aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2019-07-23T11:23:15Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9282[3.8] ncurses: NULL Pointer Dereference in _nc_parse_entry function in tinfo/...2019-07-23T11:23:15ZAlicha CH[3.8] ncurses: NULL Pointer Dereference in _nc_parse_entry function in tinfo/parse_entry.c. (CVE-2018-10754)A flaw was found in ncurses before 6.1.20180414, there is a NULL Pointer
Dereference in the \_nc\_parse\_entry function of tinfo/parse\_entry.c.
It could lead to
a remote denial of service if the terminfo library code is used to
proces...A flaw was found in ncurses before 6.1.20180414, there is a NULL Pointer
Dereference in the \_nc\_parse\_entry function of tinfo/parse\_entry.c.
It could lead to
a remote denial of service if the terminfo library code is used to
process untrusted terminfo data in which a use-name is invalid syntax.
### Fixed In Version:
ncurses 6.1.20180414
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-10754
*(from redmine: issue id 9282, created on 2018-08-20, closed on 2018-08-22)*
* Relations:
* copied_to #9281
* parent #9281
* Changesets:
* Revision b01bcbc9705e0ad4e6778c0a34ed376300577bbc by Natanael Copa on 2018-08-21T13:47:01Z:
```
main/ncurses: upgrade to 6.1_p20180818
fixes #9282
```3.8.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9264[3.8] apache2: Multiple vulnerabilities (CVE-2018-1333, CVE-2018-8011)2019-07-23T11:23:29ZAlicha CH[3.8] apache2: Multiple vulnerabilities (CVE-2018-1333, CVE-2018-8011)CVE-2018-1333: DoS for HTTP/2 connections by crafted requests
-------------------------------------------------------------
By specially crafting HTTP/2 requests, workers would be allocated 60
seconds longer than necessary,
leading to...CVE-2018-1333: DoS for HTTP/2 connections by crafted requests
-------------------------------------------------------------
By specially crafting HTTP/2 requests, workers would be allocated 60
seconds longer than necessary,
leading to worker exhaustion and a denial of service.
### Fixed In Version:
Apache HTTP Server 2.4.34
### References:
https://httpd.apache.org/security/vulnerabilities\_24.html\#CVE-2018-1333
http://www.openwall.com/lists/oss-security/2018/07/18/1
CVE-2018-8011: mod\_md, DoS via Coredumps on specially crafted requests
-----------------------------------------------------------------------
By specially crafting HTTP requests, the mod\_md challenge handler would
dereference a NULL pointer
and cause the child process to segfault. This could be used to DoS the
server.
### Fixed In Version:
Apache HTTP Server 2.4.34
### Reference:
https://httpd.apache.org/security/vulnerabilities\_24.html\#CVE-2018-8011
http://www.openwall.com/lists/oss-security/2018/07/18/2
*(from redmine: issue id 9264, created on 2018-08-17, closed on 2018-08-20)*
* Relations:
* copied_to #9263
* parent #9263
* Changesets:
* Revision d0eedffbc4ca5e5e276ca4fa37659b64ed0284af by Andy Postnikov on 2018-08-20T10:35:41Z:
```
main/apache2: security upgrade to 2.4.34
fixes #9264
```3.8.1Kaarle RitvanenKaarle Ritvanenhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9256[3.8] ldb: Denial of Service Attack on DNS and LDAP server (CVE-2018-1140)2019-07-23T11:23:33ZAlicha CH[3.8] ldb: Denial of Service Attack on DNS and LDAP server (CVE-2018-1140)Missing input sanitization checks on some of the input parameters to
LDB database layer cause the LDAP server and DNS server to crash when
following a NULL pointer.
### Fixed In Version:
ldb 1.4.1, ldb 1.3.5
### References:
https...Missing input sanitization checks on some of the input parameters to
LDB database layer cause the LDAP server and DNS server to crash when
following a NULL pointer.
### Fixed In Version:
ldb 1.4.1, ldb 1.3.5
### References:
https://www.samba.org/samba/security/CVE-2018-1140.html
https://www.samba.org/samba/history/security.html
*(from redmine: issue id 9256, created on 2018-08-16, closed on 2018-08-23)*
* Relations:
* copied_to #9254
* parent #9254
* Changesets:
* Revision 92f3d2b28a5940acc5db51e3889b698e7146e812 on 2018-08-22T06:43:48Z:
```
main/ldb: security upgrade to 1.3.5 (CVE-2018-1140)
Fixes #9256
```3.8.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9250[3.8] samba: Multiple vulnerabilities (CVE-2018-10858, CVE-2018-10918, CVE-20...2019-07-23T11:23:40ZAlicha CH[3.8] samba: Multiple vulnerabilities (CVE-2018-10858, CVE-2018-10918, CVE-2018-10919, CVE-2018-1139, CVE-2018-1140)CVE-2018-10858: Insufficient input validation on client directory listing in libsmbclient.
