aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2019-07-23T11:54:02Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7298[3.6] dropbear: Multiple vulnerabilities (CVE-2017-9078, CVE-2017-9079)2019-07-23T11:54:02ZAlicha CH[3.6] dropbear: Multiple vulnerabilities (CVE-2017-9078, CVE-2017-9079)**CVE-2017-9078** - The server in Dropbear before 2017.75 might allow
post-authentication
root remote code execution because of a double free in cleanup of TCP
listeners when the -a option is enabled.
**CVE-2017-9079** - Dropbear be...**CVE-2017-9078** - The server in Dropbear before 2017.75 might allow
post-authentication
root remote code execution because of a double free in cleanup of TCP
listeners when the -a option is enabled.
**CVE-2017-9079** - Dropbear before 2017.75 might allow local users to
read certain files
as root, if the file has the authorized\_keys file format with a
command= option. This occurs because ~/.ssh/authorized\_keys is read
with root privileges and symlinks are followed.
### Fixed In Version:
dropbear 2017.75
### References:
http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2017q2/001985.html
https://nvd.nist.gov/vuln/detail/CVE-2017-9078
https://nvd.nist.gov/vuln/detail/CVE-2017-9079
*(from redmine: issue id 7298, created on 2017-05-22, closed on 2017-06-15)*
* Relations:
* parent #7297
* Changesets:
* Revision f4e9419ee826624c3341a84ae65d82a212eb4d57 by Carlo Landmeter on 2017-05-22T10:25:33Z:
```
main/dropbear: upgrade to 2017.75
fixes #7298
```3.6.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7288[3.6] xen: Multiple issues (CVE-2017-8903, CVE-2017-8904)2019-07-23T11:54:11ZAlicha CH[3.6] xen: Multiple issues (CVE-2017-8903, CVE-2017-8904)**CVE-2017-8903, XSA-213**: x86: 64bit PV guest breakout via pagetable
use-after-mode-change
### Reference:
http://xenbits.xen.org/xsa/advisory-213.html
**CVE-2017-8904, XSA-214**: grant transfer allows PV guest to elevate
privileges
...**CVE-2017-8903, XSA-213**: x86: 64bit PV guest breakout via pagetable
use-after-mode-change
### Reference:
http://xenbits.xen.org/xsa/advisory-213.html
**CVE-2017-8904, XSA-214**: grant transfer allows PV guest to elevate
privileges
### References:
http://xenbits.xen.org/xsa/advisory-214.html
*(from redmine: issue id 7288, created on 2017-05-18, closed on 2017-06-16)*
* Relations:
* parent #7287
* Changesets:
* Revision 02f653dc5c3514c817450fa2f88a49c1bda04244 by Carlo Landmeter on 2017-05-22T11:25:34Z:
```
main/xen: sec fixes XSA-213 XSA-214
fixes #7288
```3.6.0Ariadne Conillariadne@ariadne.spaceAriadne Conillariadne@ariadne.spacehttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7283zabbix-webif needs php-xmlwriter2019-07-23T11:54:14ZLeonardo Arenazabbix-webif needs php-xmlwriterFix depends
*(from redmine: issue id 7283, created on 2017-05-16, closed on 2017-05-22)*
* Changesets:
* Revision 37ff688f2c8c2bbf037dcc490f5babdc4cc346e8 on 2017-05-17T06:33:46Z:
```
community/zabbix: fix webif depends and php7.1 ...Fix depends
*(from redmine: issue id 7283, created on 2017-05-16, closed on 2017-05-22)*
* Changesets:
* Revision 37ff688f2c8c2bbf037dcc490f5babdc4cc346e8 on 2017-05-17T06:33:46Z:
```
community/zabbix: fix webif depends and php7.1 compatibility
Fixes #7282 #7283
```3.6.0Leonardo ArenaLeonardo Arenahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7282zabbix issue with php 7.12019-07-23T11:54:15ZLeonardo Arenazabbix issue with php 7.1https://support.zabbix.com/browse/ZBX-11549
*(from redmine: issue id 7282, created on 2017-05-16, closed on 2017-05-22)*
* Changesets:
* Revision 37ff688f2c8c2bbf037dcc490f5babdc4cc346e8 on 2017-05-17T06:33:46Z:
```
