aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2019-07-23T11:21:36Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9406[3.8] wireshark: Multiple vulnerabilities (CVE-2018-16056, CVE-2018-16057, CV...2019-07-23T11:21:36ZAlicha CH[3.8] wireshark: Multiple vulnerabilities (CVE-2018-16056, CVE-2018-16057, CVE-2018-16058)CVE-2018-16056: Bluetooth Attribute Protocol dissector crash
------------------------------------------------------------
Affected versions: 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, 2.2.0 to 2.2.16
Fixed versions: 2.6.3, 2.4.9, 2.2.17
### Ref...CVE-2018-16056: Bluetooth Attribute Protocol dissector crash
------------------------------------------------------------
Affected versions: 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, 2.2.0 to 2.2.16
Fixed versions: 2.6.3, 2.4.9, 2.2.17
### References:
https://www.wireshark.org/security/wnpa-sec-2018-45.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=14994
CVE-2018-16057: Radiotap dissector crash
----------------------------------------
Affected versions: 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, 2.2.0 to 2.2.16
Fixed versions: 2.6.3, 2.4.9, 2.2.17
### References:
https://www.wireshark.org/security/wnpa-sec-2018-46.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15022
CVE-2018-16058: Bluetooth AVDTP dissector crash
-----------------------------------------------
Affected versions: 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, 2.2.0 to 2.2.16
Fixed versions: 2.6.3, 2.4.9, 2.2.17
### References:
https://www.wireshark.org/security/wnpa-sec-2018-44.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=14884
*(from redmine: issue id 9406, created on 2018-09-10, closed on 2018-09-11)*
* Relations:
* parent #9404
* Changesets:
* Revision f12f5f95624bae2596edc0fc0ce7015657cd1602 by Natanael Copa on 2018-09-10T17:34:38Z:
```
community/wireshark: security upgrade to 2.4.9
CVE-2018-16056, CVE-2018-16057, CVE-2018-16058
fixes #9406
```
* Revision c0c7198ccd06ca0b2cf7244b0be786c36fb405c2 by Natanael Copa on 2019-02-06T13:35:45Z:
```
community/wireshark: security upgrade to 2.4.9
CVE-2018-16056, CVE-2018-16057, CVE-2018-16058
fixes #9406
```3.8.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9394[3.8] curl: NTLM password overflow via integer overflow (CVE-2018-14618)2019-07-23T11:21:46ZAlicha CH[3.8] curl: NTLM password overflow via integer overflow (CVE-2018-14618)The internal function Curl\_ntlm\_core\_mk\_nt\_hash multiplies the
length of the password by two (SUM)
to figure out how large temporary storage area to allocate from the
heap. The length value is then subsequently
used to iterate o...The internal function Curl\_ntlm\_core\_mk\_nt\_hash multiplies the
length of the password by two (SUM)
to figure out how large temporary storage area to allocate from the
heap. The length value is then subsequently
used to iterate over the password and generate output into the allocated
storage buffer. On systems with a 32 bit size\_t,
the math to calculate SUM triggers an integer overflow when the password
length exceeds 2GB (2^31 bytes). This integer
overflow usually causes a very small buffer to actually get allocated
instead of the intended very huge one, making the
use of that buffer end up in a heap buffer overflow.
### Affected versions:
libcurl 7.15.4 to and including 7.61.0
### Not affected versions:
libcurl < 7.15.4 and >= 7.61.1
### References:
https://curl.haxx.se/docs/CVE-2018-14618.html
### Patch:
https://github.com/curl/curl/commit/57d299a499155d4b327e341c6024e293b0418243.patch
*(from redmine: issue id 9394, created on 2018-09-06, closed on 2018-09-20)*
* Relations:
* parent #9392
* Changesets:
* Revision 9866a098357a1e601edbcdbf94080a1ecd39858a by Natanael Copa on 2018-09-10T17:19:21Z:
```
main/curl: security upgrade to 7.61.1 (CVE-2018-14618)
fixes #9394
```3.8.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9383[3.8] ghostscript: Multiple vulnerabilities (CVE-2018-10194, CVE-2018-15908, ...2019-07-23T11:21:54ZAlicha CH[3.8] ghostscript: Multiple vulnerabilities (CVE-2018-10194, CVE-2018-15908, CVE-2018-15909, CVE-2018-15910, CVE-2018-15911)**CVE-2018-10194**: The set\_text\_distance function in
devices/vector/gdevpdts.c in the pdfwrite component in Artifex
Ghostscript
through 9.22 does not prevent overflows in text-positioning calculation,
which allows remote attackers t...**CVE-2018-10194**: The set\_text\_distance function in
devices/vector/gdevpdts.c in the pdfwrite component in Artifex
