aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2019-07-23T14:11:06Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2778open-vm-tools in edge fails to install2019-07-23T14:11:06ZFrancisco Lazuropen-vm-tools in edge fails to installI’m just upgraded to edge in a Vmware virtual machine (X86\_64) and I’m
now trying to install open-vm-tools but apk fails with the following
message:
>WARNING: Ignoring /media/cdrom/apks/x86\_64/APKINDEX.tar.gz: No such
file or direc...I’m just upgraded to edge in a Vmware virtual machine (X86\_64) and I’m
now trying to install open-vm-tools but apk fails with the following
message:
>WARNING: Ignoring /media/cdrom/apks/x86\_64/APKINDEX.tar.gz: No such
file or directory
>ERROR: unsatisfiable constraints:
>so:libprocps.so.1 (missing):
>required by: open-vm-tools-9.4.0\_p1280544-r0\[so:libprocps.so.1\]
I can’t see how to install the missing dependency and I can see that
libprocps.so.3 is installed in /lib.
*(from redmine: issue id 2778, created on 2014-03-24, closed on 2019-01-10)*3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/2982ocfs2-tools: fails to build with musl2019-07-23T14:08:05ZNatanael Copaocfs2-tools: fails to build with musl*(from redmine: issue id 2982, created on 2014-05-30, closed on 2019-01-10)**(from redmine: issue id 2982, created on 2014-05-30, closed on 2019-01-10)*3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/5105open-vm-tools (vmtoolsd) segfaults when hypervisor sents shutdown request2020-02-05T18:06:39ZJeff Polczynskiopen-vm-tools (vmtoolsd) segfaults when hypervisor sents shutdown requestpackage open-vm-tools-10.0.0\_p3000743-r0
When issuing a “guest OS shutdown” the vmtoolsd process segfaults:
vmtoolsd\[2596\]: segfault at 0 ip 00006cba1552a9a1 sp 00007c03b44dbfe0
error 4 in libvmtools.so.0.0.0\[6cba154f7000+282000\] ...package open-vm-tools-10.0.0\_p3000743-r0
When issuing a “guest OS shutdown” the vmtoolsd process segfaults:
vmtoolsd\[2596\]: segfault at 0 ip 00006cba1552a9a1 sp 00007c03b44dbfe0
error 4 in libvmtools.so.0.0.0\[6cba154f7000+282000\]
vmtoolsd\[2928\]: segfault at 0 ip 000070fa2e2899a1 sp 000075e8d672e6d0
error 4 in libvmtools.so.0.0.0\[70fa2e256000+282000\]
Steps to replicate:
1. Install Alpine to disk (‘lvmsys’ install).
2. Install open-vm-tools (apk add open-vm-tools).
3. Add open-vm-tools as boot server (rc-update add open-vm-tools
boot).
4. Reboot or start open-vm-tools service (rc-service open-vm-tools
start).
5. From VMware client, issue a “Shut Down Guest”.
*(from redmine: issue id 5105, created on 2016-02-11, closed on 2019-01-10)*
* Uploads:
* [0013-fix-System_Reboot-binary.patch](/uploads/3b8bd8da875586e9eb2045926b404fe1/0013-fix-System_Reboot-binary.patch) Fix System_Reboot() for alpine linux3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/6477easy-rsa not compatible with libressl2019-07-23T12:04:19ZCarlo Landmetereasy-rsa not compatible with libresslhttps://github.com/OpenVPN/easy-rsa/issues/76
*(from redmine: issue id 6477, created on 2016-11-22, closed on 2019-01-23)*https://github.com/OpenVPN/easy-rsa/issues/76
*(from redmine: issue id 6477, created on 2016-11-22, closed on 2019-01-23)*3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/6700main/busybox: enable -w option for ps2019-07-23T12:01:18ZDubiousjim .main/busybox: enable -w option for psCan we compile busybox with FEATURE\_PS\_WIDE enabled? That enables one
to use -w and -ww to get wider output from ps.
*(from redmine: issue id 6700, created on 2017-01-18, closed on 2019-01-10)*Can we compile busybox with FEATURE\_PS\_WIDE enabled? That enables one
to use -w and -ww to get wider output from ps.
