aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2020-10-20T12:17:36Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8505[3.7] exim: buffer overflow (CVE-2018-6789)2020-10-20T12:17:36ZAlicha CH[3.7] exim: buffer overflow (CVE-2018-6789)In Exim 4.90 and earlier, there is a buffer overflow in an utility
function, if some pre-conditions are met.
Using a handcrafted message, remote code execution seems to be possible.
### References:
https://exim.org/static/doc/securit...In Exim 4.90 and earlier, there is a buffer overflow in an utility
function, if some pre-conditions are met.
Using a handcrafted message, remote code execution seems to be possible.
### References:
https://exim.org/static/doc/security/CVE-2018-6789.txt
http://openwall.com/lists/oss-security/2018/02/07/2
### Patch:
https://github.com/Exim/exim/commit/cf3cd306062a08969c41a1cdd32c6855f1abecf1
*(from redmine: issue id 8505, created on 2018-02-19, closed on 2018-02-20)*
* Changesets:
* Revision e95c80cf3e6df7464ca979ceb06ea853249403e3 by Valery Kartel on 2018-02-19T15:09:27Z:
```
community/exim: security upgrade to 4.90.1 (CVE-2018-6789)
Fixes #8505
Signed-off-by: Leonardo Arena <rnalrd@alpinelinux.org>
```3.7.1https://gitlab.alpinelinux.org/alpine/aports/-/issues/9102[3.7] znc: Multiple vulnerabilities (CVE-2018-14055, CVE-2018-14056)2020-06-23T23:02:11ZAlicha CH[3.7] znc: Multiple vulnerabilities (CVE-2018-14055, CVE-2018-14056)**CVE-2018-14055**: ZNC before 1.7.1-rc1 does not properly validate
untrusted lines coming from the
network, allowing a non-admin user to escalate his privilege and inject
rogue values into znc.conf.
### Reference:
https://nvd.nist.g...**CVE-2018-14055**: ZNC before 1.7.1-rc1 does not properly validate
untrusted lines coming from the
network, allowing a non-admin user to escalate his privilege and inject
rogue values into znc.conf.
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14055
### Patches:
https://github.com/znc/znc/commit/a7bfbd93812950b7444841431e8e297e62cb524e
https://github.com/znc/znc/commit/d22fef8620cdd87490754f607e7153979731c69d
**CVE-2018-14056**: ZNC before 1.7.1-rc1 is prone to a path traversal
flaw via ../ in a web
skin name to access files outside of the intended skins directories.
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14056
### Patch:
https://github.com/znc/znc/commit/a4a5aeeb17d32937d8c7d743dae9a4cc755ce773
*(from redmine: issue id 9102, created on 2018-07-17, closed on 2018-07-19)*
* Relations:
* copied_to #9099
* parent #9099
* Changesets:
* Revision 98215e479882b7bbf540e8afb166a2b5c3504ed8 by Natanael Copa on 2018-07-18T07:57:46Z:
```
main/znc: security upgrade to 1.7.1 (CVE-2018-14055,CVE-2018-14056)
fixes #9102
```3.7.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8671[3.7] libvorbis: out-of-bounds write (CVE-2018-5146)2020-01-18T00:12:52ZAlicha CH[3.7] libvorbis: out-of-bounds write (CVE-2018-5146)Write out of bounds when processing
malformed Vorbis audio data.
### Fixed In Version:
libvorbis 1.3.6
### References:
https://github.com/xiph/vorbis/releases/tag/v1.3.6
http://openwall.com/lists/oss-security/2018/03/16/4
*(fro...Write out of bounds when processing
malformed Vorbis audio data.
### Fixed In Version:
libvorbis 1.3.6
### References:
https://github.com/xiph/vorbis/releases/tag/v1.3.6
http://openwall.com/lists/oss-security/2018/03/16/4
*(from redmine: issue id 8671, created on 2018-03-19, closed on 2018-07-30)*
* Relations:
* copied_to #8669
* parent #8669
* Changesets:
* Revision 4c88d6e438038dd3f6edd42b97421d650984659a on 2018-07-30T08:21:40Z:
```
main/libvorbis: upgrade to 1.3.6, enable tests
fixes #8671
```3.7.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/5907python strftime doesn't work properly on Alpine Linux.2019-07-23T13:30:17ZKaspars Sprogispython strftime doesn't work properly on Alpine Linux.On Alpine Linux builds strftime returns empty string whenever dash is
used.