Ghostscript
through 9.22 does not prevent overflows in text-positioning calculation,
which allows remote attackers to cause a denial of service
(application crash) or possibly have unspecified other impact via a
crafted PDF document.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-10194
http://www.openwall.com/lists/oss-security/2018/04/19/5
### Patch:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=39b1e54b2968620723bf32e96764c88797714879
**CVE-2018-15908**: In Artifex Ghostscript 9.23 before 2018-08-23,
attackers are able to supply malicious
PostScript files to bypass .tempfile restrictions and write files.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-15908
### Patch:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0d3901189f245232f0161addf215d7268c4d05a3
**CVE-2018-15909**: In Artifex Ghostscript 9.23 before 2018-08-24, a
type confusion using the .shfill operator could be used by
attackers able to supply crafted PostScript files to crash the
interpreter or potentially execute code.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-15909
### Patches:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0b6cd1918e1ec4ffd087400a754a845180a4522b
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e01e77a36cbb2e0277bc3a63852244bec41be0f6
**CVE-2018-15910**: In Artifex Ghostscript 9.23 before 2018-08-23,
attackers able to supply crafted PostScript files
could use a type confusion in the LockDistillerParams parameter to crash
the interpreter or execute code.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-15910
### Patch:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c3476dde7743761a4e1d39a631716199b696b880
**CVE-2018-15911**: In Artifex Ghostscript 9.23 before 2018-08-24,
attackers able to supply crafted PostScript could use uninitialized
memory access in the aesdecode operator to crash the interpreter or
potentially execute code.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-15911
### Patch:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=8e9ce5016db968b40e4ec255a3005f2786cce45f
*(from redmine: issue id 9383, created on 2018-09-04, closed on 2018-09-20)*
* Relations:
* parent #9381
* Changesets:
* Revision 5e753b12c86f19cc249a631482ee1a4a739e45aa by Andy Postnikov on 2018-09-10T17:20:02Z:
```
main/ghostscript: security upgrade to 9.24
CVE-2018-15908, CVE-2018-15909, CVE-2018-15910, CVE-2018-15911
CVE-2018-10194
fixes #9383
(cherry picked from commit c13758613f3110e14c2e9eda818406f235d996c1)
```3.8.1https://gitlab.alpinelinux.org/alpine/aports/-/issues/9376[3.8] phpmyadmin: XSS in the import dialog (CVE-2018-15605)2019-07-23T11:22:02ZAlicha CH[3.8] phpmyadmin: XSS in the import dialog (CVE-2018-15605)A Cross-Site Scripting vulnerability was found in the file import
feature, where an attacker
can deliver a payload to a user through importing a specially-crafted
file.
### Affected Versions:
phpMyAdmin versions prior to 4.8.3
### R...A Cross-Site Scripting vulnerability was found in the file import
feature, where an attacker
can deliver a payload to a user through importing a specially-crafted
file.
### Affected Versions:
phpMyAdmin versions prior to 4.8.3
### Reference:
https://www.phpmyadmin.net/security/PMASA-2018-5/
### Patch:
https://github.com/phpmyadmin/phpmyadmin/commit/00d90b3ae415b31338f76263359467a9fbebd0a1
*(from redmine: issue id 9376, created on 2018-09-04, closed on 2018-09-11)*
* Changesets:
* Revision 370ae65e76a6714a81256d2d2841483b4759c254 by Natanael Copa on 2018-09-10T18:32:42Z:
```
community/phpmyadmin: security upgrade to 4.8.3 (CVE-2018-15605)
fixes #9376
```3.8.1https://gitlab.alpinelinux.org/alpine/aports/-/issues/9358[3.8] bind: A flaw in the "deny-answer-aliases" feature can cause an assertio...2020-01-18T00:12:52ZAlicha CH[3.8] bind: A flaw in the "deny-answer-aliases" feature can cause an assertion failure in named (CVE-2018-5740)“deny-answer-aliases” is a little-used feature intended to help
recursive server operators protect end users against DNS rebinding
attacks, a potential method of circumventing
the security model used by client browsers. However, a def...“deny-answer-aliases” is a little-used feature intended to help
recursive server operators protect end users against DNS rebinding
attacks, a potential method of circumventing
the security model used by client browsers. However, a defect in this
feature makes it easy, when the feature is in use, to experience an
assertion failure in name.c.
