aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2020-10-20T12:17:36Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8505[3.7] exim: buffer overflow (CVE-2018-6789)2020-10-20T12:17:36ZAlicha CH[3.7] exim: buffer overflow (CVE-2018-6789)In Exim 4.90 and earlier, there is a buffer overflow in an utility
function, if some pre-conditions are met.
Using a handcrafted message, remote code execution seems to be possible.
### References:
https://exim.org/static/doc/securit...In Exim 4.90 and earlier, there is a buffer overflow in an utility
function, if some pre-conditions are met.
Using a handcrafted message, remote code execution seems to be possible.
### References:
https://exim.org/static/doc/security/CVE-2018-6789.txt
http://openwall.com/lists/oss-security/2018/02/07/2
### Patch:
https://github.com/Exim/exim/commit/cf3cd306062a08969c41a1cdd32c6855f1abecf1
*(from redmine: issue id 8505, created on 2018-02-19, closed on 2018-02-20)*
* Changesets:
* Revision e95c80cf3e6df7464ca979ceb06ea853249403e3 by Valery Kartel on 2018-02-19T15:09:27Z:
```
community/exim: security upgrade to 4.90.1 (CVE-2018-6789)
Fixes #8505
Signed-off-by: Leonardo Arena <rnalrd@alpinelinux.org>
```3.7.1https://gitlab.alpinelinux.org/alpine/aports/-/issues/8508[3.7] libreoffice: Remote arbitrary file disclosure vulnerability via WEBSERV...2019-07-23T11:36:14ZAlicha CH[3.7] libreoffice: Remote arbitrary file disclosure vulnerability via WEBSERVICE formula (CVE-2018-6871)LibreOffice Calc supports a WEBSERVICE function to obtain data by URL.
Vulnerable versions of LibreOffice allow
WEBSERVICE to take a local file URL (e.g file://) which can be used to
inject local files into the spreadsheet without
wa...LibreOffice Calc supports a WEBSERVICE function to obtain data by URL.
Vulnerable versions of LibreOffice allow
WEBSERVICE to take a local file URL (e.g file://) which can be used to
inject local files into the spreadsheet without
warning the user. Subsequent formulas can operate on that inserted data
and construct a remote URL whose
path leaks the local data to a remote attacker.
In later versions of LibreOffice without this flaw, WEBSERVICE has now
been limited to accessing http and https URLs
along with bringing WEBSERVICE URLs under LibreOffice Calc’s link
management infrastructure.
### Fixed in:
LibreOffice 5.4.5/6.0.1
### References:
https://www.libreoffice.org/about-us/security/advisories/cve-2018-1055/
https://nvd.nist.gov/vuln/detail/CVE-2018-6871
### Patch:
https://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-5-4-5&id=a916fc0c0e0e8b10cb4158fa0fa173fe205d434a
*(from redmine: issue id 8508, created on 2018-02-20, closed on 2018-02-20)*
* Relations:
* parent #8506
* Changesets:
* Revision 9aefcdb6487a7730076a803db4952a8ec98223a9 by Natanael Copa on 2018-02-20T15:09:17Z:
```
community/libreoffice: security upgrade to 5.4.5.1 (CVE-2018-6871)
fixes #8508
```3.7.1Timo TeräsTimo Teräshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8512[3.7] webkit2gtk: Multiple vulnerabilities (CVE-2017-5753, CVE-2017-5715, CVE...2019-07-23T11:36:10ZAlicha CH[3.7] webkit2gtk: Multiple vulnerabilities (CVE-2017-5753, CVE-2017-5715, CVE-2018-4088, CVE-2018-4096, CVE-2017-7153, CVE-2017-7160, CVE-2017-7161, CVE-2017-7165, CVE-2017-13884, CVE-2017-13885)**CVE-2017-5753**
Versions affected: WebKitGTK+ before 2.18.5.
Impact: Systems with microprocessors utilizing speculative execution and
branch prediction may allow
unauthorized disclosure of information to an attacker via a side-cha...**CVE-2017-5753**
Versions affected: WebKitGTK+ before 2.18.5.
Impact: Systems with microprocessors utilizing speculative execution and
branch prediction may allow
unauthorized disclosure of information to an attacker via a side-channel
analysis. This variant of the
Spectre vulnerability triggers the speculative execution by performing a
bounds-check bypass.
Description: Security improvements are included to mitigate the effects.
**CVE-2017-5715**
Versions affected: WebKitGTK+ before 2.18.5.
Impact: Systems with microprocessors utilizing speculative execution and
branch prediction may allow
unauthorized disclosure of information to an attacker via a side-channel
analysis. This variant of the
Spectre vulnerability triggers the speculative execution by utilizing
branch target injection.
Description: Security improvements are included to mitigate the effects.
### References:
https://webkitgtk.org/security/WSA-2018-0001.html
**CVE-2018-4088**
Versions affected: WebKitGTK+ before 2.18.6.
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.
