aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2019-07-23T11:25:15Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9128[3.9] mutt: Multiple vulnerabilities (CVE-2018-14349, CVE-2018-14350, CVE-201...2019-07-23T11:25:15ZAlicha CH[3.9] mutt: Multiple vulnerabilities (CVE-2018-14349, CVE-2018-14350, CVE-2018-14351, CVE-2018-14352, CVE-2018-14353, CVE-2018-14354, CVE-2018-14355, CVE-2018-14356, CVE-2018-14357, CVE-2018-14358, CVE-2018-14359, CVE-2018-14362)CVE-2018-14349: Heap Overflow in imap/command.c
-----------------------------------------------
### Fixed In Version:
mutt 1.10.1
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-14349
### Patches:
https://gitlab.com/muttm...CVE-2018-14349: Heap Overflow in imap/command.c
-----------------------------------------------
### Fixed In Version:
mutt 1.10.1
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-14349
### Patches:
https://gitlab.com/muttmua/mutt/commit/9347b5c01dc52682cb6be11539d9b7ebceae4416
CVE-2018-14350: stack-based buffer overflow in imap/message.c
-------------------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-14349
### Patch:
https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870
CVE-2018-14351: IMAP status mailbox literal mishandled in imap/command.c
------------------------------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### References:
http://www.mutt.org/news.html
https://nvd.nist.gov/vuln/detail/CVE-2018-14351
### Patch:
https://gitlab.com/muttmua/mutt/commit/e57a8602b45f58edf7b3ffb61bb17525d75dfcb1
CVE-2018-14352: stack-based buffer overflow in imap/util.c
----------------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14352
### Patch:
https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d
CVE-2018-14353: integer underflow in imap/util.c
------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### References:
http://www.mutt.org/news.html
https://nvd.nist.gov/vuln/detail/CVE-2018-14353
### Patch:
https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d
CVE-2018-14354: Remote code injection vulnerability to an IMAP mailbox
----------------------------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14354
### Patch:
https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d
CVE-2018-14355: IMAP header caching path traversal vulnerability
----------------------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14355
### Patch:
https://gitlab.com/muttmua/mutt/commit/31eef6c766f47df8281942d19f76e35f475c781d
CVE-2018-14356: mishandles a zero-length UID in pop.c
-----------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14356
### Patch:
https://gitlab.com/muttmua/mutt/commit/e154cba1b3fc52bb8cb8aa846353c0db79b5d9c6
CVE-2018-14357: Remote Code Execution via backquote characters
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14357
### Patch:
https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d
CVE-2018-14358: stack-based buffer overflow in imap/message.c
-------------------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14358
### Patch:
https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870
CVE-2018-14359: buffer overflow via base64 data
-----------------------------------------------
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14359
### Patch:
https://gitlab.com/muttmua/mutt/commit/3d9028fec8f4d08db2251096307c0bbbebce669a
CVE-2018-14362: POP body caching path traversal vulnerability
-------------------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14362
### Patch:
https://gitlab.com/muttmua/mutt/commit/6aed28b40a0410ec47d40c8c7296d8d10bae7576
*(from redmine: issue id 9128, created on 2018-07-24, closed on 2018-07-27)*
* Relations:
* copied_to #9127
* parent #9127
* Changesets:
* Revision ed115862c323b563d378a0ca48ef4f6e7cf55388 by Natanael Copa on 2018-07-24T15:23:25Z:
```
main/mutt: security upgrade to 1.10.1
CVE-2018-14349, CVE-2018-14350, CVE-2018-14351, CVE-2018-14352,
CVE-2018-14353, CVE-2018-14354, CVE-2018-14355, CVE-2018-14356,
CVE-2018-14357, CVE-2018-14358, CVE-2018-14359, CVE-2018-14362
fixes #9128
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9140[3.9] libvorbis: heap buffer overflow in mapping0_forward function (CVE-2018-...2019-07-23T11:25:07ZAlicha CH[3.9] libvorbis: heap buffer overflow in mapping0_forward function (CVE-2018-10392)A flaw was found in libvorbis 1.3.6. The mapping0\_forward function in
mapping0.c file in Xiph.Org does not validate the number of channels,
which allows remote attackers to cause a denial of service (heap-based
buffer overflow or over...A flaw was found in libvorbis 1.3.6. The mapping0\_forward function in
mapping0.c file in Xiph.Org does not validate the number of channels,
which allows remote attackers to cause a denial of service (heap-based
buffer overflow or over-read) via a crafted file.
