aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2019-07-23T11:35:02Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8595[3.5] wavpack: Multiple vulnerabilities (CVE-2018-6767, CVE-2018-7253, CVE-20...2019-07-23T11:35:02ZAlicha CH[3.5] wavpack: Multiple vulnerabilities (CVE-2018-6767, CVE-2018-7253, CVE-2018-7254)CVE-2018-6767: stack buffer overread via crafted wav file
---------------------------------------------------------
A stack-based buffer over-read in the ParseRiffHeaderConfig function of
cli/riff.c file of WavPack 5.1.0 allows a remote...CVE-2018-6767: stack buffer overread via crafted wav file
---------------------------------------------------------
A stack-based buffer over-read in the ParseRiffHeaderConfig function of
cli/riff.c file of WavPack 5.1.0 allows a remote
attacker to cause a denial-of-service attack or possibly have
unspecified other impact via a maliciously crafted RF64 file.
### References:
https://github.com/dbry/WavPack/issues/27
https://nvd.nist.gov/vuln/detail/CVE-2018-6767
### Patch:
https://github.com/dbry/WavPack/commit/d5bf76b5a88d044a1be1d5656698e3ba737167e5
CVE-2018-7253: Heap-based buffer over-read in ParseDsdiffHeaderConfig function in cli/dsdiff.c
----------------------------------------------------------------------------------------------
The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack
5.1.0 allows a remote attacker to cause a
denial-of-service (heap-based buffer over-read) or possibly overwrite
the heap via a maliciously crafted DSDIFF file.
### References:
https://github.com/dbry/WavPack/issues/28
https://nvd.nist.gov/vuln/detail/CVE-2018-7253
### Patch:
https://github.com/dbry/WavPack/commit/36a24c7881427d2e1e4dc1cef58f19eee0d13aec
CVE-2018-7254: Heap-based buffer over-read in ParseCaffHeaderConfig function in cli/caff.c
------------------------------------------------------------------------------------------
The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack
5.1.0 allows a remote attacker to cause a denial-of-service
(global buffer over-read), or possibly trigger a buffer overflow or
incorrect memory allocation, via a maliciously crafted CAF file.
### References:
https://github.com/dbry/WavPack/issues/26
### Patch:
https://github.com/dbry/WavPack/commit/8e3fe45a7bac31d9a3b558ae0079e2d92a04799e
*(from redmine: issue id 8595, created on 2018-02-28, closed on 2018-08-29)*
* Relations:
* copied_to #8591
* parent #8591
* Changesets:
* Revision fb7b00ff6a263a7328d8ef29ef262efdd3979420 on 2018-06-11T09:23:41Z:
```
main/wavpack: security fixes
CVE-2018-6767, CVE-2018-7253, CVE-2018-7254
Fixes #8595
```3.5.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8616[3.5] xen: Multiple vulnerabilitie (CVE-2018-7540, CVE-2018-7541)2019-07-23T11:34:50ZAlicha CH[3.5] xen: Multiple vulnerabilitie (CVE-2018-7540, CVE-2018-7541)**CVE-2018-7540, XSA-252**: DoS via non-preemptable L3/L4 pagetable
freeing
All Xen versions are vulnerable.
### Reference:
http://xenbits.xen.org/xsa/advisory-252.html
**CVE-2018-7541, XSA-255**: grant table v2 ->v1 transition may c...**CVE-2018-7540, XSA-252**: DoS via non-preemptable L3/L4 pagetable
freeing
All Xen versions are vulnerable.
### Reference:
http://xenbits.xen.org/xsa/advisory-252.html
**CVE-2018-7541, XSA-255**: grant table v2 ->v1 transition may crash
Xen
Xen versions 4.0 and newer are vulnerable.
### Reference:
http://xenbits.xen.org/xsa/advisory-255.html
*(from redmine: issue id 8616, created on 2018-03-06, closed on 2018-03-19)*
* Relations:
* copied_to #8612
* parent #8612
* Changesets:
* Revision a95df62881a771a994c4b38730c4c69b0bf07a0e on 2018-03-12T11:17:05Z:
```
main/xen: security fixes
CVE-2018-7540, XSA-252
CVE-2018-7541, XSA-255
Fixes #8616
```3.5.3Ariadne Conillariadne@ariadne.spaceAriadne Conillariadne@ariadne.spacehttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8639[3.5] py-django: Multiple vulnerabilitie (CVE-2018-7536, CVE-2018-7537)2019-07-23T11:34:40ZAlicha CH[3.5] py-django: Multiple vulnerabilitie (CVE-2018-7536, CVE-2018-7537)CVE-2018-7536: Denial-of-service possibility in urlize and urlizetrunc template filters
---------------------------------------------------------------------------------------
The django.utils.html.urlize() function was extremely slow t...CVE-2018-7536: Denial-of-service possibility in urlize and urlizetrunc template filters
---------------------------------------------------------------------------------------
The django.utils.html.urlize() function was extremely slow to evaluate
certain inputs due to catastrophic
backtracking vulnerabilities in two regular expressions (one regular
expression for Django 1.8). The urlize()
function is used to implement the urlize and urlizetrunc template
filters, which were thus vulnerable.