community/zabbi...https://support.zabbix.com/browse/ZBX-11549
*(from redmine: issue id 7282, created on 2017-05-16, closed on 2017-05-22)*
* Changesets:
* Revision 37ff688f2c8c2bbf037dcc490f5babdc4cc346e8 on 2017-05-17T06:33:46Z:
```
community/zabbix: fix webif depends and php7.1 compatibility
Fixes #7282 #7283
```3.6.0Leonardo ArenaLeonardo Arenahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7281Bump openjdk8 to 8u131 to fix multiple CVEs2019-07-23T11:54:17ZyosifkitBump openjdk8 to 8u131 to fix multiple CVEsAccording to Oracle this version bump fixes the following CVEs:
CVE-2017-3512, CVE-2017-3514, CVE-2017-3511, CVE-2017-3526,
CVE-2017-3509, CVE-2017-3533, CVE-2017-3544, and CVE-2017-3539 ([Oracle
security
page](http://www.oracle.com/tech...According to Oracle this version bump fixes the following CVEs:
CVE-2017-3512, CVE-2017-3514, CVE-2017-3511, CVE-2017-3526,
CVE-2017-3509, CVE-2017-3533, CVE-2017-3544, and CVE-2017-3539 ([Oracle
security
page](http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixJAVA)).
See also [release
notes](http://www.oracle.com/technetwork/java/javase/8u131-relnotes-3565278.html)
for other fixes and improvements.
It would be great if this could get in the repository before the 3.6
release.
*(from redmine: issue id 7281, created on 2017-05-16, closed on 2017-05-25)*3.6.0Jakub JirutkaJakub Jirutkahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7279xenqemu crashed2019-07-23T11:54:19ZReinis Martinsonsxenqemu crashedWhen testing xen 4.8.1-r0 from edge I noticed the output of
`rc-status`
that xenqemu service is crashed. After testing with
`/usr/lib/xen/bin/qemu-system-i386 --version` I got the same error
which
was reported in Bug \#5768
Error...When testing xen 4.8.1-r0 from edge I noticed the output of
`rc-status`
that xenqemu service is crashed. After testing with
`/usr/lib/xen/bin/qemu-system-i386 --version` I got the same error
which
was reported in Bug \#5768
Error relocating /usr/bin/qemu-system-x86\_64: unsupported relocation
type 37
I had not experienced this problem in xen 4.7.2-r0 from v3.5.
After examining the resolving of Bug \#5768 I understand that the
problem
is caused by upgrading qemu-xen from 2.4.1 (in xen 4.7.2) to 2.7.0
(in xen 4.8.1).
I was able to resolve this issue by adding configure-ifunc.patch
(borrowing from
https://git.alpinelinux.org/cgit/aports/commit/?id=bc29caf941d285076894658e257a37fca33476ad
and prepending /tools/qemu-xen path) to my local aports tree under
main/xen and rebuilding xen with `abuild`.
Are you planning to add this patch to xen 4.8.1?
Kind regards,
Reinis
*(from redmine: issue id 7279, created on 2017-05-15, closed on 2017-05-22)*3.6.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/7272nextcloud-11.0.3-r1 missing dependencies - php7-session php7-mbstring2019-07-23T11:54:22ZPierre Nastnextcloud-11.0.3-r1 missing dependencies - php7-session php7-mbstringusing edge repositories, nextcloud-11.0.3-r1 doesn’t depend on
php7-session nor php7-mbstring.
These packages seem to be required.
If php7-session is not installed, when connecting to nextcloud, you’ll
get a 500 error with the followi...using edge repositories, nextcloud-11.0.3-r1 doesn’t depend on
php7-session nor php7-mbstring.
These packages seem to be required.
If php7-session is not installed, when connecting to nextcloud, you’ll
get a 500 error with the following message :
>Internal Server Error
>
>The server encountered an internal error and was unable to complete
your request.
>Please contact the server administrator if this error reappears
multiple times, please include the technical details below in your
report.
>More details can be found in the server log.