### References:
https://gitlab.xiph.org/xiph/vorbis/issues/2335
https://nvd.nist.gov/vuln/detail/CVE-2018-10392
### Patch:
https://gitlab.xiph.org/xiph/vorbis/commit/112d3bd0aaacad51305e1464d4b381dabad0e88b
*(from redmine: issue id 9140, created on 2018-07-27, closed on 2018-07-30)*
* Relations:
* copied_to #9139
* parent #91393.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9151[3.9] fuse: bypass of the "user_allow_other" restriction when SELinux is acti...2019-07-23T11:24:57ZAlicha CH[3.9] fuse: bypass of the "user_allow_other" restriction when SELinux is active (CVE-2018-10906)In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is
vulnerable to a restriction bypass when SELinux is active. This allows
non-root users to mount a FUSE file system with the ‘allow\_other’
mount
option regardless of ...In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is
vulnerable to a restriction bypass when SELinux is active. This allows
non-root users to mount a FUSE file system with the ‘allow\_other’
mount
option regardless of whether ‘user\_allow\_other’ is set in the fuse
configuration. An attacker may use this flaw to mount a FUSE file
system,
accessible by other users, and trick them into accessing files on that
file
system, possibly causing Denial of Service or other unspecified effects.
### References:
http://openwall.com/lists/oss-security/2018/07/24/1
https://nvd.nist.gov/vuln/detail/CVE-2018-10906
### Patches:
https://github.com/libfuse/libfuse/commit/28bdae3d113ef479c1660a581ef720cdc33bf466
https://github.com/libfuse/libfuse/commit/5018a0c016495155ee598b7e0167b43d5d902414
*(from redmine: issue id 9151, created on 2018-07-30, closed on 2018-07-31)*
* Relations:
* copied_to #9150
* parent #9150
* Changesets:
* Revision cab094ae856f8729453475a6c5fff8e35d8844ab by Natanael Copa on 2018-07-30T16:03:32Z:
```
main/fuse: security upgrade to 2.9.8 (CVE-2018-10906)
fixes #9151
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9158[3.9] wireshark: Multiple vulnerabilities (CVE-2018-14339, CVE-2018-14340, CV...2019-07-23T11:24:50ZAlicha CH[3.9] wireshark: Multiple vulnerabilities (CVE-2018-14339, CVE-2018-14340, CVE-2018-14341, CVE-2018-14342, CVE-2018-14343, CVE-2018-14344, CVE-2018-14367, CVE-2018-14368, CVE-2018-14369, CVE-2018-14370)**CVE-2018-14339**: MMSE dissector infinite loop
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-38.html
**CVE-...**CVE-2018-14339**: MMSE dissector infinite loop
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-38.html
**CVE-2018-14340**: Multiple dissectors could crash
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-36.html
**CVE-2018-14341**: DICOM dissector large loop
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-39.html
**CVE-2018-14342**: BGP dissector large loop
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-34.html
**CVE-2018-14343**: ASN.1 BER and related dissectors crash.
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-37.html
**CVE-2018-14344**: ISMP dissector crash.
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-35.html
**CVE-2018-14367**: CoAP dissector crash
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7
Fixed versions: 2.6.2, 2.4.8
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-42.html
**CVE-2018-14368**: Bazaar dissector infinite loop
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-40.html
**CVE-2018-14369**: HTTP2 dissector crash
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-41.html
**CVE-2018-14370**: IEEE 802.11 dissector crash
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7
Fixed versions: 2.6.2, 2.4.8
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-43.html
*(from redmine: issue id 9158, created on 2018-07-30, closed on 2018-07-31)*
* Relations:
* copied_to #9157
* parent #91573.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9174[3.9] py-django: Open redirect possibility in CommonMiddleware (CVE-2018-14574)2019-07-23T11:24:36ZAlicha CH[3.9] py-django: Open redirect possibility in CommonMiddleware (CVE-2018-14574)If the django.middleware.common.CommonMiddleware and the APPEND\_SLASH
setting are both enabled, and if the project
has a URL pattern that accepts any path ending in a slash (many content
management systems have such a pattern), then a...If the django.middleware.common.CommonMiddleware and the APPEND\_SLASH
setting are both enabled, and if the project
has a URL pattern that accepts any path ending in a slash (many content
management systems have such a pattern), then a request to
a maliciously crafted URL of that site could lead to a redirect to
another site, enabling phishing and other attacks.
