aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2021-10-20T14:22:23Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7588OpenSMTPd no longer support dsn-notify option2021-10-20T14:22:23ZKévin GuignardOpenSMTPd no longer support dsn-notify optionOpenSMTPD no longer recognize the **dsn-notify** option. It was working
fine in Alpine 3.4
If the dsn-notify parameter is used with the disable argument, the listener will not generate DSN upon delivery failures.
See https://www.op...OpenSMTPD no longer recognize the **dsn-notify** option. It was working
fine in Alpine 3.4
If the dsn-notify parameter is used with the disable argument, the listener will not generate DSN upon delivery failures.
See https://www.opensmtpd.org/faq/options.html\#listen
*(from redmine: issue id 7588, created on 2017-07-23)*3.6.6https://gitlab.alpinelinux.org/alpine/aports/-/issues/8070borders pseudographics broken2020-01-19T11:55:22ZAndrej Surkovborders pseudographics brokeniptraf-ng and bmon cases shown in pics attached
*(from redmine: issue id 8070, created on 2017-10-29)*
* Uploads:
* ![2017-10-29-153317_648x370_scrot](/uploads/bd0720abf6b3f5daded99ce8885d89bd/2017-10-29-153317_648x370_scrot.png)
...iptraf-ng and bmon cases shown in pics attached
*(from redmine: issue id 8070, created on 2017-10-29)*
* Uploads:
* ![2017-10-29-153317_648x370_scrot](/uploads/bd0720abf6b3f5daded99ce8885d89bd/2017-10-29-153317_648x370_scrot.png)
* ![2017-10-29-155651_648x370_scrot](/uploads/5ea3e59040b2ce473ae76dca541f67fb/2017-10-29-155651_648x370_scrot.png)3.6.6Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8007rsyslog reload waits for process to exit2020-01-19T11:48:53ZJoe Iscarsyslog reload waits for process to exitThe init.d script for rsyslog
https://git.alpinelinux.org/cgit/aports/tree/main/rsyslog/rsyslog.initd
contains ‘—stop’ in the reload function. The 8.27.0 and probably earlier
versions of rsyslog just sighup and do not exit, so does not n...The init.d script for rsyslog
https://git.alpinelinux.org/cgit/aports/tree/main/rsyslog/rsyslog.initd
contains ‘—stop’ in the reload function. The 8.27.0 and probably earlier
versions of rsyslog just sighup and do not exit, so does not need the
‘—stop’ paramater in this function. If you run /etc/init.d/rsyslog
reload -v. You will see it just times out and gives up waiting for it to
exit.
*(from redmine: issue id 8007, created on 2017-10-16)*
* Uploads:
* [rsyslog.initd](/uploads/c2cb492757f59d8550d8bf756cd02700/rsyslog.initd) proposed change3.6.6https://gitlab.alpinelinux.org/alpine/aports/-/issues/7699spamd, the OpenBSD spam deferral daemon2020-01-19T10:57:33ZKévin Guignardspamd, the OpenBSD spam deferral daemonPlease add **OpenBSD spamd** (not to be mistaken with the SpamAssassin’s
daemon) to AlpineLinux.
As spamd requires *pf*, a port exists for *iptables*:
https://github.com/martinh/spamd-iptables.
Actually, I’m not able to build it (iss...Please add **OpenBSD spamd** (not to be mistaken with the SpamAssassin’s
daemon) to AlpineLinux.
As spamd requires *pf*, a port exists for *iptables*:
https://github.com/martinh/spamd-iptables.
Actually, I’m not able to build it (issues with headers) but if you
succeed it will be greatly appreciated as spamd is really efficient
against spammers.
See https://man.openbsd.org/spamd.8
*(from redmine: issue id 7699, created on 2017-08-17)*3.6.6https://gitlab.alpinelinux.org/alpine/aports/-/issues/7796Mongodb syslogFacility option2019-12-05T06:05:38ZNazar IvanenkoMongodb syslogFacility optionPackage mongodb
Version 3.4.4-r0
Branch v3.6
Repository community
Architecture x86\_64
If mongodb is launched with —syslogFacility option or systemLog ->
syslogFacility option is present in config file the daemon fails with
e...Package mongodb
Version 3.4.4-r0
Branch v3.6
Repository community
Architecture x86\_64
If mongodb is launched with —syslogFacility option or systemLog ->
syslogFacility option is present in config file the daemon fails with
error:
BadValue: ERROR: syslogFacility must be set to a string representing one of the possible syslog facilities
Checked with values ‘user’, ‘USER’, ‘local2’, LOCAL2.
*(from redmine: issue id 7796, created on 2017-09-06)*3.6.6https://gitlab.alpinelinux.org/alpine/aports/-/issues/7493Please update XenServer tools version2019-07-23T11:49:08ZMiguel Da SilvaPlease update XenServer tools versionHello,
I’m running Alpine Linux 3.6.2 as guest on a XenServer 7.2
installation.