Ubuntu/Mac/Debian & Python 2.7.10:
$ python
Python 2.7.10 (default, Oct 23 2015, 19:19:21)
[GCC 4.2.1 Compatible Apple LLVM 7.0.0 (clang-700.0.59.5...On Alpine Linux builds strftime returns empty string whenever dash is
used.
Ubuntu/Mac/Debian & Python 2.7.10:
$ python
Python 2.7.10 (default, Oct 23 2015, 19:19:21)
[GCC 4.2.1 Compatible Apple LLVM 7.0.0 (clang-700.0.59.5)] on darwin
>>> import datetime
>>> datetime.datetime.now().strftime('%I')
'04'
>>> datetime.datetime.now().strftime('%-I')
'4'
alpine:3.4
PYTHON\_VERSION=2.7.12-r0
$ python
Python 2.7.12 (default, Jun 29 2016, 08:57:23)
[GCC 5.3.0] on lType "help", "copyright", "credits" or "license" for more information.inux2
>>> import datetime
>>> datetime.datetime.now().strftime('%I')
'01'
>>> datetime.datetime.now().strftime('%-I')
''
*(from redmine: issue id 5907, created on 2016-07-15, closed on 2019-02-25)*
* Changesets:
* Revision f6baa2aad98a418cd21b857f825e772a987b7c93 by Timo Teräs on 2017-06-01T10:31:29Z:
```
main/musl: cherry-pick upstream fixes, add strftime gnu extensions
ref #5907
```
* Revision b4bedb97e3d00c57213579664e0f034b2d65696a by Timo Teräs on 2017-07-05T11:50:20Z:
```
main/musl: cherry-pick upstream fixes, add strftime gnu extensions
ref #5907
```3.7.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8006openssh manual is broken2019-07-23T11:42:08ZSteffen Nurpmesoopenssh manual is brokenBecause it is in mdoc(7) syntax, but the configure run switches to
man(7) via —with-mantype=man unnecessarily (for groff as well as for
mandoc), and the conversion process seems faulty.
To verify this, go “man ssh-agent” and scroll to ...Because it is in mdoc(7) syntax, but the configure run switches to
man(7) via —with-mantype=man unnecessarily (for groff as well as for
mandoc), and the conversion process seems faulty.
To verify this, go “man ssh-agent” and scroll to the bottom.
*(from redmine: issue id 8006, created on 2017-10-16, closed on 2019-05-03)*
* Changesets:
* Revision 3b3bf75eb7b72ea0f74fbeb753ddd287bb13a038 by Natanael Copa on 2017-12-04T09:30:25Z:
```
main/openssh: fix man pages
ref #8006
```
* Revision 7f9d974993c464c02e8d287cd2d0f36cce173a8d by Natanael Copa on 2017-12-04T09:31:57Z:
```
main/openssh: fix man pages
fixes #8006
```3.7.1https://gitlab.alpinelinux.org/alpine/aports/-/issues/8095[3.7] graphicsmagick: Multiple vulnerabilities (CVE-2017-14314, CVE-2017-145...2019-07-23T11:41:07ZAlicha CH[3.7] graphicsmagick: Multiple vulnerabilities (CVE-2017-14314, CVE-2017-14504, CVE-2017-14733, CVE-2017-14994 CVE-2017-14997, CVE-2017-15930)**CVE-2017-14314**: Off-by-one error in the DrawImage function in
magick/render.c in GraphicsMagick 1.3.26 allows remote
attackers to cause a denial of service (DrawDashPolygon heap-based
buffer over-read and application crash) via a c...**CVE-2017-14314**: Off-by-one error in the DrawImage function in
magick/render.c in GraphicsMagick 1.3.26 allows remote
attackers to cause a denial of service (DrawDashPolygon heap-based
buffer over-read and application crash) via a crafted file.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-14314
### Patch:
http://hg.code.sf.net/p/graphicsmagick/code/rev/2835184bfb78
**CVE-2017-14504**: ReadPNMImage in coders/pnm.c in GraphicsMagick
1.3.26 does not ensure the correct number
of colors for the XV 332 format, leading to a NULL Pointer Dereference.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-14504
Patch:
http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=fb09ca6dd22c
**CVE-2017-14733**:ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26
mishandles RLE headers that specify
too few colors, which allows remote attackers to cause a denial of