### Fixed In Version:
Django 1.11.15 and Django 2.0.8
### References:
https://www.djangoproject.com/weblog/2018/aug/01/security-releases/
http://openwall.com/lists/oss-security/2018/08/01/2
### Patch:
https://github.com/django/django/commit/d6eaee092709aad477a9894598496c6deec532ff
*(from redmine: issue id 9174, created on 2018-08-02, closed on 2018-08-07)*
* Relations:
* copied_to #9173
* parent #9173
* Changesets:
* Revision be7e22246de0916a68b640d89fc11fa95ea548b5 by Natanael Copa on 2018-08-06T15:15:13Z:
```
main/py-django: security upgrade to 1.11.15 (CVE-2018-14574)
fixes #9174
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9181[3.9] kamailio: Security vulnerability in Kamailio core related to To header ...2019-07-23T11:24:29ZAlicha CH[3.9] kamailio: Security vulnerability in Kamailio core related to To header processing (CVE-2018-14767)In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message
with a double “To” header and an empty “To” tag causes
a segmentation fault and crash. The reason is missing input validation
in the “build\_res\_buf\_from\_sip\_re...In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message
with a double “To” header and an empty “To” tag causes
a segmentation fault and crash. The reason is missing input validation
in the “build\_res\_buf\_from\_sip\_req” core function.
This could result in denial of service and potentially the execution of
arbitrary code.
### References:
https://skalatan.de/blog/advisory-hw-2018-05
https://nvd.nist.gov/vuln/detail/CVE-2018-14767
*(from redmine: issue id 9181, created on 2018-08-02, closed on 2018-09-20)*
* Relations:
* copied_to #9180
* parent #91803.9.0Nathan AngelacosNathan Angelacoshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9188chrt from util-linux not working2019-07-23T11:24:23ZGlenn Sommerchrt from util-linux not working“chrt” from util-linux/schedutils is currently using
“sched\_setscheduler()” for setting CPU scheduler and realtime
priority.
The musl implementation of this function is just returning “<s>1“, so
”chrt" is unable to change priority</s>...“chrt” from util-linux/schedutils is currently using
“sched\_setscheduler()” for setting CPU scheduler and realtime
priority.
The musl implementation of this function is just returning “<s>1“, so
”chrt" is unable to change priority</s> making ”chrt" nearly useless in
AlpineLinux.
musl source-code:
https://github.com/bpowers/musl/blob/master/src/sched/sched\_setscheduler.c
int sched_setscheduler(pid_t pid, int sched, const struct sched_param *param)
{
return __syscall_ret(-ENOSYS);
}
*(from redmine: issue id 9188, created on 2018-08-05, closed on 2019-01-23)*3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9208[3.9] libao: Invalid memory allocation in _tokenize_matrix function in audio_...2019-07-23T11:24:11ZAlicha CH[3.9] libao: Invalid memory allocation in _tokenize_matrix function in audio_out.c (CVE-2017-11548)The \_tokenize\_matrix function in audio\_out.c in Xiph.Org libao 1.2.0
allows remote attackers to cause
a denial of service (memory corruption) via a crafted MP3 file.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-11548 ...The \_tokenize\_matrix function in audio\_out.c in Xiph.Org libao 1.2.0
allows remote attackers to cause
a denial of service (memory corruption) via a crafted MP3 file.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-11548
http://seclists.org/fulldisclosure/2017/Jul/84
*(from redmine: issue id 9208, created on 2018-08-08, closed on 2019-01-01)*
* Relations:
* copied_to #9207
* parent #9207
* Changesets:
* Revision d25107e8a0abff1db592d5a79b4cd03b670ff905 by Natanael Copa on 2018-12-04T12:17:12Z:
```
main/libao: security fix for CVE-2017-11548
fixes #9208
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9219[3.9] wpa_supplicant: Unauthenticated EAPOL-Key decryption in wpa_supplicant ...2019-07-23T11:24:02ZAlicha CH[3.9] wpa_supplicant: Unauthenticated EAPOL-Key decryption in wpa_supplicant (CVE-2018-14526)An issue was discovered in rsn\_supp/wpa.c in wpa\_supplicant 2.0
through 2.6. Under certain conditions,
the integrity of EAPOL-Key messages is not checked, leading to a
decryption oracle. An attacker within
range of the Access Point...An issue was discovered in rsn\_supp/wpa.c in wpa\_supplicant 2.0
through 2.6. Under certain conditions,
the integrity of EAPOL-Key messages is not checked, leading to a
decryption oracle. An attacker within
range of the Access Point and client can abuse the vulnerability to
recover sensitive information.
