aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2021-07-18T07:23:52Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9994[3.6] curl: Multiple vulnerabilities (CVE-2018-16890, CVE-2019-3822, CVE-2019...2021-07-18T07:23:52ZAlicha CH[3.6] curl: Multiple vulnerabilities (CVE-2018-16890, CVE-2019-3822, CVE-2019-3823)CVE-2018-16890: NTLM type-2 out-of-bounds buffer read
-----------------------------------------------------
The function handling incoming NTLM type-2 messages
(lib/vauth/ntlm.c:ntlm\_decode\_type2\_target) does not validate
incoming da...CVE-2018-16890: NTLM type-2 out-of-bounds buffer read
-----------------------------------------------------
The function handling incoming NTLM type-2 messages
(lib/vauth/ntlm.c:ntlm\_decode\_type2\_target) does not validate
incoming data correctly and is subject to an integer overflow
vulnerability.
Using that overflow, a malicious or broken NTLM server could trick
libcurl to accept a bad length + offset combination that would lead to a
buffer read out-of-bounds.
### Affected versions:
libcurl 7.36.0 to and including 7.63.0
### Not affected versions:
libcurl < 7.36.0 and >= 7.64.0
### References:
https://curl.haxx.se/docs/CVE-2018-16890.html
### Patch:
https://github.com/curl/curl/commit/b780b30d1377adb10bbe774835f49e9b237fb9bb
CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow
---------------------------------------------------------
The function creating an outgoing NTLM type-3 header
(lib/vauth/ntlm.c:Curl\_auth\_create\_ntlm\_type3\_message()), generates
the request HTTP header contents based on previously received data. The
check that exists to prevent the local buffer from getting overflowed is
implemented wrongly (using unsigned math) and as such it does not
prevent the overflow from happening.
This output data can grow larger than the local buffer if very large “nt
response” data is extracted from a previous NTLMv2 header provided by
the malicious or broken HTTP server. Such a “large value” needs to be
around 1000 bytes or more. The actual payload data copied to the target
buffer comes from the NTLMv2 type-2 response header.
### Affected versions:
libcurl 7.36.0 to and including 7.63.0
### Not affected versions:
libcurl < 7.36.0 and >= 7.64.0
### References:
https://curl.haxx.se/docs/CVE-2019-3822.html
### Patch:
https://github.com/curl/curl/commit/86724581b6c
CVE-2019-3823: SMTP end-of-response out-of-bounds read
------------------------------------------------------
If the buffer passed to smtp\_endofresp() isn’t NUL terminated and
contains no character ending the parsed number, and len is set to 5,
then the strtol() call reads beyond the allocated buffer. The read
contents will not be returned to the caller.
### Affected versions:
libcurl 7.34.0 to and including 7.63.0
### Not affected versions:
libcurl < 7.34.0
### References:
https://curl.haxx.se/docs/CVE-2019-3823.html
### Patch:
https://github.com/curl/curl/commit/39df4073e5413fcdbb5a38da0c1ce6f1c0ceb484
*(from redmine: issue id 9994, created on 2019-02-20, closed on 2019-03-05)*
* Relations:
* parent #9990
* Changesets:
* Revision d3a946561011a260c6b7a31fa0714a943e38cdfa on 2019-03-05T08:40:08Z:
```
main/curl: security fixes
CVE-2018-16890, CVE-2019-3822, CVE-2019-3823
Fixes #9994
```3.6.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7497[3.6] bind: Multiple vulnerabilities (CVE-2017-3142, CVE-2017-3143)2020-10-20T09:33:11ZAlicha CH[3.6] bind: Multiple vulnerabilities (CVE-2017-3142, CVE-2017-3143)**CVE-2017-3142**: An error in TSIG authentication can permit
unauthorized zone transfers
### Affected versions:
9.4.0<s><span style="text-align:right;">9.8.8,
9.9.0</span></s>&gt;9.9.10-P1, 9.10.0<s><span
style="text-align:right;">9.1...**CVE-2017-3142**: An error in TSIG authentication can permit
unauthorized zone transfers
### Affected versions:
9.4.0<s><span style="text-align:right;">9.8.8,
9.9.0</span></s>>9.9.10-P1, 9.10.0<s><span
style="text-align:right;">9.10.5-P1, 9.11.0</span></s>>9.11.1-P1
### Fixed in:
BIND 9 version 9.11.1-P2
### Reference:
https://kb.isc.org/article/AA-01504
**CVE-2017-3143**: An error in TSIG authentication can permit
unauthorized dynamic updates
### Affected versions:
9.4.0<s><span style="text-align:right;">9.8.8,
9.9.0</span></s>>9.9.10-P1, 9.10.0<s><span
style="text-align:right;">9.10.5-P1, 9.11.0</span></s>>9.11.1-P1
### Fixed in:
BIND 9 version 9.11.1-P2
### Reference:
https://kb.isc.org/article/AA-01503/74/CVE-2017-3143%3A-An-error-in-TSIG-authentication-can-permit-unauthorized-dynamic-updates.html
*(from redmine: issue id 7497, created on 2017-07-11, closed on 2017-08-07)*
* Relations:
* parent #7496
* Changesets:
* Revision 4105cc0c96fb20b95bd9f54160b62af7ca88cd72 by Francesco Colista on 2017-08-07T14:28:48Z:
```
main/bind: fix for CVE-2017-3142 and CVE-2017-3143. Fixes #7497
```
* Revision 000448bf41a304f8c8bb80b82646bbbb3549b492 by Francesco Colista on 2017-08-07T14:39:01Z:
```
main/bind: fix for CVE-2017-3142 and CVE-2017-3143. Fixes #7497
```3.6.3Francesco ColistaFrancesco Colistahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9682[3.6] openjpeg: Multiple vulnerabilities (CVE-2017-17480, CVE-2018-18088)2020-06-23T23:02:11ZAlicha CH[3.6] openjpeg: Multiple vulnerabilities (CVE-2017-17480, CVE-2018-18088)CVE-2018-18088: NULL pointer dereference in the imagetopnm function of jp2/convert.c
------------------------------------------------------------------------------------
A flaw was found in OpenJPEG 2.3.0. A NULL pointer dereference for...CVE-2018-18088: NULL pointer dereference in the imagetopnm function of jp2/convert.c
------------------------------------------------------------------------------------
A flaw was found in OpenJPEG 2.3.0. A NULL pointer dereference for “red”
in the
imagetopnm function of jp2/convert.c
### References:
https://github.com/uclouvain/openjpeg/issues/1152
https://nvd.nist.gov/vuln/detail/CVE-2018-18088
### Patch:
https://github.com/uclouvain/openjpeg/commit/cab352e249ed3372dd9355c85e837613fff98fa2
CVE-2017-17480: Stack-buffer overflow in the pgxtovolume function
-----------------------------------------------------------------
In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the
pgxtovolume function in jp3d/convert.c. The vulnerability
causes an out-of-bounds write, which may lead to remote denial of
service or possibly remote code execution.