### Fixed In Version:
bind 9.9.13-P1, bind 9.10.8-P1, bind 9.11.4-P1, bind 9.12.2-P1, bind
9.11.3-S3
### Reference:
https://kb.isc.org/article/AA-01639/74/CVE-2018-5740
*(from redmine: issue id 9358, created on 2018-08-29, closed on 2018-09-10)*
* Relations:
* parent #9357
* Changesets:
* Revision 4ec71c5ae6c53d4cf8c9a8f89a4ea19656a56b71 by Natanael Copa on 2018-09-10T10:01:44Z:
```
main/bind: security upgrade to 9.12.2_p1 (CVE-2018-5740)
fixes #9358
```3.8.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9354[3.8] ffmpeg: Multiple vulnerabilities (CVE-2018-6912, CVE-2018-7751, CVE-201...2019-07-23T11:22:19ZAlicha CH[3.8] ffmpeg: Multiple vulnerabilities (CVE-2018-6912, CVE-2018-7751, CVE-2018-12459, CVE-2018-12460, CVE-2018-13301, CVE-2018-13303, CVE-2018-13304, CVE-2018-14394, CVE-2018-14395)**CVE-2018-7751**: The svg\_probe function in libavformat/img2dec.c in
FFmpeg through 3.4.2 allows
remote attackers to cause a denial of service (Infinite Loop) via a
crafted XML file.
### Fixed In Version:
ffmpeg 3.4.3
### Referenc...**CVE-2018-7751**: The svg\_probe function in libavformat/img2dec.c in
FFmpeg through 3.4.2 allows
remote attackers to cause a denial of service (Infinite Loop) via a
crafted XML file.
### Fixed In Version:
ffmpeg 3.4.3
### References:
https://ffmpeg.org/security.html
https://nvd.nist.gov/vuln/detail/CVE-2018-7751
**CVE-2018-14394**: ibavformat/movenc.c in FFmpeg before 4.0.2 allows
attackers to cause a denial of service
(application crash caused by a divide-by-zero error) with a user crafted
Waveform audio file.
### Fixed In Version:
ffmpeg 3.4.3
### References:
https://ffmpeg.org/security.html
https://nvd.nist.gov/vuln/detail/CVE-2018-14394
**CVE-2018-14395**: libavformat/movenc.c in FFmpeg before 4.0.2 allows
attackers to cause a denial of service (application crash
caused by a divide-by-zero error) with a user crafted audio file when
converting to the MOV audio format.
### Fixed In Version:
ffmpeg 3.4.4
References:
https://ffmpeg.org/security.html
https://nvd.nist.gov/vuln/detail/CVE-2018-14395
**CVE-2018-6912**: The decode\_plane function in libavcodec/utvideodec.c
in FFmpeg through 3.4.2 allows remote
attackers to cause a denial of service (out of array read) via a crafted
AVI file.
### Fixed In Version:
ffmpeg 4.0
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-6912
https://ffmpeg.org/security.html
**CVE-2018-12459**: An inconsistent bits-per-sample value in the
ff\_mpeg4\_decode\_picture\_header function in
libavcodec/mpeg4videodec.c in
FFmpeg 4.0 may trigger an assertion violation while converting a crafted
AVI file to MPEG4, leading to a denial of service.
### Fixed In Version:
ffmpeg 4.0.1
### References:
https://ffmpeg.org/security.html
https://nvd.nist.gov/vuln/detail/CVE-2018-12459
**CVE-2018-12460**: libavcodec in FFmpeg 4.0 may trigger a NULL pointer
dereference if the studio profile is incorrectly detected
while converting a crafted AVI file to MPEG4, leading to a denial of
service, related to idctdsp.c and mpegvideo.c.
### Fixed In Version:
ffmpeg 4.0.1
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-12460
https://ffmpeg.org/security.html
**CVE-2018-13301**: In FFmpeg 4.0.1, due to a missing check of a profile
value before setting it, the ff\_mpeg4\_decode\_picture\_header function
in
libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while
converting a crafted AVI file to MPEG4, leading to a denial of service.
### Fixed In Version:
ffmpeg 4.0.2
### References:
https://ffmpeg.org/security.html
https://nvd.nist.gov/vuln/detail/CVE-2018-13301
**CVE-2018-13303**: In FFmpeg 4.0.1, a missing check for failure of a
call to init\_get\_bits8() in the avpriv\_ac3\_parse\_header function
in
libavcodec/ac3\_parser.c may trigger a NULL pointer dereference while
converting a crafted AVI file to MPEG4, leading to a denial of service.
### Fixed In Version:
ffmpeg 4.0.2
### References:
https://ffmpeg.org/security.html
**CVE-2018-13304**: In libavcodec in FFmpeg 4.0.1, improper maintenance
of the consistency between the context profile field and studio\_profile
in libavcodec may
trigger an assertion failure while converting a crafted AVI file to
MPEG4, leading to a denial of service, related to error\_resilience.c,
h263dec.c, and mpeg4videodec.c.