### References:
https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt
http://openwall.com/lists/oss-security/2018/08/08/3
https://nvd.nist.gov/vuln/detail/CVE-2018-14526
*(from redmine: issue id 9219, created on 2018-08-10, closed on 2018-08-22)*
* Relations:
* copied_to #9218
* parent #9218
* Changesets:
* Revision ecc28455ea46b5da17cc43d1250d6a16ebeba169 by Natanael Copa on 2018-08-21T13:55:16Z:
```
main/wpa_supplicant: security fix (CVE-2018-14526)
fixes #9219
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9225[3.9] libmspack: Multiple vulnerabilities (CVE-2018-14679, CVE-2018-14680, CV...2019-07-23T11:23:57ZAlicha CH[3.9] libmspack: Multiple vulnerabilities (CVE-2018-14679, CVE-2018-14680, CVE-2018-14681, CVE-2018-14682)**CVE-2018-14679**: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha.
There is an off-by-one error in the CHM PMGI/PMGL chunk number validity
checks, which could lead
to denial of service (uninitialized data dere...**CVE-2018-14679**: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha.
There is an off-by-one error in the CHM PMGI/PMGL chunk number validity
checks, which could lead
to denial of service (uninitialized data dereference and application
crash).
### Fixed In Version:
libmspack 0.7alpha
### References:
http://www.openwall.com/lists/oss-security/2018/07/26/1
https://nvd.nist.gov/vuln/detail/CVE-2018-14679
### Patch:
https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a
**CVE-2018-14680**: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha.
It does not reject blank CHM filenames.
### Fixed In Version:
libmspack 0.7alpha
### References:
http://openwall.com/lists/oss-security/2018/07/28/1
### Patch:
https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a
**CVE-2018-14681**: An issue was discovered in kwajd\_read\_headers in
mspack/kwajd.c in libmspack before 0.7alpha.
A maliciously crafted KWAJ file header extensions could cause a one or
two byte overwrite.
### Fixed In Version:
libmspack 0.7alpha
### References:
http://www.openwall.com/lists/oss-security/2018/07/26/1
https://nvd.nist.gov/vuln/detail/CVE-2018-14681
### Patch:
https://github.com/kyz/libmspack/commit/0b0ef9344255ff5acfac6b7af09198ac9c9756c8
**CVE-2018-14682**: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha. There is an
off-by-one error in the TOLOWER() macro for CHM decompression.
### Fixed In Version:
libmspack 0.7alpha
### References:
http://openwall.com/lists/oss-security/2018/07/28/1
https://nvd.nist.gov/vuln/detail/CVE-2018-14682
### Patch:
https://github.com/kyz/libmspack/commit/4fd9ccaa54e1aebde1e4b95fb0163b699fd7bcc8
*(from redmine: issue id 9225, created on 2018-08-10, closed on 2018-08-23)*
* Relations:
* parent #9224
* Changesets:
* Revision 214cb233279c7ef0221557f24d0d0af79a46d3b7 by Natanael Copa on 2018-08-22T13:28:16Z:
```
main/libmspack: security upgrade to 0.7.1alpha
fixes #9225
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9249[3.9] samba: Multiple vulnerabilities (CVE-2018-10858, CVE-2018-10918, CVE-20...2019-07-23T11:23:41ZAlicha CH[3.9] samba: Multiple vulnerabilities (CVE-2018-10858, CVE-2018-10918, CVE-2018-10919, CVE-2018-1139, CVE-2018-1140)CVE-2018-10858: Insufficient input validation on client directory listing in libsmbclient.