>
>Technical details
>Remote Address: 10.0.2.2
>Request ID: U64UmKd086c2iKgr33vV
If php7-mbstring is not installed, when connecting to nextcloud, you’ll
get a 503 error with the following message :
>PHP module mb multibyte not installed.
>Please ask your server administrator to install the module.
>
>PHP modules have been installed, but they are still listed as
missing?
>Please ask your server administrator to restart the web server.
Installing the two packages and running a `/etc/init.d/php-fpm7 restart`
solved the above problems and let me finish nextcloud’s setup.
*(from redmine: issue id 7272, created on 2017-05-05, closed on 2017-05-22)*3.6.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/7260[setup-alpine] wifi script doesn't allow spaces on password2019-07-23T11:54:35Zalgitbot[setup-alpine] wifi script doesn't allow spaces on passwordReported on irc.
<hiro> dudes, the wifi script called by the setup-alpine doesn’t allow
me to use spaces in my wifi password!
*(from redmine: issue id 7260, created on 2017-05-01, closed on 2019-02-25)*
* Changesets:
* Revision 1...Reported on irc.
<hiro> dudes, the wifi script called by the setup-alpine doesn’t allow
me to use spaces in my wifi password!
*(from redmine: issue id 7260, created on 2017-05-01, closed on 2019-02-25)*
* Changesets:
* Revision 10167e0964af0c8d5a968b0be22e3c2f3c5f3646 by Carlo Landmeter on 2017-05-23T07:42:15Z:
```
setup-interfaces: allow spaces in ssid and psk
fixes #7260
```3.6.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/7257Update llvm-libunwind and add libc++abi and libc++2019-07-23T11:54:39ZDima PulkinenUpdate llvm-libunwind and add libc++abi and libc++I tried hard. Please, tell me, if I did something wrong.
*(from redmine: issue id 7257, created on 2017-04-29, closed on 2017-05-22)*
* Uploads:
* [upgrade-unwind-to-4.0.patch](/uploads/48d04aba7cce5718826c66805e5e8058/upgrade-unwin...I tried hard. Please, tell me, if I did something wrong.
*(from redmine: issue id 7257, created on 2017-04-29, closed on 2017-05-22)*
* Uploads:
* [upgrade-unwind-to-4.0.patch](/uploads/48d04aba7cce5718826c66805e5e8058/upgrade-unwind-to-4.0.patch) update llvm-libunwind package
* [add-libcxxabi-and-libcxx.patch](/uploads/5dbb052874660796ea28ffec0e303d0f/add-libcxxabi-and-libcxx.patch) add libc++abi and libc++ packages3.6.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/7254nextcloud-mysql depends on php7-mysql2019-07-23T11:54:40ZThomas Renardnextcloud-mysql depends on php7-mysqlnextcloud-mysql 11.0.3-r0 depends on php7-mysql which does not exist:
ERROR: unsatisfiable constraints:
php7-mysql (missing):
required by:
nextcloud-mysql-11.0.3-r0\[php7-mysql\]
php7-pear-mdb2-driver-mysql (missing):
required...nextcloud-mysql 11.0.3-r0 depends on php7-mysql which does not exist:
ERROR: unsatisfiable constraints:
php7-mysql (missing):
required by:
nextcloud-mysql-11.0.3-r0\[php7-mysql\]
php7-pear-mdb2-driver-mysql (missing):
required by:
nextcloud-mysql-11.0.3-r0\[php7-pear-mdb2-driver-mysql\]
*(from redmine: issue id 7254, created on 2017-04-27, closed on 2017-05-22)*3.6.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/7238[3.6] gst-plugins-ugly1: Multiple issues (CVE-2017-5846, CVE-2017-5847)2019-07-23T11:54:44ZAlicha CH[3.6] gst-plugins-ugly1: Multiple issues (CVE-2017-5846, CVE-2017-5847)**CVE-2017-5846**: The gst\_asf\_demux\_process\_ext\_stream\_props
function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer
before 1.10.3
allows remote attackers to cause a denial of service (invalid memory
read and cra...**CVE-2017-5846**: The gst\_asf\_demux\_process\_ext\_stream\_props
function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer
before 1.10.3
allows remote attackers to cause a denial of service (invalid memory
read and crash) via vectors related to the number of languages in a
video file.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-5846
http://www.openwall.com/lists/oss-security/2017/02/01/7
### Patch:
https://cgit.freedesktop.org/gstreamer/gst-plugins-ugly/commit/?id=dec880031d16f1ee4919a36f49298419246cf6a8
**CVE-2017-5847**: References: The
gst\_asf\_demux\_process\_ext\_content\_desc function in
gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in
GStreamer allows remote attackers to cause a denial of service
(out-of-bounds heap read) via vectors involving extended content
descriptors.
