aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2019-07-23T11:21:03Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9456[3.9] hylafax: JPEG support code execution (CVE-2018-17141)2019-07-23T11:21:03ZAlicha CH[3.9] hylafax: JPEG support code execution (CVE-2018-17141)HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute
arbitrary code via a dial-in session that provides a FAX page
with the JPEG bit enabled, which is mishandled in
FaxModem::writeECMData() in the faxd/CopyQuality.c<span
...HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute
arbitrary code via a dial-in session that provides a FAX page
with the JPEG bit enabled, which is mishandled in
FaxModem::writeECMData() in the faxd/CopyQuality.c<span
class="underline"></span> file.
### References:
https://www.openwall.com/lists/oss-security/2018/09/20/1
https://nvd.nist.gov/vuln/detail/CVE-2018-17141
### Patch:
http://git.hylafax.org/HylaFAX?a=commit;h=82fa7bdbffc253de4d3e80a87d47fdbf68eabe36
*(from redmine: issue id 9456, created on 2018-09-24, closed on 2018-10-09)*
* Relations:
* parent #9455
* Changesets:
* Revision d4ebd7cc66c32690a483cb6e2b1d825429a4920c on 2018-10-09T06:08:39Z:
```
main/hylafax: security fix (CVE-2018-17141)
Fixes #9456
```3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9452[3.9] webkit2gtk: Multiple vulnerabilities (CVE-2018-4246, CVE-2018-4261, CVE...2019-07-23T11:21:07ZAlicha CH[3.9] webkit2gtk: Multiple vulnerabilities (CVE-2018-4246, CVE-2018-4261, CVE-2018-4262, CVE-2018-4263, CVE-2018-4264, CVE-2018-4265, CVE-2018-4266, CVE-2018-4267, CVE-2018-4270, CVE-2018-4272, CVE-2018-4273, CVE-2018-4278, CVE-2018-4284, CVE-2018-12911)**CVE-2018-4246**
Processing maliciously crafted web content may lead to arbitrary code
execution.
A type confusion issue was addressed with improved memory handling.
Versions affected: WebKitGTK+ before 2.20.4
**CVE-2018-4261**
P...**CVE-2018-4246**
Processing maliciously crafted web content may lead to arbitrary code
execution.
A type confusion issue was addressed with improved memory handling.
Versions affected: WebKitGTK+ before 2.20.4
**CVE-2018-4261**
Processing maliciously crafted web content may lead to arbitrary code
execution.
A memory corruption issue was addressed with improved memory handling.
Versions affected: WebKitGTK+ before 2.20.4
**CVE-2018-4262**
Processing maliciously crafted web content may lead to arbitrary code
execution.
A memory corruption issue was addressed with improved memory handling.
Versions affected: WebKitGTK+ before 2.20.4
**CVE-2018-4263**
Processing maliciously crafted web content may lead to arbitrary code
execution.
A memory corruption issue was addressed with improved memory handling.
Versions affected: WebKitGTK+ before 2.20.4
**CVE-2018-4264**
Processing maliciously crafted web content may lead to arbitrary code
execution.
A memory corruption issue was addressed with improved memory handling.
Versions affected: WebKitGTK+ before 2.20.4
**CVE-2018-4265**
Processing maliciously crafted web content may lead to arbitrary code
execution.
A memory corruption issue was addressed with improved memory handling.
Versions affected: WebKitGTK+ before 2.20.4
**CVE-2018-4266**
A malicious website may be able to cause a denial of service.
A race condition was addressed with additional validation.
Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before
2.20.2.
**CVE-2018-4267**
Processing maliciously crafted web content may lead to arbitrary code
execution.
A memory corruption issue was addressed with improved memory handling.
Versions affected: WebKitGTK+ before 2.20.4
**CVE-2018-4270**
Processing maliciously crafted web content may lead to an unexpected
application crash.
A memory corruption issue was addressed with improved memory handling.
Versions affected: WebKitGTK+ before 2.20.4
**CVE-2018-4272**
Processing maliciously crafted web content may lead to arbitrary code
execution.
A memory corruption issue was addressed with improved memory handling.
Versions affected: WebKitGTK+ before 2.20.4
**CVE-2018-4273**
Processing maliciously crafted web content may lead to an unexpected
application crash.
A memory corruption issue was addressed with improved input
validation.
Versions affected: WebKitGTK+ before 2.20.4
**CVE-2018-4278**
A malicious website may exfiltrate audio data cross-origin. Sound
fetched through audio elements
may be exfiltrated cross-origin. This issue was addressed with improved
audio taint tracking.
Versions affected: WebKitGTK+ before 2.20.4
**CVE-2018-4284**
Processing maliciously crafted web content may lead to arbitrary code
execution.