------------------------------------------------------------------------------------------
Samba releases 3.2.0 to 4.8.3 (inclusive) contain an e...CVE-2018-10858: Insufficient input validation on client directory listing in libsmbclient.
------------------------------------------------------------------------------------------
Samba releases 3.2.0 to 4.8.3 (inclusive) contain an error in
libsmbclient that could allow a malicious server
to overwrite client heap memory by returning an extra long filename in a
directory listing.
### Fixed In Version:
samba 4.6.16, samba 4.7.9, samba 4.8.4
### References:
https://www.samba.org/samba/security/CVE-2018-10858.html
https://www.samba.org/samba/history/security.html
CVE-2018-10918: Denial of Service Attack on AD DC DRSUAPI server
----------------------------------------------------------------
All versions of Samba from 4.7.0 onwards are vulnerable to a denial of
service attack which can crash the “samba” process when Samba is an
Active Directory Domain Controller.
### Fixed In Version:
samba 4.7.9, samba 4.8.4
### References:
https://www.samba.org/samba/security/CVE-2018-10918.html
https://www.samba.org/samba/history/security.html
CVE-2018-10919: Confidential attribute disclosure via substring search
----------------------------------------------------------------------
All versions of the Samba Active Directory LDAP server from 4.0.0
onwards are vulnerable to the disclosure of confidential attribute
values, both of attributes where the schema SEARCH\_FLAG\_CONFIDENTIAL
(0x80) searchFlags bit and where an explicit Access Control Entry has
been specified on the ntSecurityDescriptor.
### Fixed In Version:
samba 4.6.16, samba 4.7.9, samba 4.8.4
### References:
https://www.samba.org/samba/security/CVE-2018-10919.html
https://www.samba.org/samba/history/security.html
CVE-2018-1139: Weak authentication protocol regression
------------------------------------------------------
Samba releases 4.7.0 to 4.8.3 (inclusive) contain an error which
allows authentication using NTLMv1 over an SMB1 transport (either
directory or via NETLOGON SamLogon calls from a member server), even
when NTLMv1 is explicitly disabled on the server.
Normally, the use of NTLMv1 is disabled by default in favor of NTLMv2.
This has been the default since Samba 4.5. A code restructuring in the
NTLM authentication implementation of Samba in 4.7.0 caused this
regression to occur.
### Fixed In Version:
samba 4.7.9, samba 4.8.4
### References:
https://www.samba.org/samba/security/CVE-2018-1139.html
https://www.samba.org/samba/history/security.html
CVE-2018-1140: Denial of Service Attack on DNS and LDAP server
--------------------------------------------------------------
All versions of Samba from 4.8.0 onwards are vulnerable to a denial of
service attack when Samba is an Active Directory Domain Controller.
### Fixed In Version:
samba 4.8.4
### References:
https://bugzilla.redhat.com/show\_bug.cgi?id=%20CVE-2018-1140
https://www.samba.org/samba/history/security.html
*(from redmine: issue id 9250, created on 2018-08-16, closed on 2018-08-23)*
* Relations:
* copied_to #9248
* parent #9248
* Changesets:
* Revision 53e46bd2838462d43bb89139a98f91afc31b6a08 on 2018-08-22T07:40:08Z:
```
main/samba: security upgrade to 4.8.4
CVE-2018-10858, CVE-2018-10918, CVE-2018-10919, CVE-2018-1139, CVE-2018-1140
Fixes #9250
```3.8.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9239[3.8] mbedtls: Multiple vulnerabilities (CVE-2018-0497, CVE-2018-0498)2019-07-23T11:23:47ZAlicha CH[3.8] mbedtls: Multiple vulnerabilities (CVE-2018-0497, CVE-2018-0498)**CVE-2018-0497**: Remote plaintext recovery on use of CBC based
ciphersuites through
a timing side-channel.
### Affected Versions:
All versions of Mbed TLS from version 1.2 upwards, including all 2.1,
2.7 and later releases.
### Fi...**CVE-2018-0497**: Remote plaintext recovery on use of CBC based
ciphersuites through
a timing side-channel.
### Affected Versions:
All versions of Mbed TLS from version 1.2 upwards, including all 2.1,
2.7 and later releases.
### Fixed In Version:
Mbed TLS, including 2.12.0, 2.7.5 or 2.1.14 or later.