### References:
https://github.com/uclouvain/openjpeg/issues/1044
https://security-tracker.debian.org/tracker/CVE-2017-17480
### Patch:
https://github.com/uclouvain/openjpeg/commit/0bc90e4062a5f9258c91eca018c019b179066c62
*(from redmine: issue id 9682, created on 2018-11-22, closed on 2018-11-26)*
* Relations:
* parent #9678
* Changesets:
* Revision 63abfe33f12495cf5ac86d5fd590f018538d33b1 by Natanael Copa on 2018-11-22T16:23:29Z:
```
main/openjpeg: security fixes (CVE-2017-17480,CVE-2018-18088)
also remove unused patches
fixes #9682
```3.6.3Francesco ColistaFrancesco Colistahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9430[3.6] libjpeg-turbo: Multiple vulnerabilities (CVE-2017-15232, CVE-2018-1152,...2020-06-21T11:41:01ZAlicha CH[3.6] libjpeg-turbo: Multiple vulnerabilities (CVE-2017-15232, CVE-2018-1152, CVE-2018-11813)**CVE-2017-15232**: libjpeg-turbo 1.5.2 has a NULL Pointer Dereference
in jdpostct.c and jquant1.c
via a crafted JPEG file.
### References:
https://github.com/libjpeg-turbo/libjpeg-turbo/pull/182
https://nvd.nist.gov/vuln/detail/CV...**CVE-2017-15232**: libjpeg-turbo 1.5.2 has a NULL Pointer Dereference
in jdpostct.c and jquant1.c
via a crafted JPEG file.
### References:
https://github.com/libjpeg-turbo/libjpeg-turbo/pull/182
https://nvd.nist.gov/vuln/detail/CVE-2017-15232
**CVE-2018-1152**: libjpeg-turbo 1.5.90 is vulnerable to a denial of
service vulnerability caused by
a divide by zero when processing a crafted BMP image.
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-1152
### Patch:
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/43e84cff1bb2bd8293066f6ac4eb0df61ddddbc6
**CVE-2018-11813**: “cjpeg” utility large loop because read\_pixel in
rdtarga.c mishandles EOF
### Reference:
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/242
### Patch:
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/19074854d9d8bc32dff3ed252eed17ed6cc2ecfc
*(from redmine: issue id 9430, created on 2018-09-20, closed on 2018-09-27)*
* Relations:
* parent #9426
* Changesets:
* Revision 57be3b6c46af86fdf2eb35774a58fd49ca27b1a6 by Natanael Copa on 2018-09-25T12:54:48Z:
```
main/libjpeg-turbo: backport security fix (CVE-2018-11813)
fixes #9430
```3.6.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9713[3.6] git: Improper handling of PATH allows for commands to executed from cur...2020-05-23T11:25:45ZAlicha CH[3.6] git: Improper handling of PATH allows for commands to executed from current directory (CVE-2018-19486)Git before 2.19.2 on Linux and UNIX executes commands from the current
working directory (as if ‘.’ were at the end of $PATH) in certain
cases involving the run\_command() API and run-command.c, because there
was a dangerous change fro...Git before 2.19.2 on Linux and UNIX executes commands from the current
working directory (as if ‘.’ were at the end of $PATH) in certain
cases involving the run\_command() API and run-command.c, because there
was a dangerous change from execvp to execv during 2017.
### Fixed In Version:
git 2.19.2
### References:
https://git.kernel.org/pub/scm/git/git.git/tree/Documentation/RelNotes/2.19.2.txt
https://nvd.nist.gov/vuln/detail/CVE-2018-19486
### Patch:
Fixed by:
https://git.kernel.org/pub/scm/git/git.git/commit/?id=321fd82389742398d2924640ce3a61791fd27d60
Introduced by:
https://git.kernel.org/pub/scm/git/git.git/commit/?id=e3a434468fecca7c14a6bef32050dfa60534fde6
*(from redmine: issue id 9713, created on 2018-11-29, closed on 2018-12-04)*
* Relations:
* parent #9710
* Changesets:
* Revision 77ebb2a9270d15652313ccf62a06fd2960b8b9ba by Natanael Copa on 2018-11-30T11:26:13Z:
```
main/git: security fix (CVE-2018-19486)
fixes #9713
also fix secfixes comment
```3.6.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9614[3.6] curl: Multiple vulnerabilities (CVE-2018-16839, CVE-2018-16840, CVE-201...2020-01-18T00:12:52ZAlicha CH[3.6] curl: Multiple vulnerabilities (CVE-2018-16839, CVE-2018-16840, CVE-2018-16842)CVE-2018-16839: SASL password overflow via integer overflow
-----------------------------------------------------------
The internal function Curl\_auth\_create\_plain\_message fails to
correctly verify that the passed in lengths
for ...CVE-2018-16839: SASL password overflow via integer overflow
-----------------------------------------------------------
The internal function Curl\_auth\_create\_plain\_message fails to
correctly verify that the passed in lengths
for name and password aren’t too long, then calculates a buffer size to
allocate.