### References
https://nvd.nist.gov/vuln/detail/CVE-2017-5847
### Patch:
https://github.com/GStreamer/gst-plugins-ugly/commit/d21017b52a585f145e8d62781bcc1c5fefc7ee37
*(from redmine: issue id 7238, created on 2017-04-26, closed on 2017-05-02)*
* Relations:
* parent #7237
* Changesets:
* Revision b8a7d654872e2cbbcd72060ff253170be3c8f1ba on 2017-04-28T14:47:30Z:
```
main/gst-plugins-ugly1: security upgrade 1.10.4 - fixes #7238
CVE-2017-5846, CVE-2017-5847
Add check()
```3.6.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7189[3.6] icu: multiple issues (CVE-2017-7867, CVE-2017-7868)2019-07-23T11:55:14ZAlicha CH[3.6] icu: multiple issues (CVE-2017-7867, CVE-2017-7868)**CVE-2017-7867**: Heap-buffer overflow in utext\_setNativeIndex
function
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-7867
### Patch:
http://bugs.icu-project.org/trac/changeset/39671
**CVE-2017-7868**: Heap-buffer over...**CVE-2017-7867**: Heap-buffer overflow in utext\_setNativeIndex
function
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-7867
### Patch:
http://bugs.icu-project.org/trac/changeset/39671
**CVE-2017-7868**: Heap-buffer overflow in utext\_moveIndex32 function
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-7868
### Patch:
http://bugs.icu-project.org/trac/changeset/39671
*(from redmine: issue id 7189, created on 2017-04-24, closed on 2017-04-25)*
* Relations:
* parent #71883.6.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7168[3.6] binutils: NULL pointer dereference in bfd_elf_final_link function (CVE-...2019-07-23T11:55:33ZAlicha CH[3.6] binutils: NULL pointer dereference in bfd_elf_final_link function (CVE-2017-7614)elflink.c in the Binary File Descriptor (BFD) library (aka libbfd) has a
“member access within null pointer”
undefined behavior issue, which might allow attackers to cause a denial
of service (application crash) or
possibly have unsp...elflink.c in the Binary File Descriptor (BFD) library (aka libbfd) has a
“member access within null pointer”
undefined behavior issue, which might allow attackers to cause a denial
of service (application crash) or
possibly have unspecified other impact via an “int main() {return 0;}”
program.
### References:
http://www.openwall.com/lists/oss-security/2017/04/10/16
https://nvd.nist.gov/vuln/detail/CVE-2017-7614
### Patch:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ad32986fdf9da1c8748e47b8b45100398223dba8
*(from redmine: issue id 7168, created on 2017-04-19, closed on 2018-09-27)*
* Relations:
* parent #7167
* Changesets:
* Revision 88c575c673f1e935c7358035436cdfdb5b2bf545 on 2017-04-25T13:49:58Z:
```
main/binutils: security fixes #7168 (CVE-2017-7614)
```3.6.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7160[3.6] elfutils: Multiple issues (CVE-2017-7607, CVE-2017-7608)2019-07-23T11:55:40ZAlicha CH[3.6] elfutils: Multiple issues (CVE-2017-7607, CVE-2017-7608)CVE-2017-7607: Heap-buffer overflow in the handle\_gnu\_hash function
---------------------------------------------------------------------
The handle\_gnu\_hash function in readelf.c in elfutils 0.168 allows
remote attackers to cause a...CVE-2017-7607: Heap-buffer overflow in the handle\_gnu\_hash function
---------------------------------------------------------------------
The handle\_gnu\_hash function in readelf.c in elfutils 0.168 allows
remote attackers to cause a denial of
service (heap-based buffer over-read and application crash) via a
crafted ELF file.
