aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2019-07-23T11:15:30Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9906[3.9] apache2: Multiple vulnerabilities (CVE-2018-17189, CVE-2018-17199, CVE-...2019-07-23T11:15:30ZAlicha CH[3.9] apache2: Multiple vulnerabilities (CVE-2018-17189, CVE-2018-17199, CVE-2019-0190)CVE-2018-17189: DoS for HTTP/2 connections via slow request bodies
------------------------------------------------------------------
By sending request bodies in a slow loris way to plain resources, the h2
stream for that request unnec...CVE-2018-17189: DoS for HTTP/2 connections via slow request bodies
------------------------------------------------------------------
By sending request bodies in a slow loris way to plain resources, the h2
stream for that request unnecessarily occupied a server
thread cleaning up that incoming data. This affects only HTTP/2
connections. A possible mitigation is to not enable the h2 protocol.
### Fixed In Version:
Apache httpd 2.4.38
### References:
https://httpd.apache.org/security/vulnerabilities\_24.html
CVE-2018-17199: mod\_session\_cookie does not respect expiry time
-----------------------------------------------------------------
In Apache HTTP Server 2.4 release 2.4.37 and prior, mod\_session checks
the session expiry time before decoding the session. This causes
session
expiry time to be ignored for mod\_session\_cookie sessions since the
expiry time is loaded when the session is decoded.
### Fixed In Version:
Apache httpd 2.4.38
### References:
https://httpd.apache.org/security/vulnerabilities\_24.html
CVE-2019-0190: mod\_ssl: remote DoS when used with OpenSSL 1.1.1
----------------------------------------------------------------
A bug exists in the way mod\_ssl handled client renegotiations. A remote
attacker could send a carefully crafted request that would cause
mod\_ssl to enter a loop leading to a denial of service. This bug can be
only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL
version 1.1.1 or later, due to an interaction in changes to handling of
renegotiation attempts.
### Fixed In Version:
Apache httpd 2.4.38
### References:
https://httpd.apache.org/security/vulnerabilities\_24.html
https://seclists.org/oss-sec/2019/q1/82
*(from redmine: issue id 9906, created on 2019-01-24, closed on 2019-01-28)*
* Relations:
* parent #9905
* Changesets:
* Revision e82176fd8bf8ac0c0089a9b3daedcd2c52dafea3 on 2019-01-25T19:34:59Z:
```
main/apache2: security upgrade to 2.4.38
fixes #9906
```3.9.0Kaarle RitvanenKaarle Ritvanenhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9884[3.9] gitolite: security issue in optional bundle helper ("rsync" command) (C...2019-07-23T11:15:46ZAlicha CH[3.9] gitolite: security issue in optional bundle helper ("rsync" command) (CVE-2018-20683)commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync,
mishandles the rsync command line, which allows
attackers to have a “bad” impact by triggering use of an option other
than -v, -n, -q, or -P.
### References:
ht...commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync,
mishandles the rsync command line, which allows
attackers to have a “bad” impact by triggering use of an option other
than -v, -n, -q, or -P.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-20683
https://github.com/sitaramc/gitolite/blob/master/CHANGELOG
### Patch:
https://github.com/sitaramc/gitolite/commit/5df2b817255ee919991da6c310239e08c8fcc1ae
*(from redmine: issue id 9884, created on 2019-01-21, closed on 2019-01-24)*
* Relations:
* parent #9883
* Changesets:
* Revision 87c443db8dd4907c90a4b6077c6d61946fc30816 by Natanael Copa on 2019-01-23T19:14:38Z:
```
main/gitolite: security upgrade to 3.6.11 (CVE-2018-20683)
fixes #9884
```3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9863[3.9] irssi: Use-after-free when hidden lines were expired from the scroll (C...2019-07-23T11:16:00ZAlicha CH[3.9] irssi: Use-after-free when hidden lines were expired from the scroll (CVE-2019-5882)Irssi 1.1.x before 1.1.2 has a use after free when hidden lines are
expired
from the scroll buffer.
### Fixed In Version:
Irssi 1.1.2
### References:
https://irssi.org/security/irssi\_sa\_2019\_01.txt
https://www.openwall.com/lis...Irssi 1.1.x before 1.1.2 has a use after free when hidden lines are
expired
from the scroll buffer.