### References:
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02
**CVE-2018-0498**: When using a CBC based ciphersuite, an attacker with
the ability to execute arbitrary code on
the machine under attack can partially recover the plaintext by use of
cache based side-channels.
### Affected Versions:
All versions of Mbed TLS from version 1.2 upwards, including all 2.1,
2.7 and later releases.
### Fixed In Version:
Mbed TLS, including 2.12.0, 2.7.5 or 2.1.14 or later.
### References:
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02
*(from redmine: issue id 9239, created on 2018-08-13, closed on 2018-08-14)*
* Changesets:
* Revision 1c0e971a526aed30795ed65912b72f65dfbf9dd2 by Natanael Copa on 2018-08-13T17:41:22Z:
```
community/mbedtls: security upgrade to 2.7.5 (CVE-2018-0497,CVE-2018-0498)
fixes #9239
```3.8.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9237php5-cli only works if installed *before* php52019-07-23T11:23:49ZJasper Koolhaasphp5-cli only works if installed *before* php5On a fresh Alpine 3.8 (LXD container) image:
apk add php5 php5-cli
doesn’t actually install php5-cli:
# ls -al /usr/bin/php*; apk list --installed|grep php
ls: /usr/bin/php*: No such file or directory
php5-5.6.37-r...On a fresh Alpine 3.8 (LXD container) image:
apk add php5 php5-cli
doesn’t actually install php5-cli:
# ls -al /usr/bin/php*; apk list --installed|grep php
ls: /usr/bin/php*: No such file or directory
php5-5.6.37-r0 x86_64 {php5} (PHP-3.0) [installed]
When I delete both an then adding (only) php5-cli it works ok:
#apk del php5 php-cli; apk add php5-cli
# ls -al /usr/bin/php*; apk list --installed|grep php
-rwxr-xr-x 1 root root 8794808 Jul 24 13:54 /usr/bin/php5
-rwxr-xr-x 1 root root 4506 Jul 24 13:54 /usr/bin/phpize5
php5-cli-5.6.37-r0 x86_64 {php5} (PHP-3.0) [installed]
php5-common-5.6.37-r0 x86_64 {php5} (PHP-3.0) [installed]
This problem doesn’t seem to happen in the current edge version.
*(from redmine: issue id 9237, created on 2018-08-13, closed on 2018-08-13)*
* Relations:
* duplicates #91193.8.1Matt SmithMatt Smithhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9226[3.8] libmspack: Multiple vulnerabilities (CVE-2018-14679, CVE-2018-14680, CV...2019-07-23T11:23:56ZAlicha CH[3.8] libmspack: Multiple vulnerabilities (CVE-2018-14679, CVE-2018-14680, CVE-2018-14681, CVE-2018-14682)**CVE-2018-14679**: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha.
There is an off-by-one error in the CHM PMGI/PMGL chunk number validity
checks, which could lead
to denial of service (uninitialized data dere...**CVE-2018-14679**: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha.
There is an off-by-one error in the CHM PMGI/PMGL chunk number validity
checks, which could lead
to denial of service (uninitialized data dereference and application
crash).
### Fixed In Version:
libmspack 0.7alpha
### References:
http://www.openwall.com/lists/oss-security/2018/07/26/1
https://nvd.nist.gov/vuln/detail/CVE-2018-14679
### Patch:
https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a
**CVE-2018-14680**: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha.
It does not reject blank CHM filenames.
### Fixed In Version:
libmspack 0.7alpha
### References:
http://openwall.com/lists/oss-security/2018/07/28/1
### Patch:
https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a
**CVE-2018-14681**: An issue was discovered in kwajd\_read\_headers in
mspack/kwajd.c in libmspack before 0.7alpha.
A maliciously crafted KWAJ file header extensions could cause a one or
two byte overwrite.
### Fixed In Version:
libmspack 0.7alpha
### References:
http://www.openwall.com/lists/oss-security/2018/07/26/1
https://nvd.nist.gov/vuln/detail/CVE-2018-14681
### Patch:
https://github.com/kyz/libmspack/commit/0b0ef9344255ff5acfac6b7af09198ac9c9756c8
**CVE-2018-14682**: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha. There is an
off-by-one error in the TOLOWER() macro for CHM decompression.