### Fixed In Version:
Django 2.0.3, Django 1.11.11, Django 1.8.19
### References:
https://www.djangoproject.com/weblog/2018/mar/06/security-releases/
http://openwall.com/lists/oss-security/2018/03/06/4
CVE-2018-7537: Denial-of-service possibility in truncatechars\_html and truncatewords\_html template filters
------------------------------------------------------------------------------------------------------------
If django.utils.text.Truncator’s chars() and words() methods were passed
the html=True argument, they were
extremely slow to evaluate certain inputs due to a catastrophic
backtracking vulnerability in a regular expression.
The chars() and words() methods are used to implement the
truncatechars\_html and truncatewords\_html
template filters, which were thus vulnerable.
### Fixed In Version:
Django 2.0.3, Django 1.11.11, Django 1.8.19
### References:
https://www.djangoproject.com/weblog/2018/mar/06/security-releases/
http://openwall.com/lists/oss-security/2018/03/06/4
*(from redmine: issue id 8639, created on 2018-03-12, closed on 2018-03-13)*
* Relations:
* copied_to #8635
* parent #8635
* Changesets:
* Revision f8e1ef0d88411710f944cadedc434d54b1406b18 on 2018-03-12T14:14:22Z:
```
main/py-django: security upgrade to 1.8.19
CVE-2018-7536, CVE-2018-7537
Fixes #8639
```3.5.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8646[3.5] curl: Multiple vulnerabilities (CVE-2018-1000120, CVE-2018-1000121, CVE...2019-07-23T11:34:33ZAlicha CH[3.5] curl: Multiple vulnerabilities (CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122)CVE-2018-1000120: FTP path trickery leads to NIL byte out of bounds write
-------------------------------------------------------------------------
### Affected versions:
curl 7.12.3 to and including curl 7.58.0
### Not affected versi...CVE-2018-1000120: FTP path trickery leads to NIL byte out of bounds write
-------------------------------------------------------------------------
### Affected versions:
curl 7.12.3 to and including curl 7.58.0
### Not affected versions:
curl < 7.12.3 and curl >= 7.59.0
### Reference:
https://curl.haxx.se/docs/adv\_2018-9cd6.html
### Patch:
https://curl.haxx.se/CVE-2018-1000120.patch
CVE-2018-1000121: LDAP NULL pointer dereference
-----------------------------------------------
### Affected versions:
curl 7.21.0 to and including curl 7.58.0
### Not affected versions:
curl < 7.21.0 and curl >= 7.59.0
### Reference:
https://curl.haxx.se/docs/adv\_2018-97a2.html
### Patch:
https://curl.haxx.se/docs/adv\_2018-97a2.html
CVE-2018-1000122: RTSP RTP buffer over-read
-------------------------------------------
### Affected versions:
curl 7.20.0 to and including curl 7.58.0
### Not affected versions:
curl < 7.20.0 and curl >= 7.59.0
### Reference:
https://curl.haxx.se/docs/adv\_2018-b047.html
### Patch:
https://curl.haxx.se/CVE-2018-1000122.patch
*(from redmine: issue id 8646, created on 2018-03-14, closed on 2018-03-20)*
* Relations:
* copied_to #8642
* parent #8642
* Changesets:
* Revision edd0ff244c02b47646e66a1bc5737c6dadee86a5 on 2018-03-19T14:56:18Z:
```
main/curl: upgrade to 7.59.0
fixes #8646
```3.5.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8657[3.5] samba: Multiple vulnerabilities (CVE-2018-1050, CVE-2018-1057)2019-07-23T11:34:24ZAlicha CH[3.5] samba: Multiple vulnerabilities (CVE-2018-1050, CVE-2018-1057)**CVE-2018-1050**: Denial of Service Attack on external print server.
### Affected Versions:
All versions of Samba from 4.0.0 onwards.
### Fixed In Version:
Samba 4.7.6, 4.6.14 and 4.5.16.
### References:
https://www.samba.org/samb...**CVE-2018-1050**: Denial of Service Attack on external print server.
### Affected Versions:
All versions of Samba from 4.0.0 onwards.
### Fixed In Version:
Samba 4.7.6, 4.6.14 and 4.5.16.
### References:
https://www.samba.org/samba/security/CVE-2018-1050.html
https://www.samba.org/samba/history/security.html
**CVE-2018-1057**: Authenticated users can change other users’ password
### Affected Versions:
All versions of Samba from 4.0.0 onwards.
### Fixed In Version:
Samba 4.7.6, 4.6.14 and 4.5.16.
All versions of Samba from 4.0.0 onwards.
### References:
https://www.samba.org/samba/security/CVE-2018-1057.html
https://www.samba.org/samba/history/security.html
*(from redmine: issue id 8657, created on 2018-03-15, closed on 2018-03-21)*
* Relations:
* copied_to #8653
* parent #86533.5.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8673[3.5] libvorbis: out-of-bounds write (CVE-2018-5146)2019-07-23T11:34:10ZAlicha CH[3.5] libvorbis: out-of-bounds write (CVE-2018-5146)Write out of bounds when processing
malformed Vorbis audio data.
### Fixed In Version:
libvorbis 1.3.6
### References:
https://github.com/xiph/vorbis/releases/tag/v1.3.6
http://openwall.com/lists/oss-security/2018/03/16/4
*(fro...Write out of bounds when processing
malformed Vorbis audio data.