service (heap-based buffer over-read and application crash) via a
crafted file.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-14733
### Patch:
http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=5381c71724e3
**CVE-2017-14994**: ReadDCMImage in coders/dcm.c in GraphicsMagick
1.3.26 allows remote attackers to cause a denial of service (NULL
pointer
dereference) via a crafted DICOM image, related to the ability of
DCM\_ReadNonNativeImages to yield an image list with zero frames.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-14994
### Patch:
http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=b3eca3eaa264
**CVE-2017-14997**: GraphicsMagick 1.3.26 allows remote attackers to
cause a denial of service (excessive memory allocation) because of an
integer
underflow in ReadPICTImage in coders/pict.c.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-14997
### Patch:
http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=0683f8724200
**CVE-2017-15930**: In ReadOneJNGImage in coders/png.c in GraphicsMagick
1.3.26, a Null Pointer Dereference occurs while transferring JPEG
scanlines, related to a PixelPacket pointer.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-15930
### Patch:
http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=6fc54b6d2be8
http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=da135eaedc3b
*(from redmine: issue id 8095, created on 2017-11-02, closed on 2017-12-11)*
* Relations:
* parent #8094
* Changesets:
* Revision 38638bab94d2426e261c1354303f5fec985618ef by Francesco Colista on 2017-12-11T02:15:43Z:
```
community/graphicsmagick: security upgrade to 1.3.27.
- Fixes #8095
- Fixes #7943 (last CVE was not fixed since the patch did not apply)
```
* Revision 3b5721482720016f2ac57ea0cbf95aea6f9c74e8 by Francesco Colista on 2017-12-11T02:36:23Z:
```
community/graphicsmagick: security upgrade to 1.3.27.
- Fixes #8095
- Fixes #7943 (last CVE was not fixed since the patch did not apply)
```3.7.1Francesco ColistaFrancesco Colistahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8139[3.7] pcre: match() stack overflow (CVE-2017-16231)2019-07-23T11:40:42ZAlicha CH[3.7] pcre: match() stack overflow (CVE-2017-16231)In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash
overflow
in the function match() in pcre\_exec.c because of a self-recursive
call.
### References:
http://openwall.com/lists/oss-security/2017/11/01/3
http://...In PCRE 8.41, after compiling, a pcretest load test PoC produces a crash
overflow
in the function match() in pcre\_exec.c because of a self-recursive
call.
### References:
http://openwall.com/lists/oss-security/2017/11/01/3
http://seclists.org/oss-sec/2017/q4/164
*(from redmine: issue id 8139, created on 2017-11-14, closed on 2017-12-07)*
* Relations:
* parent #8138
* Changesets:
* Revision 62cf5b826847b3244ca96be46f33a14bd7422b3a by Natanael Copa on 2017-12-04T09:00:29Z:
```
main/pcre: add secfixes comment for CVE-2017-16231
We are not affected by CVE-2017-16231 due to our build with
--with-match-limit-recursion=8192. We had this option since first
commit, version 7.8, and were never affected.
fixes #8139
```3.7.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8209bash-4.3.48-r2.post-upgrade lingers2019-07-23T11:39:43ZSteffen Nurpmesobash-4.3.48-r2.post-upgrade lingersIt still exists.
I have noticed that there was a segmentation fault while doing bash
update (to 4.4.12) in the upgrade last saturday.
I manually remove the file.
*(from redmine: issue id 8209, created on 2017-11-27, closed on 2019-...It still exists.
I have noticed that there was a segmentation fault while doing bash
update (to 4.4.12) in the upgrade last saturday.
I manually remove the file.