Description: Multiple memory corruption issues were addressed with
improved memory handling.
**CVE-2018-4096**
Versions affected: WebKitGTK+ before 2.18.6.
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.
Description: Multiple memory corruption issues were addressed with
improved memory handling.
**CVE-2017-7153**
Versions affected: WebKitGTK+ before 2.18.6.
Impact: Visiting a malicious website may lead to user interface
spoofing.
Description: Redirect responses to 401 Unauthorized may allow a
malicious website to incorrectly
display the lock icon on mixed content. This issue was addressed through
improved URL display logic.
**CVE-2017-7160**
Versions affected: WebKitGTK+ before 2.18.6.
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.
Description: Multiple memory corruption issues were addressed with
improved memory handling.
**CVE-2017-7161**
Versions affected: WebKitGTK+ before 2.18.6.
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.
Description: A command injection issue existed in Web Inspector. This
issue was addressed through
improved escaping of special characters.
**CVE-2017-7165**
Versions affected: WebKitGTK+ before 2.18.6.
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.
Description: Multiple memory corruption issues were addressed with
improved memory handling.
**CVE-2017-13884**
Versions affected: WebKitGTK+ before 2.18.6.
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.
Description: Multiple memory corruption issues were addressed with
improved memory handling.
**CVE-2017-13885**
Versions affected: WebKitGTK+ before 2.18.6.
Impact: Processing maliciously crafted web content may lead to arbitrary
code execution.
Description: Multiple memory corruption issues were addressed with
improved memory handling.
### References:
https://webkitgtk.org/security/WSA-2018-0002.html
*(from redmine: issue id 8512, created on 2018-02-20, closed on 2018-02-20)*
* Relations:
* parent #8509
* Changesets:
* Revision 62ad1de0cde874d84bce247ef48116a2feac92d0 by Natanael Copa on 2018-02-20T15:15:15Z:
```
community/webkit2gtk: upgrade to 2.18.6
fixes #8512
```3.7.1https://gitlab.alpinelinux.org/alpine/aports/-/issues/8515[3.7] libvorbis: Multiple vulnerabilities (CVE-2017-14632, CVE-2017-14633)2019-07-23T11:36:08ZAlicha CH[3.7] libvorbis: Multiple vulnerabilities (CVE-2017-14632, CVE-2017-14633)CVE-2017-14632: Invalid freeing of uninitialized memory in the function vorbis\_analysis\_headerout()
-----------------------------------------------------------------------------------------------------
Xiph.Org libvorbis 1.3.5 allows ...CVE-2017-14632: Invalid freeing of uninitialized memory in the function vorbis\_analysis\_headerout()
-----------------------------------------------------------------------------------------------------
Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing
uninitialized memory in the function
vorbis\_analysis\_headerout() in info.c when vi->channels<=0, a
similar issue to Mozilla bug 550184.
### References:
https://gitlab.xiph.org/xiph/vorbis/issues/2328
### Bug introduced in:
https://github.com/xiph/vorbis/commit/4b67376da7de
### Patch:
https://github.com/xiph/vorbis/commit/10064bfdd51f7c59
CVE-2017-14633: Out-of-bounds array read in the function mapping0\_forward()
----------------------------------------------------------------------------
In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability
exists in the function mapping0\_forward() in mapping0.c,
which may lead to DoS when operating on a crafted audio file with
vorbis\_analysis().
### References:
https://gitlab.xiph.org/xiph/vorbis/issues/2329
### Patches:
https://github.com/xiph/vorbis/commit/a79ec216cd1190
https://github.com/xiph/vorbis/commit/c1c2831fc7306d
*(from redmine: issue id 8515, created on 2018-02-20, closed on 2018-03-05)*
* Relations:
* parent #8514
* Changesets:
* Revision c42d614e4be200793b593469247613c411424a83 on 2018-02-27T14:27:44Z:
```
main/libvorbis: security fixes (CVE-2017-14632, CVE-2017-14633)
Fixes #8515
```3.7.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8520[3.7] xen: Multiple vulnerabilities (CVE-2017-5753, CVE-2017-5715, CVE-2017-5...2019-07-23T11:36:01ZAlicha CH[3.7] xen: Multiple vulnerabilities (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754)**CVE-2017-5753, CVE-2017-5715, CVE-2017-5754, XSA-254**: Information
leak via side effects of speculative execution
### Reference:
http://xenbits.xen.org/xsa/advisory-254.html
*(from redmine: issue id 8520, created on 2018-02-20, cl...**CVE-2017-5753, CVE-2017-5715, CVE-2017-5754, XSA-254**: Information
leak via side effects of speculative execution
### Reference:
http://xenbits.xen.org/xsa/advisory-254.html
*(from redmine: issue id 8520, created on 2018-02-20, closed on 2018-03-05)*
* Relations:
* parent #85193.7.1Ariadne Conillariadne@ariadne.spaceAriadne Conillariadne@ariadne.spacehttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8527[3.7] libtasn1: Stack exhaustion due to indefinite recursion during BER decod...2019-07-23T11:35:55ZAlicha CH[3.7] libtasn1: Stack exhaustion due to indefinite recursion during BER decoding (CVE-2018-6003)An issue was discovered in the \_asn1\_decode\_simple\_ber function in
decoding.c in GNU Libtasn1 before 4.13. Unlimited
recursion in the BER decoder leads to stack exhaustion and DoS.