*(from redmine: issue id 6700, created on 2017-01-18, closed on 2019-01-10)*3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/6703Missing packages virtualbox-additions-virtgrsec, virtualbox-guest-additions (...2019-07-23T12:01:15ZMichal MičkoMissing packages virtualbox-additions-virtgrsec, virtualbox-guest-additions (x86)When I use **VIRTUAL** version of AlpineLinux (**x86-64**) in
VirtualBox, can I use kernel modules from package
**virtualbox-additions-grsec** (branch edge)? If I can’t, then I need
package like **virtualbox-additions-virtgrsec** and it ...When I use **VIRTUAL** version of AlpineLinux (**x86-64**) in
VirtualBox, can I use kernel modules from package
**virtualbox-additions-grsec** (branch edge)? If I can’t, then I need
package like **virtualbox-additions-virtgrsec** and it missing.
When I use **VIRTUAL** version of AlpineLinux (**x86**) in VirtualBox, I
miss package **virtualbox-guest-additions** too.
In both cases I need use shared folder from the host.
*(from redmine: issue id 6703, created on 2017-01-19, closed on 2019-01-23)*3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/7178request, enable perf tools2019-07-23T11:55:24ZV Krishnrequest, enable perf toolsThis tool comes with the kernel, would be nice to have it enabled.
https://packages.debian.org/stretch/linux-perf-4.9
Seems nice development tool (feel free to ignore, as its unstable)
https://packages.debian.org/stretch/perf-tools-...This tool comes with the kernel, would be nice to have it enabled.
https://packages.debian.org/stretch/linux-perf-4.9
Seems nice development tool (feel free to ignore, as its unstable)
https://packages.debian.org/stretch/perf-tools-unstable
*(from redmine: issue id 7178, created on 2017-04-19, closed on 2019-01-10)*3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/7351Add cntlm package2019-07-23T11:53:18ZAlex EllisAdd cntlm packageHi - I’d like to request the cntlm package for x64 and armhf variants.
I’ve seen that Nathan has done some testing and that this was requested
once in the past long ago.
https://git.alpinelinux.org/cgit/aports/commit/?id=8dd4322146bcbe...Hi - I’d like to request the cntlm package for x64 and armhf variants.
I’ve seen that Nathan has done some testing and that this was requested
once in the past long ago.
https://git.alpinelinux.org/cgit/aports/commit/?id=8dd4322146bcbec8de25104f6c3899057bc6ee49
https://bugs.alpinelinux.org/issues/1075
https://github.com/alvarow/docker-cntlm
https://github.com/protenhan/docker-cntlm
This tool is essential for working with a corporate
AD/LDAP-authenticating proxy.
Cheers,
Alex
*(from redmine: issue id 7351, created on 2017-05-31, closed on 2019-01-10)*
* Changesets:
* Revision 4bda782ed5286fe600a9b52e55bca0618c8fe6f7 by Natanael Copa on 2017-05-31T11:36:37Z:
```
testing/cntlm: ressurect from unmaintained
ref #7351
```
* Revision e6646bd43c370a6784fa06e98791b3ca8e257c70 by Natanael Copa on 2019-01-10T13:51:05Z:
```
community/cntlm: move from testing
fixes #7351
```3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/7885PowerDNS: "service pdns reload" fails because of guardian=no2019-07-23T11:43:40ZalgitbotPowerDNS: "service pdns reload" fails because of guardian=noAfter installing and configuring pdns-4.0.3-r2 the following command
fails:
service pdns reload
This is because in “/etc/init.d/pdns” the option “guardian=no” is
hardcoded and the “service pdns reload” command uses the “cycle” command
...After installing and configuring pdns-4.0.3-r2 the following command
fails:
service pdns reload
This is because in “/etc/init.d/pdns” the option “guardian=no” is
hardcoded and the “service pdns reload” command uses the “cycle” command
of “pdns\_control”. The documentation of PowerDNS states:
QUOTE “cycle : Restart the nameserver so it reloads its configuration.