I installed the XenServer tools with ‘apk add xe-guest-utilities’
XenCenter recognizes that XenTools are installed, but complains about
the outdated ver...Hello,
I’m running Alpine Linux 3.6.2 as guest on a XenServer 7.2
installation.
I installed the XenServer tools with ‘apk add xe-guest-utilities’
XenCenter recognizes that XenTools are installed, but complains about
the outdated version 5.5.
Could you please update the ‘xe-guest-utilities’ package to the newest
xentools version?
*(from redmine: issue id 7493, created on 2017-07-10, closed on 2019-05-04)*3.6.6https://gitlab.alpinelinux.org/alpine/aports/-/issues/10087[3.6] gd: Multiple vulnerabilities (CVE-2018-5711, CVE-2019-6977, CVE-2019-6978)2019-07-23T11:13:47ZAlicha CH[3.6] gd: Multiple vulnerabilities (CVE-2018-5711, CVE-2019-6977, CVE-2019-6978)**CVE-2018-5711**: It was discovered that there was a denial-of-service
attack in the
libgd2 image library. A corrupt file could have exploited a signedness
confusion leading to an infinite loop.
### References:
https://lists.debia...**CVE-2018-5711**: It was discovered that there was a denial-of-service
attack in the
libgd2 image library. A corrupt file could have exploited a signedness
confusion leading to an infinite loop.
### References:
https://lists.debian.org/debian-lts-announce/2018/01/msg00022.html
### Patch:
https://github.com/libgd/libgd/commit/a11f47475e6443b7f32d21f2271f28f417e2ac04
**CVE-2019-6977**: gdImageColorMatch in gd\_color\_match.c in the GD
Graphics Library (aka LibGD) 2.2.5, has a heap-based
buffer overflow. This can be exploited by an attacker who is able to
trigger imagecolormatch calls with crafted image data.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-6977
### Patch:
https://gist.github.com/cmb69/1f36d285eb297ed326f5c821d7aafced
**CVE-2019-6978**: The GD Graphics Library (aka LibGD) 2.2.5 has a
double free in the gdImage\*Ptr()
functions in gd\_gif\_out.c, gd\_jpeg.c, and gd\_wbmp.c. NOTE: PHP is
unaffected.
### References:
https://github.com/libgd/libgd/issues/492
https://nvd.nist.gov/vuln/detail/CVE-2019-6978
### Patch:
https://github.com/libgd/libgd/commit/553702980ae89c83f2d6e254d62cf82e204956d0
*(from redmine: issue id 10087, created on 2019-03-11, closed on 2019-04-15)*
* Relations:
* parent #10083
* Changesets:
* Revision 478332a5a162445bc68e54ef4138ae2a6af382d8 on 2019-04-08T12:58:21Z:
```
main/gd: modernize and add security patches
CVE-2018-5711, CVE-2019-6977, CVE-2019-6978
Fixes #10087
```3.6.6Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10097[3.6] openjpeg: integer overflow in opj_j2k_setup_encoder function in openjp2...2019-07-23T11:13:38ZAlicha CH[3.6] openjpeg: integer overflow in opj_j2k_setup_encoder function in openjp2/j2k.c (CVE-2018-5785)In OpenJPEG 2.3.0, there is an integer overflow caused by an
out-of-bounds left shift in the opj\_j2k\_setup\_encoder function
(openjp2/j2k.c). Remote attackers could leverage this vulnerability to
cause a denial of service via a craft...In OpenJPEG 2.3.0, there is an integer overflow caused by an
out-of-bounds left shift in the opj\_j2k\_setup\_encoder function
(openjp2/j2k.c). Remote attackers could leverage this vulnerability to
cause a denial of service via a crafted bmp file.