### Fixed In Version:
libmspack 0.7alpha
### References:
http://openwall.com/lists/oss-security/2018/07/28/1
https://nvd.nist.gov/vuln/detail/CVE-2018-14682
### Patch:
https://github.com/kyz/libmspack/commit/4fd9ccaa54e1aebde1e4b95fb0163b699fd7bcc8
*(from redmine: issue id 9226, created on 2018-08-10, closed on 2018-08-23)*
* Relations:
* parent #9224
* Changesets:
* Revision 3e3519a996d44c6d478d4e1d47cc6360a93da3c3 by Natanael Copa on 2018-08-22T13:29:36Z:
```
main/libmspack: security upgrade to 0.7.1alpha
fixes #9226
```3.8.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9220[3.8] wpa_supplicant: Unauthenticated EAPOL-Key decryption in wpa_supplicant ...2019-07-23T11:24:01ZAlicha CH[3.8] wpa_supplicant: Unauthenticated EAPOL-Key decryption in wpa_supplicant (CVE-2018-14526)An issue was discovered in rsn\_supp/wpa.c in wpa\_supplicant 2.0
through 2.6. Under certain conditions,
the integrity of EAPOL-Key messages is not checked, leading to a
decryption oracle. An attacker within
range of the Access Point...An issue was discovered in rsn\_supp/wpa.c in wpa\_supplicant 2.0
through 2.6. Under certain conditions,
the integrity of EAPOL-Key messages is not checked, leading to a
decryption oracle. An attacker within
range of the Access Point and client can abuse the vulnerability to
recover sensitive information.
### References:
https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt
http://openwall.com/lists/oss-security/2018/08/08/3
https://nvd.nist.gov/vuln/detail/CVE-2018-14526
*(from redmine: issue id 9220, created on 2018-08-10, closed on 2018-08-22)*
* Relations:
* copied_to #9218
* parent #9218
* Changesets:
* Revision 8928cb52eb5ad36d034ec67858bfffaf12b6c6eb by Natanael Copa on 2018-08-21T13:57:31Z:
```
main/wpa_supplicant: security fix (CVE-2018-14526)
fixes #9220
```3.8.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9216[v3.8][edge] ruby-bundler missing dependency on ruby-etc2019-07-23T11:24:05ZFelix Bünemann[v3.8][edge] ruby-bundler missing dependency on ruby-etcThe Ruby `Etc` module was split into it’s own package `ruby-etc` in
Alpine 3.8 which causes an exception in `ruby-bundler`:
/usr/lib/ruby/gems/2.5.0/gems/bundler-1.16.3/lib/bundler.rb:173:in `user_home': uninitialized constant #<Cla...The Ruby `Etc` module was split into it’s own package `ruby-etc` in
Alpine 3.8 which causes an exception in `ruby-bundler`:
/usr/lib/ruby/gems/2.5.0/gems/bundler-1.16.3/lib/bundler.rb:173:in `user_home': uninitialized constant #<Class:Bundler>::Etc (NameError)
As a workaround it is currently possible to manually install the
`ruby-ety` package.
The solution is to add `ruby-etc` as a dependency for `ruby-bundler`.
*(from redmine: issue id 9216, created on 2018-08-09, closed on 2019-05-04)*
* Changesets:
* Revision d76cafc1b58d50688d04e15ff1d5be1885ccfd4a by Jakub Jirutka on 2018-08-09T15:46:45Z:
```
main/ruby-bundler: fix missing dependency on ruby-etc
Fixes #9216 <https://bugs.alpinelinux.org/issues/9216>
```
* Revision 7f0a217a75323ac64b3c976711ab8134d3b239e1 by Jakub Jirutka on 2018-08-09T15:47:31Z:
```
main/ruby-bundler: fix missing dependency on ruby-etc
Fixes #9216 <https://bugs.alpinelinux.org/issues/9216>
```3.8.1Jakub JirutkaJakub Jirutkahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9205Backport php7-event to 3.8 branch2019-07-23T11:24:12ZDenis ChernosovBackport php7-event to 3.8 branchThanks to Andy Postnikov for this package in edge repository!
One more thing. Can you backport it to 3.8? Please :)
*(from redmine: issue id 9205, created on 2018-08-08, closed on 2018-08-22)*
* Changesets:
* Revision 62a307cea8d16...Thanks to Andy Postnikov for this package in edge repository!