------------------------------------------------------------------------------------------
Samba releases 3.2.0 to 4.8.3 (inclusive) contain an e...CVE-2018-10858: Insufficient input validation on client directory listing in libsmbclient.
------------------------------------------------------------------------------------------
Samba releases 3.2.0 to 4.8.3 (inclusive) contain an error in
libsmbclient that could allow a malicious server
to overwrite client heap memory by returning an extra long filename in a
directory listing.
### Fixed In Version:
samba 4.6.16, samba 4.7.9, samba 4.8.4
### References:
https://www.samba.org/samba/security/CVE-2018-10858.html
https://www.samba.org/samba/history/security.html
CVE-2018-10918: Denial of Service Attack on AD DC DRSUAPI server
----------------------------------------------------------------
All versions of Samba from 4.7.0 onwards are vulnerable to a denial of
service attack which can crash the “samba” process when Samba is an
Active Directory Domain Controller.
### Fixed In Version:
samba 4.7.9, samba 4.8.4
### References:
https://www.samba.org/samba/security/CVE-2018-10918.html
https://www.samba.org/samba/history/security.html
CVE-2018-10919: Confidential attribute disclosure via substring search
----------------------------------------------------------------------
All versions of the Samba Active Directory LDAP server from 4.0.0
onwards are vulnerable to the disclosure of confidential attribute
values, both of attributes where the schema SEARCH\_FLAG\_CONFIDENTIAL
(0x80) searchFlags bit and where an explicit Access Control Entry has
been specified on the ntSecurityDescriptor.
### Fixed In Version:
samba 4.6.16, samba 4.7.9, samba 4.8.4
### References:
https://www.samba.org/samba/security/CVE-2018-10919.html
https://www.samba.org/samba/history/security.html
CVE-2018-1139: Weak authentication protocol regression
------------------------------------------------------
Samba releases 4.7.0 to 4.8.3 (inclusive) contain an error which
allows authentication using NTLMv1 over an SMB1 transport (either
directory or via NETLOGON SamLogon calls from a member server), even
when NTLMv1 is explicitly disabled on the server.
Normally, the use of NTLMv1 is disabled by default in favor of NTLMv2.
This has been the default since Samba 4.5. A code restructuring in the
NTLM authentication implementation of Samba in 4.7.0 caused this
regression to occur.
### Fixed In Version:
samba 4.7.9, samba 4.8.4
### References:
https://www.samba.org/samba/security/CVE-2018-1139.html
https://www.samba.org/samba/history/security.html
CVE-2018-1140: Denial of Service Attack on DNS and LDAP server
--------------------------------------------------------------
All versions of Samba from 4.8.0 onwards are vulnerable to a denial of
service attack when Samba is an Active Directory Domain Controller.
### Fixed In Version:
samba 4.8.4
### References:
https://bugzilla.redhat.com/show\_bug.cgi?id=%20CVE-2018-1140
https://www.samba.org/samba/history/security.html
*(from redmine: issue id 9249, created on 2018-08-16, closed on 2018-08-23)*
* Relations:
* copied_to #9248
* parent #9248
* Changesets:
* Revision d773d4c9846c9af6fff4cf55c1942ce486760f82 by Andy Postnikov on 2018-08-20T14:33:06Z:
```
main/samba: security upgrade to 4.8.4
Fixes #9249
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9291PHP5 EOL2019-07-23T11:23:06ZAndy PostnikovPHP5 EOLAs **php5** is EOL in 31 Dec 2018
https://secure.php.net/supported-versions.php
\- remove php5\* packages & fix dependencies (5 - cacti-php5,
phoronix-test-suite, phpldapadmin, rutorrent, zoneminder)
\- rename php7 packages prefix to *...As **php5** is EOL in 31 Dec 2018
https://secure.php.net/supported-versions.php
\- remove php5\* packages & fix dependencies (5 - cacti-php5,
phoronix-test-suite, phpldapadmin, rutorrent, zoneminder)
\- rename php7 packages prefix to **php-**
- for 3.9 release split peal/non-pecl packages like \#9277
*(from redmine: issue id 9291, created on 2018-08-20, closed on 2019-01-23)*
* Relations:
* relates #9277
* relates #6810
* relates #63533.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9306[3.9] spice: Missing check in demarshal.py:write_validate_array_item() allows...2019-07-23T11:22:55ZAlicha CH[3.9] spice: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service (CVE-2018-10873)A vulnerability was discovered in SPICE before version 0.14.1 where the
generated code used for demarshalling messages
lacked sufficient bounds checks. A malicious client or server, after
authentication, could send specially crafted me...A vulnerability was discovered in SPICE before version 0.14.1 where the
generated code used for demarshalling messages
lacked sufficient bounds checks. A malicious client or server, after
authentication, could send specially crafted messages
to its peer which would result in a crash or, potentially, other
impacts.