On systems with a 32 bit size\_t, the math to calculate the buffer size
triggers an integer overflow when the user name length exceeds 2GB (2^31
bytes).
This integer overflow usually causes a very small buffer to actually get
allocated instead of the intended very huge one, making the use of that
buffer end up in a heap buffer overflow.
### Affected versions:
libcurl 7.33.0 to and including 7.61.1
### Not affected versions:
libcurl < 7.33.0 and >= 7.62.0
### Reference:
https://curl.haxx.se/docs/CVE-2018-16839.html
### Patch:
https://github.com/curl/curl/commit/f3a24d7916b9173c69a3e0ee790102993833d6c5
CVE-2018-16840: use-after-free in handle close
----------------------------------------------
When closing and cleaning up an “easy” handle in the Curl\_close()
function, the library code first frees a struct (without nulling the
pointer) and might
then subsequently erroneously write to a struct field within that
already freed struct.
### Affected versions:
libcurl 7.59.0 to and including 7.61.1
### Not affected versions:
libcurl < 7.59.0 and >= 7.62.0
### Reference:
https://curl.haxx.se/docs/CVE-2018-16840.html
### Patch:
https://github.com/curl/curl/commit/81d135d67155c5295b1033679c606165d4e28f3f
CVE-2018-16842: warning message out-of-buffer read
--------------------------------------------------
The command line tool has a generic function for displaying warning and
informational messages to stderr for various
situations. For example if an unknown command line argument is used, or
passed to it in a “config” file.
This display function formats the output to wrap at 80 columns. The wrap
logic is however flawed, so if a single word in the message is itself
longer than 80 bytes
the buffer arithmetic calculates the remainder wrong and will end up
reading behind the end of the buffer. This could lead to information
disclosure or crash.
### Reference:
https://curl.haxx.se/docs/CVE-2018-16842.html
### Patch:
https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211
*(from redmine: issue id 9614, created on 2018-11-01, closed on 2018-11-08)*
* Relations:
* parent #9610
* Changesets:
* Revision e18d21d9de556e0b240ee9927d91fce46d8e31ba on 2018-11-06T14:39:36Z:
```
main/curl: security fixes
(CVE-2018-16839, CVE-2018-16840, CVE-2018-16842)
Fixes #9614
```3.6.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7315[3.6] binutils: Multiple vulnerabilities (CVE-2017-9038, CVE-2017-9039, CVE-2...2019-07-23T11:53:45ZAlicha CH[3.6] binutils: Multiple vulnerabilities (CVE-2017-9038, CVE-2017-9039, CVE-2017-9040, CVE-2017-9041, CVE-2017-9042, CVE-2017-9043, CVE-2017-9044)**CVE-2017-9038**: GNU Binutils 2.28 allows remote attackers to cause a
denial of service (heap-based buffer over-read and application crash)
via a crafted ELF file,
related to the byte\_get\_little\_endian function in elfcomm.c, the
g...**CVE-2017-9038**: GNU Binutils 2.28 allows remote attackers to cause a
denial of service (heap-based buffer over-read and application crash)
via a crafted ELF file,
related to the byte\_get\_little\_endian function in elfcomm.c, the
get\_unwind\_section\_word function in readelf.c, and ARM unwind
information that contains invalid word offsets.
### References:
http://openwall.com/lists/oss-security/2017/05/18/7
https://nvd.nist.gov/vuln/detail/CVE-2017-9038
### Patch:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f32ba72991d2406b21ab17edc234a2f3fa7fb23d
**CVE-2017-9039**: GNU Binutils 2.28 allows remote attackers to cause a
denial of service (memory consumption) via a
crafted ELF file with many program headers, related to the
get\_program\_headers function in readelf.c.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-9039
http://openwall.com/lists/oss-security/2017/05/18/7
### Patch:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=82156ab704b08b124d319c0decdbd48b3ca2dac5
**CVE-2017-9040**: GNU Binutils allows attackers to cause a denial of
service (NULL pointer dereference and application crash), related to
the
process\_mips\_specific function in readelf.c, via a crafted ELF file
that triggers a large memory-allocation attempt.
### References:
http://openwall.com/lists/oss-security/2017/05/18/7
### Patch:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf
**CVE-2017-9041**: GNU Binutils 2.28 allows remote attackers to cause a
denial of service (heap-based buffer over-read and application crash)
via a crafted ELF file,
related to MIPS GOT mishandling in the process\_mips\_specific function
in readelf.c.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-9041
### Patches:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75ec1fdbb797a389e4fe4aaf2e15358a070dcc19
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c4ab9505b53cdc899506ed421fddb7e1f8faf7a3
**CVE-2017-9042**: readelf.c in GNU Binutils has a “cannot be
represented in type long” issue, which might allow attackers to cause a
denial of
service (application crash) or possibly have unspecified other impact
via a crafted ELF file.