### References:
http://openwall.com/lists/oss-security/2017/04/10/8
https://nvd.nist.gov/vuln/detail/CVE-2017-7607
### Patch:
https://sourceware.org/ml/elfutils-devel/2017-q1/msg00109.html
CVE-2017-7608: Heap-buffer overflow in the ebl\_object\_note\_type\_name function
---------------------------------------------------------------------------------
The ebl\_object\_note\_type\_name function in eblobjnotetypename.c in
elfutils 0.168 allows remote attackers to
cause a denial of service (heap-based buffer over-read and application
crash) via a crafted ELF file.
### References:
http://openwall.com/lists/oss-security/2017/04/10/9
### Patch:
https://sourceware.org/ml/elfutils-devel/2017-q1/msg00111.html
*(from redmine: issue id 7160, created on 2017-04-18, closed on 2017-05-02)*
* Changesets:
* Revision 4a45ace18ee164914d795f6ae41f3e699bd67840 on 2017-04-26T12:10:11Z:
```
main/elfutils: security fixes #7160
```3.6.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7141[3.6] bind: Multiple vulnerabilities (CVE-2017-3136, CVE-2017-3137, CVE-2017-...2019-07-23T11:55:49ZAlicha CH[3.6] bind: Multiple vulnerabilities (CVE-2017-3136, CVE-2017-3137, CVE-2017-3138)CVE-2017-3136: An error handling synthesized records could cause an assertion failure when using DNS64 with “break-dnssec yes;”
-------------------------------------------------------------------------------------------------------------...CVE-2017-3136: An error handling synthesized records could cause an assertion failure when using DNS64 with “break-dnssec yes;”
-------------------------------------------------------------------------------------------------------------------------------
### Affected versions:
9.8.0 ->9.8.8-P1, 9.9.0 ->9.9.9-P6, 9.9.10b1<s><span
style="text-align:right;">9.9.10rc1, 9.10.0</span></s>>9.10.4-P6,
9.10.5b1<s><span style="text-align:right;">9.10.5rc1,
9.11.0</span></s>>**9.11.0-P3**, 9.11.1b1<s><span
style="text-align:right;">9.11.1rc1, 9.9.3-S1</span></s>>9.9.9-S8
### Fixed in:
BIND 9 version 9.9.9-P8
BIND 9 version 9.10.4-P8
**BIND 9 version 9.11.0-P5**
### References:
https://kb.isc.org/article/AA-01465/74/CVE-2017-3136%3A-An-error-handling-synthesized-records-could-cause-an-assertion-failure-when-using-DNS64-with-break-dnssec-yes.html
CVE-2017-3137: A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME
------------------------------------------------------------------------------------------------------------------------
### Affected versions:
9.9.9-P6, 9.9.10b1<s><span style="text-align:right;">9.9.10rc1,
9.10.4-P6, 9.10.5b1</span></s>>9.10.5rc1, **9.11.0-P3**,
9.11.1b1->9.11.1rc1, and 9.9.9-S8
### Fixed in:
BIND 9 version 9.9.9-P8
BIND 9 version 9.10.4-P8
**BIND 9 version 9.11.0-P5**
### References:
https://kb.isc.org/article/AA-01466/74/CVE-2017-3137%3A-A-response-packet-can-cause-a-resolver-to-terminate-when-processing-an-answer-containing-a-CNAME-or-DNAME.html
CVE-2017-3138: named exits with a REQUIRE assertion failure if it receives a null command string on its control channel
-----------------------------------------------------------------------------------------------------------------------
### Affected versions:
9.9.9<s><span style="text-align:right;">9.9.9-P7,
9.9.10b1</span></s>>9.9.10rc2, 9.10.4<s><span
style="text-align:right;">9.10.4-P7, 9.10.5b1</span></s>>9.10.5rc2,
9.11.0<s><span style="text-align:right;">9.11.0-P4,
9.11.1b1</span></s>>9.11.1rc2, 9.9.9-S1->9.9.9-S9
### Fixed in:
BIND 9 version 9.9.9-P8
BIND 9 version 9.10.4-P8