A type confusion issue was addressed with improved memory handling
Versions affected: WebKitGTK+ before 2.20.4
.
**CVE-2018-12911**
Processing maliciously crafted web content may lead to arbitrary code
execution.
A buffer overflow issue was addressed with improved memory handling.
Versions affected: WebKitGTK+ before 2.20.4
### Reference:
https://webkitgtk.org/security/WSA-2018-0006.html
*(from redmine: issue id 9452, created on 2018-09-21, closed on 2018-10-02)*
* Relations:
* parent #9451
* Changesets:
* Revision 609fbb0235cf6440f5d502885c4e0531c835aed7 by Natanael Copa on 2018-09-27T10:37:24Z:
```
community/webkit2gtk: upgrade to 2.22.2
fixes #9473
fixes #9452
```3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9443[3.9] lcms2: heap-based buffer overflow in SetData function in cmsIT8LoadFrom...2019-07-23T11:21:13ZAlicha CH[3.9] lcms2: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile (CVE-2018-16435)A flaw was found in Little CMS (aka Little Color Management System) 2.9.
An integer overflow
in the AllocateDataSet function in cmscgats.c, leading to a heap-based
buffer overflow in the
SetData function via a crafted file in the sec...A flaw was found in Little CMS (aka Little Color Management System) 2.9.
An integer overflow
in the AllocateDataSet function in cmscgats.c, leading to a heap-based
buffer overflow in the
SetData function via a crafted file in the second argument to
cmsIT8LoadFromFile.
### References:
https://github.com/mm2/Little-CMS/issues/171
https://nvd.nist.gov/vuln/detail/CVE-2018-16435
### Patch:
https://github.com/mm2/Little-CMS/commit/768f70ca405cd3159d990e962d54456773bb8cf8
*(from redmine: issue id 9443, created on 2018-09-21, closed on 2018-11-08)*
* Relations:
* parent #9442
* Changesets:
* Revision 348c14c7421c7d8fcdc82fd7014fb75eed11f56f on 2018-11-06T15:54:09Z:
```
main/lcms2: security fix (CVE-2018-16435)
Fixes #9443
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9441mariadb: testsuite hangs on aarch642019-07-23T11:21:15ZNatanael Copamariadb: testsuite hangs on aarch64build-edge-aarch64:~/aports/main/mariadb/src/mariadb-10.3.9$ ctest -V -I 20,20 -E test-connect
UpdateCTestConfiguration from :/home/buildozer/aports/main/mariadb/src/mariadb-10.3.9/DartConfiguration.tcl
UpdateCTestConfiguration...build-edge-aarch64:~/aports/main/mariadb/src/mariadb-10.3.9$ ctest -V -I 20,20 -E test-connect
UpdateCTestConfiguration from :/home/buildozer/aports/main/mariadb/src/mariadb-10.3.9/DartConfiguration.tcl
UpdateCTestConfiguration from :/home/buildozer/aports/main/mariadb/src/mariadb-10.3.9/DartConfiguration.tcl
Test project /home/buildozer/aports/main/mariadb/src/mariadb-10.3.9
Constructing a list of tests
Done constructing a list of tests
Updating test list for fixtures
Added 0 tests to meet fixture requirements
Checking test dependency graph...
Checking test dependency graph end
test 20
Start 20: my_apc
20: Test command: /home/buildozer/aports/main/mariadb/src/mariadb-10.3.9/unittest/sql/my_apc-t
20: Test timeout computed to be: 10000000
20: 1..1
20: # Testing APC delivery and execution
20: # test_apc_service_thread started
20: # test_apc_requestor_thread started
20: # test_apc_requestor_thread started
20: # test_apc_requestor_thread started
20: # test_apc_requestor_thread started
20: # test_apc_requestor_thread started
20: # test_apc_requestor_thread started
20: # test_apc_requestor_thread started
20: # test_apc_requestor_thread started
20: # test_apc_requestor_thread started
20: # test_apc_requestor_thread started
20: # test_apc_requestor_thread started
20: # test_apc_requestor_thread started
20: # test_apc_requestor_thread started
20: # test_apc_requestor_thread started
20: # test_apc_requestor_thread started
20: # test_apc_requestor_thread started
20: # test_apc_requestor_thread started
20: # test_apc_requestor_thread started
20: # test_apc_requestor_thread started
20: # test_apc_requestor_thread started
20: # test_apc_requestor_thread started
20: # test_apc_requestor_thread started
20: # test_apc_requestor_thread started
20: # 832 APCs served 0 missed
20: # 1646 APCs served 0 missed
20: # 2468 APCs served 0 missed
20: # 3272 APCs served 0 missed
20: # 4088 APCs served 0 missed