### References:
http://openwall.com/lists/oss-security/2017/05/18/7
https://nvd.nist.gov/vuln/detail/CVE-2017-9042
### Patch:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf
**CVE-2017-9043**: readelf.c in GNU Binutils has a “shift exponent too
large for type unsigned long” issue, which might allow attackers
to cause a denial of service (application crash) or possibly have
unspecified other impact via a crafted ELF file.
### References:
http://openwall.com/lists/oss-security/2017/05/18/7
### Patch:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ddef72cdc10d82ba011a7ff81cafbbd3466acf54
**CVE-2017-9044**: The print\_symbol\_for\_build\_attribute function in
readelf.c in GNU Binutils allows attackers to cause a denial of
service
(invalid read and SEGV) via a crafted ELF file.
### References:
http://openwall.com/lists/oss-security/2017/05/18/7
https://nvd.nist.gov/vuln/detail/CVE-2017-9044
*(from redmine: issue id 7315, created on 2017-05-23, closed on 2019-05-03)*
* Relations:
* parent #7314
* Changesets:
* Revision f98d79930f0ada8e9948eafc26ce6e8672292f2e on 2017-10-25T14:40:09Z:
```
main/binutils: security fix (CVE-2017-9038)
partially fixes #7315
```
* Revision d383182bc2a39fe60871fe944ed20dcdd4a2011d by Natanael Copa on 2018-05-30T20:42:41Z:
```
main/binutils: upgrade to 2.30
fixes #7315
fixes #8881
```3.6.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7372openjdk8-jre: Breaking change in 3.62019-07-23T11:52:58ZAndrea Giardiniopenjdk8-jre: Breaking change in 3.6Hello
Upgrading our jenkins container from alpine:3.5 to 3.6 causes Jenkins to
break with the following error
May 30, 2017 9:32:58 AM hudson.util.BootFailure publish
SEVERE: Failed to initialize Jenkins
hudson.util.AWTProblem: java...Hello
Upgrading our jenkins container from alpine:3.5 to 3.6 causes Jenkins to
break with the following error
May 30, 2017 9:32:58 AM hudson.util.BootFailure publish
SEVERE: Failed to initialize Jenkins
hudson.util.AWTProblem: java.lang.UnsatisfiedLinkError:
/usr/lib/jvm/java-1.8-openjdk/jre/lib/amd64/libfontmanager.so: Error
relocating
/usr/lib/jvm/java-1.8-openjdk/jre/lib/amd64/libfontmanager.so:
AWTFontDefaultChar: symbol not found
at hudson.WebAppMain.contextInitialized(WebAppMain.java:195)
at
org.eclipse.jetty.server.handler.ContextHandler.callContextInitialized(ContextHandler.java:800)
at
org.eclipse.jetty.servlet.ServletContextHandler.callContextInitialized(ServletContextHandler.java:444)
at
org.eclipse.jetty.server.handler.ContextHandler.startContext(ContextHandler.java:791)
at
org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:294)
at
org.eclipse.jetty.webapp.WebAppContext.startWebapp(WebAppContext.java:1349)
at
org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1342)
at
org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:741)
at
org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:505)
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at
org.eclipse.jetty.util.component.ContainerLifeCycle.start(ContainerLifeCycle.java:132)
at org.eclipse.jetty.server.Server.start(Server.java:387)
at
org.eclipse.jetty.util.component.ContainerLifeCycle.doStart(ContainerLifeCycle.java:114)
at
org.eclipse.jetty.server.handler.AbstractHandler.doStart(AbstractHandler.java:61)
at org.eclipse.jetty.server.Server.doStart(Server.java:354)
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:68)
at winstone.Launcher.<init>(Launcher.java:152)
at winstone.Launcher.main(Launcher.java:352)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at Main.\_main(Main.java:264)
at Main.main(Main.java:112)
Caused by: java.lang.UnsatisfiedLinkError:
/usr/lib/jvm/java-1.8-openjdk/jre/lib/amd64/libfontmanager.so: Error
relocating
/usr/lib/jvm/java-1.8-openjdk/jre/lib/amd64/libfontmanager.so:
AWTFontDefaultChar: symbol not found
at java.lang.ClassLoader$NativeLibrary.load(Native Method)
at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1941)
at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1845)
at java.lang.Runtime.loadLibrary0(Runtime.java:870)
at java.lang.System.loadLibrary(System.java:1122)
at
sun.font.FontManagerNativeLibrary$1.run(FontManagerNativeLibrary.java:61)
at java.security.AccessController.doPrivileged(Native Method)
at
sun.font.FontManagerNativeLibrary.<clinit>(FontManagerNativeLibrary.java:32)
at sun.font.SunFontManager$1.run(SunFontManager.java:339)
at java.security.AccessController.doPrivileged(Native Method)
at sun.font.SunFontManager.<clinit>(SunFontManager.java:335)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:348)
at sun.font.FontManagerFactory$1.run(FontManagerFactory.java:82)
at java.security.AccessController.doPrivileged(Native Method)
at sun.font.FontManagerFactory.getInstance(FontManagerFactory.java:74)
at java.awt.Font.getFont2D(Font.java:491)
at java.awt.Font.getFamily(Font.java:1220)
at java.awt.Font.getFamily\_NoClientCode(Font.java:1194)
at java.awt.Font.getFamily(Font.java:1186)
at java.awt.Font.toString(Font.java:1683)
at hudson.util.ChartUtil.<clinit>(ChartUtil.java:260)
at hudson.WebAppMain.contextInitialized(WebAppMain.java:194)
… 23 more
libfontmanager.so is in the correct folder but apparently it does not
contains the same symbols that it uses to contain in alpine:3.5
Cheers
Andrea
*(from redmine: issue id 7372, created on 2017-06-01, closed on 2018-09-11)*3.6.3https://gitlab.alpinelinux.org/alpine/aports/-/issues/7390user/group add/mod utilities in the shadow package cannot cope with groups co...2019-07-23T11:52:41ZR Puser/group add/mod utilities in the shadow package cannot cope with groups containing large numbers of membersThe user/group add/modify utilities provided by the shadow package
cannot handle groups with more than ~16 members. This appears to be due
to the way the getX code deals with such groups: it allocates a small
buffer, then expects the c l...The user/group add/modify utilities provided by the shadow package
cannot handle groups with more than ~16 members. This appears to be due
to the way the getX code deals with such groups: it allocates a small
buffer, then expects the c library to return an error and set errno to
ERANGE, to which it then reallocates/enlarges the buffer and tries
again. This is done by glibc, but not by musl, and thus on alpine such
groups have issues.