### References:
http://openwall.com/lists/oss-security/2018/08/17/1
https://nvd.nist.gov/vuln/detail/CVE-2018-10873
### Patch:
https://gitlab.freedesktop.org/spice/spice-common/commit/bb15d4815ab586b4c4a20f4a565970a44824c42c
*(from redmine: issue id 9306, created on 2018-08-21, closed on 2018-11-08)*
* Relations:
* copied_to #9305
* parent #9305
* Changesets:
* Revision 4e1c871fdcc37ed141df6a2f53d3bd62fddd8fea on 2018-11-07T13:21:12Z:
```
main/spice: security upgrade to 0.14.1 (CVE-2018-10873)
Fixes #9306
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9317[3.9] openssh: User enumeration via malformed packets in authentication reque...2019-07-23T11:22:48ZAlicha CH[3.9] openssh: User enumeration via malformed packets in authentication requests (CVE-2018-15473)OpenSSH through 7.7 is prone to a user enumeration vulnerability due to
not delaying bailout for
an invalid authenticating user until after the packet containing the
request has been fully parsed,
related to auth2-gss.c, auth2-hostba...OpenSSH through 7.7 is prone to a user enumeration vulnerability due to
not delaying bailout for
an invalid authenticating user until after the packet containing the
request has been fully parsed,
related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
### References:
http://www.openwall.com/lists/oss-security/2018/08/15/5
https://nvd.nist.gov/vuln/detail/CVE-2018-15473
### Patch:
https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0
*(from redmine: issue id 9317, created on 2018-08-22, closed on 2018-09-20)*
* Relations:
* parent #9316
* Changesets:
* Revision c314d18b4e1c932d8670c49f265f919242b7a17b by Natanael Copa on 2018-08-22T08:56:21Z:
```
main/openssh: backport security fix (CVE-2018-15473)
fixes #9317
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9332[3.9] zutils: Heap-based buffer overflow (CVE-2018-1000637)2019-07-23T11:22:37ZAlicha CH[3.9] zutils: Heap-based buffer overflow (CVE-2018-1000637)zutils version prior to version 1.8-pre2 contains a Buffer Overflow
vulnerability in zcat that can result in Potential
denial of service or arbitrary code execution. This attack appear to be
exploitable via the victim openning a crafte...zutils version prior to version 1.8-pre2 contains a Buffer Overflow
vulnerability in zcat that can result in Potential
denial of service or arbitrary code execution. This attack appear to be
exploitable via the victim openning a crafted
compressed file. This vulnerability appears to have been fixed in
1.8-pre2.
### References:
https://lists.nongnu.org/archive/html/zutils-bug/2018-08/msg00000.html
https://nvd.nist.gov/vuln/detail/CVE-2018-1000637
http://openwall.com/lists/oss-security/2018/08/22/2
*(from redmine: issue id 9332, created on 2018-08-23, closed on 2018-08-27)*
* Relations:
* copied_to #9331
* parent #9331
* Changesets:
* Revision d031b70d32b89d1ced1b1d2a15195c0720915d5f by Natanael Copa on 2018-08-23T12:48:48Z:
```
community/zutils: security fix (CVE-2018-1000637)
fixes #9332
```3.9.0Roberto OliveiraRoberto Oliveirahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9334compile busybox cp with reflink support2019-07-23T11:22:35ZJohn Doecompile busybox cp with reflink supportGiven that:
(a) Alpine supports BTRFS
(b) Alpine uses busybox as its default coreutils
It would be useful if that enabled access to functionality useful for
BTRFS (namely —reflink).
Comments in the busybox code
(https://git.busybox...Given that:
(a) Alpine supports BTRFS
(b) Alpine uses busybox as its default coreutils
It would be useful if that enabled access to functionality useful for
BTRFS (namely —reflink).