### References:
https://github.com/uclouvain/openjpeg/issues/1057
https://nvd.nist.gov/vuln/detail/CVE-2018-5785
### Patch:
https://github.com/uclouvain/openjpeg/commit/ca16fe55014c57090dd97369256c7657aeb25975
*(from redmine: issue id 10097, created on 2019-03-12, closed on 2019-03-19)*
* Relations:
* parent #10092
* Changesets:
* Revision 673878b2056caeeae7b119dc6845c6299a153c69 by Francesco Colista on 2019-03-14T17:29:02Z:
```
main/openjpeg: security fixes
- CVE-2018-5785
this commit fixes #10097
```3.6.6Francesco ColistaFrancesco Colistahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10132[3.6] libssh2: Multiple vulnerabilities (CVE-2019-3855, CVE-2019-3856, CVE-20...2019-07-23T11:13:15ZAlicha CH[3.6] libssh2: Multiple vulnerabilities (CVE-2019-3855, CVE-2019-3856, CVE-2019-3857, CVE-2019-3858, CVE-2019-3859, CVE-2019-3860, CVE-2019-3861, CVE-2019-3862, CVE-2019-3863)**CVE-2019-3855**: Possible integer overflow in transport read allows
out-of-bounds write
Affected versions: all versions to and including 1.8.0
Not affected versions: libssh2 >= 1.8.1
### References:
https://www.libssh2.org/CVE-...**CVE-2019-3855**: Possible integer overflow in transport read allows
out-of-bounds write
Affected versions: all versions to and including 1.8.0
Not affected versions: libssh2 >= 1.8.1
### References:
https://www.libssh2.org/CVE-2019-3855.html
https://www.openwall.com/lists/oss-security/2019/03/18/3
### Patch:
https://libssh2.org/1.8.0-CVE/CVE-2019-3855.patch
**CVE-2019-3856**: Possible integer overflow in keyboard interactive
handling allows out-of-bounds write
Affected versions: all versions to and including 1.8.0
Not affected versions: libssh2 >= 1.8.1
### References:
https://www.libssh2.org/CVE-2019-3856.html
https://www.openwall.com/lists/oss-security/2019/03/18/3
### Patch:
https://libssh2.org/1.8.0-CVE/CVE-2019-3856.patch
**CVE-2019-3857**: Possible integer overflow leading to zero-byte
allocation and out-of-bounds write
Affected versions: versions 1.2.8 up to and including 1.8.0
Not affected versions: libssh2 >= 1.8.1
### References:
https://www.libssh2.org/CVE-2019-3857.html
https://www.openwall.com/lists/oss-security/2019/03/18/3
### Patch:
https://libssh2.org/1.8.0-CVE/CVE-2019-3857.patch
**CVE-2019-3858**: Possible zero-byte allocation leading to an
out-of-bounds read
Affected versions: versions 0.3 up to and including 1.8.0
Not affected versions: libssh2 >= 1.8.1
### References:
https://www.libssh2.org/CVE-2019-3858.html
https://www.openwall.com/lists/oss-security/2019/03/18/3
### Patch:
https://libssh2.org/1.8.0-CVE/CVE-2019-3858.patch
**CVE-2019-3859**: Out-of-bounds reads with specially crafted payloads
due to unchecked use of \`\_libssh2\_packet\_require\` and
\`\_libssh2\_packet\_requirev\`
Affected versions: versions 0.1 up to and including 1.8.0
Not affected versions: libssh2 >= 1.8.1
### References:
https://www.libssh2.org/CVE-2019-3859.html
https://www.openwall.com/lists/oss-security/2019/03/18/3
### Patch:
https://libssh2.org/1.8.0-CVE/CVE-2019-3859.patch
\*CVE-2019-386\*0: Out-of-bounds reads with specially crafted SFTP
packets
Affected versions: versions 0.3 up to and including 1.8.0
Not affected versions: libssh2 >= 1.9.0
### References:
https://www.libssh2.org/CVE-2019-3860.html
https://www.openwall.com/lists/oss-security/2019/03/18/3
### Patch:
https://libssh2.org/1.8.0-CVE/CVE-2019-3860.patch
**CVE-2019-3861**: Out-of-bounds reads with specially crafted SSH
packets
Affected versions: versions 0.15 up to and including 1.8.0
Not affected versions: libssh2 >= 1.8.1
### References:
https://www.libssh2.org/CVE-2019-3861.html
https://www.openwall.com/lists/oss-security/2019/03/18/3
### Patch:
https://libssh2.org/1.8.0-CVE/CVE-2019-3861.patch
**CVE-2019-3862**: Out-of-bounds memory comparison
Affected versions: versions 0.11 up to and including 1.8.0
Not affected versions: libssh2 >= 1.8.1
### References:
https://www.libssh2.org/CVE-2019-3862.html
https://www.openwall.com/lists/oss-security/2019/03/18/3
### Patch:
https://libssh2.org/1.8.0-CVE/CVE-2019-3862.patch
**CVE-2019-3863**: Integer overflow in user authenicate keyboard
interactive allows out-of-bounds writes
Affected versions: versions 0.1 up to and including 1.8.0
Not affected versions: libssh2 >= 1.8.1
References:
https://www.libssh2.org/CVE-2019-3863.html
https://www.openwall.com/lists/oss-security/2019/03/18/3
### Patch:
https://libssh2.org/1.8.0-CVE/CVE-2019-3863.txt
*(from redmine: issue id 10132, created on 2019-03-19, closed on 2019-03-21)*
* Relations:
* parent #10127
* Changesets:
* Revision eec223036af35046c74baca7b09d6a81aaccbe86 by Francesco Colista on 2019-03-19T21:58:40Z:
```
main/libssh2: security upgrade to 1.8.1
- CVE-2019-3855
- CVE-2019-3856
- CVE-2019-3857
- CVE-2019-3858
- CVE-2019-3859
- CVE-2019-3860
- CVE-2019-3861
- CVE-2019-3862
- CVE-2019-3863
Fixes #10132
```3.6.6Francesco ColistaFrancesco Colistahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10169[3.6] bind: Multiple vulnerabilities (CVE-2018-5744, CVE-2018-5745, CVE-2019-...2019-07-23T11:12:51ZAlicha CH[3.6] bind: Multiple vulnerabilities (CVE-2018-5744, CVE-2018-5745, CVE-2019-6465)CVE-2018-5744: A specially crafted packet can cause named to leak memory
------------------------------------------------------------------------
A flaw was found in Bind. A failure to free memory can occur when
processing messages havi...CVE-2018-5744: A specially crafted packet can cause named to leak memory
------------------------------------------------------------------------
A flaw was found in Bind. A failure to free memory can occur when
processing messages having a specific combination of EDNS options,
causing named’s memory use to grow without bounds until all memory is
exhausted.