### References:
https://nvd.nist.gov/vuln/detail...An issue was discovered in the \_asn1\_decode\_simple\_ber function in
decoding.c in GNU Libtasn1 before 4.13. Unlimited
recursion in the BER decoder leads to stack exhaustion and DoS.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-6003
### Patch:
https://gitlab.com/gnutls/libtasn1/commit/c593ae84cfcde8fea45787e53950e0ac71e9ca97
*(from redmine: issue id 8527, created on 2018-02-21, closed on 2018-03-05)*
* Relations:
* parent #8525
* Changesets:
* Revision ebfdfada3106e7a72abccf4be1f6ea0defae3dcf on 2018-02-28T08:15:27Z:
```
main/libtasn1: security fix (CVE-2018-6003)
Fixes #8527
```3.7.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8533[3.7] p7zip: Multiple vulnerabilities (CVE-2017-17969, CVE-2018-5996)2019-07-23T11:35:48ZAlicha CH[3.7] p7zip: Multiple vulnerabilities (CVE-2017-17969, CVE-2018-5996)**CVE-2017-17969**: Heap-based buffer overflow in the
NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and
p7zip allows remote
attackers to cause a denial of service (out-of-bounds write) or
potentially execute arbit...**CVE-2017-17969**: Heap-based buffer overflow in the
NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and
p7zip allows remote
attackers to cause a denial of service (out-of-bounds write) or
potentially execute arbitrary code via a crafted ZIP archive.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-17969
https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/
**CVE-2018-5996**: Multiple memory corruption vulnerabilities exist in
7-Zip’s RAR compression handler.
Versions before 18.00 are affected.
### References:
https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/
https://nvd.nist.gov/vuln/detail/CVE-2018-5996
*(from redmine: issue id 8533, created on 2018-02-21, closed on 2018-08-09)*
* Relations:
* parent #8531
* Changesets:
* Revision e6025bbe67127ea00ad61cfc4a208c2a92c56dd3 by Natanael Copa on 2018-08-08T15:19:13Z:
```
main/p7zip: security fixes (CVE-2018-5996, CVE-2018-10115)
fixes #8533
```3.7.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8539[3.7] go: arbitrary code execution during go get (CVE-2018-6574)2019-07-23T11:35:43ZAlicha CH[3.7] go: arbitrary code execution during go get (CVE-2018-6574)Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before
Go 1.10rc2 allow “go get” remote command execution during
source code build, by leveraging the gcc or clang plugin feature,
because -fplugin= and -plugin= argument...Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before
Go 1.10rc2 allow “go get” remote command execution during
source code build, by leveraging the gcc or clang plugin feature,
because -fplugin= and -plugin= arguments were not blocked.
### References:
https://github.com/golang/go/issues/23672
https://nvd.nist.gov/vuln/detail/CVE-2018-6574
### Patches:
https://go.googlesource.com/go/+/44821583bc16ff2508664fab94360bb856e9e9d6
https://go.googlesource.com/go/+/867fb18b6d5bc73266b68c9a695558a04e060a8a
*(from redmine: issue id 8539, created on 2018-02-22, closed on 2018-02-23)*
* Changesets:
* Revision 484ebc3ae8484706e8b43b630eb20af77e35153f by Natanael Copa on 2018-02-22T22:15:45Z:
```
community/go: security upgrade to 1.9.4 (CVE-2018-6574)
fixes #8539
```3.7.1https://gitlab.alpinelinux.org/alpine/aports/-/issues/8551[3.7] squid: Multiple vulnerabilities (CVE-2018-1000024, CVE-2018-1000027)2019-07-23T11:35:33ZAlicha CH[3.7] squid: Multiple vulnerabilities (CVE-2018-1000024, CVE-2018-1000027)CVE-2018-1000024: Incorrect pointer handling when processing ESI Responses can lead to denial of service
--------------------------------------------------------------------------------------------------------
Due to incorrect pointer h...CVE-2018-1000024: Incorrect pointer handling when processing ESI Responses can lead to denial of service
--------------------------------------------------------------------------------------------------------
Due to incorrect pointer handling, Squid versions 3.x (prior to 3.5.27)
and 4.x (prior to 4.0.23) are vulnerable to
a denial of service attack when processing ESI responses. This problem
allows a remote server delivering certain
ESI response syntax to trigger a denial of service for all clients
accessing the Squid service.