*(from redmine: issue id 8209, created on 2017-11-27, closed on 2019-05-03)*
* Relations:
* duplicates #8258
* Changesets:
* Revision 653a44f93007a1252729d0a526e356bad5da1f46 by Natanael Copa on 2017-12-12T10:38:01Z:
```
main/busybox: backport fix for add-shell
ref #8209
```
* Revision 917af288b5f6ff2c978b0f37a0ece5b6a0bb2ab6 by Natanael Copa on 2017-12-12T10:40:01Z:
```
main/busybox: backport fix for add-shell
fixes #8209
```3.7.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8236My bash script stopped working (hangs) after upgrading to v3.72019-07-23T11:39:19Zpaul morganMy bash script stopped working (hangs) after upgrading to v3.7Given this script:
#!/bin/bash
# https://github.com/koalaman/shellcheck/wiki/SC2044
while IFS= read -r -d '' file; do
echo -n checking "${file}"
# This works on alpine 3.6 but hangs on 3.7 and edge.
if st...Given this script:
#!/bin/bash
# https://github.com/koalaman/shellcheck/wiki/SC2044
while IFS= read -r -d '' file; do
echo -n checking "${file}"
# This works on alpine 3.6 but hangs on 3.7 and edge.
if stat -c %F "${file}" | grep -qE '^directory$'; then
echo " DIRECTORY"
else
echo
fi
done < <(find /etc -maxdepth 1 -print0)
It works on alpine 3.6.
However, it hangs on alpine 3.7 and edge after it prints
checking /etc
.
*(from redmine: issue id 8236, created on 2017-12-04, closed on 2017-12-12)*
* Changesets:
* Revision ffcbff626c698a477a8d1217e4bade0059a84fc1 by Natanael Copa on 2017-12-07T22:18:05Z:
```
main/bash: fix overflow in jobs
fixes #8236
```
* Revision 3239e62fb1c7968e923016358345a4dcc7e2f87d by Natanael Copa on 2017-12-07T22:25:19Z:
```
main/bash: fix overflow in jobs
fixes #8236
ref: https://github.com/tianon/docker-bash/issues/4
ref: https://github.com/gliderlabs/docker-alpine/issues/363
```3.7.1https://gitlab.alpinelinux.org/alpine/aports/-/issues/8241[3.7] tiff: Heap-based buffer overflow bug in pal2rgb (CVE-2017-17095)2019-07-23T11:39:16ZAlicha CH[3.7] tiff: Heap-based buffer overflow bug in pal2rgb (CVE-2017-17095)tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote
attackers to cause a denial of service (TIFFSetupStrips heap-based
buffer overflow and application crash) or possibly have unspecified
other impact via a crafted TIFF file.
...tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote
attackers to cause a denial of service (TIFFSetupStrips heap-based
buffer overflow and application crash) or possibly have unspecified
other impact via a crafted TIFF file.
### References:
http://openwall.com/lists/oss-security/2017/12/02/1
http://bugzilla.maptools.org/show\_bug.cgi?id=2750
https://nvd.nist.gov/vuln/detail/CVE-2017-17095
*(from redmine: issue id 8241, created on 2017-12-05, closed on 2018-08-02)*
* Relations:
* parent #8239
* Changesets:
* Revision dc9b38d5feecbb2fcf0dd40261d5a5e958792b2b by Natanael Copa on 2018-08-02T05:58:23Z:
```
main/tiff: various security fixes
- CVE-2017-9935
- CVE-2017-11613
- CVE-2017-17095
- CVE-2018-10963
fixes #8241
fixes #9164
```3.7.1https://gitlab.alpinelinux.org/alpine/aports/-/issues/8247[3.7] tor: Multiple vulnerabilities (CVE-2017-8819, CVE-2017-8820, CVE-2017-8...2019-07-23T11:39:10ZAlicha CH[3.7] tor: Multiple vulnerabilities (CVE-2017-8819, CVE-2017-8820, CVE-2017-8821, CVE-2017-8822, CVE-2017-8823)**CVE-2017-8819**
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9
before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, the
replay-cache protection mechanism is ineffective
for v2 onion services, aka TRO...**CVE-2017-8819**
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9
before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, the
replay-cache protection mechanism is ineffective
for v2 onion services, aka TROVE-2017-009. An attacker can send many
INTRODUCE2 cells to trigger this issue.