### Versions affected:
BIND 9.10.7 ->9.10.8-P1, 9.11.3 ->9.11.5-P1, 9.12.0 ->
9.12.3-P1
### Reference:
https://kb.isc.org/docs/cve-2018-5744
CVE-2018-5745: An assertion failure if a trust anchor rolls over to an unsupported key algorithm when using managed-keys
------------------------------------------------------------------------------------------------------------------------
A flaw was found in Bind. Due to an error in the managed-keys feature it
is possible for a BIND server which
uses managed-keys to exit due to an assertion failure causing denial of
service.
### Versions affected:
BIND 9.9.0 ->9.10.8-P1, 9.11.0 ->9.11.5-P1, 9.12.0 ->
9.12.3-P1
### Fixed In Version:
bind 9.11.5-P4, bind 9.12.3-P4
### Reference:
https://kb.isc.org/docs/cve-2018-5745
CVE-2019-6465: Zone transfer controls for writable DLZ zones were not effective
-------------------------------------------------------------------------------
A flaw was found in Bind. Controls for zone transfers may not be
properly applied to Dynamically Loadable Zones (DLZs) if the zones are
writable.
A client exercising this defect can request and receive a zone transfers
of a DLZ even when not permitted to do so by the allow-transfer ACL.
### Versions affected:
BIND 9.9.0 ->9.10.8-P1, 9.11.0 ->9.11.5-P2, 9.12.0 ->
9.12.3-P2
### Fixed In Version:
bind 9.11.5-P4, bind 9.12.3-P4
### Reference:
https://kb.isc.org/docs/cve-2019-6465
*(from redmine: issue id 10169, created on 2019-03-27, closed on 2019-04-15)*
* Relations:
* parent #10164
* Changesets:
* Revision d6ab6c12b91030e3c1d072ed36e093c2ebbc96cf by Chris Ely on 2019-04-12T06:10:45Z:
```
main/bind: security upgrade to 9.11.5_p4
https://ftp.isc.org/isc/bind9/9.11.5-P4/RELEASE-NOTES-bind-9.11.5-P4.html
- CVE-2019-6465
- CVE-2018-5745
- CVE-2018-5744
- CVE-2018-5740
- CVE-2018-5738
Fixes #10169
With the release of BIND 9.11.0, ISC changed to the open source license
for BIND from the ISC license to the Mozilla Public License (MPL 2.0).
BIND 9.11 (Extended Support Version) will be supported until at least
December, 2021.
```3.6.6Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10190[3.6] apache2: Multiple vulnerabilities (CVE-2019-0196, CVE-2019-0197, CVE-20...2019-07-23T11:12:30ZAlicha CH[3.6] apache2: Multiple vulnerabilities (CVE-2019-0196, CVE-2019-0197, CVE-2019-0211, CVE-2019-0215, CVE-2019-0217, CVE-2019-0220)CVE-2019-0196: mod\_http2, read-after-free on a string compare
--------------------------------------------------------------
Using fuzzed network input, the http/2 request
handling could be made to access freed memory in string
com...CVE-2019-0196: mod\_http2, read-after-free on a string compare
--------------------------------------------------------------
Using fuzzed network input, the http/2 request
handling could be made to access freed memory in string
comparision when determining the method of a request and
thus process the request incorrectly.
### Versions Affected:
httpd 2.4.17 to 2.4.38
### Fixed In Version:
Apache httpd 2.4.39
### References:
https://httpd.apache.org/security/vulnerabilities\_24.html
CVE-2019-0197: mod\_http2, possible crash on late upgrade
---------------------------------------------------------
When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for
h2
on a https: host, an Upgrade request from http/1.1 to http/2 that was
not the first request on a connection could lead to a misconfiguration
and crash. Servers that never enabled the h2 protocol or only enabled
it
for https: and did not set“H2Upgrade on” are unaffected by this issue.
### Versions Affected:
httpd 2.4.34 to 2.4.38
### Fixed In Version:
Apache httpd 2.4.39
### References:
https://httpd.apache.org/security/vulnerabilities\_24.html
https://www.openwall.com/lists/oss-security/2019/04/02/2
CVE-2019-0211: Apache HTTP Server privilege escalation from modules’ scripts
----------------------------------------------------------------------------
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event,
worker or prefork, code executing in less-privileged child processes
or threads (including scripts executed by an in-process scripting
interpreter) could execute arbitrary code with the privileges of the
parent process (usually root) by manipulating the scoreboard. Non-Unix
systems are not affected.