### Fixed In Version:
Irssi 1.1.2
### References:
https://irssi.org/security/irssi\_sa\_2019\_01.txt
https://www.openwall.com/lists/oss-security/2019/01/10/1
*(from redmine: issue id 9863, created on 2019-01-17, closed on 2019-01-18)*
* Relations:
* parent #9862
* Changesets:
* Revision c4e35c92e1389de8f3e842a194ec98a50a96e219 by Natanael Copa on 2019-01-17T15:13:04Z:
```
main/irssi: security upgrade to 1.1.2 (CVE-2019-5882)
fixes #9863
```3.9.0Natanael CopaNatanael Copa2019-01-17https://gitlab.alpinelinux.org/alpine/aports/-/issues/9823[3.9] keepalived: Multiple vulnerabilities (CVE-2018-19044, CVE-2018-19045, C...2019-07-23T11:16:34ZAlicha CH[3.9] keepalived: Multiple vulnerabilities (CVE-2018-19044, CVE-2018-19045, CVE-2018-19046)**CVE-2018-19044**: kkeepalived before version 2.0.9 didn’t check for
pathnames with symlinks when writing data to a temporary file upon a
call to PrintData or PrintStats. This allowed local users to overwrite
arbitrary files if fs.prote...**CVE-2018-19044**: kkeepalived before version 2.0.9 didn’t check for
pathnames with symlinks when writing data to a temporary file upon a
call to PrintData or PrintStats. This allowed local users to overwrite
arbitrary files if fs.protected\_symlinks is set to 0, as demonstrated
by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to
/etc/passwd.
### Fixed In Version:
keepalived 2.0.9
### References:
https://github.com/acassen/keepalived/issues/1048
http://www.keepalived.org/changelog.html
### Patch:
https://github.com/acassen/keepalived/commit/04f2d32871bb3b11d7dc024039952f2fe2750306
**CVE-2018-19045**: keepalived 2.0.8 used mode 0666 when creating new
temporary files upon a call to PrintData
or PrintStats, potentially leaking sensitive information.
### Fixed In Version:
keepalived 2.0.9
### References:
https://github.com/acassen/keepalived/issues/1048
https://nvd.nist.gov/vuln/detail/CVE-2018-19045
### Patches:
https://github.com/acassen/keepalived/commit/5241e4d7b177d0b6f073cfc9ed5444bf51ec89d6
https://github.com/acassen/keepalived/commit/c6247a9ef2c7b33244ab1d3aa5d629ec49f0a067
**CVE-2018-19046**: keepalived before version 2.0.10 didn’t check for
existing plain files when writing data to a temporary file upon a call
to PrintData or PrintStats. If a local attacker had previously created a
file with the expected name (e.g., /tmp/keepalived.data or
/tmp/keepalived.stats), with read access for the attacker and write
access for the keepalived process, then this potentially leaked
sensitive information.
### Fixed In Version:
keepalived 2.0.10
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-19046
https://github.com/acassen/keepalived/issues/1048
### Patches:
https://github.com/acassen/keepalived/commit/ac8e2ef053de273ce7a0cf0cb611e599dca4b298
https://github.com/acassen/keepalived/commit/26c8d6374db33bcfcdcd758b1282f12ceef4b94f
https://github.com/acassen/keepalived/commit/17f944144b3d9c5131569b1cc988cc90fd676671
*(from redmine: issue id 9823, created on 2019-01-02, closed on 2019-01-09)*
* Relations:
* parent #9822
* Changesets:
* Revision d5456c04c54ef1071228fe009595f420a2dd7e42 on 2019-01-08T11:02:05Z:
```
community/keepalived: security upgrade to 2.0.11
CVE-2018-19044, CVE-2018-19045, CVE-2018-19046
Fixes #9823
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9817[3.9] wget: Information exposure in set_file_metadata function in xattr.c (CV...2019-07-23T11:16:40ZAlicha CH[3.9] wget: Information exposure in set_file_metadata function in xattr.c (CVE-2018-20483)set\_file\_metadata in xattr.c in GNU Wget before 1.20.1 stores a file’s
origin URL in the user.xdg.origin.url metadata attribute of the extended
attributes of the
downloaded file, which allows local users to obtain sensitive
informati...set\_file\_metadata in xattr.c in GNU Wget before 1.20.1 stores a file’s
origin URL in the user.xdg.origin.url metadata attribute of the extended
attributes of the
downloaded file, which allows local users to obtain sensitive
information (e.g., credentials contained in the URL) by reading this
attribute, as demonstrated by getfattr.
This also applies to Referer information in the user.xdg.referrer.url
metadata attribute. According to 2016-07-22 in the Wget ChangeLog,
user.xdg.origin.url was
partially based on the behavior of fwrite\_xattr in tool\_xattr.c in
curl.