One more thing. Can you backport it to 3.8? Please :)
*(from redmine: issue id 9205, created on 2018-08-08, closed on 2018-08-22)*
* Changesets:
* Revision 62a307cea8d16f4c8d4a2efc98ad3a1ffd399ea3 by Andy Postnikov on 2018-08-22T09:40:04Z:
```
community/php7-event: new package backport
fixes #9205
```3.8.1https://gitlab.alpinelinux.org/alpine/aports/-/issues/9200[3.8] myrepos: missing URL sanitization (CVE-2018-7032)2019-07-23T11:24:16ZAlicha CH[3.8] myrepos: missing URL sanitization (CVE-2018-7032)webcheckout in myrepos through 1.20171231 does not sanitize URLs that
are passed to git clone, allowing a malicious website operator or a
MitM
attacker to take advantage of it for arbitrary code execution, as
demonstrated by an “ext::s...webcheckout in myrepos through 1.20171231 does not sanitize URLs that
are passed to git clone, allowing a malicious website operator or a
MitM
attacker to take advantage of it for arbitrary code execution, as
demonstrated by an “ext::sh -c” attack or an option injection attack.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-7032
### Patch:
http://source.myrepos.branchable.com/?p=source.git;a=commitdiff;h=40a3df21c73f1bb1b6915cc6fa503f50814664c8
*(from redmine: issue id 9200, created on 2018-08-07, closed on 2018-08-23)*
* Relations:
* copied_to #9199
* parent #9199
* Changesets:
* Revision b690195cd82f9c8dba79495689e7d1d4a7bfc873 by Fabian Affolter on 2018-08-22T09:47:43Z:
```
main/myrepos: upgrade to 1.20180726
fixes #9200
(cherry picked from commit 593b926a0233cbb19a47882bd2c22346cb7a5530)
```3.8.1https://gitlab.alpinelinux.org/alpine/aports/-/issues/9182[3.8] kamailio: Security vulnerability in Kamailio core related to To header ...2019-07-23T11:24:28ZAlicha CH[3.8] kamailio: Security vulnerability in Kamailio core related to To header processing (CVE-2018-14767)In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message
with a double “To” header and an empty “To” tag causes
a segmentation fault and crash. The reason is missing input validation
in the “build\_res\_buf\_from\_sip\_re...In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message
with a double “To” header and an empty “To” tag causes
a segmentation fault and crash. The reason is missing input validation
in the “build\_res\_buf\_from\_sip\_req” core function.
This could result in denial of service and potentially the execution of
arbitrary code.
### References:
https://skalatan.de/blog/advisory-hw-2018-05
https://nvd.nist.gov/vuln/detail/CVE-2018-14767
*(from redmine: issue id 9182, created on 2018-08-02, closed on 2018-09-20)*
* Relations:
* copied_to #9180
* parent #91803.8.1Nathan AngelacosNathan Angelacoshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9179Package request: php7-event2019-07-23T11:24:31ZDenis ChernosovPackage request: php7-eventRequired by ReactPHP even loop (see:
https://reactphp.org/event-loop/\#exteventloop)
Pecl package is in active development:
https://pecl.php.net/package/event
*(from redmine: issue id 9179, created on 2018-08-02, closed on 2018-08-04)*Required by ReactPHP even loop (see:
https://reactphp.org/event-loop/\#exteventloop)
Pecl package is in active development:
https://pecl.php.net/package/event
*(from redmine: issue id 9179, created on 2018-08-02, closed on 2018-08-04)*3.8.1https://gitlab.alpinelinux.org/alpine/aports/-/issues/9175[3.8] py-django: Open redirect possibility in CommonMiddleware (CVE-2018-14574)2019-07-23T11:24:35ZAlicha CH[3.8] py-django: Open redirect possibility in CommonMiddleware (CVE-2018-14574)If the django.middleware.common.CommonMiddleware and the APPEND\_SLASH
setting are both enabled, and if the project
has a URL pattern that accepts any path ending in a slash (many content
management systems have such a pattern), then a...If the django.middleware.common.CommonMiddleware and the APPEND\_SLASH
setting are both enabled, and if the project
has a URL pattern that accepts any path ending in a slash (many content
management systems have such a pattern), then a request to
a maliciously crafted URL of that site could lead to a redirect to
another site, enabling phishing and other attacks.
### Fixed In Version:
Django 1.11.15 and Django 2.0.8
### References:
https://www.djangoproject.com/weblog/2018/aug/01/security-releases/
http://openwall.com/lists/oss-security/2018/08/01/2
### Patch:
https://github.com/django/django/commit/d6eaee092709aad477a9894598496c6deec532ff
*(from redmine: issue id 9175, created on 2018-08-02, closed on 2018-08-07)*
* Relations:
* copied_to #9173
* parent #9173
* Changesets:
* Revision 9b6522ff7ff9949b963b57f581828aaa2c6ca441 by Natanael Copa on 2018-08-06T15:21:34Z:
```
main/py-django: security upgrade to 1.11.15 (CVE-2018-14574)
fixes #9175
```3.8.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9168[3.8] clamav: Multiple vulnerabilities (CVE-2018-0360, CVE-2018-0361)2019-07-23T11:24:41ZAlicha CH[3.8] clamav: Multiple vulnerabilities (CVE-2018-0360, CVE-2018-0361)**CVE-2018-0360**: ClamAV before 0.100.1 has an HWP integer overflow
with a resultant infinite loop via
a crafted Hangul Word Processor file. This is in parsehwp3\_paragraph()
in libclamav/hwp.c.