20: # 4924 APCs served 0 missed
20: # 5770 APCs served 0 missed
20: # 6577 APCs served 0 missed
20: # 7389 APCs served 0 missed
20: # 8232 APCs served 0 missed
20: # 9035 APCs served 0 missed
20: # 9847 APCs served 0 missed
20: # 10651 APCs served 0 missed
20: # 11477 APCs served 0 missed
20: # 12306 APCs served 0 missed
20: # Shutting down requestors
20: # test_apc_requestor_thread exiting
20: # test_apc_requestor_thread exiting
20: # test_apc_requestor_thread exiting
20: # test_apc_requestor_thread exiting
20: # test_apc_requestor_thread exiting
20: # test_apc_requestor_thread exiting
20: # test_apc_requestor_thread exiting
20: # test_apc_requestor_thread exiting
20: # test_apc_requestor_thread exiting
20: # test_apc_requestor_thread exiting
20: # test_apc_requestor_thread exiting
20: # test_apc_requestor_thread exiting
20: # test_apc_requestor_thread exiting
20: # test_apc_requestor_thread exiting
20: # test_apc_requestor_thread exiting
20: # # # # test_apc_requestor_thread exiting
*(from redmine: issue id 9441, created on 2018-09-21, closed on 2019-01-10)*3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9433[3.9] ghostscript: Incorrect "restoration of privilege" checking when running...2019-07-23T11:21:21ZAlicha CH[3.9] ghostscript: Incorrect "restoration of privilege" checking when running out of stack during exception handling (CVE-2018-16802)An issue was discovered in Artifex Ghostscript before 9.25. Incorrect
“restoration of privilege”
checking when running out of stack during exception handling could be
used by attackers able to supply
crafted PostScript to execute cod...An issue was discovered in Artifex Ghostscript before 9.25. Incorrect
“restoration of privilege”
checking when running out of stack during exception handling could be
used by attackers able to supply
crafted PostScript to execute code using the “pipe” instruction. This is
due to an incomplete fix for CVE-2018-16509.
### References:
https://seclists.org/oss-sec/2018/q3/228
https://seclists.org/oss-sec/2018/q3/229
https://seclists.org/oss-sec/2018/q3/233
### Patches:
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=643b24db
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3e5d316b
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5812b1b7
*(from redmine: issue id 9433, created on 2018-09-20, closed on 2018-11-08)*
* Relations:
* copied_to #9432
* parent #94323.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9427[3.9] libjpeg-turbo: "cjpeg" utility large loop because read_pixel in rdtarga...2019-07-23T11:11:16ZAlicha CH[3.9] libjpeg-turbo: "cjpeg" utility large loop because read_pixel in rdtarga.c mishandles EOF (CVE-2018-11813)“cjpeg” utility large loop because read\_pixel in rdtarga.c mishandles
EOF
### Reference:
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/242
### Patch:
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/19074854d9d8bc32dff3...“cjpeg” utility large loop because read\_pixel in rdtarga.c mishandles
EOF
### Reference:
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/242
### Patch:
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/19074854d9d8bc32dff3ed252eed17ed6cc2ecfc
*(from redmine: issue id 9427, created on 2018-09-20, closed on 2018-09-27)*
* Relations:
* parent #9426
* Changesets:
* Revision d99aa8e3f0c88299d5094270594708793d135723 by Natanael Copa on 2018-09-25T11:00:55Z:
```
main/libjpeg-turbo: backport security fix (CVE-2018-11813)
fixes #9427
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9419libressl fails on kernels without getrandom (like debian 8)2019-07-23T11:21:31ZMartijn Braamlibressl fails on kernels without getrandom (like debian 8)One of the recent updates of libressl on alpine edge seem to break a lot
of tools that use ssl when running as a container on debian 8.
This is due to debian 8 using the 3.16 kernel but libressl seems to
crash on not having the getrando...One of the recent updates of libressl on alpine edge seem to break a lot
of tools that use ssl when running as a container on debian 8.
This is due to debian 8 using the 3.16 kernel but libressl seems to
crash on not having the getrandom syscall introduced in linux 3.17.
I’ve so far run into this with curl and git.