### Fixed In Version:
Apache httpd 2.4.39
### References:
https://httpd.apache.org/security/vulnerabilities\_24.html
https://www.openwall.com/lists/oss-security/2019/04/02/3
CVE-2019-0215: mod\_ssl access control bypass
---------------------------------------------
In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a
bug in mod\_ssl when using per-location client certificate
verification with TLSv1.3 allowed a client to bypass
configured access control restrictions.
### Fixed In Version:
Apache httpd 2.4.39
### References:
https://httpd.apache.org/security/vulnerabilities\_24.html
https://www.openwall.com/lists/oss-security/2019/04/02/4
CVE-2019-0217: mod\_auth\_digest access control bypass
------------------------------------------------------
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition
in mod\_auth\_digest when running in a threaded server could allow a
user with valid credentials to authenticate using another username,
bypassing configured access control restrictions.
### Fixed In Version:
Apache httpd 2.4.39
### References:
https://www.openwall.com/lists/oss-security/2019/04/02/5
https://httpd.apache.org/security/vulnerabilities\_24.html
CVE-2019-0220: URL normalization inconsistincies
------------------------------------------------
When the path component of a request URL contains multiple consecutive
slashes
(‘/’), directives such as LocationMatch and RewriteRule must account
for
duplicates in regular expressions while other aspects of the servers
processing
will implicitly collapse them.
### Versions Affected:
httpd 2.4.0 to 2.4.38
### Fixed In Version:
Apache httpd 2.4.39
References:
https://httpd.apache.org/security/vulnerabilities\_24.html
*(from redmine: issue id 10190, created on 2019-04-02, closed on 2019-04-04)*
* Relations:
* parent #10185
* Changesets:
* Revision ef86fbabe1c2c14cf06d8c26c6141b650e92049d on 2019-04-03T15:51:36Z:
```
main/apache2: security upgrade to 2.4.39
fixes #10190
```3.6.6Kaarle RitvanenKaarle Ritvanenhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10197[3.6] putty: Multiple vulnerabilities (CVE-2019-9894, CVE-2019-9895, CVE-2019...2019-07-23T11:12:22ZAlicha CH[3.6] putty: Multiple vulnerabilities (CVE-2019-9894, CVE-2019-9895, CVE-2019-9897, CVE-2019-9898)**CVE-2019-9894**: A remotely triggerable memory overwrite in RSA key
exchange in
PuTTY before 0.71 can occur before host key verification.
### Fixed In Version:
putty 0.71
### References:
https://www.chiark.greenend.org.uk/~sgtath...**CVE-2019-9894**: A remotely triggerable memory overwrite in RSA key
exchange in
PuTTY before 0.71 can occur before host key verification.
### Fixed In Version:
putty 0.71
### References:
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-rsa-kex-integer-overflow.html
https://nvd.nist.gov/vuln/detail/CVE-2019-9894
### Patch:
https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=d82854999516046122501b2e145099740ed0284f
**CVE-2019-9895**: In PuTTY versions before 0.71 on Unix, a remotely
triggerable
buffer overflow exists in any kind of server-to-client forwarding.
### Fixed In Version:
putty 0.71
### References:
https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
https://nvd.nist.gov/vuln/detail/CVE-2019-9895
### Patch:
https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=5c926d9ea4a9e0a0a2384f06c7583648cdff3ed6
**CVE-2019-9897**: Multiple denial-of-service attacks that can be
triggered by writing
to the terminal exist in PuTTY versions before 0.71.
### Fixed In Version:
putty 0.71
### References:
https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
https://security-tracker.debian.org/tracker/CVE-2019-9897
### Patch:
https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=da1c8f15b1bc14c855f0027cf06ba7f1a9c36f3c
**CVE-2019-9898**: Potential recycling of random numbers used in
cryptography exists within PuTTY before 0.71.
### Fixed In Version:
putty 0.71
### References:
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-rng-reuse.html
### Patch:
https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=320bf8479ff5bcbad239db4f9f4aa63656b0675e
*(from redmine: issue id 10197, created on 2019-04-04, closed on 2019-04-15)*
* Relations:
* parent #10192
* Changesets:
* Revision 5ff69c33184958f7cc0a18b0a80c819d82e9a49e on 2019-04-08T12:40:10Z:
```
main/putty: security upgrade to 0.71
CVE-2019-9894, CVE-2019-9895, CVE-2019-9897, CVE-2019-9898
Fixes #10197
Update license, disable check
```3.6.6Jeff Bilykjbilyk@gmail.comJeff Bilykjbilyk@gmail.comhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10214[3.6] wget: Buffer overflow vulnerability (CVE-2019-5953)2019-07-23T11:12:11ZAlicha CH[3.6] wget: Buffer overflow vulnerability (CVE-2019-5953)A buffer overflow vulnerability was found in GNU Wget 1.20.1 and
earlier. An attacker may be able
to cause a denial-of-service (DoS) or may execute an arbitrary code.