Only works when the server is running in guardian mode”
*(from redmine: issue id 7885, created on 2017-09-23, closed on 2019-01-23)*
* Changesets:
* Revision cdca14c596c1f8832983501857c61ccbe8ac180b by Chris Ely on 2019-01-16T20:06:42Z:
```
community/pdns: use guardian mode
This fixes the reload command which relies on the guardian
to cycle the running instance.
fixes #7885
```3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/8001MonetDB package2019-07-23T11:42:11ZArtem KlevtsovMonetDB packageDependencies: musl-dev gcc bison make python libressl-dev libxml2-dev
xz-dev bzip2-dev lz4-dev readline-dev snappy-dev curl-dev pcre-dev
unixodbc-dev libatomic\_ops-dev
Source tarballs: https://www.monetdb.org/downloads/sources/Jul2017...Dependencies: musl-dev gcc bison make python libressl-dev libxml2-dev
xz-dev bzip2-dev lz4-dev readline-dev snappy-dev curl-dev pcre-dev
unixodbc-dev libatomic\_ops-dev
Source tarballs: https://www.monetdb.org/downloads/sources/Jul2017-SP1/
*(from redmine: issue id 8001, created on 2017-10-14, closed on 2019-01-10)*
* Changesets:
* Revision 10b492044d9db302390ff04a524117ddaf3f4975 by Roberto Oliveira on 2018-07-05T13:25:04Z:
```
testing/monetdb: new aport (fixes #8001)
Column-oriented database management system
```3.9.0Roberto OliveiraRoberto Oliveirahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8425Improve fuse and fuse3 packaging to make them co-installable2019-07-23T11:37:01ZPrzemysław PawełczykImprove fuse and fuse3 packaging to make them co-installableAt this moment fuse3 is still in testing, but it will be possibly moved
to main in future. Let’s assume for now that it will happen before
3.8.0.
According to maintainer’s notes to [libfuse
3.0.0](https://github.com/libfuse/libfuse/rele...At this moment fuse3 is still in testing, but it will be possibly moved
to main in future. Let’s assume for now that it will happen before
3.8.0.
According to maintainer’s notes to [libfuse
3.0.0](https://github.com/libfuse/libfuse/releases/tag/fuse-3.0.0):
>libfuse 3 is designed to be co-installable with libfuse 2. However,
some files will be installed by both libfuse 2 and libfuse 3 (e.g.
/etc/fuse.conf, the udev and init scripts, and the mount.fuse(8)
manpage). These files should be taken from libfuse 3. The format/content
is guaranteed to remain backwards compatible with libfuse 2.
>
>We recommend to ship libfuse2 and libfuse3 in three separate
packages: a libfuse-common package that contains files shared by libfuse
2+3 (taken from the libfuse3 tarball), and libfuse2 and libfuse3
packages that contain the shared library and helper programs for the
respective version.
*(from redmine: issue id 8425, created on 2018-01-26, closed on 2019-01-23)*3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8449open-vm-tools floods logs2019-07-23T11:36:44ZA. Klitzingopen-vm-tools floods logsHi there,
I’m using Alpine v 3.7.0 and system installed open-vm-tools. But it
floods /var/log/vmware-vmsvc.log.
It logs A LOT of “\[Jan 29 23:57:12.616\] \[ warning\] \[guestinfo\]
Failed to get nic info.” warnings.
Sometimes it logs ...Hi there,
I’m using Alpine v 3.7.0 and system installed open-vm-tools. But it
floods /var/log/vmware-vmsvc.log.
It logs A LOT of “\[Jan 29 23:57:12.616\] \[ warning\] \[guestinfo\]
Failed to get nic info.” warnings.