### Fixed In Version:
ffmpeg 4.0.2
### References:
https://ffmpeg.org/security.html
https://nvd.nist.gov/vuln/detail/CVE-2018-13304
*(from redmine: issue id 9354, created on 2018-08-28, closed on 2018-08-29)*
* Relations:
* parent #9352
* Changesets:
* Revision 244b8239305a7fb24f4d98be5abb84bda770afe7 by Natanael Copa on 2018-08-28T15:42:23Z:
```
community/ffmpeg: security upgrade to 3.4.4
fixes #9116
fixes #9354
```3.8.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9348[3.8] dropbear: User enumeration vulnerability (CVE-2018-15599)2019-07-23T11:22:26ZAlicha CH[3.8] dropbear: User enumeration vulnerability (CVE-2018-15599)The recv\_msg\_userauth\_request function in svr-auth.c in Dropbear
through 2018.76 is prone to a user enumeration vulnerability because
username
validity affects how fields in SSH\_MSG\_USERAUTH messages are handled,
a similar issue t...The recv\_msg\_userauth\_request function in svr-auth.c in Dropbear
through 2018.76 is prone to a user enumeration vulnerability because
username
validity affects how fields in SSH\_MSG\_USERAUTH messages are handled,
a similar issue to CVE-2018-15473 in an unrelated codebase.
### References:
http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2018q3/002108.html
https://nvd.nist.gov/vuln/detail/CVE-2018-15599
### Patch:
https://secure.ucc.asn.au/hg/dropbear/rev/5d2d1021ca00
*(from redmine: issue id 9348, created on 2018-08-28, closed on 2018-11-08)*
* Relations:
* parent #9346
* Changesets:
* Revision bf98951e57e6df43f97c2b9ae518f87f16bdfad7 by Natanael Copa on 2018-09-10T10:43:40Z:
```
main/dropbear: backport security fix (CVE-2018-15599)
fixes #9348
```3.8.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9333[3.8] zutils: Heap-based buffer overflow (CVE-2018-1000637)2019-07-23T11:22:36ZAlicha CH[3.8] zutils: Heap-based buffer overflow (CVE-2018-1000637)zutils version prior to version 1.8-pre2 contains a Buffer Overflow
vulnerability in zcat that can result in Potential
denial of service or arbitrary code execution. This attack appear to be
exploitable via the victim openning a crafte...zutils version prior to version 1.8-pre2 contains a Buffer Overflow
vulnerability in zcat that can result in Potential
denial of service or arbitrary code execution. This attack appear to be
exploitable via the victim openning a crafted
compressed file. This vulnerability appears to have been fixed in
1.8-pre2.
### References:
https://lists.nongnu.org/archive/html/zutils-bug/2018-08/msg00000.html
https://nvd.nist.gov/vuln/detail/CVE-2018-1000637
http://openwall.com/lists/oss-security/2018/08/22/2
*(from redmine: issue id 9333, created on 2018-08-23, closed on 2018-08-27)*
* Relations:
* parent #9331
* Changesets:
* Revision 5a8138b4241ad267f4a7a0932650e591beaf3931 by Natanael Copa on 2018-08-23T13:01:02Z:
```
community/zutils: security fix (CVE-2018-1000637)
fixes #9333
```3.8.1Roberto OliveiraRoberto Oliveirahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9318[3.8] openssh: User enumeration via malformed packets in authentication reque...2019-07-23T11:22:47ZAlicha CH[3.8] openssh: User enumeration via malformed packets in authentication requests (CVE-2018-15473)OpenSSH through 7.7 is prone to a user enumeration vulnerability due to
not delaying bailout for
an invalid authenticating user until after the packet containing the
request has been fully parsed,
related to auth2-gss.c, auth2-hostba...OpenSSH through 7.7 is prone to a user enumeration vulnerability due to
not delaying bailout for
an invalid authenticating user until after the packet containing the
request has been fully parsed,
related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
### References:
http://www.openwall.com/lists/oss-security/2018/08/15/5
https://nvd.nist.gov/vuln/detail/CVE-2018-15473
### Patch:
https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0
*(from redmine: issue id 9318, created on 2018-08-22, closed on 2018-09-20)*
* Relations:
* parent #9316
* Changesets:
* Revision 6f341976a29e48fc6107edef77a62ff7e0614163 by Natanael Copa on 2018-08-22T09:34:26Z:
```
main/openssh: backport security fix (CVE-2018-15473)
fixes #9318
```3.8.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9287[3.8] unzip: Heap-based buffer overflow in password protected ZIP archives (C...2019-07-23T11:23:11ZAlicha CH[3.8] unzip: Heap-based buffer overflow in password protected ZIP archives (CVE-2018-1000035)A heap-based buffer overflow exists in Info-Zip UnZip version &lt;= 6.00
in the processing of password-protected
archives that allows an attacker to perform a denial of service or to
possibly achieve code execution.