### Fixed In Version:
libvorbis 1.3.6
### References:
https://github.com/xiph/vorbis/releases/tag/v1.3.6
http://openwall.com/lists/oss-security/2018/03/16/4
*(from redmine: issue id 8673, created on 2018-03-19, closed on 2018-07-30)*
* Relations:
* copied_to #8669
* parent #8669
* Changesets:
* Revision f77113ff5f50a2b6e8a207bae850994250dec650 on 2018-07-30T08:35:01Z:
```
main/libvorbis: upgrade to 1.3.6, enable tests
fixes #8673
```3.5.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8678[3.5] rsync: sanitization bypass in parse_argument in options.c (CVE-2018-5764)2019-07-23T11:34:05ZAlicha CH[3.5] rsync: sanitization bypass in parse_argument in options.c (CVE-2018-5764)A flaw was found in rsync verions before 3.1.3. The parse\_argument
function in options.c in rsyncd component does not prevent multiple
—protect-args uses.
Thus letting the user to specify the arg in the protected-arg list and
shortcut...A flaw was found in rsync verions before 3.1.3. The parse\_argument
function in options.c in rsyncd component does not prevent multiple
—protect-args uses.
Thus letting the user to specify the arg in the protected-arg list and
shortcut some of the arg-sanitizing code. This vulnerability allows
remote attackers to
bypass the argument-sanitization protection mechanism, which may lead to
a privilege escalation vulnerability.
### Fixed In Version:
rsync 3.1.3
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-5764
https://download.samba.org/pub/rsync/src-previews/rsync-3.1.3pre1-NEWS
### Patch:
https://git.samba.org/rsync.git/?p=rsync.git;a=patch;h=7706303828fcde524222babb2833864a4bd09e07
*(from redmine: issue id 8678, created on 2018-03-19, closed on 2018-03-20)*
* Relations:
* copied_to #8675
* parent #8675
* Changesets:
* Revision 9cd8a524f060c689c2aaf6c3d204e66a073758f7 by Natanael Copa on 2018-03-20T12:20:00Z:
```
main/rsync: security upgrade to 3.1.3 (CVE-2018-5764)
fixes #8678
```3.5.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8684[3.5] sqlite: NULL Pointer Dereference (CVE-2018-8740)2019-07-23T11:33:59ZAlicha CH[3.5] sqlite: NULL Pointer Dereference (CVE-2018-8740)In SQLite through 3.22.0, databases whose schema is corrupted using a
CREATE TABLE AS statement
could cause a NULL pointer dereference, related to build.c and
prepare.c.
### References:
http://openwall.com/lists/oss-security/2018/03/...In SQLite through 3.22.0, databases whose schema is corrupted using a
CREATE TABLE AS statement
could cause a NULL pointer dereference, related to build.c and
prepare.c.
### References:
http://openwall.com/lists/oss-security/2018/03/17/1
https://nvd.nist.gov/vuln/detail/CVE-2018-8740
### Patch:
https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b
*(from redmine: issue id 8684, created on 2018-03-19, closed on 2018-07-30)*
* Relations:
* copied_to #8680
* parent #86803.5.3Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8690[3.5] mariadb: Multiple vulnerabilities (CVE-2017-10268, CVE-2017-10378, CVE-...2019-07-23T11:33:52ZAlicha CH[3.5] mariadb: Multiple vulnerabilities (CVE-2017-10268, CVE-2017-10378, CVE-2017-15365, CVE-2018-2562, CVE-2018-2612, CVE-2018-2622, CVE-2018-2640, CVE-2018-2665, CVE-2018-2668)CVE-2017-10268: mariaDB 10.1.29
CVE-2017-10378: mariaDB 10.1.29
CVE-2017-15365: mariaDB 10.1.30
CVE-2018-2562: mariaDB 10.1.31
CVE-2018-2622: mariaDB 10.1.31
CVE-2018-2640: mariaDB 10.1.31
CVE-2018-2665: mariaDB 10.1.31
CVE...CVE-2017-10268: mariaDB 10.1.29
CVE-2017-10378: mariaDB 10.1.29
CVE-2017-15365: mariaDB 10.1.30
CVE-2018-2562: mariaDB 10.1.31
CVE-2018-2622: mariaDB 10.1.31
CVE-2018-2640: mariaDB 10.1.31
CVE-2018-2665: mariaDB 10.1.31
CVE-2018-2668: mariaDB 10.1.31
CVE-2018-2612: mariaDB 10.1.31
### References:
https://mariadb.com/kb/en/library/mariadb-10129-release-notes/
https://mariadb.com/kb/en/library/mariadb-10130-release-notes/
https://mariadb.com/kb/en/library/mariadb-10131-release-notes/
*(from redmine: issue id 8690, created on 2018-03-20, closed on 2018-04-12)*
* Relations:
* copied_to #8687
* parent #8687
* Changesets:
* Revision cc95b66d5c445617b873bad10b206ba1e1b60e38 on 2018-04-11T18:09:38Z:
```
main/mariadb: security upgrade to 10.1.32
CVE-2017-10268, CVE-2017-10378, CVE-2017-15365, CVE-2018-2562
CVE-2018-2612, CVE-2018-2622, CVE-2018-2640, CVE-2018-2665, CVE-2018-2668
Fixes #8690
```3.5.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8696[3.5] clamav: Multiple vulnerabilities (CVE-2018-0202, CVE-2018-1000085)2019-07-23T11:33:45ZAlicha CH[3.5] clamav: Multiple vulnerabilities (CVE-2018-0202, CVE-2018-1000085)CVE-2018-0202: Out-of-bounds access in the PDF parser
-----------------------------------------------------
### Fixed In Version:
clamav 0.99.4
### References:
https://bugzilla.clamav.net/show\_bug.cgi?id=11973
https://security-tra...CVE-2018-0202: Out-of-bounds access in the PDF parser
-----------------------------------------------------
### Fixed In Version:
clamav 0.99.4
### References:
https://bugzilla.clamav.net/show\_bug.cgi?id=11973
https://security-tracker.debian.org/tracker/CVE-2018-0202
CVE-2018-1000085: Out of bounds heap memory read in xar parser
--------------------------------------------------------------
ClamAV version version 0.99.3 contains a Out of bounds heap memory read
vulnerability in XAR parser,
function xar\_hash\_check() that can result in Leaking of memory, may
help in developing exploit chains..