Steps to reproduce:
1. run alpine (edge tested)
2. install the shadow package
3. create more than 16 users
4. attempt to add those users to a single group (or modify their
supplemental group membership to include that group)
Output shown below:
/ # cat /etc/os-release
NAME="Alpine Linux"
ID=alpine
VERSION_ID=3.6.0
PRETTY_NAME="Alpine Linux v3.6"
HOME_URL="http://alpinelinux.org"
BUG_REPORT_URL="http://bugs.alpinelinux.org"
/ # getent group abuild
abuild:x:300
/ # for i in `seq 1 16`; do echo user${i}: `useradd -U -p '*' -M -G abuild user$
{i}`;done
user1:
user2:
user3:
user4:
user5:
user6:
user7:
user8:
user9:
user10:
user11:
user12:
user13:
user14:
user15:
useradd: group 'abuild' does not exist
user16:
/ # getent group abuild
abuild:x:300:user1,user2,user3,user4,user5,user6,user7,user8,user9,user10,user11,user12,user13,user14,user15
/ # usermod -aG abuild user16
usermod: group 'abuild' does not exist
*(from redmine: issue id 7390, created on 2017-06-06, closed on 2018-09-11)*
* Changesets:
* Revision 25c230bac6fbfaaf29d5abec7f0f72c463532ac9 by Timo Teräs on 2017-07-05T11:53:48Z:
```
main/musl: cherry-pick upstream fixes
fixes #7390
```3.6.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7441[3.6] libsndfile: Multiple vulnerabilities (CVE-2017-8361, CVE-2017-8362, CVE...2019-07-23T11:52:00ZAlicha CH[3.6] libsndfile: Multiple vulnerabilities (CVE-2017-8361, CVE-2017-8362, CVE-2017-8363, CVE-2017-8365)**CVE-2017-8361**: The flac\_buffer\_copy function in flac.c in
libsndfile 1.0.28 allows remote attackers to cause a denial of service
(buffer overflow and application crash) or possibly have unspecified
other impact via a crafted audi...**CVE-2017-8361**: The flac\_buffer\_copy function in flac.c in
libsndfile 1.0.28 allows remote attackers to cause a denial of service
(buffer overflow and application crash) or possibly have unspecified
other impact via a crafted audio file.
### Reference:
http://openwall.com/lists/oss-security/2017/05/01/1
### Patch:
https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3
**CVE-2017-8362**: The flac\_buffer\_copy function in flac.c in
libsndfile 1.0.28 allows remote attackers to cause a denial of service
(invalid read and application crash) via a crafted audio file.
### Reference:
http://openwall.com/lists/oss-security/2017/05/01/2
### Patch:
https://github.com/erikd/libsndfile/commit/ef1dbb2df1c0e741486646de40bd638a9c4cd808
**CVE-2017-8363**: The flac\_buffer\_copy function in flac.c in
libsndfile 1.0.28 allows remote attackers to cause a denial of service
(heap-based buffer over-read and application crash) via a crafted audio
file.
### Reference:
http://openwall.com/lists/oss-security/2017/05/01/3
### Patch:
https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3
**CVE-2017-8365**: The i2les\_array function in pcm.c in libsndfile
allows attackers to cause a denial of service (buffer over-read
and application crash) via a crafted audio file.
### Affected version:
1.0.28
### Reference:
http://openwall.com/lists/oss-security/2017/05/01/5
### Patch:
https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3
*(from redmine: issue id 7441, created on 2017-06-16, closed on 2017-07-05)*
* Relations:
* parent #7439
* Changesets:
* Revision 56b47c6467c8479db58029d1c52a3981c29fc634 by Natanael Copa on 2017-07-05T07:52:25Z:
```
main/libsndfile: fix CVE-2017-8361, CVE-2017-8362, CVE-2017-8363, CVE-2017-8365
fixes #7441
```3.6.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7446ttf-dejavu broken?2019-07-23T11:51:54Zalgitbotttf-dejavu broken?After upgrading a few packages, font on firefox looks much worse.
Possible packages that caused it:
Upgrading font-alias (1.0.1-r1 ->1.0.3-r0)
Upgrading mkfontscale (1.0.7-r2 ->1.1.2-r0)
Upgrading mkfontdir (1.0.5-r1 ->1.0.7-r0) ...After upgrading a few packages, font on firefox looks much worse.