### Fixed In Version:
wget 1.20.1
### References:
http://git.savannah.gnu.org/cgit/wget.git/tree/NEWS
https://nvd.nist.gov/vuln/detail/CVE-2018-20483
### Patches:
Introduced by:
https://git.savannah.gnu.org/cgit/wget.git/commit/?id=a933bdd31eee9c956a3b5cc142f004ef1fa94cb3
(v1.19)
http://git.savannah.gnu.org/cgit/wget.git/commit/?id=c125d24762962d91050d925fbbd9e6f30b2302f8
http://git.savannah.gnu.org/cgit/wget.git/commit/?id=3cdfb594cf75f11cdbb9702ac5e856c332ccacfa
*(from redmine: issue id 9817, created on 2019-01-01, closed on 2019-01-09)*
* Relations:
* parent #9816
* Changesets:
* Revision e6404a21b246558e15ba90e0a54011392d26c497 on 2019-01-03T07:51:58Z:
```
main/wget: security upgrade to 1.20.1 (CVE-2018-20483)
Fixes #9817
```3.9.0Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9802[3.9] krb5: Ignore password attributes for S4U2Self requests (CVE-2018-20217)2019-07-23T11:16:51ZAlicha CH[3.9] krb5: Ignore password attributes for S4U2Self requests (CVE-2018-20217)A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5
(aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket
using
an older encryption type (single-DES, triple-DES, or RC4), the attacker
can crash the KDC b...A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5
(aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket
using
an older encryption type (single-DES, triple-DES, or RC4), the attacker
can crash the KDC by making an S4U2Self request.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-20217
http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763
### Patch:
https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086
*(from redmine: issue id 9802, created on 2018-12-27, closed on 2019-01-09)*
* Relations:
* parent #9801
* Changesets:
* Revision bd4ce5b0529e8f12a984bdfd4d231664a613454a on 2019-01-07T07:52:42Z:
```
main/krb5: upgrade to 1.15.4, security fix for CVE-2018-20217
Fixes #9802
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9797[3.9] openjpeg: Multiple vulnerabilities (CVE-2018-14423, CVE-2018-6616)2019-07-23T11:16:57ZAlicha CH[3.9] openjpeg: Multiple vulnerabilities (CVE-2018-14423, CVE-2018-6616)**CVE-2018-14423**: Division-by-zero vulnerabilities in the functions
pi\_next\_pcrl, pi\_next\_cprl, and pi\_next\_rpcl in
lib/openjp3d/pi.c
in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of
service (application cr...**CVE-2018-14423**: Division-by-zero vulnerabilities in the functions
pi\_next\_pcrl, pi\_next\_cprl, and pi\_next\_rpcl in
lib/openjp3d/pi.c
in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of
service (application crash).
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-14423
https://github.com/uclouvain/openjpeg/issues/1123
### Patch:
https://github.com/uclouvain/openjpeg/commit/bd88611ed9ad7144ec4f3de54790cd848175891b
**CVE-2018-6616**: In OpenJPEG 2.3.0, there is excessive iteration in
the opj\_t1\_encode\_cblks function of openjp2/t1.c. Remote
attackers could leverage this vulnerability to cause a denial of service
via a crafted bmp file.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-6616
https://github.com/uclouvain/openjpeg/issues/1059
### Patch:
https://github.com/hlef/openjpeg/commit/8ee335227bbcaf1614124046aa25e53d67b11ec3
*(from redmine: issue id 9797, created on 2018-12-27, closed on 2019-01-01)*
* Relations:
* parent #9796
* Changesets:
* Revision 50f991efc36983c48ef31001e2cb0433b2745479 by Francesco Colista on 2019-01-01T07:33:41Z:
```
main/openjpeg: security fixes
- CVE-2018-14423
- CVE-2018-6616
this commit fixes #9797
```3.9.0Francesco ColistaFrancesco Colistahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9785[3.9] phpmyadmin: Multiple vulnerabilities (CVE-2018-19968, CVE-2018-19969, C...2019-07-23T11:17:09ZAlicha CH[3.9] phpmyadmin: Multiple vulnerabilities (CVE-2018-19968, CVE-2018-19969, CVE-2018-19970)CVE-2018-19968: Local file inclusion through transformation feature.
--------------------------------------------------------------------
A flaw has been found where an attacker can exploit phpMyAdmin to leak
the contents of a local fil...CVE-2018-19968: Local file inclusion through transformation feature.
--------------------------------------------------------------------
A flaw has been found where an attacker can exploit phpMyAdmin to leak
the contents of a local file. The attacker must have access
to the phpMyAdmin Configuration Storage tables, although these can
easily be created in any database to which the attacker has access.
An attacker must have valid credentials to log in to phpMyAdmin; this
vulnerability does not allow an attacker to circumvent the login system.
### Affected Versions:
phpMyAdmin versions from at least 4.0 through 4.8.3 are affected
Reference:
https://www.phpmyadmin.net/security/PMASA-2018-6/
Patch:
https://github.com/phpmyadmin/phpmyadmin/commit/6a1ba61e29002f0305a9322a8af4eaaeb11c0732
CVE-2018-19969: XSRF/CSRF vulnerability
---------------------------------------
By deceiving a user to click on a crafted URL, it is possible to perform
harmful SQL operations such as renaming databases, creating new
tables/routines, deleting designer pages, adding/deleting users,
updating user passwords, killing SQL processes, etc.
### Affected Versions
phpMyAdmin versions 4.7.0 through 4.7.6 and 4.8.0 through 4.8.3 are
affected.
### Reference:
https://www.phpmyadmin.net/security/PMASA-2018-7/
### Patches:
see https://www.phpmyadmin.net/security/PMASA-2018-7/
CVE-2018-19970: XSS vulnerability in navigation tree
----------------------------------------------------
A Cross-Site Scripting vulnerability was found in the navigation tree,
where an attacker can deliver
a payload to a user through a specially-crafted database/table name.