Comments in the busybox code
(https://git.busybox.net/busybox/tree/coreutils/cp.c) seem to suggest
there is reflink support if you choose to compile it:
//config:config FEATURE_CP_REFLINK
//config: bool "Enable --reflink[=auto]"
//config: default y
//config: depends on FEATURE_CP_LONG_OPTIONS
*(from redmine: issue id 9334, created on 2018-08-23, closed on 2019-01-23)*
* Changesets:
* Revision 6e465f74c5d66caced2d255001dbb8d393d90f6a by Natanael Copa on 2019-01-10T14:57:24Z:
```
main/busybox: backport cp --reflink support
fixes #9334
```3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9347[3.9] dropbear: User enumeration vulnerability (CVE-2018-15599)2019-07-23T11:22:27ZAlicha CH[3.9] dropbear: User enumeration vulnerability (CVE-2018-15599)The recv\_msg\_userauth\_request function in svr-auth.c in Dropbear
through 2018.76 is prone to a user enumeration vulnerability because
username
validity affects how fields in SSH\_MSG\_USERAUTH messages are handled,
a similar issue t...The recv\_msg\_userauth\_request function in svr-auth.c in Dropbear
through 2018.76 is prone to a user enumeration vulnerability because
username
validity affects how fields in SSH\_MSG\_USERAUTH messages are handled,
a similar issue to CVE-2018-15473 in an unrelated codebase.
### References:
http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2018q3/002108.html
https://nvd.nist.gov/vuln/detail/CVE-2018-15599
### Patch:
https://secure.ucc.asn.au/hg/dropbear/rev/5d2d1021ca00
*(from redmine: issue id 9347, created on 2018-08-28, closed on 2018-11-08)*
* Relations:
* parent #9346
* Changesets:
* Revision 685fa426c5c984f78ebcf0ac1189fe147fc832c3 by Natanael Copa on 2018-09-10T10:40:02Z:
```
main/dropbear: backport security fix (CVE-2018-15599)
fixes #9347
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9353[3.9] ffmpeg: Multiple vulnerabilities (CVE-2018-6912, CVE-2018-7751, CVE-201...2019-07-23T11:22:20ZAlicha CH[3.9] ffmpeg: Multiple vulnerabilities (CVE-2018-6912, CVE-2018-7751, CVE-2018-12459, CVE-2018-12460, CVE-2018-13301, CVE-2018-13303, CVE-2018-13304, CVE-2018-14394, CVE-2018-14395)**CVE-2018-7751**: The svg\_probe function in libavformat/img2dec.c in
FFmpeg through 3.4.2 allows
remote attackers to cause a denial of service (Infinite Loop) via a
crafted XML file.
### Fixed In Version:
ffmpeg 3.4.3
### Referenc...**CVE-2018-7751**: The svg\_probe function in libavformat/img2dec.c in
FFmpeg through 3.4.2 allows
remote attackers to cause a denial of service (Infinite Loop) via a
crafted XML file.
### Fixed In Version:
ffmpeg 3.4.3
### References:
https://ffmpeg.org/security.html
https://nvd.nist.gov/vuln/detail/CVE-2018-7751
**CVE-2018-14394**: ibavformat/movenc.c in FFmpeg before 4.0.2 allows
attackers to cause a denial of service
(application crash caused by a divide-by-zero error) with a user crafted
Waveform audio file.
### Fixed In Version:
ffmpeg 3.4.3
### References:
https://ffmpeg.org/security.html
https://nvd.nist.gov/vuln/detail/CVE-2018-14394
**CVE-2018-14395**: libavformat/movenc.c in FFmpeg before 4.0.2 allows
attackers to cause a denial of service (application crash
caused by a divide-by-zero error) with a user crafted audio file when
converting to the MOV audio format.
### Fixed In Version:
ffmpeg 3.4.4
References:
https://ffmpeg.org/security.html
https://nvd.nist.gov/vuln/detail/CVE-2018-14395
**CVE-2018-6912**: The decode\_plane function in libavcodec/utvideodec.c
in FFmpeg through 3.4.2 allows remote
attackers to cause a denial of service (out of array read) via a crafted
AVI file.