**BIND 9 version 9.11.0-P5**
### References:
https://kb.isc.org/article/AA-01471/74/CVE-2017-3138%3A-named-exits-with-a-REQUIRE-assertion-failure-if-it-receives-a-null-command-string-on-its-control-channel.html
*(from redmine: issue id 7141, created on 2017-04-14, closed on 2017-04-25)*
* Relations:
* parent #7140
* Changesets:
* Revision d3fda9ff848e86bb921ae7951f64dcaf69487af1 by Sergei Lukin on 2017-04-14T14:12:39Z:
```
main/bind: security upgrade to 9.11.0_p5 - fixes #7141
CVE-2017-3136: An error handling synthesized records could cause an assertion failure when using DNS64 with "break-dnssec yes;"
CVE-2017-3137: A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME
CVE-2017-3138: named exits with a REQUIRE assertion failure if it receives a null command string on its control channel
```3.6.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7133[3.6] curl: write-out out of buffer read (CVE-2017-7407)2019-07-23T11:55:56ZAlicha CH[3.6] curl: write-out out of buffer read (CVE-2017-7407)There were two bugs in curl’s parser for the command line option
—write-out (or -w for short) that would skip the end of string zero
byte
if the string ended in a % (percent) or \\ (backslash), and it would
read beyond that buffer in t...There were two bugs in curl’s parser for the command line option
—write-out (or -w for short) that would skip the end of string zero
byte
if the string ended in a % (percent) or \\ (backslash), and it would
read beyond that buffer in the heap memory and it could then
potentially
output pieces of that memory to the terminal or the target file etc.
### Affected versions:
6.5 to and including 7.53.1
### Not affected versions:
< 6.5 and >= 7.54.0
### References:
https://curl.haxx.se/docs/security.html
### Patch:
https://curl.haxx.se/CVE-2017-7407.patch
*(from redmine: issue id 7133, created on 2017-04-13, closed on 2017-04-25)*
* Relations:
* parent #7132
* Changesets:
* Revision 0f35f8523fa0ee7712e837f13602edffb5260ce5 by Sergei Lukin on 2017-04-14T14:12:39Z:
```
main/curl: security fixes #7133
CVE-2017-7407: write-out out of buffer read
```3.6.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7118[3.6] tiff: Multiple vulnerabilities (CVE-2017-7592, CVE-2017-7593, CVE-2017-...2019-07-23T11:56:11ZAlicha CH[3.6] tiff: Multiple vulnerabilities (CVE-2017-7592, CVE-2017-7593, CVE-2017-7594, CVE-2017-7595, CVE-2017-7596, CVE-2017-7597, CVE-2017-7598, CVE-2017-7599, CVE-2017-7600, CVE-2017-7601, CVE-2017-7602)CVE-2017-7592: Left shift of unsigned char without a cast
---------------------------------------------------------
The putagreytile function in tif\_getimage.c in LibTIFF 4.0.7 has a
left-shift undefined behavior issue, which might all...CVE-2017-7592: Left shift of unsigned char without a cast
---------------------------------------------------------
The putagreytile function in tif\_getimage.c in LibTIFF 4.0.7 has a
left-shift undefined behavior issue, which might allow remote
attackers to cause a denial of service (application crash) or possibly
have unspecified other impact via a crafted image.
### References:
http://bugzilla.maptools.org/show\_bug.cgi?id=2658
https://nvd.nist.gov/vuln/detail/CVE-2017-7592
### Patch:
https://github.com/vadz/libtiff/commit/48780b4fcc425cddc4ef8ffdf536f96a0d1b313b
CVE-2017-7593: tif\_rawdata not properly initialized in tif\_read.c
-------------------------------------------------------------------
tif\_read.c in LibTIFF 4.0.7 does not ensure that tif\_rawdata is
properly initialized, which might allow remote
attackers to obtain sensitive information from process memory via a
crafted image.