### Affected Versions
phpMyAdmin versions from at least 4.0 through 4.8.3 are affected
### Reference:
https://www.phpmyadmin.net/security/PMASA-2018-8/
### Patch:
https://github.com/phpmyadmin/phpmyadmin/commit/b293ff5f234ef493336ed8638f623a12164d359e
*(from redmine: issue id 9785, created on 2018-12-24, closed on 2019-01-09)*
* Relations:
* parent #9784
* Changesets:
* Revision 327df2ce21328db30da75277c323014af26c0b5c on 2019-01-08T10:44:14Z:
```
community/phpmyadmin: security upgrade to 4.8.4
CVE-2018-19968, CVE-2018-19969, CVE-2018-19970
Fixes #9785
```3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9763[3.9] wireshark: Multiple vulnerabilities (CVE-2018-19622, CVE-2018-19623, CV...2019-07-23T11:17:23ZAlicha CH[3.9] wireshark: Multiple vulnerabilities (CVE-2018-19622, CVE-2018-19623, CVE-2018-19624, CVE-2018-19625 CVE-2018-19626, CVE-2018-19627, CVE-2018-19628)### CVE-2018-19622: MMSE dissector infinite loop
Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10
Fixed versions: 2.6.5, 2.4.11
### References:
https://www.wireshark.org/security/wnpa-sec-2018-54.html
https://bugs.wireshark.org/...### CVE-2018-19622: MMSE dissector infinite loop
Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10
Fixed versions: 2.6.5, 2.4.11
### References:
https://www.wireshark.org/security/wnpa-sec-2018-54.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15250
### CVE-2018-19623: LBMPDM dissector crash
Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10
Fixed versions: 2.6.5, 2.4.11
### References:
https://www.wireshark.org/security/wnpa-sec-2018-53.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15132
### CVE-2018-19624: PVFS dissector crash
Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10
Fixed versions: 2.6.5, 2.4.11
### References:
https://www.wireshark.org/security/wnpa-sec-2018-56.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15280
### CVE-2018-19625: Wireshark dissection engine crash
Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10
Fixed versions: 2.6.5, 2.4.11
### References:
https://www.wireshark.org/security/wnpa-sec-2018-51.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=14466
### CVE-2018-19626: DCOM dissector crash
Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10
Fixed versions: 2.6.5, 2.4.11
### References:
https://www.wireshark.org/security/wnpa-sec-2018-52.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15130
### CVE-2018-19627: IxVeriWave file parser crash.
Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10
Fixed versions: 2.6.5, 2.4.11
### References:
https://www.wireshark.org/security/wnpa-sec-2018-55.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15279
### CVE-2018-19628: ZigBee ZCL dissector crash
Affected versions: 2.6.0 to 2.6.4
Fixed versions: 2.6.5
### References:
https://www.wireshark.org/security/wnpa-sec-2018-57.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15281
*(from redmine: issue id 9763, created on 2018-12-12, closed on 2019-01-01)*
* Relations:
* parent #9762
* Changesets:
* Revision d0f7f9ff6bb890cdeda8dcc9bce15ad49d4d8205 by Milan P. Stanić on 2019-01-01T08:48:05Z:
```
community/wireshark: security upgrade to 2.6.5
CVE-2018-19622, CVE-2018-19623, CVE-2018-19624, CVE-2018-19625
CVE-2018-19626, CVE-2018-19627, CVE-2018-19628
Fixes #9763
Signed-off-by: Leonardo Arena <rnalrd@alpinelinux.org>
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9727[3.9] perl: Multiple vulnerabilities (CVE-2018-18311, CVE-2018-18312, CVE-201...2019-07-23T11:17:48ZAlicha CH[3.9] perl: Multiple vulnerabilities (CVE-2018-18311, CVE-2018-18312, CVE-2018-18313, CVE-2018-18314)CVE-2018-18311: Integer overflow leading to buffer overflow
-----------------------------------------------------------
A flaw was found in Perl versions 5.8.0 through 5.28. An Integer
overflow leading to buffer overflow
in Perl\_my\_...CVE-2018-18311: Integer overflow leading to buffer overflow
-----------------------------------------------------------
A flaw was found in Perl versions 5.8.0 through 5.28. An Integer
overflow leading to buffer overflow
in Perl\_my\_setenv function in util.c
### Fixed In Version:
perl 5.29.1, perl 5.26.3
### Reference:
https://rt.perl.org/Public/Bug/Display.html?id=133204
### Patch:
https://github.com/Perl/perl5/commit/34716e2a6ee2af96078d62b065b7785c001194be
Introduced by:
https://perl5.git.perl.org/perl.git/commitdiff/e658793210bbe632a5e80a876acfcd0984c46b87
CVE-2018-18312: Heap-buffer-overflow write / reg\_node overrun
--------------------------------------------------------------
A flaw was found in Perl versions 5.18 through 5.26. A
Heap-buffer-overflow write / reg\_node overrun
### Fixed In Version:
perl 5.26.3, perl 5.28.1
### References:
https://rt.perl.org/Ticket/Display.html?id=133423
https://security-tracker.debian.org/tracker/CVE-2018-18312
CVE-2018-18313: Heap-buffer-overflow read in regcomp.c
------------------------------------------------------
A flaw was found in Perl versions 5.22 through 5.26.