### Fixed In Version:
squid 3.5.27, squid 4.0.23
### References:
http://www.squid-cache.org/Advisories/SQUID-2018\_1.txt
### Patch:
http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018\_1.patch
CVE-2018-1000027: Incorrect pointer handling in HTTP processing and certificate download can lead to denial of service
----------------------------------------------------------------------------------------------------------------------
Due to incorrect pointer handling, Squid versions 3.x (prior to 3.5.27)
and 4.x (prior to 4.0.23) are vulnerable to a denial of service attack
when processing
HTTP messages or downloading intermediate CA certificates. This problem
allows a remote client delivering certain HTTP requests in conjunction
with
certain trusted server responses to trigger a denial of service for all
clients accessing the Squid service.
### Fixed In Version:
squid 3.5.27, squid 4.0.23
### References:
http://www.squid-cache.org/Advisories/SQUID-2018\_2.txt
### Patch:
http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018\_2.patch
*(from redmine: issue id 8551, created on 2018-02-23, closed on 2018-03-05)*
* Relations:
* parent #8549
* Changesets:
* Revision 8a619d8da9c43c0dd8486d5b0d44a7cf955d97d8 on 2018-02-28T13:17:04Z:
```
main/squid: security upgrade to 3.5.27
CVE-2018-1000024, CVE-2018-1000027
Fixes #8551
```3.7.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8558[3.7] libvncserver: Improper input sanitization in rfbProcessClientNormalMess...2019-07-23T11:35:26ZAlicha CH[3.7] libvncserver: Improper input sanitization in rfbProcessClientNormalMessage in rfbserver.c ((CVE-2018-7225)An issue was discovered in LibVNCServer through 0.9.11.
rfbProcessClientNormalMessage() in rfbserver.c does not sanitize
msg.cct.length, leading to access
to uninitialized and potentially sensitive data or possibly unspecified
other im...An issue was discovered in LibVNCServer through 0.9.11.
rfbProcessClientNormalMessage() in rfbserver.c does not sanitize
msg.cct.length, leading to access
to uninitialized and potentially sensitive data or possibly unspecified
other impact (e.g., an integer overflow) via specially crafted VNC
packets.
### References:
https://github.com/LibVNC/libvncserver/issues/218
http://www.openwall.com/lists/oss-security/2018/02/18/1
*(from redmine: issue id 8558, created on 2018-02-23, closed on 2018-08-09)*
* Relations:
* parent #8556
* Changesets:
* Revision 3eddf551bd9825cdd982c0bc5baccd60a8e14978 by prs pkt on 2018-08-08T15:44:31Z:
```
main/libvncserver: fix CVE-2018-7225
fixes #8558
```3.7.1https://gitlab.alpinelinux.org/alpine/aports/-/issues/8574[3.7] curl doesn't support SSH based protocols2019-07-23T11:35:21ZNatanael Copa[3.7] curl doesn't support SSH based protocolsPackage **curl** does not support SSH (eg. SFTP) protocols anymore.
Probably due to change in latest release of the curl (7.58.0).
Please add build option `--with-libssh2` to keep previous functionality.
Thanks
*(from redmine: issue i...Package **curl** does not support SSH (eg. SFTP) protocols anymore.
Probably due to change in latest release of the curl (7.58.0).
Please add build option `--with-libssh2` to keep previous functionality.
Thanks
*(from redmine: issue id 8574, created on 2018-02-27, closed on 2018-02-27)*
* Relations:
* parent #8535
* Changesets:
* Revision 45b032e694a4bcb40646fafb0fc4870be875419a by Natanael Copa on 2018-02-27T10:40:45Z:
```
main/curl: re-enable ssh support
This was unintentionally disabled with the 7.58 upgrade.
fixes #8574
```3.7.1https://gitlab.alpinelinux.org/alpine/aports/-/issues/8581[3.7] mupdf: Multiple vulnerabilities (CVE-2018-6187, CVE-2018-6192, CVE-2018...2019-07-23T11:35:15ZAlicha CH[3.7] mupdf: Multiple vulnerabilities (CVE-2018-6187, CVE-2018-6192, CVE-2018-6544, CVE-2018-1000051)CVE-2018-6187: heap-based buffer overflow in pdf/pdf-write.c:do\_pdf\_save\_document()
--------------------------------------------------------------------------------------
In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow...CVE-2018-6187: heap-based buffer overflow in pdf/pdf-write.c:do\_pdf\_save\_document()
--------------------------------------------------------------------------------------
In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow
vulnerability in the do\_pdf\_save\_document function in the
pdf/pdf-write.c file. Remote attackers could leverage the vulnerability
to cause a denial of service via a crafted pdf file.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-6187
https://bugs.ghostscript.com/show\_bug.cgi?id=698908
CVE-2018-6192: Segment violation in pdf\_read\_new\_xref function in pdf/pdf-xref.c
-----------------------------------------------------------------------------------
In Artifex MuPDF 1.12.0, the pdf\_read\_new\_xref function in
pdf/pdf-xref.c allows remote attackers to cause
a denial of service (segmentation violation and application crash) via a
crafted pdf file.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-6192
https://bugs.ghostscript.com/show\_bug.cgi?id=698916
CVE-2018-6544: denial of service (DoS) via a crafted PDF document
-----------------------------------------------------------------
pdf\_load\_obj\_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could
reference the object stream recursively and therefore
run out of error stack, which allows remote attackers to cause a denial
of service via a crafted PDF document.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-6544
### Patches:
http://git.ghostscript.com/?p=mupdf.git;h=26527eef77b3e51c2258c8e40845bfbc015e405d
http://git.ghostscript.com/?p=mupdf.git;h=b03def134988da8c800adac1a38a41a1f09a1d89
CVE-2018-1000051: use-after-free in fz\_keep\_key\_storable function
--------------------------------------------------------------------
A flaw was found in Artifex Mupdf version 1.12.0 in
fz\_keep\_key\_storable function. There is Use After Free vulnerability
which
can be triggered by supplying a malformed PDF file. This can result in a
Denial of Service or a Possible code execution.