*(from redmine: issue id 9419, created on 2018-09-14, closed on 2019-01-10)*3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9405[3.9] wireshark: Multiple vulnerabilities (CVE-2018-16056, CVE-2018-16057, CV...2019-07-23T11:21:37ZAlicha CH[3.9] wireshark: Multiple vulnerabilities (CVE-2018-16056, CVE-2018-16057, CVE-2018-16058)CVE-2018-16056: Bluetooth Attribute Protocol dissector crash
------------------------------------------------------------
Affected versions: 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, 2.2.0 to 2.2.16
Fixed versions: 2.6.3, 2.4.9, 2.2.17
### Ref...CVE-2018-16056: Bluetooth Attribute Protocol dissector crash
------------------------------------------------------------
Affected versions: 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, 2.2.0 to 2.2.16
Fixed versions: 2.6.3, 2.4.9, 2.2.17
### References:
https://www.wireshark.org/security/wnpa-sec-2018-45.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=14994
CVE-2018-16057: Radiotap dissector crash
----------------------------------------
Affected versions: 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, 2.2.0 to 2.2.16
Fixed versions: 2.6.3, 2.4.9, 2.2.17
### References:
https://www.wireshark.org/security/wnpa-sec-2018-46.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15022
CVE-2018-16058: Bluetooth AVDTP dissector crash
-----------------------------------------------
Affected versions: 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, 2.2.0 to 2.2.16
Fixed versions: 2.6.3, 2.4.9, 2.2.17
### References:
https://www.wireshark.org/security/wnpa-sec-2018-44.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=14884
*(from redmine: issue id 9405, created on 2018-09-10, closed on 2018-09-11)*
* Relations:
* parent #9404
* Changesets:
* Revision e9155647732297c2d4e384b3c1c9cca257f2416a by Natanael Copa on 2018-09-10T17:31:44Z:
```
community/wireshark: security upgrade to 2.6.3
CVE-2018-16056, CVE-2018-16057, CVE-2018-16058
fixes #9405
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9393[3.9] curl: NTLM password overflow via integer overflow (CVE-2018-14618)2019-07-23T11:21:47ZAlicha CH[3.9] curl: NTLM password overflow via integer overflow (CVE-2018-14618)The internal function Curl\_ntlm\_core\_mk\_nt\_hash multiplies the
length of the password by two (SUM)
to figure out how large temporary storage area to allocate from the
heap. The length value is then subsequently
used to iterate o...The internal function Curl\_ntlm\_core\_mk\_nt\_hash multiplies the
length of the password by two (SUM)
to figure out how large temporary storage area to allocate from the
heap. The length value is then subsequently
used to iterate over the password and generate output into the allocated
storage buffer. On systems with a 32 bit size\_t,
the math to calculate SUM triggers an integer overflow when the password
length exceeds 2GB (2^31 bytes). This integer
overflow usually causes a very small buffer to actually get allocated
instead of the intended very huge one, making the
use of that buffer end up in a heap buffer overflow.
### Affected versions:
libcurl 7.15.4 to and including 7.61.0
### Not affected versions:
libcurl < 7.15.4 and >= 7.61.1
### References:
https://curl.haxx.se/docs/CVE-2018-14618.html
### Patch:
https://github.com/curl/curl/commit/57d299a499155d4b327e341c6024e293b0418243.patch
*(from redmine: issue id 9393, created on 2018-09-06, closed on 2018-09-20)*
* Relations:
* parent #9392
* Changesets:
* Revision a64f50f2f36792ffa6bf4ca8fa4339d6d373f4f7 by Natanael Copa on 2018-09-10T09:32:19Z:
```
main/curl: security upgrade to 7.61.1 (CVE-2018-14618)
fixes #9393
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9382[3.9] ghostscript: Multiple vulnerabilities (CVE-2018-10194, CVE-2018-15908, ...2019-07-23T11:21:55ZAlicha CH[3.9] ghostscript: Multiple vulnerabilities (CVE-2018-10194, CVE-2018-15908, CVE-2018-15909, CVE-2018-15910, CVE-2018-15911)**CVE-2018-10194**: The set\_text\_distance function in
devices/vector/gdevpdts.c in the pdfwrite component in Artifex
Ghostscript
through 9.22 does not prevent overflows in text-positioning calculation,
which allows remote attackers t...**CVE-2018-10194**: The set\_text\_distance function in
devices/vector/gdevpdts.c in the pdfwrite component in Artifex
Ghostscript
through 9.22 does not prevent overflows in text-positioning calculation,
which allows remote attackers to cause a denial of service
(application crash) or possibly have unspecified other impact via a
crafted PDF document.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-10194
http://www.openwall.com/lists/oss-security/2018/04/19/5
### Patch:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=39b1e54b2968620723bf32e96764c88797714879
**CVE-2018-15908**: In Artifex Ghostscript 9.23 before 2018-08-23,
attackers are able to supply malicious