Heap-buffer-overflow read in regcomp.c
### Fixed In Version:
perl 5.26.3, perl 5.28.1
### Reference:
https://rt.perl.org/Public/Bug/Display.html?id=133192
### Patch:
https://github.com/Perl/perl5/commit/43b2f4ef399e2fd7240b4eeb0658686ad95f8e62
CVE-2018-18314: Heap-based buffer overflow
------------------------------------------
A flaw was found in Perl versions 5.18 through 5.28. A Heap-based buffer
overflow
### Fixed In Version:
perl 5.26.3, perl 5.28.1
### Reference:
https://rt.perl.org/Public/Bug/Display.html?id=131649
### Patch:
https://github.com/Perl/perl5/commit/19a498a461d7c81ae3507c450953d1148efecf4f
*(from redmine: issue id 9727, created on 2018-12-04, closed on 2018-12-06)*
* Relations:
* parent #9726
* Changesets:
* Revision 13074bff64787b9251ec396b8ac6ecd18718d2a0 by Natanael Copa on 2018-12-04T14:46:15Z:
```
main/perl: security upgrade to 5.26.3
CVE-2018-18311, CVE-2018-18312, CVE-2018-18313, CVE-2018-18314
fixes #9727
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9715[3.9] tiff: Multiple vulnerabilities (CVE-2018-12900, CVE-2018-18557, CVE-201...2019-07-23T11:17:58ZAlicha CH[3.9] tiff: Multiple vulnerabilities (CVE-2018-12900, CVE-2018-18557, CVE-2018-18661)CVE-2018-12900: Heap-based buffer overflow in the cpSeparateBufToContigBuf function resulting in a denial of service
--------------------------------------------------------------------------------------------------------------------
He...CVE-2018-12900: Heap-based buffer overflow in the cpSeparateBufToContigBuf function resulting in a denial of service
--------------------------------------------------------------------------------------------------------------------
Heap-based buffer overflow in the cpSeparateBufToContigBuf function in
tiffcp.c in LibTIFF 4.0.9 allows remote
attackers to cause a denial of service (crash) or possibly have
unspecified other impact via a crafted TIFF file.
### References:
http://bugzilla.maptools.org/show\_bug.cgi?id=2798
https://nvd.nist.gov/vuln/detail/CVE-2018-12900
CVE-2018-18557: Out-of-bounds write in tif\_jbig.c
--------------------------------------------------
LibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a
buffer,
ignoring the buffer size, which leads to a tif\_jbig.c JBIGDecode
out-of-bounds write.
### References:
https://bugs.chromium.org/p/project-zero/issues/detail?id=1697
https://nvd.nist.gov/vuln/detail/CVE-2018-18557
CVE-2018-18661: tiff2bw tool failed memory allocation leads to crash
--------------------------------------------------------------------
An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer
dereference in the function
LZWDecode in the file tif\_lzw.c.
### References:
http://bugzilla.maptools.org/show\_bug.cgi?id=2819
https://nvd.nist.gov/vuln/detail/CVE-2018-18661
### Patch:
https://gitlab.com/libtiff/libtiff/commit/99b10edde9a0fc28cc0e7b7757aa18ac4c8c225f
*(from redmine: issue id 9715, created on 2018-11-29, closed on 2018-12-07)*
* Relations:
* parent #9714
* Changesets:
* Revision 0c504ed6ce49ffab8f4090a5a3ddaeeda27ecbf5 by Natanael Copa on 2018-11-30T11:58:02Z:
```
main/tiff: security upgrade to 4.0.10
CVE-2018-12900, CVE-2018-18557, CVE-2018-18661
fixes #9715
```3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9704[3.9] webkit2gtk: Multiple memory corruption issues (CVE-2018-4372)2020-06-23T23:02:11ZAlicha CH[3.9] webkit2gtk: Multiple memory corruption issues (CVE-2018-4372)Processing maliciously crafted web content may lead to arbitrary code
execution. Multiple memory
corruption issues were addressed with improved memory handling.
Versions affected: WebKitGTK+ before 2.22.4
### Reference:
https://webk...Processing maliciously crafted web content may lead to arbitrary code
execution. Multiple memory
corruption issues were addressed with improved memory handling.
Versions affected: WebKitGTK+ before 2.22.4
### Reference:
https://webkitgtk.org/security/WSA-2018-0008.html
*(from redmine: issue id 9704, created on 2018-11-27, closed on 2018-11-28)*
* Changesets:
* Revision 041fef015184af46bcc6eb6e421bdc5e3259c709 by Natanael Copa on 2018-11-27T13:38:59Z:
```
community/webkit2gtk: security upgrade to 2.22.4 (CVE-2018-4372)
fixes #9704
```3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9696[3.9] roundcubemail: Cross-site Scripting issue in email attachments (CVE-201...2019-07-23T11:18:10ZAlicha CH[3.9] roundcubemail: Cross-site Scripting issue in email attachments (CVE-2018-19206)steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of
<svg>
<style>
, as demonstrated by
an onload attribute in a BODY element, within an HTML attachment.