### References:
https://bugs.ghostscript.com/show\_bug.cgi?id=698825
https://bugs.ghostscript.com/show\_bug.cgi?id=698873
https://nvd.nist.gov/vuln/detail/CVE-2018-1000051
### Patch:
http://git.ghostscript.com/?p=mupdf.git;h=321ba1de287016b0036bf4a56ce774ad11763384
*(from redmine: issue id 8581, created on 2018-02-27, closed on 2019-05-04)*
* Relations:
* parent #8579
* Changesets:
* Revision f26e75a18613c396b7491f5210d42a45aefa6031 by prs pkt on 2018-08-08T16:24:24Z:
```
main/mupdf: upgrade to 1.13.0
add secfixes comments
fixes #8581
(cherry picked from commit 831d2ee24986330048dfa488c8bb5017656e8efd)
```3.7.1Daniel SabogalDaniel Sabogalhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8590[3.7] phpmyadmin: Multiple vulnerabilities (CVE-2017-1000499, CVE-2018-7260)2019-07-23T11:35:08ZAlicha CH[3.7] phpmyadmin: Multiple vulnerabilities (CVE-2017-1000499, CVE-2018-7260)**CVE-2017-1000499**: By deceiving a user to click on a crafted URL, it
is possible to perform harmful database
operations such as deleting records, dropping/truncating tables etc.
### Affected Versions:
Versions 4.7.x (prior to 4.7....**CVE-2017-1000499**: By deceiving a user to click on a crafted URL, it
is possible to perform harmful database
operations such as deleting records, dropping/truncating tables etc.
### Affected Versions:
Versions 4.7.x (prior to 4.7.7) are affected.
### References:
https://www.phpmyadmin.net/security/PMASA-2017-9/
### Patch:
https://github.com/phpmyadmin/phpmyadmin/commit/edd929216ade9f7c150a262ba3db44db0fed0e1b
**CVE-2018-7260**: Cross-site scripting (XSS) vulnerability in
db\_central\_columns.php in phpMyAdmin before 4.7.8 allows
remote authenticated users to inject arbitrary web script or HTML via a
crafted URL.
### Affected Versions:
Versions 4.7.x (prior to 4.7.8) are affected.
### References:
https://www.phpmyadmin.net/security/PMASA-2018-1/
https://nvd.nist.gov/vuln/detail/CVE-2018-7260
### Patch:
https://github.com/phpmyadmin/phpmyadmin/commit/d2886a3
*(from redmine: issue id 8590, created on 2018-02-27, closed on 2018-03-05)*
* Relations:
* parent #8588
* Changesets:
* Revision 7d1a6622f333892d95b8c15e8f4ceb94568fb436 by Natanael Copa on 2018-02-27T18:03:34Z:
```
community/phpmyadmin: security upgrade to 4.7.8 (CVE-2017-1000499,CVE-2018-7260)
fixes #8590
```3.7.1https://gitlab.alpinelinux.org/alpine/aports/-/issues/8593[3.7] wavpack: Multiple vulnerabilities (CVE-2018-6767, CVE-2018-7253, CVE-20...2019-07-23T11:35:04ZAlicha CH[3.7] wavpack: Multiple vulnerabilities (CVE-2018-6767, CVE-2018-7253, CVE-2018-7254)CVE-2018-6767: stack buffer overread via crafted wav file
---------------------------------------------------------
A stack-based buffer over-read in the ParseRiffHeaderConfig function of
cli/riff.c file of WavPack 5.1.0 allows a remote...CVE-2018-6767: stack buffer overread via crafted wav file
---------------------------------------------------------
A stack-based buffer over-read in the ParseRiffHeaderConfig function of
cli/riff.c file of WavPack 5.1.0 allows a remote
attacker to cause a denial-of-service attack or possibly have
unspecified other impact via a maliciously crafted RF64 file.