### References:
http://bugzilla.maptools.org/show\_bug.cgi?id=2651
http://openwall.com/lists/oss-security/2017/04/10/2
https://nvd.nist.gov/vuln/detail/CVE-2017-7593
### Patch:
https://github.com/vadz/libtiff/commit/d60332057b9575ada4f264489582b13e30137be1
CVE-2017-7594: Direct leak in tif\_ojpeg.c
------------------------------------------
The OJPEGReadHeaderInfoSecTablesDcTable function in tif\_ojpeg.c in
LibTIFF 4.0.7 allows remote attackers
to cause a denial of service (memory leak) via a crafted image.
### References:
http://bugzilla.maptools.org/show\_bug.cgi?id=2659
http://openwall.com/lists/oss-security/2017/04/10/3
https://nvd.nist.gov/vuln/detail/CVE-2017-7594
### Patches:
https://github.com/vadz/libtiff/commit/2ea32f7372b65c24b2816f11c04bf59b5090d05b
https://github.com/vadz/libtiff/commit/8283e4d1b7e53340684d12932880cbcbaf23a8c1
CVE-2017-7595: Divide-by-zero in JPEGSetupEncode (tiff\_jpeg.c)
---------------------------------------------------------------
The JPEGSetupEncode function in tiff\_jpeg.c in LibTIFF 4.0.7 allows
remote attackers to cause a
denial of service (divide-by-zero error and application crash) via a
crafted image.
### References:
http://openwall.com/lists/oss-security/2017/04/10/4
### Patch:
https://github.com/vadz/libtiff/commit/47f2fb61a3a64667bce1a8398a8fcb1b348ff122
CVE-2017-7596: Float out of range issue in tif\_dir.c
-----------------------------------------------------
LibTIFF 4.0.7 has an “outside the range of representable values of type
float” undefined behavior issue,
which might allow remote attackers to cause a denial of service
(application crash) or possibly have unspecified other impact via a
crafted image.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-7596
http://openwall.com/lists/oss-security/2017/04/10/5
### Patch:
https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490
CVE-2017-7597:Float out of range issue in tif\_dirread.c
--------------------------------------------------------
tif\_dirread.c in LibTIFF 4.0.7 has an “outside the range of
representable values of type float” undefined behavior issue, which
might allow
remote attackers to cause a denial of service (application crash) or
possibly have unspecified other impact via a crafted image.
### References:
http://openwall.com/lists/oss-security/2017/04/10/5
### Patch:
https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490
CVE-2017-7598: tif\_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image.
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------
### References:
http://openwall.com/lists/oss-security/2017/04/10/5
### Patch:
https://github.com/vadz/libtiff/commit/3cfd62d77c2a7e147a05bd678524c345fa9c2bb8
CVE-2017-7599: Unsigned short out of range in tif\_dirwrite.c
-------------------------------------------------------------
LibTIFF 4.0.7 has an “outside the range of representable values of type
short” undefined behavior issue,
which might allow remote attackers to cause a denial of service
(application crash) or possibly have unspecified other impact via a
crafted image.
### References:
http://openwall.com/lists/oss-security/2017/04/10/5
### Patch:
https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490
CVE-2017-7600: Unsigned char out of range in tif\_dirwrite.c
------------------------------------------------------------
LibTIFF 4.0.7 has an “outside the range of representable values of type
unsigned char” undefined behavior issue,
which might allow remote attackers to cause a denial of service
(application crash) or possibly have unspecified other impact via a
crafted image.
### References:
http://openwall.com/lists/oss-security/2017/04/10/5
### Patch:
https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490
CVE-2017-7601: Signed integer overflow in tif\_jpeg.c
-----------------------------------------------------
LibTIFF 4.0.7 has a “shift exponent too large for 64-bit type long”
undefined behavior issue, which might allow remote attackers
to cause a denial of service (application crash) or possibly have
unspecified other impact via a crafted image.
### References:
http://openwall.com/lists/oss-security/2017/04/10/5
### Patch:
https://github.com/vadz/libtiff/commit/0a76a8c765c7b8327c59646284fa78c3c27e5490
CVE-2017-7602: Signed integer overflow in tif\_read.c
-----------------------------------------------------
LibTIFF 4.0.7 has a signed integer overflow, which might allow remote
attackers to cause
a denial of service (application crash) or possibly have unspecified
other impact via a crafted image.