### References:
https://blog.clamav.n...**CVE-2018-0360**: ClamAV before 0.100.1 has an HWP integer overflow
with a resultant infinite loop via
a crafted Hangul Word Processor file. This is in parsehwp3\_paragraph()
in libclamav/hwp.c.
### References:
https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html
https://nvd.nist.gov/vuln/detail/CVE-2018-0360
**CVE-2018-0361**: ClamAV before 0.100.1 lacks a PDF object length
check, resulting in
an unreasonably long time to parse a relatively small file.
### References:
https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html
https://nvd.nist.gov/vuln/detail/CVE-2018-0361
*(from redmine: issue id 9168, created on 2018-07-31, closed on 2018-08-22)*
* Relations:
* copied_to #9167
* parent #9167
* Changesets:
* Revision 90552e261c77a65b5d25b9f935af4236ea1e08c1 on 2018-08-13T19:10:10Z:
```
main/clamav: upgrade to 0.100.1 (CVE-2017-16932,CVE-2018-0360,CVE-2018-0361)
fixes #9168
```3.8.1Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9163[3.8] tiff: Multiple vulnerabilities (CVE-2017-9935, CVE-2017-11613, CVE-2018...2019-07-23T11:24:45ZAlicha CH[3.8] tiff: Multiple vulnerabilities (CVE-2017-9935, CVE-2017-11613, CVE-2018-10963)**CVE-2017-9935**: In LibTIFF 4.0.8, there is a heap-based buffer
overflow in the t2p\_write\_pdf function in tools/tiff2pdf.c. This heap
overflow
could lead to different damages. For example, a crafted TIFF document
can lead to an out...**CVE-2017-9935**: In LibTIFF 4.0.8, there is a heap-based buffer
overflow in the t2p\_write\_pdf function in tools/tiff2pdf.c. This heap
overflow
could lead to different damages. For example, a crafted TIFF document
can lead to an out-of-bounds read in TIFFCleanup, an invalid free in
TIFFClose or t2p\_free, memory corruption in t2p\_readwrite\_pdf\_image,
or a double free in t2p\_free.
Given these possibilities, it probably could cause arbitrary code
execution.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-9935
http://bugzilla.maptools.org/show\_bug.cgi?id=2704
**CVE-2017-11613**: In LibTIFF 4.0.8, there is a denial of service
vulnerability in the TIFFOpen function. A crafted input will lead to a
denial of
service attack. During the TIFFOpen process, td\_imagelength is not
checked. The value of td\_imagelength can be directly controlled by an
input file.
In the ChopUpSingleUncompressedStrip function, the \_TIFFCheckMalloc
function is called based on td\_imagelength. If we set the value of
td\_imagelength close to the amount of system memory, it will hang the
system or trigger the OOM killer.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-11613
**CVE-2018-10963**: A flaw was found in LibTIFF through 4.0.9.
TIFFWriteDirectorySec() function in tif\_dirwrite.c allows remote
attackers
to cause a denial of service (assertion failure and application crash)
via a crafted file.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-10963
### Patch:
https://gitlab.com/libtiff/libtiff/commit/de144fd228e4be8aa484c3caf3d814b6fa88c6d9
*(from redmine: issue id 9163, created on 2018-07-31, closed on 2018-08-02)*
* Relations:
* copied_to #9162
* parent #9162
* Changesets:
* Revision 6659caf6913d6dd6651a2f723184dbca1d72f499 by Natanael Copa on 2018-08-01T12:06:26Z:
```
main/tiff: various security fixes
- CVE-2017-9935
- CVE-2017-11613
- CVE-2017-17095
- CVE-2018-10963
fixes #8240
fixes #9163
```3.8.1https://gitlab.alpinelinux.org/alpine/aports/-/issues/9159[3.8] wireshark: Multiple vulnerabilities (CVE-2018-14339, CVE-2018-14340, CV...2019-07-23T11:24:48ZAlicha CH[3.8] wireshark: Multiple vulnerabilities (CVE-2018-14339, CVE-2018-14340, CVE-2018-14341, CVE-2018-14342, CVE-2018-14343, CVE-2018-14344, CVE-2018-14367, CVE-2018-14368, CVE-2018-14369, CVE-2018-14370)**CVE-2018-14339**: MMSE dissector infinite loop
