
* parent #7426
* Changesets:
* Revision e9821d8434780ea52a354eeb716a14aa7fb85f72 by Natanael Copa on 2017-08-22T18:07:14Z:
```
main/graphite2: security upgrade to 1.3.10
CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774,
CVE-2017-7775, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778
fixes #7428
```3.5.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7433[3.5] libgcrypt: Possible timing attack on EdDSA session key (CVE-2017-9526)2019-07-23T11:52:08ZAlicha CH[3.5] libgcrypt: Possible timing attack on EdDSA session key (CVE-2017-9526)An attacker who learns the EdDSA session key from side-channel
observation during the signing process, can easily recover the
long-term secret key. Storing the session key in secure memory ensures
that constant time point operations ar...An attacker who learns the EdDSA session key from side-channel
observation during the signing process, can easily recover the
long-term secret key. Storing the session key in secure memory ensures
that constant time point operations are used in the MPI library.
### Fixed In Version:
libgcrypt 1.7.7
### Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9526
### Patches:
1.7.x:
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=f9494b3f258e01b6af8bd3941ce436bcc00afc56
Curve Ed25519 signing and verification inplemented in 1.6.0 with
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=bc5199a02abe428ad377443280b3eda60141a1d6
and following refactorings.
*(from redmine: issue id 7433, created on 2017-06-15, closed on 2017-07-05)*
* Relations:
* parent #7431
* Changesets:
* Revision 95b3d924de75435596c3a72e003dcdb160de6494 by Natanael Copa on 2017-07-05T08:19:27Z:
```
main/libgcrypt: security upgrade to 1.7.8 (CVE-2017-7526,CVE-2017-9526)
fixes #7477
fixes #7433
```3.5.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7442[3.5] libsndfile: Multiple vulnerabilities (CVE-2017-8361, CVE-2017-8362, CVE...2019-07-23T11:51:59ZAlicha CH[3.5] libsndfile: Multiple vulnerabilities (CVE-2017-8361, CVE-2017-8362, CVE-2017-8363, CVE-2017-8365)**CVE-2017-8361**: The flac\_buffer\_copy function in flac.c in
libsndfile 1.0.28 allows remote attackers to cause a denial of service
(buffer overflow and application crash) or possibly have unspecified
other impact via a crafted audi...**CVE-2017-8361**: The flac\_buffer\_copy function in flac.c in
libsndfile 1.0.28 allows remote attackers to cause a denial of service
(buffer overflow and application crash) or possibly have unspecified
other impact via a crafted audio file.
### Reference:
http://openwall.com/lists/oss-security/2017/05/01/1
### Patch:
https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3
**CVE-2017-8362**: The flac\_buffer\_copy function in flac.c in
libsndfile 1.0.28 allows remote attackers to cause a denial of service
(invalid read and application crash) via a crafted audio file.
### Reference:
http://openwall.com/lists/oss-security/2017/05/01/2
### Patch:
https://github.com/erikd/libsndfile/commit/ef1dbb2df1c0e741486646de40bd638a9c4cd808
**CVE-2017-8363**: The flac\_buffer\_copy function in flac.c in
libsndfile 1.0.28 allows remote attackers to cause a denial of service
(heap-based buffer over-read and application crash) via a crafted audio
file.
### Reference:
http://openwall.com/lists/oss-security/2017/05/01/3
### Patch:
https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3
**CVE-2017-8365**: The i2les\_array function in pcm.c in libsndfile
allows attackers to cause a denial of service (buffer over-read
and application crash) via a crafted audio file.
### Affected version:
1.0.28
### Reference:
http://openwall.com/lists/oss-security/2017/05/01/5
### Patch:
https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3
*(from redmine: issue id 7442, created on 2017-06-16, closed on 2017-07-05)*
* Relations:
* parent #7439
* Changesets:
* Revision d0b1ecd5f1f7ff44100af83e91b65c66a5dae123 by Natanael Copa on 2017-07-05T07:57:01Z:
```
main/libsndfile: fix CVE-2017-8361, CVE-2017-8362, CVE-2017-8363, CVE-2017-8365
fixes #7442
```3.5.3Natanael CopaNatanael Copa