This attack appear to be exploitable via The victim must scan a crafted
XAR file.
### Fixed In Version:
clamav 0.99.4
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-1000085
http://www.openwall.com/lists/oss-security/2017/09/29/4
### Patch:
https://github.com/Cisco-Talos/clamav-devel/commit/d96a6b8bcc7439fa7e3876207aa0a8e79c8451b6
*(from redmine: issue id 8696, created on 2018-03-20, closed on 2018-04-12)*
* Relations:
* copied_to #8693
* parent #8693
* Changesets:
* Revision b4b20e148bb4cc6d70c787ff565bbc1dc3c33b95 on 2018-04-11T18:24:05Z:
```
main/clamav: security upgrade 0.99.4
CVE-2018-0202, CVE-2018-1000085
Fixes #8696
```3.5.3Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8709[3.5] tiff: uncontrolled resource consumption in TIFFSetDirectory function in...2019-07-23T11:33:35ZAlicha CH[3.5] tiff: uncontrolled resource consumption in TIFFSetDirectory function in tif_dir.c (CVE-2018-5784)In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the
TIFFSetDirectory function of tif\_dir.c. Remote attackers could
leverage
this vulnerability to cause a denial of service via a crafted tif file.
This occurs because...In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the
TIFFSetDirectory function of tif\_dir.c. Remote attackers could
leverage
this vulnerability to cause a denial of service via a crafted tif file.
This occurs because the declared number of directory entries is not
validated against the actual number of directory entries.
### References:
http://bugzilla.maptools.org/show\_bug.cgi?id=2772
https://nvd.nist.gov/vuln/detail/CVE-2018-5784
### Patch:
https://gitlab.com/libtiff/libtiff/commit/473851d211cf8805a161820337ca74cc9615d6ef
*(from redmine: issue id 8709, created on 2018-03-22, closed on 2018-04-03)*
* Relations:
* copied_to #8705
* parent #8705
* Changesets:
* Revision 39e7a41708bf7726f95f47c383c9af376504e3f7 on 2018-04-02T17:36:16Z:
```
main/tiff: fix CVE-2018-5784
fixes #8709
```3.5.3https://gitlab.alpinelinux.org/alpine/aports/-/issues/8720[3.5] kamailio: A Buffer Overflow (CVE-2018-8828)2019-07-23T11:33:25ZAlicha CH[3.5] kamailio: A Buffer Overflow (CVE-2018-8828)A Buffer Overflow issue was discovered in Kamailio before 4.4.7, 5.0.x
before 5.0.6, and 5.1.x before 5.1.2.
A specially crafted REGISTER message with a malformed branch or From tag
triggers an off-by-one
heap-based buffer overflow i...A Buffer Overflow issue was discovered in Kamailio before 4.4.7, 5.0.x
before 5.0.6, and 5.1.x before 5.1.2.
A specially crafted REGISTER message with a malformed branch or From tag
triggers an off-by-one
heap-based buffer overflow in the tmx\_check\_pretran function in
modules/tmx/tmx\_pretran.c.
### References:
https://github.com/EnableSecurity/advisories/tree/master/ES2018-05-kamailio-heap-overflow
https://nvd.nist.gov/vuln/detail/CVE-2018-8828
### Patch:
https://github.com/kamailio/kamailio/commit/e1d8008a09d9390ebaf698abe8909e10dfec4097
*(from redmine: issue id 8720, created on 2018-03-23, closed on 2018-03-23)*
* Relations:
* copied_to #8718
* parent #8718
* Changesets:
* Revision 611011ce4ca6a1c672910e6428389f76bb7e3ab2 on 2018-03-23T13:17:36Z:
```
main/kamailio: add secinfo
Fixes #8720
```3.5.3Nathan AngelacosNathan Angelacoshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8731[3.5] apache2: Multiple vulnerabilities (CVE-2017-15710, CVE-2017-15715, CVE-...2019-07-23T11:33:17ZAlicha CH[3.5] apache2: Multiple vulnerabilities (CVE-2017-15710, CVE-2017-15715, CVE-2018-1301, CVE-2018-1302, CVE-2018-1303, CVE-2018-1283, CVE-2018-1312)CVE-2017-15710: Out of bound write in mod\_authnz\_ldap when using too small Accept-Language values
---------------------------------------------------------------------------------------------------
### Affected Versions:
httpd 2.4.1 ...CVE-2017-15710: Out of bound write in mod\_authnz\_ldap when using too small Accept-Language values
---------------------------------------------------------------------------------------------------
### Affected Versions:
httpd 2.4.1 to 2.4.29
### Fixed in:
Apache httpd 2.4.30
### References:
https://httpd.apache.org/security/vulnerabilities\_24.html
CVE-2017-15715: <FilesMatch> bypass with a trailing newline in the file name
----------------------------------------------------------------------------
The expression specified in <FilesMatch> could match ‘$’ to a newline
character in a malicious filename, rather than matching only the end of
the filename.