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-38.html
**CVE-...**CVE-2018-14339**: MMSE dissector infinite loop
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-38.html
**CVE-2018-14340**: Multiple dissectors could crash
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-36.html
**CVE-2018-14341**: DICOM dissector large loop
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-39.html
**CVE-2018-14342**: BGP dissector large loop
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-34.html
**CVE-2018-14343**: ASN.1 BER and related dissectors crash.
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-37.html
**CVE-2018-14344**: ISMP dissector crash.
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-35.html
**CVE-2018-14367**: CoAP dissector crash
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7
Fixed versions: 2.6.2, 2.4.8
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-42.html
**CVE-2018-14368**: Bazaar dissector infinite loop
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-40.html
**CVE-2018-14369**: HTTP2 dissector crash
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-41.html
**CVE-2018-14370**: IEEE 802.11 dissector crash
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7
Fixed versions: 2.6.2, 2.4.8
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-43.html
*(from redmine: issue id 9159, created on 2018-07-30, closed on 2018-07-31)*
* Relations:
* copied_to #9157
* parent #9157
* Changesets:
* Revision e7881754327e3e28822148252165ca22085a230d by Natanael Copa on 2018-07-30T13:22:57Z:
```
community/wireshark: upgrade to 2.4.8
CVE-2018-14339, CVE-2018-14340, CVE-2018-14341, CVE-2018-14342,
CVE-2018-14343, CVE-2018-14344, CVE-2018-14367, CVE-2018-14368,
CVE-2018-14369, CVE-2018-14370
fixes #9159
```
* Revision de7f79ec7d1faf81ba538ae2ea1262eeaee24972 by Natanael Copa on 2019-02-06T13:35:45Z:
```
community/wireshark: upgrade to 2.4.8
CVE-2018-14339, CVE-2018-14340, CVE-2018-14341, CVE-2018-14342,
CVE-2018-14343, CVE-2018-14344, CVE-2018-14367, CVE-2018-14368,
CVE-2018-14369, CVE-2018-14370
fixes #9159
```3.8.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9152[3.8] fuse: bypass of the "user_allow_other" restriction when SELinux is acti...2019-07-23T11:24:57ZAlicha CH[3.8] fuse: bypass of the "user_allow_other" restriction when SELinux is active (CVE-2018-10906)In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is
vulnerable to a restriction bypass when SELinux is active. This allows
non-root users to mount a FUSE file system with the ‘allow\_other’
mount
option regardless of ...In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is
vulnerable to a restriction bypass when SELinux is active. This allows
non-root users to mount a FUSE file system with the ‘allow\_other’
mount
option regardless of whether ‘user\_allow\_other’ is set in the fuse
configuration. An attacker may use this flaw to mount a FUSE file
system,
accessible by other users, and trick them into accessing files on that
file
system, possibly causing Denial of Service or other unspecified effects.
### References:
http://openwall.com/lists/oss-security/2018/07/24/1
https://nvd.nist.gov/vuln/detail/CVE-2018-10906
### Patches:
https://github.com/libfuse/libfuse/commit/28bdae3d113ef479c1660a581ef720cdc33bf466
https://github.com/libfuse/libfuse/commit/5018a0c016495155ee598b7e0167b43d5d902414
*(from redmine: issue id 9152, created on 2018-07-30, closed on 2018-07-31)*
* Relations:
* copied_to #9150
* parent #9150
* Changesets:
* Revision fb1ef7588af0704b74a1019ce20c179660197278 by Natanael Copa on 2018-07-30T16:20:35Z:
```
main/fuse: security upgrade to 2.9.8 (CVE-2018-10906)
fixes #9152
```3.8.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9141[3.8] libvorbis: heap buffer overflow in mapping0_forward function (CVE-2018-...2019-07-23T11:25:06ZAlicha CH[3.8] libvorbis: heap buffer overflow in mapping0_forward function (CVE-2018-10392)A flaw was found in libvorbis 1.3.6. The mapping0\_forward function in
mapping0.c file in Xiph.Org does not validate the number of channels,
which allows remote attackers to cause a denial of service (heap-based
buffer overflow or over...A flaw was found in libvorbis 1.3.6. The mapping0\_forward function in
mapping0.c file in Xiph.Org does not validate the number of channels,
which allows remote attackers to cause a denial of service (heap-based
buffer overflow or over-read) via a crafted file.