Possible packages that caused it:
Upgrading font-alias (1.0.1-r1 ->1.0.3-r0)
Upgrading mkfontscale (1.0.7-r2 ->1.1.2-r0)
Upgrading mkfontdir (1.0.5-r1 ->1.0.7-r0)
Upgrading ttf-dejavu (2.35-r0 ->2.37-r0)
I think it **maybe** has to do with this -
https://bugs.archlinux.org/task/32312
But could also be something else…
*(from redmine: issue id 7446, created on 2017-06-16, closed on 2018-09-11)*
* Changesets:
* Revision 9d75d6a8c38ee9e443c96a4ad9c56df6ed81aa0b on 2017-06-21T06:42:14Z:
```
main/font-alias: modernize APKBUILD, fixes #7446
```3.6.3https://gitlab.alpinelinux.org/alpine/aports/-/issues/7461[3.6] exim: Privilege escalation via multiple memory leaks (CVE-2017-1000369)2019-07-23T11:51:45ZAlicha CH[3.6] exim: Privilege escalation via multiple memory leaks (CVE-2017-1000369)Exim supports the use of multiple “-p” command line arguments which are
malloc()’ed and never free()’ed, used in conjunction
with other issues allows attackers to cause arbitrary code execution.
This affects exim version **4.89** and ...Exim supports the use of multiple “-p” command line arguments which are
malloc()’ed and never free()’ed, used in conjunction
with other issues allows attackers to cause arbitrary code execution.
This affects exim version **4.89** and earlier.
Please note that at this time upstream has released a patch (commit
65e061b76867a9ea7aeeb535341b790b90ae6c21),
but it is not known if a new point release is available that addresses
this issue at this time.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-1000369
### Patch:
https://github.com/Exim/exim/commit/65e061b76867a9ea7aeeb535341b790b90ae6c21
*(from redmine: issue id 7461, created on 2017-06-29, closed on 2017-07-05)*
* Relations:
* parent #7459
* Changesets:
* Revision 95006a5467833196e00029ed8c0109a2de756e8f by Natanael Copa on 2017-07-04T16:03:31Z:
```
community/exim: security fix for CVE-2017-1000369
fixes #7461
```3.6.3https://gitlab.alpinelinux.org/alpine/aports/-/issues/7464[3.6] apache2: Several vulnerabilities (CVE-2017-3167, CVE-2017-3169, CVE-201...2019-07-23T11:51:42ZAlicha CH[3.6] apache2: Several vulnerabilities (CVE-2017-3167, CVE-2017-3169, CVE-2017-7659, CVE-2017-7668, CVE-2017-7679)**CVE-2017-3167**: In Apache httpd 2.2.x before 2.2.33 and 2.4.x before
2.4.26, use of the ap\_get\_basic\_auth\_pw() by third-party
modules outside of the authentication phase may lead to authentication
requirements being bypassed.
#...**CVE-2017-3167**: In Apache httpd 2.2.x before 2.2.33 and 2.4.x before
2.4.26, use of the ap\_get\_basic\_auth\_pw() by third-party
modules outside of the authentication phase may lead to authentication
requirements being bypassed.
### References:
https://httpd.apache.org/security/vulnerabilities\_24.html
**CVE-2017-3169**: In Apache httpd 2.2.x before 2.2.33 and 2.4.x before
2.4.26, mod\_ssl may dereference a NULL pointer when
third-party modules call ap\_hook\_process\_connection() during an HTTP
request to an HTTPS port.
### References:
https://httpd.apache.org/security/vulnerabilities\_24.html
**CVE-2017-7659**: mod\_http2 null pointer dereference
**Affects**: 2.4.25
**Fixed in**: 2.4.26.
### References:
http://www.openwall.com/lists/oss-security/2017/06/19/5
https://httpd.apache.org/security/vulnerabilities\_24.html
**CVE-2017-7668**: ap\_find\_token() buffer overread
**Affects**: 2.4.25
**Fixed in**: 2.4.26
### References:
https://httpd.apache.org/security/vulnerabilities\_24.html
**CVE-2017-7679**: mod\_mime Buffer Overread
**Affects**: 2.4.25
**Fixed in**: 2.4.26
### References:
https://httpd.apache.org/security/vulnerabilities\_24.html
*(from redmine: issue id 7464, created on 2017-06-29, closed on 2017-07-11)*
* Relations:
* parent #7462
* Changesets:
* Revision 5e4c1165ae6d9751a79e1ca45155e834e7f3acec by Kaarle Ritvanen on 2017-07-06T11:27:35Z:
```
main/apache2: security upgrade to 2.4.26
fixes #7464
```3.6.3Kaarle RitvanenKaarle Ritvanenhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7470[3.6] drupal7: Files uploaded by anonymous users into a private file system c...2019-07-23T11:51:35ZAlicha CH[3.6] drupal7: Files uploaded by anonymous users into a private file system can be accessed by other anonymous users (CVE-2017-6922)Private files that have been uploaded by an anonymous user but not
permanently attached to content on the site should only be visible to
the anonymous user that
uploaded them, rather than all anonymous users. Drupal core did not
previo...Private files that have been uploaded by an anonymous user but not
permanently attached to content on the site should only be visible to
the anonymous user that
uploaded them, rather than all anonymous users. Drupal core did not
previously provide this protection, allowing an access bypass
vulnerability to occur. This issue
is mitigated by the fact that in order to be affected, the site must
allow anonymous users to upload files into a private file system.