### Fixed In Version:
wget 1.20.3
### Reference:
https://jvn.jp/...A buffer overflow vulnerability was found in GNU Wget 1.20.1 and
earlier. An attacker may be able
to cause a denial-of-service (DoS) or may execute an arbitrary code.
### Fixed In Version:
wget 1.20.3
### Reference:
https://jvn.jp/en/jp/JVN25261088/
### Patch:
http://git.savannah.gnu.org/cgit/wget.git/commit/?id=692d5c5215de0db482c252492a92fc424cc6a97c
http://git.savannah.gnu.org/cgit/wget.git/commit/?id=562eacb76a2b64d5dc80a443f0f739bc9ef76c17
(cosmetic, removes debug lines)
*(from redmine: issue id 10214, created on 2019-04-08, closed on 2019-04-15)*
* Relations:
* parent #10210
* Changesets:
* Revision 4fe04b973fbbc21f35cf3ca46fff4bbbee15ca96 on 2019-04-08T11:47:25Z:
```
main/wget: security upgrade to 1.20.3 (CVE-2019-5953)
Fixes #10214
```3.6.6Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10250[3.6] samba: Save registry file outside share as unprivileged user (CVE-2019-...2019-07-23T11:11:54ZAlicha CH[3.6] samba: Save registry file outside share as unprivileged user (CVE-2019-3880)Samba contains an RPC endpoint emulating the Windows registry service
API. One of the requests, “winreg\_SaveKey”, is susceptible to a
path/symlink traversal vulnerability. Unprivileged users can use it to
create a new registry hiv...Samba contains an RPC endpoint emulating the Windows registry service
API. One of the requests, “winreg\_SaveKey”, is susceptible to a
path/symlink traversal vulnerability. Unprivileged users can use it to
create a new registry hive file anywhere they have unix permissions to
create a new file within a Samba share. If they are able to create
symlinks on a Samba share, they can create a new registry hive file
anywhere they have write access, even outside a Samba share
definition.
### Affected Versions:
All versions of samba since samba 3.2.0
### Fixed In Version:
samba 4.8.11, 4.9.6 and 4.10.2
### References:
https://www.samba.org/samba/security/CVE-2019-3880.html
https://www.samba.org/samba/history/security.html
### Patch:
https://download.samba.org/pub/samba/patches/security/samba-4.8.10-security-2019-04-08.patch
*(from redmine: issue id 10250, created on 2019-04-15, closed on 2019-04-18)*
* Relations:
* parent #10246
* Changesets:
* Revision 95d4fe44472f363becdee360ad5713584a061db8 on 2019-04-17T09:19:32Z:
```
main/samba: security fix (CVE-2019-3880)
Fixes #10250
Signed-off-by: Leonardo Arena <rnalrd@alpinelinux.org>
```3.6.6Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10256[3.6] lua5.3: use-after-free in lua_upvaluejoin in lapi.c (CVE-2019-6706)2019-07-23T11:11:47ZAlicha CH[3.6] lua5.3: use-after-free in lua_upvaluejoin in lapi.c (CVE-2019-6706)Lua 5.3.5 has a use-after-free in lua\_upvaluejoin in lapi.c. For
example, a crash outcome might be achieved by an
attacker who is able to trigger a debug.upvaluejoin call in which the
arguments have certain relationships.
### Referen...Lua 5.3.5 has a use-after-free in lua\_upvaluejoin in lapi.c. For
example, a crash outcome might be achieved by an
attacker who is able to trigger a debug.upvaluejoin call in which the
arguments have certain relationships.
### References:
http://lua.2524044.n2.nabble.com/Bug-Report-Use-after-free-in-debug-upvaluejoin-tc7685506.html
https://security-tracker.debian.org/tracker/CVE-2019-6706
*(from redmine: issue id 10256, created on 2019-04-15, closed on 2019-05-06)*
* Relations:
* parent #10251
* Changesets:
* Revision 01caeea43bd4470bd3d48c51abf2cbc53654f774 by Natanael Copa on 2019-05-06T17:21:50Z:
```
main/lua5.3: security fix for CVE-2019-6706
fixes #10256
(cherry picked from commit ebd55722b9637f4559c94b13e5e061ffef9fb4a3)
```3.6.6Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10266[3.6] clamav: Multiple vulnerabilities (CVE-2019-1787, CVE-2019-1788, CVE-201...2019-07-23T11:11:39ZAlicha CH[3.6] clamav: Multiple vulnerabilities (CVE-2019-1787, CVE-2019-1788, CVE-2019-1789)**CVE-2019-1787**: An out-of-bounds heap read condition may occur when
scanning PDF documents. The defect
is a failure to correctly keep track of the number of bytes remaining in
a buffer when indexing file data.
### Fixed In Version:...**CVE-2019-1787**: An out-of-bounds heap read condition may occur when
scanning PDF documents. The defect
is a failure to correctly keep track of the number of bytes remaining in
a buffer when indexing file data.