**CVE-2017-8820**
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9
before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, remote
attackers can cause a denial of service
(NULL pointer dereference and application crash) against directory
authorities via a malformed descriptor, aka TROVE-2017-010.
**CVE-2017-8821**
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9
before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, an
attacker can cause a denial of service
(application hang) via crafted PEM input that signifies a public key
requiring a password, which triggers an attempt by the OpenSSL library
to ask the user for the password, aka TROVE-2017-011.
**CVE-2017-8822**
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9
before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, relays
(that have incompletely downloaded descriptors)
can pick themselves in a circuit path, leading to a degradation of
anonymity, aka TROVE-2017-012.
**CVE-2017-8823**
In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9
before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, there
is a use-after-free in onion service v2 during
intro-point expiration because the expiring list is mismanaged in
certain error cases, aka TROVE-2017-013.
### References:
https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516
*(from redmine: issue id 8247, created on 2017-12-05, closed on 2017-12-07)*
* Relations:
* parent #8245
* Changesets:
* Revision aa584109baa33cd000b70285d8fa42d0d0c6c586 by Natanael Copa on 2017-12-07T09:51:22Z:
```
community/tor: security upgrade to 0.3.1.9
CVE-2017-8819 TROVE-2017-009: Replay-cache ineffective for v2 onion services
CVE-2017-8820 TROVE-2017-010: Remote DoS attack against directory authorities
CVE-2017-8821 TROVE-2017-011: An attacker can make Tor ask for a password
CVE-2017-8822 TROVE-2017-012: Relays can pick themselves in a circuit path
CVE-2017-8823 TROVE-2017-013: Use-after-free in onion service v2
fixes #8247
```3.7.1https://gitlab.alpinelinux.org/alpine/aports/-/issues/8251[3.7] pdns: Missing check on API operations (CVE-2017-15091)2019-07-23T11:39:06ZAlicha CH[3.7] pdns: Missing check on API operations (CVE-2017-15091)An issue has been found in the API component of PowerDNS
Authoritative,
where some operations that have an impact on the state of the server
are still allowed even though the API has been configured as read-only
via the \`api-reado...An issue has been found in the API component of PowerDNS
Authoritative,
where some operations that have an impact on the state of the server
are still allowed even though the API has been configured as read-only
via the \`api-readonly\` keyword.
This missing check allows an attacker with valid API credentials could
flush the cache, trigger a zone transfer or send a NOTIFY.
### Affects:
PowerDNS Authoritative up to and including 4.0.4, 3.4.11
### Not affected:
PowerDNS Authoritative 4.0.5
### References:
https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2017-04.html
http://openwall.com/lists/oss-security/2017/11/27/1
*(from redmine: issue id 8251, created on 2017-12-07, closed on 2017-12-15)*
* Relations:
* parent #8249
* Changesets:
* Revision 11695c47fbbbe890b37c4036e7141e1b560ea2a6 by Francesco Colista on 2017-12-15T13:49:10Z:
```
community/pdns: security upgrade to 4.0.5 (CVE-2017-15091). Fixes #8251
```3.7.1Francesco ColistaFrancesco Colistahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8254[3.7] pdns-recursor: Multiple vulnerabilities (CVE-2017-15090, CVE-2017-15092...2019-07-23T11:39:02ZAlicha CH[3.7] pdns-recursor: Multiple vulnerabilities (CVE-2017-15090, CVE-2017-15092, CVE-2017-15093, CVE-2017-15094)**CVE-2017-15090**: Insufficient validation of DNSSEC signatures
### Affects:
PowerDNS Recursor from 4.0.0 and up to and including 4.0.6
### Not affected:
PowerDNS Recursor &lt; 4.0.0, 4.0.7
### References:
https://doc.powerdns.com...**CVE-2017-15090**: Insufficient validation of DNSSEC signatures
### Affects:
PowerDNS Recursor from 4.0.0 and up to and including 4.0.6