### Affected versions:
Drupal core 7.x versions prior to 7.56
### Fixed In Version:
drupal 7.56
### Reference:
https://www.drupal.org/SA-CORE-2017-003
*(from redmine: issue id 7470, created on 2017-06-29, closed on 2017-07-05)*
* Relations:
* parent #7468
* Changesets:
* Revision 6c1b3ed4354015fdf283b5d8b53855dd54e09dd5 by Natanael Copa on 2017-07-04T15:53:21Z:
```
community/drupal7: security upgrade to 7.56 (CVE-2017-6922)
fixes #7470
```3.6.3https://gitlab.alpinelinux.org/alpine/aports/-/issues/7476[3.6] Libgcrypt 1.7.8 released to fix CVE-2017-75262019-07-23T11:51:32ZAlicha CH[3.6] Libgcrypt 1.7.8 released to fix CVE-2017-7526https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html
\- Mitigate a flush+reload side-channel attack on RSA secret keys
dubbed “Sliding right into disaster”. For details see
&lt;https://eprint.iacr.org/2017/627&gt;. \[...https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html
\- Mitigate a flush+reload side-channel attack on RSA secret keys
dubbed “Sliding right into disaster”. For details see
<https://eprint.iacr.org/2017/627>. \[CVE-2017-7526\]
Looks like libgcrypt needs to be fixed in stable branches.
*(from redmine: issue id 7476, created on 2017-07-05, closed on 2017-07-05)*
* Relations:
* parent #7475
* Changesets:
* Revision 0a136a759e334c040e1d08e14795ad69930c5622 by Natanael Copa on 2017-07-05T08:16:52Z:
```
main/libgcrypt: security upgrade to 1.7.8 (CVE-2017-7526)
fixes #7476
```3.6.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7482[3.6] tiff: Multiple vulnerabilities (CVE-2017-9147, CVE-2017-9403, CVE-2017-...2019-07-23T11:51:23ZAlicha CH[3.6] tiff: Multiple vulnerabilities (CVE-2017-9147, CVE-2017-9403, CVE-2017-9404, CVE-2017-9936, CVE-2017-10688)**CVE-2017-9147**: LibTIFF 4.0.7 has an invalid read in the
\_TIFFVGetField function in tif\_dir.c, which
might allow remote attackers to cause a denial of service (crash) via a
crafted TIFF file.
### Reference:
http://bugzilla.mapto...**CVE-2017-9147**: LibTIFF 4.0.7 has an invalid read in the
\_TIFFVGetField function in tif\_dir.c, which
might allow remote attackers to cause a denial of service (crash) via a
crafted TIFF file.
### Reference:
http://bugzilla.maptools.org/show\_bug.cgi?id=2693
### Patch:
https://github.com/vadz/libtiff/commit/4d4fa0b68ae9ae038959ee4f69ebe288ec892f06
**CVE-2017-9403**: In LibTIFF 4.0.7, a memory leak vulnerability was
found in the function TIFFReadDirEntryLong8Array in tif\_dirread.c,
which allows attackers to cause a denial of service via a crafted file.
### Reference:
http://bugzilla.maptools.org/show\_bug.cgi?id=2689
### Patch:
https://github.com/vadz/libtiff/commit/fb3dc46a2fcf6197ff3b93fc76f0c37fddc0333b
**CVE-2017-9404**: In LibTIFF 4.0.7, a memory leak vulnerability was
found in the function OJPEGReadHeaderInfoSecTablesQTable
in tif\_ojpeg.c, which allows attackers to cause a denial of service via
a crafted file.
### References:
http://bugzilla.maptools.org/show\_bug.cgi?id=2688
https://security-tracker.debian.org/tracker/CVE-2017-9404
**CVE-2017-9936**: In LibTIFF 4.0.8, there is a memory leak in
tif\_jbig.c. A crafted TIFF document can lead to a memory leak resulting
in a remote denial of service attack.
### Reference:
http://bugzilla.maptools.org/show\_bug.cgi?id=2706
### Patch:
https://github.com/vadz/libtiff/commit/fe8d7165956b88df4837034a9161dc5fd20cf67a
**CVE-2017-10688**: In LibTIFF 4.0.8, there is a assertion abort in the
TIFFWriteDirectoryTagCheckedLong8Array function in tif\_dirwrite.c.
A crafted input will lead to a remote denial of service attack.
### Reference:
http://bugzilla.maptools.org/show\_bug.cgi?id=2712
### Patch:
https://github.com/vadz/libtiff/commit/6173a57d39e04d68b139f8c1aa499a24dbe74ba1
*(from redmine: issue id 7482, created on 2017-07-06, closed on 2017-08-07)*
* Relations:
* parent #7480
* Changesets:
* Revision 3b0fbd0f00a8c02d42425aea32792329cc8ed65c by Francesco Colista on 2017-08-07T12:36:25Z:
```
main/tiff: security upgrade to 4.0.8. Fixes #7482
```3.6.3Francesco ColistaFrancesco Colistahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7503[3.6] xen: Multiple vulnerabilities (CVE-2017-10911, CVE-2017-10912, CVE-2017...2019-07-23T11:48:59ZAlicha CH[3.6] xen: Multiple vulnerabilities (CVE-2017-10911, CVE-2017-10912, CVE-2017-10913, CVE-2017-10914, CVE-2017-10915, CVE-2017-10916, CVE-2017-10917, CVE-2017-10918, CVE-2017-10919, CVE-2017-10920, CVE-2017-10921, CVE-2017-10922, CVE-2017-10923)**CVE-2017-10911, XSA-216**: blkif responses leak backend stack data
### Reference:
http://xenbits.xen.org/xsa/advisory-216.html
**CVE-2017-10912, XSA-217**: page transfer may allow PV guest to elevate
privilege
### Reference:
http:...**CVE-2017-10911, XSA-216**: blkif responses leak backend stack data
### Reference:
http://xenbits.xen.org/xsa/advisory-216.html
**CVE-2017-10912, XSA-217**: page transfer may allow PV guest to elevate
privilege