### References:
https://github.com/roundcube/roundcubemai...steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of
<svg>
<style>
, as demonstrated by
an onload attribute in a BODY element, within an HTML attachment.
### References:
https://github.com/roundcube/roundcubemail/issues/6410
https://nvd.nist.gov/vuln/detail/CVE-2018-19206
### Patch:
https://github.com/roundcube/roundcubemail/commit/102fbf1169116fef32a940b9fb1738bc45276059
*(from redmine: issue id 9696, created on 2018-11-26, closed on 2018-12-04)*
* Relations:
* parent #9695
* Changesets:
* Revision 1d5dbd01274ff36d9839dac79b36803262c62bfa by Natanael Copa on 2018-11-29T14:42:08Z:
```
community/roundcubemail: security upgrade to 1.3.8 (CVE-2018-19206)
fixes #9696
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9690[3.9] ghostscript: Multiple vulnerabilities: (CVE-2018-19409, CVE-2018-19475,...2019-07-23T11:18:16ZAlicha CH[3.9] ghostscript: Multiple vulnerabilities: (CVE-2018-19409, CVE-2018-19475, CVE-2018-19476, CVE-2018-19477)**CVE-2018-19409**: An issue was discovered in Artifex Ghostscript
before 9.26. LockSafetyParams is not
checked correctly if another device is used.
### Fixed In Version:
ghostscript 9.26
### References:
https://www.ghostscript.com...**CVE-2018-19409**: An issue was discovered in Artifex Ghostscript
before 9.26. LockSafetyParams is not
checked correctly if another device is used.
### Fixed In Version:
ghostscript 9.26
### References:
https://www.ghostscript.com/doc/9.26/History9.htm\#Version9.26
https://nvd.nist.gov/vuln/detail/CVE-2018-19409
### Patches:
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=661e8d8fb
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=ea1b3ef43
**CVE-2018-19475**: psi/zdevice2.c in Artifex Ghostscript before 9.26
allows remote attackers to bypass intended access restrictions because
available stack space is not checked when the device remains the same.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-19475
https://bugs.ghostscript.com/show\_bug.cgi?id=700153
### Patches:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3005fcb9bb160af199e761e03bc70a9f249a987e
(ghostscript-9.26)
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=aeea342904978c9fe17d85f4906a0f6fcce2d315
(master)
**CVE-2018-19476**: psi/zicc.c in Artifex Ghostscript before 9.26 allows
remote attackers to bypass intended
access restrictions because of a setcolorspace type confusion.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-19476
https://bugs.ghostscript.com/show\_bug.cgi?id=700169
### Patches:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=67d760ab775dae4efe803b5944b0439aa3c0b04a
(ghostscript-9.26)
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=434753adbe8be5534bfb9b7d91746023e8073d16
(master)
**CVE-2018-19477**: psi/zfjbig2.c in Artifex Ghostscript before 9.26
allows remote attackers to bypass intended access restrictions because
of a JBIG2Decode type confusion.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-19477
https://bugs.ghostscript.com/show\_bug.cgi?id=700168
### Patches:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ef252e7dc214bcbd9a2539216aab9202848602bb
(ghostscript-9.26)
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=606a22e77e7f081781e99e44644cd0119f559e03
(master)
*(from redmine: issue id 9690, created on 2018-11-26, closed on 2018-12-07)*
* Relations:
* parent #96893.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9685[3.9] clamav: Multiple vulnerabilities (CVE-2018-15378, CVE-2018-14680, CVE-2...2019-07-23T11:18:21ZAlicha CH[3.9] clamav: Multiple vulnerabilities (CVE-2018-15378, CVE-2018-14680, CVE-2018-14681, CVE-2018-14682)### Fixes for the following ClamAV vulnerabilities:
**CVE-2018-15378**: Vulnerability in ClamAV’s MEW unpacking feature that
could allow an unauthenticated,
remote attacker to cause a denial of service (DoS) condition on an
affected d...### Fixes for the following ClamAV vulnerabilities:
**CVE-2018-15378**: Vulnerability in ClamAV’s MEW unpacking feature that
could allow an unauthenticated,
remote attacker to cause a denial of service (DoS) condition on an
affected device.
### Fixes for the following vulnerabilities in bundled third-party libraries:
**CVE-2018-14680**: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha. It does not reject blank CHM filenames.
**CVE-2018-14681**: An issue was discovered in kwajd\_read\_headers in
mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header
extensions could cause a one or two byte overwrite.
**CVE-2018-14682**: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER()
macro for CHM decompression.