### Not affected:
PowerDNS Recursor < 4.0.0, 4.0.7
### References:
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-03.html
http://openwall.com/lists/oss-security/2017/11/27/1
**CVE-2017-15092**: Cross-Site Scripting in the web interface
### Affects:
PowerDNS Recursor from 4.0.0 up to and including 4.0.6
### Not affected:
PowerDNS Recursor 4.0.7, 3.7.x
### References:
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-05.html
http://openwall.com/lists/oss-security/2017/11/27/1
**CVE-2017-15093**: Configuration file injection in the API
### Affects:
PowerDNS Recursor up to and including 4.0.6, 3.7.4
### Not affected:
PowerDNS Recursor 4.0.7
### References:
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-06.html
http://openwall.com/lists/oss-security/2017/11/27/1
**CVE-2017-15094**:
Memory leak in DNSSEC parsing
### Affects:
PowerDNS Recursor from 4.0.0 up to and including 4.0.6
### Not affected:
PowerDNS Recursor 4.0.7
### References:
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-07.html
http://openwall.com/lists/oss-security/2017/11/27/1
*(from redmine: issue id 8254, created on 2017-12-07, closed on 2017-12-15)*
* Relations:
* parent #8252
* Changesets:
* Revision 0821b9aa215845c51715531d9478f41a9322f98c by Francesco Colista on 2017-12-15T14:01:19Z:
```
community/pdns-recursor: security upgrade to 4.0.7 (CVE-2017-15090-15092-15093-15094). Fixes #8254
```3.7.1Francesco ColistaFrancesco Colistahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8263php7-imagick is missing a dependency in Alpine 3.72019-07-23T11:38:57ZJohn S Longphp7-imagick is missing a dependency in Alpine 3.7Attempting to do anything with the imagick PHP extension causes an
exception to be thrown.
Comparing the package from 3.6 to the package from 3.7, 3.7 depends on
imagemagick-libs where 3.6 depends on imagemagick.
Adding the imagemagick...Attempting to do anything with the imagick PHP extension causes an
exception to be thrown.
Comparing the package from 3.6 to the package from 3.7, 3.7 depends on
imagemagick-libs where 3.6 depends on imagemagick.
Adding the imagemagick package into my Alpine installation fixes my
issues with the imagick PHP extension.
The php7-imagick package for Alpine 3.7 should depend on the imagemagick
package.
*(from redmine: issue id 8263, created on 2017-12-08, closed on 2018-08-10)*3.7.1https://gitlab.alpinelinux.org/alpine/aports/-/issues/8266py3-httplib2 broken2019-07-23T11:38:55Zalgitbotpy3-httplib2 brokenSince at lest 3.6.3 py3-httplib2 is broken.
Fix like in:
https://wiki.alpinelinux.org/wiki/APKBUILD\_examples:Python\#Multiversion\_package\_for\_project\_using\_2to3
/ \# python3
&gt;&gt;>import httplib2
Traceback (most recent cal...Since at lest 3.6.3 py3-httplib2 is broken.
Fix like in:
https://wiki.alpinelinux.org/wiki/APKBUILD\_examples:Python\#Multiversion\_package\_for\_project\_using\_2to3
/ \# python3
>>>import httplib2
Traceback (most recent call last):
File “<stdin>”, line 1, in <module>
File “/usr/lib/python3.6/site-packages/httplib2/*init*.py”, line 59, in
<module>
from .iri2uri import iri2uri
File “/usr/lib/python3.6/site-packages/httplib2/iri2uri.py”, line 15, in
<module>
import urlparse
ModuleNotFoundError: No module named ‘urlparse’
*(from redmine: issue id 8266, created on 2017-12-12, closed on 2019-05-03)*
* Changesets:
* Revision bc1f0f9cc064e7c2a4261838f108040551b4b60e by Francesco Colista on 2017-12-15T02:30:18Z:
```
main/py-httplib2: setup python in the right paths. Fixes #8266
```3.7.1https://gitlab.alpinelinux.org/alpine/aports/-/issues/8269[3.7] wireshark: Multiple vulnerabilities (CVE-2017-17083, CVE-2017-17084, CV...2019-07-23T11:38:52ZAlicha CH[3.7] wireshark: Multiple vulnerabilities (CVE-2017-17083, CVE-2017-17084, CVE-2017-17085)CVE-2017-17083: NetBIOS dissector crash
---------------------------------------
**Affected versions**: 2.4.0 to 2.4.2, 2.2.0 to 2.2.10
**Fixed versions**: 2.4.3, 2.2.11
### References:
https://www.wireshark.org/security/wnpa-sec-2017...CVE-2017-17083: NetBIOS dissector crash
---------------------------------------