### References:
http://openwall.com/lists/oss-security/2017/04/10/5
### Patch:
https://github.com/vadz/libtiff/commit/66e7bd59520996740e4df5495a830b42fae48bc4
*(from redmine: issue id 7118, created on 2017-04-12, closed on 2017-05-02)*
* Relations:
* parent #7117
* Changesets:
* Revision dd8f891e03d6c9f13592cb40f786b4528af87e68 on 2017-04-25T14:58:37Z:
```
main/tiff: security fixes #7118
CVE-2017-7592, CVE-2017-7593, CVE-2017-7594, CVE-2017-7595, CVE-2017-7596,
CVE-2017-7598, CVE-2017-7601, CVE-2017-7602
CVE-2017-7597, CVE-2017-7599, CVE-75600 are already included in upstream release
```3.6.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/7095[3.6] py-django: security issues (CVE-2017-7233, CVE-2017-7234)2019-07-23T11:56:27ZAlicha CH[3.6] py-django: security issues (CVE-2017-7233, CVE-2017-7234)**CVE-2017-7233**: Open redirect and possible XSS attack via
user-supplied numeric redirect URLs
**CVE-2017-7234**: Open redirect vulnerability in
django.views.static.serve()
### Fixed in:
py-django 1.10.7, 1.9.13, and 1.8.18
### Ref...**CVE-2017-7233**: Open redirect and possible XSS attack via
user-supplied numeric redirect URLs
**CVE-2017-7234**: Open redirect vulnerability in
django.views.static.serve()
### Fixed in:
py-django 1.10.7, 1.9.13, and 1.8.18
### References:
https://www.djangoproject.com/weblog/2017/apr/04/security-releases/
*(from redmine: issue id 7095, created on 2017-04-06, closed on 2017-04-06)*
* Relations:
* parent #70943.6.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7087[3.6] wget: CRLF injection in the url_parse function in url.c (CVE-2017-6508)2019-07-23T11:56:35ZAlicha CH[3.6] wget: CRLF injection in the url_parse function in url.c (CVE-2017-6508)CRLF injection vulnerability in the url\_parse function in url.c in Wget
through 1.19.1 allows remote attackers to inject
arbitrary HTTP headers via CRLF sequences in the host subcomponent of a
URL.
### References:
http://lists.gnu.o...CRLF injection vulnerability in the url\_parse function in url.c in Wget
through 1.19.1 allows remote attackers to inject
arbitrary HTTP headers via CRLF sequences in the host subcomponent of a
URL.
### References:
http://lists.gnu.org/archive/html/bug-wget/2017-03/msg00018.html
https://nvd.nist.gov/vuln/detail/CVE-2017-6508
### Patch:
http://git.savannah.gnu.org/cgit/wget.git/commit/?id=4d729e322fae359a1aefaafec1144764a54e8ad4
*(from redmine: issue id 7087, created on 2017-04-04, closed on 2017-04-06)*
* Relations:
* parent #7086
* Changesets:
* Revision 1a5ce94c4aa8247104f2ec105fab532c9a6fbeb4 by Sergei Lukin on 2017-04-05T10:29:04Z:
```
main/wget: security fixes #7087
CVE-2017-6508: CRLF injection in the url_parse function in url.c
```3.6.0Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7066gearmand: update to 1.1.152019-07-23T11:56:49ZJesús García Crespogearmand: update to 1.1.15Significant fixes for the redis queue backend were made after 1.1.12.
redis is one of the backends supported in the package distributed by
Alpine Linux.
For your information: 1.1.13 and later releases are now on Github:
https://github.c...Significant fixes for the redis queue backend were made after 1.1.12.
redis is one of the backends supported in the package distributed by
Alpine Linux.
For your information: 1.1.13 and later releases are now on Github:
https://github.com/gearman/gearmand/releases
*(from redmine: issue id 7066, created on 2017-03-28, closed on 2017-05-22)*
* Changesets:
* Revision 5d1c3fc11703f547a43bc4d7b9f089d75efbec60 by Carlo Landmeter on 2017-05-22T13:42:20Z:
```
testing/gearmand: upgrade to 1.1.15
fixes #7066
```3.6.0