This could be exploited in environments where uploads of some files are
are externally blocked, but only by matching the trailing portion of the
filename.
### Affected Versions:
httpd 2.4.1 to 2.4.29
### References:
https://httpd.apache.org/security/vulnerabilities\_24.html
http://openwall.com/lists/oss-security/2018/03/24/6
CVE-2018-1301: Possible out of bound access after failure in reading the HTTP request
-------------------------------------------------------------------------------------
A specially crafted request could have crashed the Apache HTTP Server
prior to
version 2.4.30, due to an out of bound access after a size limit is
reached by
reading the HTTP header.
Affected Versions:
httpd 2.4.1 to 2.4.29
### Fixed in:
Apache httpd 2.4.30
### References:
https://httpd.apache.org/security/vulnerabilities\_24.html
http://openwall.com/lists/oss-security/2018/03/24/2
CVE-2018-1302: Possible write of after free on HTTP/2 stream shutdown
---------------------------------------------------------------------
When an HTTP/2 stream was destroyed after being handled, the Apache HTTP
Server prior to version 2.4.30
could have written a NULL pointer potentially to an already freed
memory.
### Affected Versions:
httpd 2.4.17 to 2.4.29
### Fixed in:
Apache httpd 2.4.30
### References:
https://httpd.apache.org/security/vulnerabilities\_24.html
http://openwall.com/lists/oss-security/2018/03/24/5
CVE-2018-1303: Possible out of bound read in mod\_cache\_socache
----------------------------------------------------------------
A specially crafted HTTP request header could have crashed the Apache
HTTP Server prior to version 2.4.30 due to an out of bound read
while preparing data to be cached in shared memory. It could be used as
a Denial of Service attack against users of mod\_cache\_socache.
### Affected Versions:
httpd 2.4.6 to 2.4.29
### Fixed in:
Apache httpd 2.4.30
### References:
https://httpd.apache.org/security/vulnerabilities\_24.html
http://openwall.com/lists/oss-security/2018/03/24/3
CVE-2018-1283: Tampering of mod\_session data for CGI applications
------------------------------------------------------------------
When mod\_session is configured to forward its session data to CGI
applications (SessionEnv on, not the default), a remote user may
influence their content by
using a “Session” header. This comes from the “HTTP\_SESSION” variable
name used by mod\_session to forward its data to CGIs, since the prefix
“HTTP\_” is
also used by the Apache HTTP Server to pass HTTP header fields, per CGI
specifications.
### Affected Versions:
httpd 2.4.1 to 2.4.29
### Fixed in:
Apache httpd 2.4.30
### References:
https://httpd.apache.org/security/vulnerabilities\_24.html
http://openwall.com/lists/oss-security/2018/03/24/4
CVE-2018-1312: Weak Digest auth nonce generation in mod\_auth\_digest
---------------------------------------------------------------------
When generating an HTTP Digest authentication challenge, the nonce sent
to prevent reply attacks was not correctly generated using a
pseudo-random seed.
In a cluster of servers using a common Digest authentication
configuration, HTTP requests could be replayed across servers by an
attacker without detection.
### Affected Versions:
httpd 2.4.1 to 2.4.29
### Fixed in:
Apache httpd 2.4.30
### References:
https://httpd.apache.org/security/vulnerabilities\_24.html
*(from redmine: issue id 8731, created on 2018-03-26, closed on 2018-03-29)*
* Relations:
* copied_to #8727
* parent #8727
* Changesets:
* Revision c976cfb3d3e83caaa82a05bc37b1c1a6e6b3ea1c by Kaarle Ritvanen on 2018-03-27T11:47:29Z:
```
main/apache2: security upgrade to 2.4.33
fixes #8731
```3.5.3Kaarle RitvanenKaarle Ritvanenhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8736[3.5] uwsgi: Multiple vulnerabilities (CVE-2018-6758, CVE-2018-7490)2019-07-23T11:33:11ZAlicha CH[3.5] uwsgi: Multiple vulnerabilities (CVE-2018-6758, CVE-2018-7490)**CVE-2018-6758**: The uwsgi\_expand\_path function in core/utils.c in
Unbit uWSGI through 2.0.15 has a
stack-based buffer overflow via a large directory length.
### References:
http://lists.unbit.it/pipermail/uwsgi/2018-February/008...**CVE-2018-6758**: The uwsgi\_expand\_path function in core/utils.c in
Unbit uWSGI through 2.0.15 has a
stack-based buffer overflow via a large directory length.
### References:
http://lists.unbit.it/pipermail/uwsgi/2018-February/008835.html
https://nvd.nist.gov/vuln/detail/CVE-2018-6758
### Patch:
https://github.com/unbit/uwsgi/commit/cb4636f7c0af2e97a4eef7a3cdcbd85a71247bfe
**CVE-2018-7490**: uwsgi before 2.0.17 mishandles a DOCUMENT\_ROOT check
during use
of the —php-docroot option, allowing directory traversal.