**Affected versions**: 2.4.0 to 2.4.2, 2.2.0 to 2.2.10
**Fixed versions**: 2.4.3, 2.2.11
### References:
https://www.wireshark.org/security/wnpa-sec-2017-48.html
CVE-2017-17084: IWARP\_MPA dissector crash
------------------------------------------
**Affected versions**: 2.4.0 to 2.4.2, 2.2.0 to 2.2.10
**Fixed versions**: 2.4.3, 2.2.11
### References:
https://www.wireshark.org/security/wnpa-sec-2017-47.html
CVE-2017-17085: CIP Safety dissector crash
------------------------------------------
**Affected versions**: 2.4.0 to 2.4.2, 2.2.0 to 2.2.10
**Fixed versions**: 2.4.3, 2.2.11
### References:
https://www.wireshark.org/security/wnpa-sec-2017-49.html
*(from redmine: issue id 8269, created on 2017-12-12, closed on 2018-01-02)*
* Relations:
* parent #8267
* Changesets:
* Revision 4caa39890124ede819c4b20cfda2877241e7cdcc by Francesco Colista on 2017-12-17T19:51:41Z:
```
community/wireshark: security upgrade to 2.4.3 (CVE-2017-17083, CVE-2017-17084, CVE-2017-17085). Fixes #8269
```3.7.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8274[3.7] openssl: Multiple vulnerabilities (CVE-2017-3737, CVE-2017-3738)2019-07-23T11:38:48ZAlicha CH[3.7] openssl: Multiple vulnerabilities (CVE-2017-3737, CVE-2017-3738)CVE-2017-3737: Read/write after SSL object in error state
---------------------------------------------------------
OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an “error
state”
mechanism. The intent was that if a fatal err...CVE-2017-3737: Read/write after SSL object in error state
---------------------------------------------------------
OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an “error
state”
mechanism. The intent was that if a fatal error occurred during a
handshake then
OpenSSL would move into the error state and would immediately fail if
you
attempted to continue the handshake. This works as designed for the
explicit
handshake functions (SSL\_do\_handshake(), SSL\_accept() and
SSL\_connect()),
however due to a bug it does not work correctly if SSL\_read() or
SSL\_write() is
called directly. In that scenario, if the handshake fails then a fatal
error
will be returned in the initial function call. If
SSL\_read()/SSL\_write() is
subsequently called by the application for the same SSL object then it
will
succeed and the data is passed without being decrypted/encrypted
directly from
the SSL/TLS record layer.
### Fixed In:
openssl 1.0.2n
### References:
https://www.openssl.org/news/secadv/20171207.txt
CVE-2017-3738: rsaz\_1024\_mul\_avx2 overflow bug on x86\_64
------------------------------------------------------------
There is an overflow bug in the AVX2 Montgomery multiplication
procedure
used in exponentiation with 1024-bit moduli. No EC algorithms are
affected.
Analysis suggests that attacks against RSA and DSA as a result of this
defect
would be very difficult to perform and are not believed likely.
Attacks
against DH1024 are considered just feasible, because most of the work
necessary to deduce information about a private key may be performed
offline.
The amount of resources required for such an attack would be
significant.
### Fixed In:
openssl 1.0.2n
### References:
https://www.openssl.org/news/secadv/20171207.txt
*(from redmine: issue id 8274, created on 2017-12-13, closed on 2017-12-18)*
* Relations:
* parent #8260
* Changesets:
* Revision 7d5866a2137b214be12f5b70e1053b341350352d on 2017-12-15T08:17:53Z:
```
main/openssl: security upgrade to 1.0.2n
fixes #8274
CVE-2017-3737
CVE-2017-3738
(cherry picked from commit d2d350f8a099c9ed303f00888e05626662e5c7f6)
```3.7.1Timo TeräsTimo Teräshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8281[3.7] openssh: Improper write operations in readonly mode allow for zero-leng...2019-07-23T11:38:40ZAlicha CH[3.7] openssh: Improper write operations in readonly mode allow for zero-length file creation (CVE-2017-15906)The process\_open function in sftp-server.c in OpenSSH before 7.6 does
not properly prevent write operations
in readonly mode, which allows attackers to create zero-length files.