### Fixed In Version:
ffmpeg 4.0
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-6912
https://ffmpeg.org/security.html
**CVE-2018-12459**: An inconsistent bits-per-sample value in the
ff\_mpeg4\_decode\_picture\_header function in
libavcodec/mpeg4videodec.c in
FFmpeg 4.0 may trigger an assertion violation while converting a crafted
AVI file to MPEG4, leading to a denial of service.
### Fixed In Version:
ffmpeg 4.0.1
### References:
https://ffmpeg.org/security.html
https://nvd.nist.gov/vuln/detail/CVE-2018-12459
**CVE-2018-12460**: libavcodec in FFmpeg 4.0 may trigger a NULL pointer
dereference if the studio profile is incorrectly detected
while converting a crafted AVI file to MPEG4, leading to a denial of
service, related to idctdsp.c and mpegvideo.c.
### Fixed In Version:
ffmpeg 4.0.1
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-12460
https://ffmpeg.org/security.html
**CVE-2018-13301**: In FFmpeg 4.0.1, due to a missing check of a profile
value before setting it, the ff\_mpeg4\_decode\_picture\_header function
in
libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while
converting a crafted AVI file to MPEG4, leading to a denial of service.
### Fixed In Version:
ffmpeg 4.0.2
### References:
https://ffmpeg.org/security.html
https://nvd.nist.gov/vuln/detail/CVE-2018-13301
**CVE-2018-13303**: In FFmpeg 4.0.1, a missing check for failure of a
call to init\_get\_bits8() in the avpriv\_ac3\_parse\_header function
in
libavcodec/ac3\_parser.c may trigger a NULL pointer dereference while
converting a crafted AVI file to MPEG4, leading to a denial of service.
### Fixed In Version:
ffmpeg 4.0.2
### References:
https://ffmpeg.org/security.html
**CVE-2018-13304**: In libavcodec in FFmpeg 4.0.1, improper maintenance
of the consistency between the context profile field and studio\_profile
in libavcodec may
trigger an assertion failure while converting a crafted AVI file to
MPEG4, leading to a denial of service, related to error\_resilience.c,
h263dec.c, and mpeg4videodec.c.
### Fixed In Version:
ffmpeg 4.0.2
### References:
https://ffmpeg.org/security.html
https://nvd.nist.gov/vuln/detail/CVE-2018-13304
*(from redmine: issue id 9353, created on 2018-08-28, closed on 2018-08-29)*
* Relations:
* copied_to #9352
* parent #9352
* Changesets:
* Revision 2a92300f12bdc3ed7fc960459e6b5a37868da059 by Natanael Copa on 2018-08-28T13:49:05Z:
```
community/ffmpeg: security upgrade to 3.4.4
fixes #9115
fixes #9353
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9356postfix 3.3.1-r1 is broken2019-07-23T11:22:17ZSteffen Nurpmesopostfix 3.3.1-r1 is brokenIt seems the paths have been mangled:
fatal: /usr/lib/postfix/postfix-script: No such file or directory
These are all in /usr/libexec/postfix/\*.
Guess what, exactly this time i simply updated the server and went
away.. 10 hours mail...It seems the paths have been mangled:
fatal: /usr/lib/postfix/postfix-script: No such file or directory
These are all in /usr/libexec/postfix/\*.
Guess what, exactly this time i simply updated the server and went
away.. 10 hours mails missing ;)
*(from redmine: issue id 9356, created on 2018-08-28, closed on 2019-01-10)*
* Relations:
* relates #93353.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9374open-vm-tools: /etc/modules-load.d/open-vm-tools missing.conf extension2019-07-23T11:22:04ZJohn Doeopen-vm-tools: /etc/modules-load.d/open-vm-tools missing.conf extensionShould “/etc/modules-load.d/open-vm-tools” not have a *.conf* extension
?
I was recently experimenting with btrfs and found that
/etc/modules-load.d/btrfs would not load, but
/etc/modules-load.d/btrfs.conf would. So surely it is the sam...Should “/etc/modules-load.d/open-vm-tools” not have a *.conf* extension
?
I was recently experimenting with btrfs and found that
/etc/modules-load.d/btrfs would not load, but
/etc/modules-load.d/btrfs.conf would. So surely it is the same with
others such as open-vm-tools ?
*(from redmine: issue id 9374, created on 2018-09-02, closed on 2019-01-10)*3.9.0