### Fixed In Version:
ClamAV 0.100.3
### Reference:
https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html
**CVE-2019-1788**: An out-of-bounds heap write condition may occur when
scanning OLE2 files such as
Microsoft Office 97-2003 documents. The invalid write happens when an
invalid pointer is mistakenly
used to initialize a 32bit integer to zero. This is likely to crash the
application.
### Fixed In Version:
ClamAV 0.100.3
### Reference:
https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html
**CVE-2019-1789**: An out-of-bounds heap read condition may occur when
scanning PE files (i.e. Windows EXE and DLL files)
that have been packed using Aspack as a result of inadequate
bound-checking.
### Fixed In Version:
ClamAV 0.100.3
### Reference:
https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html
*(from redmine: issue id 10266, created on 2019-04-16, closed on 2019-04-18)*
* Relations:
* parent #10261
* Changesets:
* Revision b956a66c592985e85b94a23877b0b467a9b2450b on 2019-04-17T14:02:14Z:
```
main/clamav: security upgrade to 0.100.3
CVE-2019-1787, CVE-2019-1788, CVE-2019-1789
Fixes #10266
```3.6.6Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10281[3.6] libxslt: security framework bypass (CVE-2019-11068)2019-07-23T11:11:31ZAlicha CH[3.6] libxslt: security framework bypass (CVE-2019-11068)libxslt through 1.1.33 allows bypass of a protection mechanism because
callers of xsltCheckRead and xsltCheckWrite permit access even upon
receiving a –1 error code. xsltCheckRead can return –1 for a crafted URL
that is not actually in...libxslt through 1.1.33 allows bypass of a protection mechanism because
callers of xsltCheckRead and xsltCheckWrite permit access even upon
receiving a –1 error code. xsltCheckRead can return –1 for a crafted URL
that is not actually invalid and is subsequently loaded.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-11068
https://security-tracker.debian.org/tracker/CVE-2019-11068
### Patch:
https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6
*(from redmine: issue id 10281, created on 2019-04-17, closed on 2019-04-18)*
* Relations:
* parent #10276
* Changesets:
* Revision ef2dd8d40fec766b73bb686c015aa9e2a52b378b by Natanael Copa on 2019-04-17T07:57:45Z:
```
main/libxslt: security fix for CVE-2019-11068
fixes #10281
```3.6.6Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10290[3.6] ruby: Multiple vulnerabilities (CVE-2019-8320, CVE-2019-8321, CVE-2019-...2019-07-23T11:11:25ZAlicha CH[3.6] ruby: Multiple vulnerabilities (CVE-2019-8320, CVE-2019-8321, CVE-2019-8322, CVE-2019-8323, CVE-2019-8324, CVE-2019-8325)CVE-2019-8320: Delete directory using symlink when decompressing tar
CVE-2019-8321: Escape sequence injection vulnerability in verbose
CVE-2019-8322: Escape sequence injection vulnerability in gem owner
CVE-2019-8323: Escape sequen...CVE-2019-8320: Delete directory using symlink when decompressing tar
CVE-2019-8321: Escape sequence injection vulnerability in verbose
CVE-2019-8322: Escape sequence injection vulnerability in gem owner
CVE-2019-8323: Escape sequence injection vulnerability in API response
handling
CVE-2019-8324: Installing a malicious gem may lead to arbitrary code
execution
CVE-2019-8325: Escape sequence injection vulnerability in errors
### Affected Versions:
Ruby 2.4 series: 2.4.5 and earlier
Ruby 2.5 series: 2.5.3 and earlier
### Reference:
https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
### Patches:
https://bugs.ruby-lang.org/attachments/7669 (for Ruby 2.4.5)
https://bugs.ruby-lang.org/attachments/7670 (for Ruby 2.5.3)
*(from redmine: issue id 10290, created on 2019-04-18, closed on 2019-05-06)*
* Relations:
* parent #10286
* Changesets:
* Revision bdcdc921e8387c8a9592aa14cf1d23f133503163 by Natanael Copa on 2019-05-06T17:50:40Z:
```
main/ruby: upgrade to 2.4.6
- CVE-2019-8320
- CVE-2019-8321
- CVE-2019-8322
- CVE-2019-8323
- CVE-2019-8324
- CVE-2019-8325
fixes #10290
```3.6.6Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10300[3.6] python3: Multiple vulnerabilities (CVE-2018-14647, CVE-2018-20406, CVE-...2019-07-23T11:11:21ZAlicha CH[3.6] python3: Multiple vulnerabilities (CVE-2018-14647, CVE-2018-20406, CVE-2019-9636)CVE-2018-14647: Missing salt initialization in \_elementtree.c module
---------------------------------------------------------------------
A flaw was found in python’s \_elementtree.c module, a wrapper for
libexpat XML parser. xml.etre...CVE-2018-14647: Missing salt initialization in \_elementtree.c module
---------------------------------------------------------------------
A flaw was found in python’s \_elementtree.c module, a wrapper for
libexpat XML parser. xml.etree C accelerator don’t call
XML\_SetHashSalt(), failing to properly initiate
the random hash seed from a good CSPRNG source and making hash collision
attacks with carefully crafted XML data easier.