### Fixed In Version:
clamav 0.100.2
### References:
https://github.com/Cisco-Talos/clamav-devel/blob/dev/0.100/NEWS.md\#01002
http://lists.clamav.net/pipermail/clamav-announce/2018/000033.html
*(from redmine: issue id 9685, created on 2018-11-26, closed on 2018-11-28)*
* Relations:
* parent #9684
* Changesets:
* Revision 5412962cc2f34d4bb2f2996918e1384eda223946 on 2018-11-27T15:19:52Z:
```
main/clamav: security upgrade to 0.100.2 - CVE-2018-15378 - CVE-2018-14680 - CVE-2018-14681 - CVE-2018-14682
fixes #9685
```3.9.0Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9679[3.9] openjpeg: Multiple vulnerabilities (CVE-2017-17480, CVE-2018-18088)2019-07-23T11:18:28ZAlicha CH[3.9] openjpeg: Multiple vulnerabilities (CVE-2017-17480, CVE-2018-18088)CVE-2018-18088: NULL pointer dereference in the imagetopnm function of jp2/convert.c
------------------------------------------------------------------------------------
A flaw was found in OpenJPEG 2.3.0. A NULL pointer dereference for...CVE-2018-18088: NULL pointer dereference in the imagetopnm function of jp2/convert.c
------------------------------------------------------------------------------------
A flaw was found in OpenJPEG 2.3.0. A NULL pointer dereference for “red”
in the
imagetopnm function of jp2/convert.c
### References:
https://github.com/uclouvain/openjpeg/issues/1152
https://nvd.nist.gov/vuln/detail/CVE-2018-18088
### Patch:
https://github.com/uclouvain/openjpeg/commit/cab352e249ed3372dd9355c85e837613fff98fa2
CVE-2017-17480: Stack-buffer overflow in the pgxtovolume function
-----------------------------------------------------------------
In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the
pgxtovolume function in jp3d/convert.c. The vulnerability
causes an out-of-bounds write, which may lead to remote denial of
service or possibly remote code execution.
### References:
https://github.com/uclouvain/openjpeg/issues/1044
https://security-tracker.debian.org/tracker/CVE-2017-17480
### Patch:
https://github.com/uclouvain/openjpeg/commit/0bc90e4062a5f9258c91eca018c019b179066c62
*(from redmine: issue id 9679, created on 2018-11-22, closed on 2018-11-26)*
* Relations:
* parent #9678
* Changesets:
* Revision 5b27b635acbe69cadaffce1fbe4b69d8256c1315 by Natanael Copa on 2018-11-22T15:57:59Z:
```
main/openjpeg: security fix for CVE-2017-17480
also remove unused patches
fixes #9679
```3.9.0Francesco ColistaFrancesco Colistahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9668[3.9] cabextract: Buffer overflow (CVE-2018-18584)2019-07-23T11:18:35ZAlicha CH[3.9] cabextract: Buffer overflow (CVE-2018-18584)cabextract before 1.8, the CAB block input buffer is one byte too small
for the maximal Quantum block,
leading to an out-of-bounds write.
### Fixed In Version:
cabextract 1.8
### References:
https://www.cabextract.org.uk
https://...cabextract before 1.8, the CAB block input buffer is one byte too small
for the maximal Quantum block,
leading to an out-of-bounds write.
### Fixed In Version:
cabextract 1.8
### References:
https://www.cabextract.org.uk
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18584
https://www.openwall.com/lists/oss-security/2018/10/22/1
*(from redmine: issue id 9668, created on 2018-11-21, closed on 2018-11-28)*
* Relations:
* parent #96673.9.0Leonardo ArenaLeonardo Arenahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9663[3.9] libmspack: Multiple vulnerabilities (CVE-2018-18584, CVE-2018-18585, CV...2019-07-23T11:18:41ZAlicha CH[3.9] libmspack: Multiple vulnerabilities (CVE-2018-18584, CVE-2018-18585, CVE-2018-18586)CVE-2018-18584: A CAB file with a Quantum-compressed block of exactly 38912 bytes will write one byte beyond the end of the input buffer
----------------------------------------------------------------------------------------------------...CVE-2018-18584: A CAB file with a Quantum-compressed block of exactly 38912 bytes will write one byte beyond the end of the input buffer
----------------------------------------------------------------------------------------------------------------------------------------
In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8,
the CAB
block input buffer is one byte too small for the maximal Quantum block,
leading to an out-of-bounds write.
### References:
https://www.cabextract.org.uk/libmspack/
https://nvd.nist.gov/vuln/detail/CVE-2018-18584
### Patch:
https://github.com/kyz/libmspack/commit/40ef1b4093d77ad3a5cfcee1f5cb6108b3a3bcc2
CVE-2018-18585: CHM files with blank filenames (by having embedded nulls) are allowed, which trips up clients that expect non-blank filenames
---------------------------------------------------------------------------------------------------------------------------------------------
chmd\_read\_headers in mspack/chmd.c in libmspack before 0.8alpha
accepts a filename
that has ‘\\0’ as its first or second character (such as the “/\\0”
name).