### Reference:
http://xenbits.xen.org/xsa/advisory-217.html
**CVE-2017-10913, CVE-2017-10914, XSA-218**: Races in the grant table
unmap code
### Reference:
http://xenbits.xen.org/xsa/advisory-218.html
**CVE-2017-10915, XSA-219**: x86: insufficient reference counts during
shadow emulation
### Reference:
http://xenbits.xen.org/xsa/advisory-219.html
**CVE-2017-10916, XSA-220**: x86: PKRU and BND\* leakage between vCPU-s
### Reference:
http://xenbits.xen.org/xsa/advisory-220.html
**CVE-2017-10917, XSA-221**: NULL pointer deref in event channel poll
### Reference:
http://xenbits.xen.org/xsa/advisory-221.html
**CVE-2017-10918, XSA-222**: stale P2M mappings due to insufficient
error checking
### Reference:
http://xenbits.xen.org/xsa/advisory-222.html
**CVE-2017-10919, XSA-223**: ARM guest disabling interrupt may crash Xen
### Reference:
http://xenbits.xen.org/xsa/advisory-223.html
**CVE-2017-10920, CVE-2017-10921, CVE-2017-10922, XSA-224**: grant table
operations mishandle reference counts
### Reference:
http://xenbits.xen.org/xsa/advisory-224.html
**CVE-2017-10923, XSA-225**: arm: vgic: Out-of-bound access when sending
SGIs
### Reference:
http://xenbits.xen.org/xsa/advisory-225.html
*(from redmine: issue id 7503, created on 2017-07-11, closed on 2017-10-26)*
* Relations:
* parent #75013.6.3Ariadne Conillariadne@ariadne.spaceAriadne Conillariadne@ariadne.spacehttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7511[3.6] phpldapadmin: XSS in htdocs/entry_chooser.php (CVE-2017-11107)2019-07-23T11:48:50ZAlicha CH[3.6] phpldapadmin: XSS in htdocs/entry_chooser.php (CVE-2017-11107)phpLDAPadmin through 1.2.3 has XSS in htdocs/entry\_chooser.php via the
form, element, rdn, or container parameter.
### References:
https://github.com/leenooks/phpLDAPadmin/issues/50
https://nvd.nist.gov/vuln/detail/CVE-2017-11107
...phpLDAPadmin through 1.2.3 has XSS in htdocs/entry\_chooser.php via the
form, element, rdn, or container parameter.
### References:
https://github.com/leenooks/phpLDAPadmin/issues/50
https://nvd.nist.gov/vuln/detail/CVE-2017-11107
*(from redmine: issue id 7511, created on 2017-07-12, closed on 2017-08-23)*
* Relations:
* parent #7509
* Changesets:
* Revision 34a4911e9a2707f4a40575904bd3dfb73f2e6490 by Natanael Copa on 2017-08-22T19:14:06Z:
```
main/phpldapadmin: secfix for CVE-2017-11107
fixes #7511
```3.6.3Leonardo ArenaLeonardo Arenahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7514[3.6] irssi: Multiple issues (CVE-2017-10965, CVE-2017-10966)2019-07-23T11:48:47ZAlicha CH[3.6] irssi: Multiple issues (CVE-2017-10965, CVE-2017-10966)**CVE-2017-10965**: When receiving messages with invalid time stamps,
Irssi would try
to dereference a NULL pointer.
### Fixed in:
Irssi 1.0.4
### References:
https://irssi.org/security/irssi\_sa\_2017\_07.txt
http://openwall.com...**CVE-2017-10965**: When receiving messages with invalid time stamps,
Irssi would try
to dereference a NULL pointer.
### Fixed in:
Irssi 1.0.4
### References:
https://irssi.org/security/irssi\_sa\_2017\_07.txt
http://openwall.com/lists/oss-security/2017/07/07/3
### Patch:
https://github.com/irssi/irssi/commit/5e26325317c72a04c1610ad952974e206384d291
**CVE-2017-10966**: While updating the internal nick list, Irssi may
incorrectly use the GHashTable interface and
free the nick while updating it. This will then result in use-after-free
conditions on each access of the hash table.
### Fixed in:
Irssi 1.0.4
### References:
https://irssi.org/security/irssi\_sa\_2017\_07.txt
http://openwall.com/lists/oss-security/2017/07/07/3
### Patch:
https://github.com/irssi/irssi/commit/5e26325317c72a04c1610ad952974e206384d291
*(from redmine: issue id 7514, created on 2017-07-12, closed on 2017-08-09)*
* Relations:
* parent #75123.6.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7520[3.6] nginx: Integer overflow in nginx range filter module leading to memory ...2019-07-23T11:48:41ZAlicha CH[3.6] nginx: Integer overflow in nginx range filter module leading to memory disclosure (CVE-2017-7529)An integer overflow vunlerability in nginx range filter module in
ngx\_http\_range\_parse() function was found,
potentially resulting in memory disclosure when used with 3rd party
modules. Issue can be triggered by specially
crafted ...An integer overflow vunlerability in nginx range filter module in
ngx\_http\_range\_parse() function was found,
potentially resulting in memory disclosure when used with 3rd party
modules. Issue can be triggered by specially
crafted http range request resulting into leaking the content of the
cache file header.
### Affected versions:
nginx 0.5.6 - 1.13.2.
### Fixed In Version:
nginx 1.13.3, nginx 1.12.1
### Reference:
http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html
### Patch:
https://nginx.org/download/patch.2017.ranges.txt
*(from redmine: issue id 7520, created on 2017-07-13, closed on 2017-07-14)*
* Relations:
* parent #75183.6.3Jakub JirutkaJakub Jirutka