### References:
https://github.com/dbry/WavPack/issues/27
https://nvd.nist.gov/vuln/detail/CVE-2018-6767
### Patch:
https://github.com/dbry/WavPack/commit/d5bf76b5a88d044a1be1d5656698e3ba737167e5
CVE-2018-7253: Heap-based buffer over-read in ParseDsdiffHeaderConfig function in cli/dsdiff.c
----------------------------------------------------------------------------------------------
The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of WavPack
5.1.0 allows a remote attacker to cause a
denial-of-service (heap-based buffer over-read) or possibly overwrite
the heap via a maliciously crafted DSDIFF file.
### References:
https://github.com/dbry/WavPack/issues/28
https://nvd.nist.gov/vuln/detail/CVE-2018-7253
### Patch:
https://github.com/dbry/WavPack/commit/36a24c7881427d2e1e4dc1cef58f19eee0d13aec
CVE-2018-7254: Heap-based buffer over-read in ParseCaffHeaderConfig function in cli/caff.c
------------------------------------------------------------------------------------------
The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack
5.1.0 allows a remote attacker to cause a denial-of-service
(global buffer over-read), or possibly trigger a buffer overflow or
incorrect memory allocation, via a maliciously crafted CAF file.
### References:
https://github.com/dbry/WavPack/issues/26
### Patch:
https://github.com/dbry/WavPack/commit/8e3fe45a7bac31d9a3b558ae0079e2d92a04799e
*(from redmine: issue id 8593, created on 2018-02-28, closed on 2018-08-29)*
* Relations:
* copied_to #8591
* parent #85913.7.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8597Package libseccomp-dev missing dependency2019-07-23T11:34:59ZS PPackage libseccomp-dev missing dependencyCompiling applications which depend on seccomp headers from
libseccomp-dev fails with:
/usr/include/seccomp.h:27:24: fatal error: asm/unistd.h: No such file or directory
#include <asm/unistd.h>
This is included in the linux-he...Compiling applications which depend on seccomp headers from
libseccomp-dev fails with:
/usr/include/seccomp.h:27:24: fatal error: asm/unistd.h: No such file or directory
#include <asm/unistd.h>
This is included in the linux-headers package.
*(from redmine: issue id 8597, created on 2018-02-28, closed on 2019-05-03)*
* Changesets:
* Revision d37676f48eed2de36e0522f4970214def1e722f9 by Natanael Copa on 2018-02-28T11:37:36Z:
```
main/libseccomp: fix depends for -dev
libseccomp-dev needs linux-headers
ref #8597
```
* Revision b683e4ccc61b0e1d1108f663b0e63bf61ef26371 by Natanael Copa on 2018-02-28T11:38:40Z:
```
main/libseccomp: fix depends for -dev
libseccomp-dev needs linux-headers
fixes #8597
```3.7.1https://gitlab.alpinelinux.org/alpine/aports/-/issues/8614[3.7] xen: Multiple vulnerabilitie (CVE-2018-7540, CVE-2018-7541, CVE-2018-7542)2019-07-23T11:34:52ZAlicha CH[3.7] xen: Multiple vulnerabilitie (CVE-2018-7540, CVE-2018-7541, CVE-2018-7542)**CVE-2018-7540, XSA-252**: DoS via non-preemptable L3/L4 pagetable
freeing
All Xen versions are vulnerable.
### Reference:
http://xenbits.xen.org/xsa/advisory-252.html
**CVE-2018-7541, XSA-255**: grant table v2 ->v1 transition may c...**CVE-2018-7540, XSA-252**: DoS via non-preemptable L3/L4 pagetable
freeing
All Xen versions are vulnerable.
### Reference:
http://xenbits.xen.org/xsa/advisory-252.html
**CVE-2018-7541, XSA-255**: grant table v2 ->v1 transition may crash
Xen
Xen versions 4.0 and newer are vulnerable.
### Reference:
http://xenbits.xen.org/xsa/advisory-255.html
**CVE-2018-7542, XSA-256**: x86 PVH guest without LAPIC may DoS the host
Xen version 4.8 and onwards are vulnerable.
### Reference:
http://xenbits.xen.org/xsa/advisory-256.html
*(from redmine: issue id 8614, created on 2018-03-06, closed on 2018-03-19)*
* Relations:
* copied_to #8612
* parent #8612
* Changesets:
* Revision 1fb3325abc8bc3f37fa93c0663908c29e9154087 on 2018-03-06T12:31:18Z:
```
main/xen: security fixes
CVE-2018-7540, XSA-252
CVE-2018-7541, XSA-255
CVE-2018-7542, XSA-256
Fixes #8614
```3.7.1Ariadne Conillariadne@ariadne.spaceAriadne Conillariadne@ariadne.spacehttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8637[3.7] py-django: Multiple vulnerabilitie (CVE-2018-7536, CVE-2018-7537)2019-07-23T11:34:43ZAlicha CH[3.7] py-django: Multiple vulnerabilitie (CVE-2018-7536, CVE-2018-7537)CVE-2018-7536: Denial-of-service possibility in urlize and urlizetrunc template filters
---------------------------------------------------------------------------------------
The django.utils.html.urlize() function was extremely slow t...CVE-2018-7536: Denial-of-service possibility in urlize and urlizetrunc template filters
---------------------------------------------------------------------------------------
The django.utils.html.urlize() function was extremely slow to evaluate
certain inputs due to catastrophic
backtracking vulnerabilities in two regular expressions (one regular
expression for Django 1.8). The urlize()
function is used to implement the urlize and urlizetrunc template
filters, which were thus vulnerable.