### References:
https://www.cabextract.org.uk/libmspack/
https://nvd.nist.gov/vuln/detail/CVE-2018-18585
### Patch:
https://github.com/kyz/libmspack/commit/8759da8db6ec9e866cb8eb143313f397f925bb4f
CVE-2018-18586: chmextract makes no attempt to protect you from relative/absolute paths in CHM filenames
--------------------------------------------------------------------------------------------------------
DISPUTED chmextract.c in the chmextract sample program, as distributed
with libmspack before 0.8alpha, does not protect against
absolute/relative pathnames in CHM files, leading to Directory
Traversal. NOTE: the vendor disputes that this is a libmspack
vulnerability, because chmextract.c was only intended as a source-code
example, not a supported application.
### References:
https://www.cabextract.org.uk/libmspack/
https://nvd.nist.gov/vuln/detail/CVE-2018-18586
### Patch:
https://github.com/kyz/libmspack/commit/7cadd489698be117c47efcadd742651594429e6d
*(from redmine: issue id 9663, created on 2018-11-21, closed on 2018-11-28)*
* Relations:
* parent #9662
* Changesets:
* Revision 3a49d88a9384e72b92ad518a7f8cf56dfe1c4513 by Natanael Copa on 2018-11-27T12:30:37Z:
```
main/libmspack: security upgrade to 0.8_alpha
CVE-2018-18584, CVE-2018-18585, CVE-2018-18586
fixes #9663
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9602[3.9] wireshark: Multiple vulnerabilities (CVE-2018-12086, CVE-2018-18225, CV...2019-07-23T11:19:09ZAlicha CH[3.9] wireshark: Multiple vulnerabilities (CVE-2018-12086, CVE-2018-18225, CVE-2018-18226, CVE-2018-18227)CVE-2018-12086: OpcUa dissector crash
-------------------------------------
Affected versions: 2.6.0 to 2.6.3, 2.4.0 to 2.4.9
Fixed versions: 2.6.4, 2.4.10
### References:
https://www.wireshark.org/security/wnpa-sec-2018-50.html
CV...CVE-2018-12086: OpcUa dissector crash
-------------------------------------
Affected versions: 2.6.0 to 2.6.3, 2.4.0 to 2.4.9
Fixed versions: 2.6.4, 2.4.10
### References:
https://www.wireshark.org/security/wnpa-sec-2018-50.html
CVE-2018-18225: CoAP dissector crash
------------------------------------
Affected versions: 2.6.0 to 2.6.3
Fixed versions: 2.6.4
### References:
https://www.wireshark.org/security/wnpa-sec-2018-49.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15172
CVE-2018-18226: Steam IHS Discovery dissector memory leak
---------------------------------------------------------
Affected versions: 2.6.0 to 2.6.3
Fixed versions: 2.6.4
### References:
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15171
https://www.wireshark.org/security/wnpa-sec-2018-48.html
CVE-2018-18227: MS-WSP dissector crash
--------------------------------------
Affected versions: 2.6.0 to 2.6.3, 2.4.0 to 2.4.9
Fixed versions: 2.6.4, 2.4.10
### References:
https://www.wireshark.org/security/wnpa-sec-2018-47.html
https://www.wireshark.org/security/wnpa-sec-2018-48.html
*(from redmine: issue id 9602, created on 2018-10-29, closed on 2018-10-30)*
* Relations:
* parent #9601
* Changesets:
* Revision 9f7a391b8a4478f35a1b1f3b3b49a51a820e005e by Natanael Copa on 2018-10-29T17:16:56Z:
```
community/wireshark: security upgrade to 2.6.4
CVE-2018-12086, CVE-2018-18225, CVE-2018-18226, CVE-2018-18227
fixes #9602
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9597[3.9] xorg-server: Incorrect permission check in Xorg X server allows for pri...2019-07-23T11:19:15ZAlicha CH[3.9] xorg-server: Incorrect permission check in Xorg X server allows for privilege escalation (CVE-2018-14665)A flaw was found in xorg-x11-server before 1.20.3. An incorrect
permission check for -modulepath and -logfile options when
starting Xorg. X server allows unprivileged users with the ability to
log in to the system via physical console ...A flaw was found in xorg-x11-server before 1.20.3. An incorrect
permission check for -modulepath and -logfile options when
starting Xorg. X server allows unprivileged users with the ability to
log in to the system via physical console to escalate their
privileges and run arbitrary code under root privileges.
### Fixed In Version:
xorg-server 1.20.3
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-14665
https://marc.info/?l=oss-security&m=154047832307726&w=2
### Patch:
Introduced by:
https://gitlab.freedesktop.org/xorg/xserver/commit/032b1d79b7d04d47814a5b3a9fdd162249fea74c
(1.19.0)
Fixed by:
https://gitlab.freedesktop.org/xorg/xserver/commit/50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e
*(from redmine: issue id 9597, created on 2018-10-29, closed on 2018-10-30)*
* Relations:
* copied_to #9596
* parent #95963.9.0Natanael CopaNatanael Copa