### References:
h...A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00
in the processing of password-protected
archives that allows an attacker to perform a denial of service or to
possibly achieve code execution.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-1000035
https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html
*(from redmine: issue id 9287, created on 2018-08-20, closed on 2018-08-22)*
* Relations:
* copied_to #9286
* parent #9286
* Changesets:
* Revision c15201030ffd0c922075b586e73f318ca8d6857c by Natanael Copa on 2018-08-22T08:23:46Z:
```
main/unzip: fix various CVEs
- CVE-2014-8139
- CVE-2014-8140
- CVE-2014-8141
- CVE-2014-9636
- CVE-2014-9913
- CVE-2016-9844
- CVE-2018-1000035
fixes #9287
```3.8.1Timo TeräsTimo Teräshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9282[3.8] ncurses: NULL Pointer Dereference in _nc_parse_entry function in tinfo/...2019-07-23T11:23:15ZAlicha CH[3.8] ncurses: NULL Pointer Dereference in _nc_parse_entry function in tinfo/parse_entry.c. (CVE-2018-10754)A flaw was found in ncurses before 6.1.20180414, there is a NULL Pointer
Dereference in the \_nc\_parse\_entry function of tinfo/parse\_entry.c.
It could lead to
a remote denial of service if the terminfo library code is used to
proces...A flaw was found in ncurses before 6.1.20180414, there is a NULL Pointer
Dereference in the \_nc\_parse\_entry function of tinfo/parse\_entry.c.
It could lead to
a remote denial of service if the terminfo library code is used to
process untrusted terminfo data in which a use-name is invalid syntax.
### Fixed In Version:
ncurses 6.1.20180414
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-10754
*(from redmine: issue id 9282, created on 2018-08-20, closed on 2018-08-22)*
* Relations:
* copied_to #9281
* parent #9281
* Changesets:
* Revision b01bcbc9705e0ad4e6778c0a34ed376300577bbc by Natanael Copa on 2018-08-21T13:47:01Z:
```
main/ncurses: upgrade to 6.1_p20180818
fixes #9282
```3.8.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9264[3.8] apache2: Multiple vulnerabilities (CVE-2018-1333, CVE-2018-8011)2019-07-23T11:23:29ZAlicha CH[3.8] apache2: Multiple vulnerabilities (CVE-2018-1333, CVE-2018-8011)CVE-2018-1333: DoS for HTTP/2 connections by crafted requests
-------------------------------------------------------------
By specially crafting HTTP/2 requests, workers would be allocated 60
seconds longer than necessary,
leading to...CVE-2018-1333: DoS for HTTP/2 connections by crafted requests
-------------------------------------------------------------
By specially crafting HTTP/2 requests, workers would be allocated 60
seconds longer than necessary,
leading to worker exhaustion and a denial of service.
### Fixed In Version:
Apache HTTP Server 2.4.34
### References:
https://httpd.apache.org/security/vulnerabilities\_24.html\#CVE-2018-1333
http://www.openwall.com/lists/oss-security/2018/07/18/1
CVE-2018-8011: mod\_md, DoS via Coredumps on specially crafted requests
-----------------------------------------------------------------------
By specially crafting HTTP requests, the mod\_md challenge handler would
dereference a NULL pointer
and cause the child process to segfault. This could be used to DoS the
server.
### Fixed In Version:
Apache HTTP Server 2.4.34
### Reference:
https://httpd.apache.org/security/vulnerabilities\_24.html\#CVE-2018-8011
http://www.openwall.com/lists/oss-security/2018/07/18/2
*(from redmine: issue id 9264, created on 2018-08-17, closed on 2018-08-20)*
* Relations:
* copied_to #9263
* parent #9263
* Changesets:
* Revision d0eedffbc4ca5e5e276ca4fa37659b64ed0284af by Andy Postnikov on 2018-08-20T10:35:41Z:
```
main/apache2: security upgrade to 2.4.34
fixes #9264
```3.8.1Kaarle RitvanenKaarle Ritvanenhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9256[3.8] ldb: Denial of Service Attack on DNS and LDAP server (CVE-2018-1140)2019-07-23T11:23:33ZAlicha CH[3.8] ldb: Denial of Service Attack on DNS and LDAP server (CVE-2018-1140)Missing input sanitization checks on some of the input parameters to
LDB database layer cause the LDAP server and DNS server to crash when
following a NULL pointer.
### Fixed In Version:
ldb 1.4.1, ldb 1.3.5
### References:
https...Missing input sanitization checks on some of the input parameters to
LDB database layer cause the LDAP server and DNS server to crash when
following a NULL pointer.