PostScript files to bypass .tempfile restrictions and write files.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-15908
### Patch:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0d3901189f245232f0161addf215d7268c4d05a3
**CVE-2018-15909**: In Artifex Ghostscript 9.23 before 2018-08-24, a
type confusion using the .shfill operator could be used by
attackers able to supply crafted PostScript files to crash the
interpreter or potentially execute code.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-15909
### Patches:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0b6cd1918e1ec4ffd087400a754a845180a4522b
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e01e77a36cbb2e0277bc3a63852244bec41be0f6
**CVE-2018-15910**: In Artifex Ghostscript 9.23 before 2018-08-23,
attackers able to supply crafted PostScript files
could use a type confusion in the LockDistillerParams parameter to crash
the interpreter or execute code.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-15910
### Patch:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c3476dde7743761a4e1d39a631716199b696b880
**CVE-2018-15911**: In Artifex Ghostscript 9.23 before 2018-08-24,
attackers able to supply crafted PostScript could use uninitialized
memory access in the aesdecode operator to crash the interpreter or
potentially execute code.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-15911
### Patch:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=8e9ce5016db968b40e4ec255a3005f2786cce45f
*(from redmine: issue id 9382, created on 2018-09-04, closed on 2018-09-20)*
* Relations:
* parent #9381
* Changesets:
* Revision c13758613f3110e14c2e9eda818406f235d996c1 by Andy Postnikov on 2018-09-10T17:18:55Z:
```
main/ghostscript: security upgrade to 9.24
CVE-2018-15908, CVE-2018-15909, CVE-2018-15910, CVE-2018-15911
CVE-2018-10194
fixes #9382
```3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9374open-vm-tools: /etc/modules-load.d/open-vm-tools missing.conf extension2019-07-23T11:22:04ZJohn Doeopen-vm-tools: /etc/modules-load.d/open-vm-tools missing.conf extensionShould “/etc/modules-load.d/open-vm-tools” not have a *.conf* extension
?
I was recently experimenting with btrfs and found that
/etc/modules-load.d/btrfs would not load, but
/etc/modules-load.d/btrfs.conf would. So surely it is the sam...Should “/etc/modules-load.d/open-vm-tools” not have a *.conf* extension
?
I was recently experimenting with btrfs and found that
/etc/modules-load.d/btrfs would not load, but
/etc/modules-load.d/btrfs.conf would. So surely it is the same with
others such as open-vm-tools ?
*(from redmine: issue id 9374, created on 2018-09-02, closed on 2019-01-10)*3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9356postfix 3.3.1-r1 is broken2019-07-23T11:22:17ZSteffen Nurpmesopostfix 3.3.1-r1 is brokenIt seems the paths have been mangled:
fatal: /usr/lib/postfix/postfix-script: No such file or directory
These are all in /usr/libexec/postfix/\*.
Guess what, exactly this time i simply updated the server and went
away.. 10 hours mail...It seems the paths have been mangled:
fatal: /usr/lib/postfix/postfix-script: No such file or directory
These are all in /usr/libexec/postfix/\*.
Guess what, exactly this time i simply updated the server and went
away.. 10 hours mails missing ;)
*(from redmine: issue id 9356, created on 2018-08-28, closed on 2019-01-10)*
* Relations:
* relates #93353.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9353[3.9] ffmpeg: Multiple vulnerabilities (CVE-2018-6912, CVE-2018-7751, CVE-201...2019-07-23T11:22:20ZAlicha CH[3.9] ffmpeg: Multiple vulnerabilities (CVE-2018-6912, CVE-2018-7751, CVE-2018-12459, CVE-2018-12460, CVE-2018-13301, CVE-2018-13303, CVE-2018-13304, CVE-2018-14394, CVE-2018-14395)**CVE-2018-7751**: The svg\_probe function in libavformat/img2dec.c in
FFmpeg through 3.4.2 allows
remote attackers to cause a denial of service (Infinite Loop) via a
crafted XML file.
### Fixed In Version:
ffmpeg 3.4.3
### Referenc...**CVE-2018-7751**: The svg\_probe function in libavformat/img2dec.c in
FFmpeg through 3.4.2 allows
remote attackers to cause a denial of service (Infinite Loop) via a
crafted XML file.
### Fixed In Version:
ffmpeg 3.4.3
### References:
https://ffmpeg.org/security.html
https://nvd.nist.gov/vuln/detail/CVE-2018-7751
**CVE-2018-14394**: ibavformat/movenc.c in FFmpeg before 4.0.2 allows
attackers to cause a denial of service
(application crash caused by a divide-by-zero error) with a user crafted
Waveform audio file.
### Fixed In Version:
ffmpeg 3.4.3
### References:
https://ffmpeg.org/security.html
https://nvd.nist.gov/vuln/detail/CVE-2018-14394
**CVE-2018-14395**: libavformat/movenc.c in FFmpeg before 4.0.2 allows
attackers to cause a denial of service (application crash
caused by a divide-by-zero error) with a user crafted audio file when
converting to the MOV audio format.