### Fixed In Version:
python 3.7.1, python 3.6.7, python 2.7.16
### References:
https://bugs.python.org/issue34623
CVE-2018-20406: Integer overflow in Modules/\_pickle.c allows for memory exhaustion if serializing gigabytes of data
--------------------------------------------------------------------------------------------------------------------
Modules/\_pickle.c in Python before 3.7.1 has an integer overflow via a
large LONG\_BINPUT value that is mishandled during a “resize to twice
the size” attempt.
This issue might cause memory exhaustion, but is only relevant if the
pickle format is used for serializing tens or hundreds of gigabytes of
data.
### References:
https://bugs.python.org/issue34656
### Patch:
https://github.com/python/cpython/commit/71a9c65e74a70b6ed39adc4ba81d311ac1aa2acc
CVE-2019-9636: Information Disclosure due to urlsplit improper NFKC normalization
---------------------------------------------------------------------------------
Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by:
Improper Handling of Unicode Encoding (with an incorrect netloc) during
NFKC normalization.
The impact is: Information disclosure (credentials, cookies, etc. that
are cached against a given hostname). The components are:
urllib.parse.urlsplit, urllib.parse.urlparse.
The attack vector is: A specially crafted URL could be incorrectly
parsed to locate cookies or authentication data and send that
information to a different host than when parsed correctly.
### References:
https://github.com/python/cpython/pull/12201
https://nvd.nist.gov/vuln/detail/CVE-2019-9636
### Patch:
https://github.com/python/cpython/commit/23fc0416454c4ad5b9b23d520fbe6d89be3efc24
*(from redmine: issue id 10300, created on 2019-04-18, closed on 2019-04-23)*
* Relations:
* parent #10297
* Changesets:
* Revision 47b45e6408f07c2789e3662d06f25e1c434a9d6a by Natanael Copa on 2019-04-22T10:25:00Z:
```
main/python3: security upgrade to 3.6.8
- CVE-2018-14647
- CVE-2018-20406
- CVE-2019-9636
fixes #10300
```3.6.6Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10328[3.6] freeradius: Multiple vulnerabilities (CVE-2019-11234, CVE-2019-11235)2019-07-23T11:11:02ZAlicha CH[3.6] freeradius: Multiple vulnerabilities (CVE-2019-11234, CVE-2019-11235)CVE-2019-11234: eap-pwd: fake authentication using reflection
-------------------------------------------------------------
A vulnerability was found in FreeRadius. An attacker can reflect the
received scalar and element from the server...CVE-2019-11234: eap-pwd: fake authentication using reflection
-------------------------------------------------------------
A vulnerability was found in FreeRadius. An attacker can reflect the
received scalar and element from the server in it’s own commit message,
and subsequently reflect the confirm value as well. This causes
the adversary to successfully authenticate as the victim. Fortunately,
the adversary will not posses the negotiated session key, meaning the
adversary cannot actually perform any actions as this user.
### Affected Versions:
freeradius 3.0.0 through 3.0.18
### Fixed In Version:
freeradius 3.0.19
References:
https://freeradius.org/security/
https://freeradius.org/release\_notes/?br=3.0.x&re=3.0.19
Patches:
https://github.com/FreeRADIUS/freeradius-server/commit/85497b5ff37ccb656895b826b88585898c209586
https://github.com/FreeRADIUS/freeradius-server/commit/ab4c767099f263a7cd4109bcdca80ee74210a769
CVE-2019-11235: eap-pwd: authentication bypass via an invalid curve attack
--------------------------------------------------------------------------
A vulnerability was found in FreeRadius. An invalid curve attack allows
an attacker to authenticate as any user (without knowing the password).
The problem is
that on the reception of an EAP-PWD Commit frame, FreeRADIUS doesn’t
verify whether the received elliptic curve point is valid.
### Fixed In Version:
freeradius 3.0.19
### References:
https://freeradius.org/security/
https://security-tracker.debian.org/tracker/CVE-2019-11235
### Patches:
https://github.com/FreeRADIUS/freeradius-server/commit/85497b5ff37ccb656895b826b88585898c209586
https://github.com/FreeRADIUS/freeradius-server/commit/ab4c767099f263a7cd4109bcdca80ee74210a769
*(from redmine: issue id 10328, created on 2019-04-25, closed on 2019-04-29)*
* Relations:
* parent #10324
* Changesets:
* Revision 77eea063d8f0ef7ac9a99e7a070e5d5fabe3d777 on 2019-04-25T14:35:25Z:
```
main/freeradius: security fixes (CVE-2019-11234, CVE-2019-11235)
Fixes #10328
```3.6.6Leonardo ArenaLeonardo Arena