### Fixed In Version:
uwsgi 2.0.17
### References:
https://uwsgi-docs.readthedocs.io/en/latest/Changelog-2.0.17.html
https://nvd.nist.gov/vuln/detail/CVE-2018-7490
### Patch:
https://github.com/unbit/uwsgi/commit/0a480f435ea6feb63deb410ad2bf376ed3f05f8a
*(from redmine: issue id 8736, created on 2018-03-26, closed on 2018-03-29)*
* Relations:
* copied_to #8733
* parent #8733
* Changesets:
* Revision 70b37ac2d8579e4bb8c86a3e95945788262b9e5d by Natanael Copa on 2018-03-27T12:44:40Z:
```
main/uwsgi: security upgrade to 2.0.17 (CVE-2018-6758,CVE-2018-7490)
fixes #8736
```3.5.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8749[3.5] Ruby 2.2.9, 2.3.6, 2.4.3, 2.5.0 Multiple Vulnerabilities2019-07-23T11:33:05ZNatanael Copa[3.5] Ruby 2.2.9, 2.3.6, 2.4.3, 2.5.0 Multiple VulnerabilitiesRuby has multiple vulnerabilities:
- [CVE-2017-17742: HTTP response splitting in
WEBrick](https://www.ruby-lang.org/en/news/2018/03/28/http-response-splitting-in-webrick-cve-2017-17742/)
- [CVE-2018-6914: Unintentional file and ...Ruby has multiple vulnerabilities:
- [CVE-2017-17742: HTTP response splitting in
WEBrick](https://www.ruby-lang.org/en/news/2018/03/28/http-response-splitting-in-webrick-cve-2017-17742/)
- [CVE-2018-6914: Unintentional file and directory creation with
directory traversal in tempfile and
tmpdir](https://www.ruby-lang.org/en/news/2018/03/28/unintentional-file-and-directory-creation-with-directory-traversal-cve-2018-6914/)
- [CVE-2018-8777: DoS by large request in
WEBrick](https://www.ruby-lang.org/en/news/2018/03/28/large-request-dos-in-webrick-cve-2018-8777/)
- [CVE-2018-8778: Buffer under-read in
String\#unpack](https://www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/)
- [CVE-2018-8779: Unintentional socket creation by poisoned NUL byte
in UNIXServer and
UNIXSocket](https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-unixsocket-cve-2018-8779/)
- [CVE-2018-8780: Unintentional directory traversal by poisoned NUL
byte in
Dir](https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/)
- [Multiple vulnerabilities in
RubyGems](https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/)
Fixed in ruby 2.5.1, 2.4.4, 2.3.7, 2.2.10
*(from redmine: issue id 8749, created on 2018-03-29, closed on 2018-04-03)*
* Relations:
* parent #8746
* Changesets:
* Revision a491b96c266e9165971fad3460ad3c8371fa5f3d by Natanael Copa on 2018-03-29T14:29:32Z:
```
main/ruby: security upgrade to 2.3.7
CVE-2017-17742: HTTP response splitting in WEBrick
CVE-2018-6914: Unintentional file and directory creation with directory
traversal in tempfile and tmpdir
CVE-2018-8777: DoS by large request in WEBrick
CVE-2018-8778: Buffer under-read in String#unpack
CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in
UNIXServer and UNIXSocket
CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in
Dir
fixes #8749
```3.5.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8804[3.5] perl: Multiple vulnerabilities (CVE-2018-6797, CVE-2018-6798, CVE-2018-...2019-07-23T11:32:42ZAlicha CH[3.5] perl: Multiple vulnerabilities (CVE-2018-6797, CVE-2018-6798, CVE-2018-6913)CVE-2018-6797: heap write overflow in regcomp.c
-----------------------------------------------
A flaw was found in Perl 5. A heap write overflow in regcomp.c file
might be exploited when a perl program allows user input
of patterns. ...CVE-2018-6797: heap write overflow in regcomp.c
-----------------------------------------------
A flaw was found in Perl 5. A heap write overflow in regcomp.c file
might be exploited when a perl program allows user input
of patterns. A crafted regular expression can cause the heap buffer
overflow, with control over the bytes written.
### Fixed In Version:
perl 5.26.2, perl 5.24.4
### References:
https://rt.perl.org/Public/Bug/Display.html?id=132227
https://security-tracker.debian.org/tracker/CVE-2018-6797
### Patches:
https://perl5.git.perl.org/perl.git/commitdiff/abe1e6c568b96bcb382dfa4f61c56d1ab001ea51
(5.26)
https://perl5.git.perl.org/perl.git/commitdiff/510cc261d965ccfa427900ebb368fc4d337442d2
(5.24)
CVE-2018-6798: heap read overflow in regexec.c
----------------------------------------------
A flaw was found in Perl 5. A heap read overflow in regexec.c file may
allow an attacker to cause a segmentation
fault which might lead to a Denial of Service (DoS) or, possibly, heap
memory disclosure.