### Fixed In Version:
ffmpeg 3.4.4
References:
https://ffmpeg.org/security.html
https://nvd.nist.gov/vuln/detail/CVE-2018-14395
**CVE-2018-6912**: The decode\_plane function in libavcodec/utvideodec.c
in FFmpeg through 3.4.2 allows remote
attackers to cause a denial of service (out of array read) via a crafted
AVI file.
### Fixed In Version:
ffmpeg 4.0
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-6912
https://ffmpeg.org/security.html
**CVE-2018-12459**: An inconsistent bits-per-sample value in the
ff\_mpeg4\_decode\_picture\_header function in
libavcodec/mpeg4videodec.c in
FFmpeg 4.0 may trigger an assertion violation while converting a crafted
AVI file to MPEG4, leading to a denial of service.
### Fixed In Version:
ffmpeg 4.0.1
### References:
https://ffmpeg.org/security.html
https://nvd.nist.gov/vuln/detail/CVE-2018-12459
**CVE-2018-12460**: libavcodec in FFmpeg 4.0 may trigger a NULL pointer
dereference if the studio profile is incorrectly detected
while converting a crafted AVI file to MPEG4, leading to a denial of
service, related to idctdsp.c and mpegvideo.c.
### Fixed In Version:
ffmpeg 4.0.1
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-12460
https://ffmpeg.org/security.html
**CVE-2018-13301**: In FFmpeg 4.0.1, due to a missing check of a profile
value before setting it, the ff\_mpeg4\_decode\_picture\_header function
in
libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while
converting a crafted AVI file to MPEG4, leading to a denial of service.
### Fixed In Version:
ffmpeg 4.0.2
### References:
https://ffmpeg.org/security.html
https://nvd.nist.gov/vuln/detail/CVE-2018-13301
**CVE-2018-13303**: In FFmpeg 4.0.1, a missing check for failure of a
call to init\_get\_bits8() in the avpriv\_ac3\_parse\_header function
in
libavcodec/ac3\_parser.c may trigger a NULL pointer dereference while
converting a crafted AVI file to MPEG4, leading to a denial of service.
### Fixed In Version:
ffmpeg 4.0.2
### References:
https://ffmpeg.org/security.html
**CVE-2018-13304**: In libavcodec in FFmpeg 4.0.1, improper maintenance
of the consistency between the context profile field and studio\_profile
in libavcodec may
trigger an assertion failure while converting a crafted AVI file to
MPEG4, leading to a denial of service, related to error\_resilience.c,
h263dec.c, and mpeg4videodec.c.
### Fixed In Version:
ffmpeg 4.0.2
### References:
https://ffmpeg.org/security.html
https://nvd.nist.gov/vuln/detail/CVE-2018-13304
*(from redmine: issue id 9353, created on 2018-08-28, closed on 2018-08-29)*
* Relations:
* copied_to #9352
* parent #9352
* Changesets:
* Revision 2a92300f12bdc3ed7fc960459e6b5a37868da059 by Natanael Copa on 2018-08-28T13:49:05Z:
```
community/ffmpeg: security upgrade to 3.4.4
fixes #9115
fixes #9353
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9347[3.9] dropbear: User enumeration vulnerability (CVE-2018-15599)2019-07-23T11:22:27ZAlicha CH[3.9] dropbear: User enumeration vulnerability (CVE-2018-15599)The recv\_msg\_userauth\_request function in svr-auth.c in Dropbear
through 2018.76 is prone to a user enumeration vulnerability because
username
validity affects how fields in SSH\_MSG\_USERAUTH messages are handled,
a similar issue t...The recv\_msg\_userauth\_request function in svr-auth.c in Dropbear
through 2018.76 is prone to a user enumeration vulnerability because
username
validity affects how fields in SSH\_MSG\_USERAUTH messages are handled,
a similar issue to CVE-2018-15473 in an unrelated codebase.
### References:
http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2018q3/002108.html
https://nvd.nist.gov/vuln/detail/CVE-2018-15599
### Patch:
https://secure.ucc.asn.au/hg/dropbear/rev/5d2d1021ca00
*(from redmine: issue id 9347, created on 2018-08-28, closed on 2018-11-08)*
* Relations:
* parent #9346
* Changesets:
* Revision 685fa426c5c984f78ebcf0ac1189fe147fc832c3 by Natanael Copa on 2018-09-10T10:40:02Z:
```
main/dropbear: backport security fix (CVE-2018-15599)
fixes #9347
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9334compile busybox cp with reflink support2019-07-23T11:22:35ZJohn Doecompile busybox cp with reflink supportGiven that:
(a) Alpine supports BTRFS
(b) Alpine uses busybox as its default coreutils
It would be useful if that enabled access to functionality useful for
BTRFS (namely —reflink).