### Fixed In Version:
Django 2.0.3, Django 1.11.11, Django 1.8.19
### References:
https://www.djangoproject.com/weblog/2018/mar/06/security-releases/
http://openwall.com/lists/oss-security/2018/03/06/4
CVE-2018-7537: Denial-of-service possibility in truncatechars\_html and truncatewords\_html template filters
------------------------------------------------------------------------------------------------------------
If django.utils.text.Truncator’s chars() and words() methods were passed
the html=True argument, they were
extremely slow to evaluate certain inputs due to a catastrophic
backtracking vulnerability in a regular expression.
The chars() and words() methods are used to implement the
truncatechars\_html and truncatewords\_html
template filters, which were thus vulnerable.
### Fixed In Version:
Django 2.0.3, Django 1.11.11, Django 1.8.19
### References:
https://www.djangoproject.com/weblog/2018/mar/06/security-releases/
http://openwall.com/lists/oss-security/2018/03/06/4
*(from redmine: issue id 8637, created on 2018-03-12, closed on 2018-03-13)*
* Relations:
* copied_to #8635
* parent #8635
* Changesets:
* Revision c6946cd412005ff67f9ffa26bae05148414d006c on 2018-03-12T14:09:01Z:
```
main/py-django: security upgrade to 1.11.11
CVE-2018-7536, CVE-2018-7537
Fixes #8637
```3.7.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8644[3.7] curl: Multiple vulnerabilities (CVE-2018-1000120, CVE-2018-1000121, CVE...2019-07-23T11:34:36ZAlicha CH[3.7] curl: Multiple vulnerabilities (CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122)CVE-2018-1000120: FTP path trickery leads to NIL byte out of bounds write
-------------------------------------------------------------------------
### Affected versions:
curl 7.12.3 to and including curl 7.58.0
### Not affected versi...CVE-2018-1000120: FTP path trickery leads to NIL byte out of bounds write
-------------------------------------------------------------------------
### Affected versions:
curl 7.12.3 to and including curl 7.58.0
### Not affected versions:
curl < 7.12.3 and curl >= 7.59.0
### Reference:
https://curl.haxx.se/docs/adv\_2018-9cd6.html
### Patch:
https://curl.haxx.se/CVE-2018-1000120.patch
CVE-2018-1000121: LDAP NULL pointer dereference
-----------------------------------------------
### Affected versions:
curl 7.21.0 to and including curl 7.58.0
### Not affected versions:
curl < 7.21.0 and curl >= 7.59.0
### Reference:
https://curl.haxx.se/docs/adv\_2018-97a2.html
### Patch:
https://curl.haxx.se/docs/adv\_2018-97a2.html
CVE-2018-1000122: RTSP RTP buffer over-read
-------------------------------------------
### Affected versions:
curl 7.20.0 to and including curl 7.58.0
### Not affected versions:
curl < 7.20.0 and curl >= 7.59.0
### Reference:
https://curl.haxx.se/docs/adv\_2018-b047.html
### Patch:
https://curl.haxx.se/CVE-2018-1000122.patch
*(from redmine: issue id 8644, created on 2018-03-14, closed on 2018-03-20)*
* Relations:
* copied_to #8642
* parent #8642
* Changesets:
* Revision 7d31ed74e2b6d74352c9a6f3ab2110c402a28f3a on 2018-03-19T14:02:04Z:
```
main/curl: upgrade to 7.59.0
fixes #8644
```3.7.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8651[3.7] wireshark: Multiple vulnerabilities (CVE-2018-7320, CVE-2018-7321, CVE-...2019-07-23T11:34:30ZAlicha CH[3.7] wireshark: Multiple vulnerabilities (CVE-2018-7320, CVE-2018-7321, CVE-2018-7322, CVE-2018-7323, CVE..., CVE-2018-7419, CVE-2018-7420)**CVE-2018-7335**: IEEE 802.11 dissector crash
**Affected versions**: 2.4.0 to 2.4.4, 2.2.0 to 2.2.12
**Fixed versions**: 2.4.5, 2.2.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-05.html
\*CVE-2018-7321, CVE-20...**CVE-2018-7335**: IEEE 802.11 dissector crash
**Affected versions**: 2.4.0 to 2.4.4, 2.2.0 to 2.2.12
**Fixed versions**: 2.4.5, 2.2.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-05.html
\*CVE-2018-7321, CVE-2018-7322, CVE-2018-7323, CVE-2018-7324,
CVE-2018-7325, CVE-2018-7326, CVE-2018-7327, CVE-2018-7328