### Fixed In Version:
perl 5.26.2, perl 5.24.4
### References:
https://rt.perl.org/Public/Bug/Display.html?id=132063
https://security-tracker.debian.org/tracker/CVE-2018-6798
### Patches:
https://perl5.git.perl.org/perl.git/commitdiff/8e6f44c90c7fa1f63c19a44c45482b09a407e15b
(5.26)
https://perl5.git.perl.org/perl.git/commitdiff/8b80ce67ff257aaa36e47eaf4194d27a51595524
(5.26)
https://perl5.git.perl.org/perl.git/commitdiff/0abf1e8d89aecd32dbdabda5da4d52a2d57a7cff
(5.24)
https://perl5.git.perl.org/perl.git/commitdiff/f65da1ca2eee74696d9c120e9d69af37b4fa1920
(5.24)
CVE-2018-6913: heap buffer overflow in pp\_pack.c
-------------------------------------------------
A flaw was found in Perl 5. Vulnerable code in pp\_pack.c file accepts
either large blocks of data from untrusted sources
and/or duplicates such blocks, which allows an attacker to exploit this
vulnerability at runtime by supplying malicious
crafted data. This could result in a denial-of-service (DoS) attack.
### Fixed In Version:
perl 5.26.2, perl 5.24.4
### References:
https://rt.perl.org/Public/Bug/Display.html?id=131844
https://security-tracker.debian.org/tracker/CVE-2018-6913
### Patches:
https://perl5.git.perl.org/perl.git/commitdiff/0fcf83230df5f8c52602ae22fde57c7ea885534d
(5.26)
https://perl5.git.perl.org/perl.git/commitdiff/a9d5c6e11891b48be06d4e06eeed18642bc98527
5.24)
*(from redmine: issue id 8804, created on 2018-04-17, closed on 2018-07-30)*
* Relations:
* copied_to #8800
* parent #8800
* Changesets:
* Revision 22ea72268934176905fbf70461eb7a7210be1a76 on 2018-06-11T14:12:30Z:
```
main/perl: security upgrade to 5.24.4
CVE-2018-6797, CVE-2018-6798, CVE-2018-6913
Fixes #8804
```3.5.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8810[3.5] jq: stack exhaustion via jv_dump_term() function (CVE-2016-4074)2019-07-23T11:32:36ZAlicha CH[3.5] jq: stack exhaustion via jv_dump_term() function (CVE-2016-4074)The jv\_dump\_term function in jq 1.5 allows remote attackers to cause a
denial of
service (stack consumption and application crash) via a crafted JSON
file.
### References:
https://github.com/stedolan/jq/issues/1136
http://www.ope...The jv\_dump\_term function in jq 1.5 allows remote attackers to cause a
denial of
service (stack consumption and application crash) via a crafted JSON
file.
### References:
https://github.com/stedolan/jq/issues/1136
http://www.openwall.com/lists/oss-security/2016/04/24/3
### Patch:
https://github.com/wmark/jq/commit/904ee3bf26f863b7b31c4085f511e54c0307e537
*(from redmine: issue id 8810, created on 2018-04-19, closed on 2018-05-02)*
* Relations:
* copied_to #8807
* parent #8807
* Changesets:
* Revision 402bf840277dd0eefebc0189286aa8d75bdf94c4 on 2018-04-30T18:35:44Z:
```
main/jq: security fix (CVE-2016-4074)
Fixes #8810
```3.5.3https://gitlab.alpinelinux.org/alpine/aports/-/issues/8823[3.5] wireshark:: Multiple vulnerabilities (CVE-2018-9256, CVE-2018-9260, CVE...2019-07-23T11:32:25ZAlicha CH[3.5] wireshark:: Multiple vulnerabilities (CVE-2018-9256, CVE-2018-9260, CVE-2018-9261, CVE-2018-9262, CVE-2018-9263, CVE-2018-9264, CVE-2018-9267, CVE-2018-9259)**CVE-2018-9256**: LWAPP dissector crash
Affected versions: 2.4.0 to 2.4.5, 2.2.0 to 2.2.13
Fixed versions: 2.4.6, 2.2.14
### References:
https://www.wireshark.org/security/wnpa-sec-2018-20.html
https://nvd.nist.gov/vuln/detail/CV...**CVE-2018-9256**: LWAPP dissector crash
Affected versions: 2.4.0 to 2.4.5, 2.2.0 to 2.2.13
Fixed versions: 2.4.6, 2.2.14
### References:
https://www.wireshark.org/security/wnpa-sec-2018-20.html
https://nvd.nist.gov/vuln/detail/CVE-2018-9256?cpeVersion=2.2
**CVE-2018-9260**: IEEE 802.15.4 dissector crash
Affected versions: 2.4.0 to 2.4.5, 2.2.0 to 2.2.13
Fixed versions: 2.4.6, 2.2.14
### References:
https://www.wireshark.org/security/wnpa-sec-2018-17.html
https://nvd.nist.gov/vuln/detail/CVE-2018-9260
**CVE-2018-9261**: NBAP dissector crash
Affected versions: 2.4.0 to 2.4.5, 2.2.0 to 2.2.13
Fixed versions: 2.4.6, 2.2.14
### References:
https://www.wireshark.org/security/wnpa-sec-2018-18.html
https://nvd.nist.gov/vuln/detail/CVE-2018-9261
**CVE-2018-9262**: VLAN dissector crash
Affected versions: 2.4.0 to 2.4.5, 2.2.0 to 2.2.13
Fixed versions: 2.4.6, 2.2.14
### References:
https://www.wireshark.org/security/wnpa-sec-2018-19.html
https://nvd.nist.gov/vuln/detail/CVE-2018-9262
**CVE-2018-9263**: Kerberos dissector crash
Affected versions: 2.4.0 to 2.4.5, 2.2.0 to 2.2.13