Comments in the busybox code
(https://git.busybox...Given that:
(a) Alpine supports BTRFS
(b) Alpine uses busybox as its default coreutils
It would be useful if that enabled access to functionality useful for
BTRFS (namely —reflink).
Comments in the busybox code
(https://git.busybox.net/busybox/tree/coreutils/cp.c) seem to suggest
there is reflink support if you choose to compile it:
//config:config FEATURE_CP_REFLINK
//config: bool "Enable --reflink[=auto]"
//config: default y
//config: depends on FEATURE_CP_LONG_OPTIONS
*(from redmine: issue id 9334, created on 2018-08-23, closed on 2019-01-23)*
* Changesets:
* Revision 6e465f74c5d66caced2d255001dbb8d393d90f6a by Natanael Copa on 2019-01-10T14:57:24Z:
```
main/busybox: backport cp --reflink support
fixes #9334
```3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9332[3.9] zutils: Heap-based buffer overflow (CVE-2018-1000637)2019-07-23T11:22:37ZAlicha CH[3.9] zutils: Heap-based buffer overflow (CVE-2018-1000637)zutils version prior to version 1.8-pre2 contains a Buffer Overflow
vulnerability in zcat that can result in Potential
denial of service or arbitrary code execution. This attack appear to be
exploitable via the victim openning a crafte...zutils version prior to version 1.8-pre2 contains a Buffer Overflow
vulnerability in zcat that can result in Potential
denial of service or arbitrary code execution. This attack appear to be
exploitable via the victim openning a crafted
compressed file. This vulnerability appears to have been fixed in
1.8-pre2.
### References:
https://lists.nongnu.org/archive/html/zutils-bug/2018-08/msg00000.html
https://nvd.nist.gov/vuln/detail/CVE-2018-1000637
http://openwall.com/lists/oss-security/2018/08/22/2
*(from redmine: issue id 9332, created on 2018-08-23, closed on 2018-08-27)*
* Relations:
* copied_to #9331
* parent #9331
* Changesets:
* Revision d031b70d32b89d1ced1b1d2a15195c0720915d5f by Natanael Copa on 2018-08-23T12:48:48Z:
```
community/zutils: security fix (CVE-2018-1000637)
fixes #9332
```3.9.0Roberto OliveiraRoberto Oliveirahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9317[3.9] openssh: User enumeration via malformed packets in authentication reque...2019-07-23T11:22:48ZAlicha CH[3.9] openssh: User enumeration via malformed packets in authentication requests (CVE-2018-15473)OpenSSH through 7.7 is prone to a user enumeration vulnerability due to
not delaying bailout for
an invalid authenticating user until after the packet containing the
request has been fully parsed,
related to auth2-gss.c, auth2-hostba...OpenSSH through 7.7 is prone to a user enumeration vulnerability due to
not delaying bailout for
an invalid authenticating user until after the packet containing the
request has been fully parsed,
related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
### References:
http://www.openwall.com/lists/oss-security/2018/08/15/5
https://nvd.nist.gov/vuln/detail/CVE-2018-15473
### Patch:
https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0
*(from redmine: issue id 9317, created on 2018-08-22, closed on 2018-09-20)*
* Relations:
* parent #9316
* Changesets:
* Revision c314d18b4e1c932d8670c49f265f919242b7a17b by Natanael Copa on 2018-08-22T08:56:21Z:
```
main/openssh: backport security fix (CVE-2018-15473)
fixes #9317
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9306[3.9] spice: Missing check in demarshal.py:write_validate_array_item() allows...2019-07-23T11:22:55ZAlicha CH[3.9] spice: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service (CVE-2018-10873)A vulnerability was discovered in SPICE before version 0.14.1 where the
generated code used for demarshalling messages
lacked sufficient bounds checks. A malicious client or server, after
authentication, could send specially crafted me...A vulnerability was discovered in SPICE before version 0.14.1 where the
generated code used for demarshalling messages
lacked sufficient bounds checks. A malicious client or server, after
authentication, could send specially crafted messages
to its peer which would result in a crash or, potentially, other
impacts.