### Fixed In Version:
ldb 1.4.1, ldb 1.3.5
### References:
https://www.samba.org/samba/security/CVE-2018-1140.html
https://www.samba.org/samba/history/security.html
*(from redmine: issue id 9256, created on 2018-08-16, closed on 2018-08-23)*
* Relations:
* copied_to #9254
* parent #9254
* Changesets:
* Revision 92f3d2b28a5940acc5db51e3889b698e7146e812 on 2018-08-22T06:43:48Z:
```
main/ldb: security upgrade to 1.3.5 (CVE-2018-1140)
Fixes #9256
```3.8.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9250[3.8] samba: Multiple vulnerabilities (CVE-2018-10858, CVE-2018-10918, CVE-20...2019-07-23T11:23:40ZAlicha CH[3.8] samba: Multiple vulnerabilities (CVE-2018-10858, CVE-2018-10918, CVE-2018-10919, CVE-2018-1139, CVE-2018-1140)CVE-2018-10858: Insufficient input validation on client directory listing in libsmbclient.
------------------------------------------------------------------------------------------
Samba releases 3.2.0 to 4.8.3 (inclusive) contain an e...CVE-2018-10858: Insufficient input validation on client directory listing in libsmbclient.
------------------------------------------------------------------------------------------
Samba releases 3.2.0 to 4.8.3 (inclusive) contain an error in
libsmbclient that could allow a malicious server
to overwrite client heap memory by returning an extra long filename in a
directory listing.
### Fixed In Version:
samba 4.6.16, samba 4.7.9, samba 4.8.4
### References:
https://www.samba.org/samba/security/CVE-2018-10858.html
https://www.samba.org/samba/history/security.html
CVE-2018-10918: Denial of Service Attack on AD DC DRSUAPI server
----------------------------------------------------------------
All versions of Samba from 4.7.0 onwards are vulnerable to a denial of
service attack which can crash the “samba” process when Samba is an
Active Directory Domain Controller.
### Fixed In Version:
samba 4.7.9, samba 4.8.4
### References:
https://www.samba.org/samba/security/CVE-2018-10918.html
https://www.samba.org/samba/history/security.html
CVE-2018-10919: Confidential attribute disclosure via substring search
----------------------------------------------------------------------
All versions of the Samba Active Directory LDAP server from 4.0.0
onwards are vulnerable to the disclosure of confidential attribute
values, both of attributes where the schema SEARCH\_FLAG\_CONFIDENTIAL
(0x80) searchFlags bit and where an explicit Access Control Entry has
been specified on the ntSecurityDescriptor.
### Fixed In Version:
samba 4.6.16, samba 4.7.9, samba 4.8.4
### References:
https://www.samba.org/samba/security/CVE-2018-10919.html
https://www.samba.org/samba/history/security.html
CVE-2018-1139: Weak authentication protocol regression
------------------------------------------------------
Samba releases 4.7.0 to 4.8.3 (inclusive) contain an error which
allows authentication using NTLMv1 over an SMB1 transport (either
directory or via NETLOGON SamLogon calls from a member server), even
when NTLMv1 is explicitly disabled on the server.
Normally, the use of NTLMv1 is disabled by default in favor of NTLMv2.
This has been the default since Samba 4.5. A code restructuring in the
NTLM authentication implementation of Samba in 4.7.0 caused this
regression to occur.
### Fixed In Version:
samba 4.7.9, samba 4.8.4
### References:
https://www.samba.org/samba/security/CVE-2018-1139.html
https://www.samba.org/samba/history/security.html
CVE-2018-1140: Denial of Service Attack on DNS and LDAP server
--------------------------------------------------------------
All versions of Samba from 4.8.0 onwards are vulnerable to a denial of
service attack when Samba is an Active Directory Domain Controller.
### Fixed In Version:
samba 4.8.4
### References:
https://bugzilla.redhat.com/show\_bug.cgi?id=%20CVE-2018-1140
https://www.samba.org/samba/history/security.html
*(from redmine: issue id 9250, created on 2018-08-16, closed on 2018-08-23)*
* Relations:
* copied_to #9248
* parent #9248
* Changesets:
* Revision 53e46bd2838462d43bb89139a98f91afc31b6a08 on 2018-08-22T07:40:08Z:
```
main/samba: security upgrade to 4.8.4
CVE-2018-10858, CVE-2018-10918, CVE-2018-10919, CVE-2018-1139, CVE-2018-1140
Fixes #9250
```3.8.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9239[3.8] mbedtls: Multiple vulnerabilities (CVE-2018-0497, CVE-2018-0498)2019-07-23T11:23:47ZAlicha CH[3.8] mbedtls: Multiple vulnerabilities (CVE-2018-0497, CVE-2018-0498)**CVE-2018-0497**: Remote plaintext recovery on use of CBC based
ciphersuites through
a timing side-channel.