Fixed versions: 2.4.6, 2.2.14
### References:
https://www.wireshark.org/security/wnpa-sec-2018-23.html
https://nvd.nist.gov/vuln/detail/CVE-2018-9263
**CVE-2018-9264**: ADB dissector crash
Affected versions: 2.4.0 to 2.4.5, 2.2.0 to 2.2.13
Fixed versions: 2.4.6, 2.2.14
### References:
https://www.wireshark.org/security/wnpa-sec-2018-16.html
https://nvd.nist.gov/vuln/detail/CVE-2018-9264
**CVE-2018-9267**: Memory leaks in multiple dissectors
Affected versions: 2.4.0 to 2.4.5, 2.2.0 to 2.2.13
Fixed versions: 2.4.6, 2.2.14
https://www.wireshark.org/security/wnpa-sec-2018-24.html
https://nvd.nist.gov/vuln/detail/CVE-2018-9267
**CVE-2018-9259**: MP4 dissector crash
Affected versions: 2.4.0 to 2.4.5, 2.2.0 to 2.2.13
Fixed versions: 2.4.6, 2.2.14
### References:
https://www.wireshark.org/security/wnpa-sec-2018-15.html
https://nvd.nist.gov/vuln/detail/CVE-2018-9259
*(from redmine: issue id 8823, created on 2018-04-20, closed on 2018-05-02)*
* Relations:
* copied_to #8821
* parent #8821
* Changesets:
* Revision 3296b080a93bebe2fa5a42ed0bda9351f68b3f30 on 2018-04-30T19:54:32Z:
```
main/wireshark: security upgrade to 2.2.14
CVE-2018-9256, CVE-2018-9257, CVE-2018-9258, CVE-2018-9260,
CVE-2018-9261, CVE-2018-9262, CVE-2018-9263, CVE-2018-9264,
CVE-2018-9267, CVE-2018-10194
Fixes #8823
```3.5.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8828[3.5] mercurial: HTTP server permissions bypass (CVE-2018-1000132)2019-07-23T11:32:19ZAlicha CH[3.5] mercurial: HTTP server permissions bypass (CVE-2018-1000132)All versions of Mercurial prior to 4.5.2 have vulnerabilities in the
HTTP server that allow permissions bypass to:
Perform writes on repositories that should be read-only.
Perform reads on repositories that shouldn’t allow read access...All versions of Mercurial prior to 4.5.2 have vulnerabilities in the
HTTP server that allow permissions bypass to:
Perform writes on repositories that should be read-only.
Perform reads on repositories that shouldn’t allow read access.
Wire protocol commands that didn’t explicitly declare their permissions
had no permissions checking done.
The web.{allow-pull, allow-push, deny\_read, etc} config options
governing access control were never consulted
when running these commands. This allowed permissions bypass for
impacted commands.
The batch wire protocol command did not list its permission requirements
nor did it enforce permissions on individual sub-commands.
### References:
https://www.mercurial-scm.org/wiki/WhatsNew\#Mercurial\_4.5.1*.2F\_4.5.2*.282018-03-06.29
### Patch:
https://www.mercurial-scm.org/repo/hg/rev/2ecb0fc535b1
*(from redmine: issue id 8828, created on 2018-04-24, closed on 2018-07-30)*
* Relations:
* copied_to #8825
* parent #8825
* Changesets:
* Revision fd5d18f37e7b143d103323cc6850506536fcf0ac by Natanael Copa on 2018-07-30T07:55:25Z:
```
main/mercurial: security upgrade to 4.5.2 (CVE-2018-1000132)
fixes #8828
```3.5.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8832[3.5] memcached: UDP server support allows spoofed traffic amplification DoS ...2019-07-23T11:32:16ZAlicha CH[3.5] memcached: UDP server support allows spoofed traffic amplification DoS (CVE-2018-1000115)Memcached version 1.5.5 contains an Insufficient Control of Network
Message Volume (Network Amplification, CWE-406)
vulnerability in the UDP support of the memcached server that can result
in denial of service via network flood (traffi...Memcached version 1.5.5 contains an Insufficient Control of Network
Message Volume (Network Amplification, CWE-406)
vulnerability in the UDP support of the memcached server that can result
in denial of service via network flood (traffic amplification
of 1:50,000 has been reported by reliable sources). This attack appear
to be exploitable via network connectivity to port 11211 UDP.
### Fixed In Version:
memcached 1.5.6
### References:
http://openwall.com/lists/oss-security/2018/03/07/3
https://nvd.nist.gov/vuln/detail/CVE-2018-1000115
### Patch:
https://github.com/memcached/memcached/commit/dbb7a8af90054bf4ef51f5814ef7ceb17d83d974
*(from redmine: issue id 8832, created on 2018-04-24, closed on 2018-06-12)*
* Relations:
* copied_to #8830
* parent #8830
* Changesets:
* Revision ffbc207515e6c9e7c3184fb12c1ae8b8e5596a9e on 2018-06-11T13:03:55Z:
```
main/memcached: security fix (CVE-2018-1000115)
Fixes #8832
```3.5.3Natanael CopaNatanael Copa