CVE-2018-7329, CVE-2018-7330, CVE-2018-7331, CVE-2018-7332,
CVE-2018-7333\*: Large or infinite loops in multiple dissectors
**Affected versions**: 2.4.0 to 2.4.4, 2.2.0 to 2.2.12
**Fixed versions**: 2.4.5, 2.2.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-06.html
**CVE-2018-7334**: UMTS MAC dissector crash
**Affected versions**: 2.4.0 to 2.4.4, 2.2.0 to 2.2.12
**Fixed versions**: 2.4.5, 2.2.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-07.html
**CVE-2018-7337**: DOCSIS dissector crash
**Affected versions**: 2.4.0 to 2.4.4
**Fixed versions**: 2.4.5
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-08.html
**CVE-2018-7336**: FCP dissector crash
**Affected versions**: 2.4.0 to 2.4.4, 2.2.0 to 2.2.12
**Fixed versions**: 2.4.5, 2.2.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-09.html
**CVE-2018-7320**: SIGCOMP dissector crash
**Affected versions**: 2.4.0 to 2.4.4, 2.2.0 to 2.2.12
**Fixed versions**: 2.4.5, 2.2.13
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-10.html
**CVE-2018-7420**: Pcapng file parser crash
**Affected versions**: 2.4.0 to 2.4.4, 2.2.0 to 2.2.12
**Fixed versions**: 2.4.5, 2.2.13
### References:
https://www.wireshark.org/security/wnpa-sec-2018-11.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=14403
**CVE-2018-7417**: IPMI dissector crash
**Affected versions**: 2.4.0 to 2.4.4, 2.2.0 to 2.2.12
**Fixed versions**: 2.4.5, 2.2.13
https://www.wireshark.org/security/wnpa-sec-2018-12.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=14409
**CVE-2018-7418**: SIGCOMP dissector crash
**Affected versions**: 2.4.0 to 2.4.4, 2.2.0 to 2.2.12
**Fixed versions**: 2.4.5, 2.2.13
### References:
https://www.wireshark.org/security/wnpa-sec-2018-13.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=14410
**CVE-2018-7419**: NBAP dissector crash
**Affected versions**: 2.4.0 to 2.4.4, 2.2.0 to 2.2.12
**Fixed versions**: 2.4.5, 2.2.13
### References:
https://www.wireshark.org/security/wnpa-sec-2018-14.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=14443
*(from redmine: issue id 8651, created on 2018-03-15, closed on 2018-09-20)*
* Relations:
* copied_to #8649
* parent #8649
* Changesets:
* Revision 618caebaa3299b1ec9b7ae8576d97218226c5fe2 by Natanael Copa on 2018-03-26T09:52:11Z:
```
community/wireshark: security upgrade to 2.4.5
CVE-2018-7320, CVE-2018-7321, CVE-2018-7322, CVE-2018-7323,
CVE-2018-7324, CVE-2018-7325, CVE-2018-7326, CVE-2018-7327,
CVE-2018-7328, CVE-2018-7329, CVE-2018-7330, CVE-2018-7331,
CVE-2018-7332, CVE-2018-7333, CVE-2018-7334, CVE-2018-7335,
CVE-2018-7336, CVE-2018-7337, CVE-2018-7417, CVE-2018-7418,
CVE-2018-7419, CVE-2018-7420
Fixes #8651
```3.7.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8655[3.7] samba: Multiple vulnerabilities (CVE-2018-1050, CVE-2018-1057)2019-07-23T11:34:26ZAlicha CH[3.7] samba: Multiple vulnerabilities (CVE-2018-1050, CVE-2018-1057)**CVE-2018-1050**: Denial of Service Attack on external print server.
### Affected Versions:
All versions of Samba from 4.0.0 onwards.
### Fixed In Version:
Samba 4.7.6, 4.6.14 and 4.5.16.
### References:
https://www.samba.org/samb...**CVE-2018-1050**: Denial of Service Attack on external print server.
### Affected Versions:
All versions of Samba from 4.0.0 onwards.
### Fixed In Version:
Samba 4.7.6, 4.6.14 and 4.5.16.
### References:
https://www.samba.org/samba/security/CVE-2018-1050.html
https://www.samba.org/samba/history/security.html
**CVE-2018-1057**: Authenticated users can change other users’ password
### Affected Versions:
All versions of Samba from 4.0.0 onwards.
### Fixed In Version:
Samba 4.7.6, 4.6.14 and 4.5.16.
All versions of Samba from 4.0.0 onwards.
### References:
https://www.samba.org/samba/security/CVE-2018-1057.html
https://www.samba.org/samba/history/security.html
*(from redmine: issue id 8655, created on 2018-03-15, closed on 2018-03-21)*
* Relations:
* copied_to #8653
* parent #86533.7.1Natanael CopaNatanael Copa