### References:
https://www.openssh.com/txt/release-7....The process\_open function in sftp-server.c in OpenSSH before 7.6 does
not properly prevent write operations
in readonly mode, which allows attackers to create zero-length files.
### References:
https://www.openssh.com/txt/release-7.6
https://nvd.nist.gov/vuln/detail/CVE-2017-15906
### Patch:
https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19
*(from redmine: issue id 8281, created on 2017-12-13, closed on 2018-01-02)*
* Relations:
* parent #8279
* Changesets:
* Revision 43ed1297e6f9ea8dc9e40052f9e16959d88d218c by Francesco Colista on 2017-12-15T14:20:11Z:
```
main/openssh: security fixes for CVE-2017-15906. Fixes #8281
```3.7.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8288[3.7] exim: infinite loop and stack exhaustion in receive_msg function via ve...2019-07-23T11:38:34ZAlicha CH[3.7] exim: infinite loop and stack exhaustion in receive_msg function via vectors involving BDAT commands (CVE-2017-16944)The receive\_msg function in receive.c in the SMTP daemon in Exim 4.88
and 4.89 allows remote
attackers to cause a denial of service (infinite loop and stack
exhaustion) via vectors involving BDAT
commands and an improper check for a...The receive\_msg function in receive.c in the SMTP daemon in Exim 4.88
and 4.89 allows remote
attackers to cause a denial of service (infinite loop and stack
exhaustion) via vectors involving BDAT
commands and an improper check for a ‘.’ character signifying the end of
the content, related to the bdat\_getc function.
### References:
http://openwall.com/lists/oss-security/2017/11/28/10
https://bugs.exim.org/show\_bug.cgi?id=2201
### Patch:
https://git.exim.org/exim.git/commitdiff/178ecb70987f024f0e775d87c2f8b2cf587dd542
*(from redmine: issue id 8288, created on 2017-12-13, closed on 2017-12-15)*
* Relations:
* parent #8286
* Changesets:
* Revision 3cf81f9927c2ca7bbe6e3419fbab2eec08a9e8cb by Francesco Colista on 2017-12-15T03:00:27Z:
```
community/exim: security upgrade to 4.89.1 (CVE-2017-16944). Fixes #8288
```3.7.1Francesco ColistaFrancesco Colistahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8292[3.7] heimdal: NULL pointer dereference via crafted UDP packets (CVE-2017-17439)2019-07-23T11:38:30ZAlicha CH[3.7] heimdal: NULL pointer dereference via crafted UDP packets (CVE-2017-17439)In Heimdal through 7.4, remote unauthenticated attackers are able to
crash the KDC by sending a crafted UDP packet
containing empty data fields for client name or realm. The parser would
unconditionally dereference NULL pointers in
t...In Heimdal through 7.4, remote unauthenticated attackers are able to
crash the KDC by sending a crafted UDP packet
containing empty data fields for client name or realm. The parser would
unconditionally dereference NULL pointers in
that case, leading to a segmentation fault. This is related to the
\_kdc\_as\_rep function in kdc/kerberos5.c and
the der\_length\_visible\_string function in lib/asn1/der\_length.c.
### References:
https://github.com/heimdal/heimdal/issues/353
https://nvd.nist.gov/vuln/detail/CVE-2017-17439
### Patch:
https://github.com/heimdal/heimdal/commit/749d377fa357351a7bbba51f8aae72cdf0629592
*(from redmine: issue id 8292, created on 2017-12-14, closed on 2018-01-02)*
* Relations:
* parent #8290
* Changesets:
* Revision 1061d3a8d5a8ee4950bfbd0854eda611d64f2116 on 2017-12-29T11:06:05Z:
```
main/heimdal: security fix (CVE-2017-17439)
Fixes #8292
```3.7.1Leonardo ArenaLeonardo Arena