### References:
http://openwall.com/lists/oss-security/2018/08/17/1
https://nvd.nist.gov/vuln/detail/CVE-2018-10873
### Patch:
https://gitlab.freedesktop.org/spice/spice-common/commit/bb15d4815ab586b4c4a20f4a565970a44824c42c
*(from redmine: issue id 9306, created on 2018-08-21, closed on 2018-11-08)*
* Relations:
* copied_to #9305
* parent #9305
* Changesets:
* Revision 4e1c871fdcc37ed141df6a2f53d3bd62fddd8fea on 2018-11-07T13:21:12Z:
```
main/spice: security upgrade to 0.14.1 (CVE-2018-10873)
Fixes #9306
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9291PHP5 EOL2019-07-23T11:23:06ZAndy PostnikovPHP5 EOLAs **php5** is EOL in 31 Dec 2018
https://secure.php.net/supported-versions.php
\- remove php5\* packages & fix dependencies (5 - cacti-php5,
phoronix-test-suite, phpldapadmin, rutorrent, zoneminder)
\- rename php7 packages prefix to *...As **php5** is EOL in 31 Dec 2018
https://secure.php.net/supported-versions.php
\- remove php5\* packages & fix dependencies (5 - cacti-php5,
phoronix-test-suite, phpldapadmin, rutorrent, zoneminder)
\- rename php7 packages prefix to **php-**
- for 3.9 release split peal/non-pecl packages like \#9277
*(from redmine: issue id 9291, created on 2018-08-20, closed on 2019-01-23)*
* Relations:
* relates #9277
* relates #6810
* relates #63533.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9249[3.9] samba: Multiple vulnerabilities (CVE-2018-10858, CVE-2018-10918, CVE-20...2019-07-23T11:23:41ZAlicha CH[3.9] samba: Multiple vulnerabilities (CVE-2018-10858, CVE-2018-10918, CVE-2018-10919, CVE-2018-1139, CVE-2018-1140)CVE-2018-10858: Insufficient input validation on client directory listing in libsmbclient.
------------------------------------------------------------------------------------------
Samba releases 3.2.0 to 4.8.3 (inclusive) contain an e...CVE-2018-10858: Insufficient input validation on client directory listing in libsmbclient.
------------------------------------------------------------------------------------------
Samba releases 3.2.0 to 4.8.3 (inclusive) contain an error in
libsmbclient that could allow a malicious server
to overwrite client heap memory by returning an extra long filename in a
directory listing.
### Fixed In Version:
samba 4.6.16, samba 4.7.9, samba 4.8.4
### References:
https://www.samba.org/samba/security/CVE-2018-10858.html
https://www.samba.org/samba/history/security.html
CVE-2018-10918: Denial of Service Attack on AD DC DRSUAPI server
----------------------------------------------------------------
All versions of Samba from 4.7.0 onwards are vulnerable to a denial of
service attack which can crash the “samba” process when Samba is an
Active Directory Domain Controller.
### Fixed In Version:
samba 4.7.9, samba 4.8.4
### References:
https://www.samba.org/samba/security/CVE-2018-10918.html
https://www.samba.org/samba/history/security.html
CVE-2018-10919: Confidential attribute disclosure via substring search
----------------------------------------------------------------------
All versions of the Samba Active Directory LDAP server from 4.0.0
onwards are vulnerable to the disclosure of confidential attribute
values, both of attributes where the schema SEARCH\_FLAG\_CONFIDENTIAL
(0x80) searchFlags bit and where an explicit Access Control Entry has
been specified on the ntSecurityDescriptor.
### Fixed In Version:
samba 4.6.16, samba 4.7.9, samba 4.8.4
### References:
https://www.samba.org/samba/security/CVE-2018-10919.html
https://www.samba.org/samba/history/security.html
CVE-2018-1139: Weak authentication protocol regression
------------------------------------------------------
Samba releases 4.7.0 to 4.8.3 (inclusive) contain an error which
allows authentication using NTLMv1 over an SMB1 transport (either
directory or via NETLOGON SamLogon calls from a member server), even
when NTLMv1 is explicitly disabled on the server.
Normally, the use of NTLMv1 is disabled by default in favor of NTLMv2.
This has been the default since Samba 4.5. A code restructuring in the
NTLM authentication implementation of Samba in 4.7.0 caused this
regression to occur.
### Fixed In Version:
samba 4.7.9, samba 4.8.4
### References:
https://www.samba.org/samba/security/CVE-2018-1139.html
https://www.samba.org/samba/history/security.html
CVE-2018-1140: Denial of Service Attack on DNS and LDAP server
--------------------------------------------------------------
All versions of Samba from 4.8.0 onwards are vulnerable to a denial of
service attack when Samba is an Active Directory Domain Controller.
### Fixed In Version:
samba 4.8.4
### References:
https://bugzilla.redhat.com/show\_bug.cgi?id=%20CVE-2018-1140
https://www.samba.org/samba/history/security.html
*(from redmine: issue id 9249, created on 2018-08-16, closed on 2018-08-23)*
* Relations:
* copied_to #9248
* parent #9248
* Changesets:
* Revision d773d4c9846c9af6fff4cf55c1942ce486760f82 by Andy Postnikov on 2018-08-20T14:33:06Z:
```
main/samba: security upgrade to 4.8.4
Fixes #9249
```3.9.0Natanael CopaNatanael Copa