### Affected Versions:
All versions of Mbed TLS from version 1.2 upwards, including all 2.1,
2.7 and later releases.
### Fi...**CVE-2018-0497**: Remote plaintext recovery on use of CBC based
ciphersuites through
a timing side-channel.
### Affected Versions:
All versions of Mbed TLS from version 1.2 upwards, including all 2.1,
2.7 and later releases.
### Fixed In Version:
Mbed TLS, including 2.12.0, 2.7.5 or 2.1.14 or later.
### References:
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02
**CVE-2018-0498**: When using a CBC based ciphersuite, an attacker with
the ability to execute arbitrary code on
the machine under attack can partially recover the plaintext by use of
cache based side-channels.
### Affected Versions:
All versions of Mbed TLS from version 1.2 upwards, including all 2.1,
2.7 and later releases.
### Fixed In Version:
Mbed TLS, including 2.12.0, 2.7.5 or 2.1.14 or later.
### References:
https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-02
*(from redmine: issue id 9239, created on 2018-08-13, closed on 2018-08-14)*
* Changesets:
* Revision 1c0e971a526aed30795ed65912b72f65dfbf9dd2 by Natanael Copa on 2018-08-13T17:41:22Z:
```
community/mbedtls: security upgrade to 2.7.5 (CVE-2018-0497,CVE-2018-0498)
fixes #9239
```3.8.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9226[3.8] libmspack: Multiple vulnerabilities (CVE-2018-14679, CVE-2018-14680, CV...2019-07-23T11:23:56ZAlicha CH[3.8] libmspack: Multiple vulnerabilities (CVE-2018-14679, CVE-2018-14680, CVE-2018-14681, CVE-2018-14682)**CVE-2018-14679**: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha.
There is an off-by-one error in the CHM PMGI/PMGL chunk number validity
checks, which could lead
to denial of service (uninitialized data dere...**CVE-2018-14679**: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha.
There is an off-by-one error in the CHM PMGI/PMGL chunk number validity
checks, which could lead
to denial of service (uninitialized data dereference and application
crash).
### Fixed In Version:
libmspack 0.7alpha
### References:
http://www.openwall.com/lists/oss-security/2018/07/26/1
https://nvd.nist.gov/vuln/detail/CVE-2018-14679
### Patch:
https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a
**CVE-2018-14680**: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha.
It does not reject blank CHM filenames.
### Fixed In Version:
libmspack 0.7alpha
### References:
http://openwall.com/lists/oss-security/2018/07/28/1
### Patch:
https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a
**CVE-2018-14681**: An issue was discovered in kwajd\_read\_headers in
mspack/kwajd.c in libmspack before 0.7alpha.
A maliciously crafted KWAJ file header extensions could cause a one or
two byte overwrite.
### Fixed In Version:
libmspack 0.7alpha
### References:
http://www.openwall.com/lists/oss-security/2018/07/26/1
https://nvd.nist.gov/vuln/detail/CVE-2018-14681
### Patch:
https://github.com/kyz/libmspack/commit/0b0ef9344255ff5acfac6b7af09198ac9c9756c8
**CVE-2018-14682**: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha. There is an
off-by-one error in the TOLOWER() macro for CHM decompression.
### Fixed In Version:
libmspack 0.7alpha
### References:
http://openwall.com/lists/oss-security/2018/07/28/1
https://nvd.nist.gov/vuln/detail/CVE-2018-14682
### Patch:
https://github.com/kyz/libmspack/commit/4fd9ccaa54e1aebde1e4b95fb0163b699fd7bcc8
*(from redmine: issue id 9226, created on 2018-08-10, closed on 2018-08-23)*
* Relations:
* parent #9224
* Changesets:
* Revision 3e3519a996d44c6d478d4e1d47cc6360a93da3c3 by Natanael Copa on 2018-08-22T13:29:36Z:
```
main/libmspack: security upgrade to 0.7.1alpha
fixes #9226
```3.8.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9220[3.8] wpa_supplicant: Unauthenticated EAPOL-Key decryption in wpa_supplicant ...2019-07-23T11:24:01ZAlicha CH[3.8] wpa_supplicant: Unauthenticated EAPOL-Key decryption in wpa_supplicant (CVE-2018-14526)An issue was discovered in rsn\_supp/wpa.c in wpa\_supplicant 2.0
through 2.6. Under certain conditions,
the integrity of EAPOL-Key messages is not checked, leading to a
decryption oracle. An attacker within
range of the Access Point...An issue was discovered in rsn\_supp/wpa.c in wpa\_supplicant 2.0
through 2.6. Under certain conditions,
the integrity of EAPOL-Key messages is not checked, leading to a
decryption oracle. An attacker within
range of the Access Point and client can abuse the vulnerability to
recover sensitive information.