### References:
https://gitlab.xiph.org/xiph/vorbis/issues/2335
https://nvd.nist.gov/vuln/detail/CVE-2018-10392
### Patch:
https://gitlab.xiph.org/xiph/vorbis/commit/112d3bd0aaacad51305e1464d4b381dabad0e88b
*(from redmine: issue id 9141, created on 2018-07-27, closed on 2018-07-30)*
* Relations:
* copied_to #9139
* parent #9139
* Changesets:
* Revision 5983135b6f8ff43b5717897e8b6b8a3bd376543d by Natanael Copa on 2018-07-30T08:05:56Z:
```
main/libvorbis: security fix for CVE-2018-10392
fixes #9141
```
* Revision 1d4e07ef727bce9bd28bc73d39003c412bfcefb9 by Natanael Copa on 2018-07-30T08:22:14Z:
```
main/libvorbis: security fix for CVE-2018-10392
fixes #9141
```3.8.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9129[3.8] mutt: Multiple vulnerabilities (CVE-2018-14349, CVE-2018-14350, CVE-201...2019-07-23T11:25:14ZAlicha CH[3.8] mutt: Multiple vulnerabilities (CVE-2018-14349, CVE-2018-14350, CVE-2018-14351, CVE-2018-14352, CVE-2018-14353, CVE-2018-14354, CVE-2018-14355, CVE-2018-14356, CVE-2018-14357, CVE-2018-14358, CVE-2018-14359, CVE-2018-14362)CVE-2018-14349: Heap Overflow in imap/command.c
-----------------------------------------------
### Fixed In Version:
mutt 1.10.1
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-14349
### Patches:
https://gitlab.com/muttm...CVE-2018-14349: Heap Overflow in imap/command.c
-----------------------------------------------
### Fixed In Version:
mutt 1.10.1
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-14349
### Patches:
https://gitlab.com/muttmua/mutt/commit/9347b5c01dc52682cb6be11539d9b7ebceae4416
CVE-2018-14350: stack-based buffer overflow in imap/message.c
-------------------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-14349
### Patch:
https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870
CVE-2018-14351: IMAP status mailbox literal mishandled in imap/command.c
------------------------------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### References:
http://www.mutt.org/news.html
https://nvd.nist.gov/vuln/detail/CVE-2018-14351
### Patch:
https://gitlab.com/muttmua/mutt/commit/e57a8602b45f58edf7b3ffb61bb17525d75dfcb1
CVE-2018-14352: stack-based buffer overflow in imap/util.c
----------------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14352
### Patch:
https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d
CVE-2018-14353: integer underflow in imap/util.c
------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### References:
http://www.mutt.org/news.html
https://nvd.nist.gov/vuln/detail/CVE-2018-14353
### Patch:
https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d
CVE-2018-14354: Remote code injection vulnerability to an IMAP mailbox
----------------------------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14354
### Patch:
https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d
CVE-2018-14355: IMAP header caching path traversal vulnerability
----------------------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14355
### Patch:
https://gitlab.com/muttmua/mutt/commit/31eef6c766f47df8281942d19f76e35f475c781d
CVE-2018-14356: mishandles a zero-length UID in pop.c
-----------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14356
### Patch:
https://gitlab.com/muttmua/mutt/commit/e154cba1b3fc52bb8cb8aa846353c0db79b5d9c6
CVE-2018-14357: Remote Code Execution via backquote characters
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14357
### Patch:
https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d
CVE-2018-14358: stack-based buffer overflow in imap/message.c
-------------------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14358
### Patch:
https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870
CVE-2018-14359: buffer overflow via base64 data
-----------------------------------------------
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14359
### Patch:
https://gitlab.com/muttmua/mutt/commit/3d9028fec8f4d08db2251096307c0bbbebce669a
CVE-2018-14362: POP body caching path traversal vulnerability
-------------------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14362
### Patch:
https://gitlab.com/muttmua/mutt/commit/6aed28b40a0410ec47d40c8c7296d8d10bae7576
*(from redmine: issue id 9129, created on 2018-07-24, closed on 2018-07-27)*
* Relations:
* copied_to #9127
* parent #9127
* Changesets:
* Revision 0d3886cdea880fe65aff164040ab54f9e2d5ee93 by Natanael Copa on 2018-07-24T15:29:08Z:
```
main/mutt: security upgrade to 1.10.1
CVE-2018-14349, CVE-2018-14350, CVE-2018-14351, CVE-2018-14352,
CVE-2018-14353, CVE-2018-14354, CVE-2018-14355, CVE-2018-14356,
CVE-2018-14357, CVE-2018-14358, CVE-2018-14359, CVE-2018-14362
fixes #9129
```3.8.1Natanael CopaNatanael Copa