### References:
https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt
http://openwall.com/lists/oss-security/2018/08/08/3
https://nvd.nist.gov/vuln/detail/CVE-2018-14526
*(from redmine: issue id 9220, created on 2018-08-10, closed on 2018-08-22)*
* Relations:
* copied_to #9218
* parent #9218
* Changesets:
* Revision 8928cb52eb5ad36d034ec67858bfffaf12b6c6eb by Natanael Copa on 2018-08-21T13:57:31Z:
```
main/wpa_supplicant: security fix (CVE-2018-14526)
fixes #9220
```3.8.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9200[3.8] myrepos: missing URL sanitization (CVE-2018-7032)2019-07-23T11:24:16ZAlicha CH[3.8] myrepos: missing URL sanitization (CVE-2018-7032)webcheckout in myrepos through 1.20171231 does not sanitize URLs that
are passed to git clone, allowing a malicious website operator or a
MitM
attacker to take advantage of it for arbitrary code execution, as
demonstrated by an “ext::s...webcheckout in myrepos through 1.20171231 does not sanitize URLs that
are passed to git clone, allowing a malicious website operator or a
MitM
attacker to take advantage of it for arbitrary code execution, as
demonstrated by an “ext::sh -c” attack or an option injection attack.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-7032
### Patch:
http://source.myrepos.branchable.com/?p=source.git;a=commitdiff;h=40a3df21c73f1bb1b6915cc6fa503f50814664c8
*(from redmine: issue id 9200, created on 2018-08-07, closed on 2018-08-23)*
* Relations:
* copied_to #9199
* parent #9199
* Changesets:
* Revision b690195cd82f9c8dba79495689e7d1d4a7bfc873 by Fabian Affolter on 2018-08-22T09:47:43Z:
```
main/myrepos: upgrade to 1.20180726
fixes #9200
(cherry picked from commit 593b926a0233cbb19a47882bd2c22346cb7a5530)
```3.8.1https://gitlab.alpinelinux.org/alpine/aports/-/issues/9182[3.8] kamailio: Security vulnerability in Kamailio core related to To header ...2019-07-23T11:24:28ZAlicha CH[3.8] kamailio: Security vulnerability in Kamailio core related to To header processing (CVE-2018-14767)In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message
with a double “To” header and an empty “To” tag causes
a segmentation fault and crash. The reason is missing input validation
in the “build\_res\_buf\_from\_sip\_re...In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message
with a double “To” header and an empty “To” tag causes
a segmentation fault and crash. The reason is missing input validation
in the “build\_res\_buf\_from\_sip\_req” core function.
This could result in denial of service and potentially the execution of
arbitrary code.
### References:
https://skalatan.de/blog/advisory-hw-2018-05
https://nvd.nist.gov/vuln/detail/CVE-2018-14767
*(from redmine: issue id 9182, created on 2018-08-02, closed on 2018-09-20)*
* Relations:
* copied_to #9180
* parent #91803.8.1Nathan AngelacosNathan Angelacoshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9175[3.8] py-django: Open redirect possibility in CommonMiddleware (CVE-2018-14574)2019-07-23T11:24:35ZAlicha CH[3.8] py-django: Open redirect possibility in CommonMiddleware (CVE-2018-14574)If the django.middleware.common.CommonMiddleware and the APPEND\_SLASH
setting are both enabled, and if the project
has a URL pattern that accepts any path ending in a slash (many content
management systems have such a pattern), then a...If the django.middleware.common.CommonMiddleware and the APPEND\_SLASH
setting are both enabled, and if the project
has a URL pattern that accepts any path ending in a slash (many content
management systems have such a pattern), then a request to
a maliciously crafted URL of that site could lead to a redirect to
another site, enabling phishing and other attacks.
### Fixed In Version:
Django 1.11.15 and Django 2.0.8
### References:
https://www.djangoproject.com/weblog/2018/aug/01/security-releases/
http://openwall.com/lists/oss-security/2018/08/01/2
### Patch:
https://github.com/django/django/commit/d6eaee092709aad477a9894598496c6deec532ff
*(from redmine: issue id 9175, created on 2018-08-02, closed on 2018-08-07)*
* Relations:
* copied_to #9173
* parent #9173
* Changesets:
* Revision 9b6522ff7ff9949b963b57f581828aaa2c6ca441 by Natanael Copa on 2018-08-06T15:21:34Z:
```
main/py-django: security upgrade to 1.11.15 (CVE-2018-14574)
fixes #9175
```3.8.1Natanael CopaNatanael Copa