Sometimes it logs something like this
\[Jan 30 00:18:12.639\] \[ warning\] \[guestinfo\] Failed to get nic
info.
\[Jan 30 00:18:29.877\] \[ message\] \[vmtoolsd\] Unloading plugin
‘vmbackup’.
\[Jan 30 00:18:29.877\] \[ message\] \[vmtoolsd\] Unloading plugin
‘timeSync’.
\[Jan 30 00:18:29.877\] \[ message\] \[vmtoolsd\] Unloading plugin
‘powerops’.
\[Jan 30 00:18:29.877\] \[ message\] \[vmtoolsd\] Unloading plugin
‘guestInfo’.
\[Jan 30 00:18:29.877\] \[ message\] \[vmtoolsd\] Unloading plugin
‘grabbitmqProxy’.
\[Jan 30 00:18:29.878\] \[ message\] \[vmtoolsd\] Unloading plugin
‘deployPkg’.
\[Jan 30 00:18:29.878\] \[ message\] \[vmtoolsd\] Unloading plugin
‘vix’.
\[Jan 30 00:18:29.878\] \[ message\] \[vmtoolsd\] Unloading plugin
‘hgfsServer’.
\[Jan 30 00:18:52.792\] \[ message\] \[vmsvc\] Log caching is enabled
with maxCacheEntries=4096.
\[Jan 30 00:18:52.793\] \[ message\] \[vmsvc\] Core dump limit set to
–1
\[Jan 30 00:18:52.793\] \[ message\] \[vmtoolsd\] Tools Version:
10.1.15.65452 (build-6677369)
\[Jan 30 00:18:52.837\] \[ message\] \[vmtoolsd\] Plugin ‘hgfsServer’
initialized.
\[Jan 30 00:18:52.837\] \[ message\] \[vmtoolsd\] Plugin ‘vix’
initialized.
\[Jan 30 00:18:52.837\] \[ message\] \[vmtoolsd\] Plugin ‘deployPkg’
initialized.
\[Jan 30 00:18:52.851\] \[ message\] \[vmtoolsd\] Plugin
‘grabbitmqProxy’ initialized.
\[Jan 30 00:18:52.851\] \[ message\] \[vmtoolsd\] Plugin ‘guestInfo’
initialized.
\[Jan 30 00:18:52.851\] \[ message\] \[vmtoolsd\] Plugin ‘powerops’
initialized.
\[Jan 30 00:18:52.851\] \[ message\] \[vmtoolsd\] Plugin ‘timeSync’
initialized.
\[Jan 30 00:18:52.851\] \[ message\] \[vmtoolsd\] Plugin ‘vmbackup’
initialized.
\[Jan 30 00:18:52.855\] \[ message\] \[vix\]
VixTools\_ProcessVixCommand: command 62
\[Jan 30 00:18:52.856\] \[ warning\] \[vmsvc\] FileGetUserName:
sysconf(\_SC\_GETPW\_R\_SIZE\_MAX) failed.
\[Jan 30 00:18:52.857\] \[ warning\] \[vmsvc\] File\_GetSafeTmpDir:
FileGetUserName failed, using numeric ID as username instead.
\[Jan 30 00:18:52.857\] \[ message\] \[vix\]
ToolsDaemonTcloReceiveVixCommand: command 62, additionalError = 22
*(from redmine: issue id 8449, created on 2018-01-30, closed on 2019-01-10)*3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/8601if grub is used, why to load /etc/update-extlinux.conf2019-07-23T11:34:58Zjiri bif grub is used, why to load /etc/update-extlinux.confHi,
apk del syslinux
apk add grub
…so one wants to use grub. but why is grub patched to load a kind of
syslinux (extlinux) related script?
1. grep -nC3 /etc/update-extlinux.conf /etc/grub.d/10\_linux
21-exec\_prefix=“/usr”
...Hi,
apk del syslinux
apk add grub
…so one wants to use grub. but why is grub patched to load a kind of
syslinux (extlinux) related script?
1. grep -nC3 /etc/update-extlinux.conf /etc/grub.d/10\_linux
21-exec\_prefix=“/usr”
22-datarootdir=“/usr/share”
23-
24:. /etc/update-extlinux.conf
25-. “$pkgdatadir/grub-mkconfig\_lib”
26-
27-GRUB\_CMDLINE\_LINUX\_DEFAULT=“modules=${modules}
${default\_kernel\_opts} ${GRUB\_CMDLINE\_LINUX\_DEFAULT}”
imo there should be condition if possible.
*(from redmine: issue id 8601, created on 2018-03-02, closed on 2019-01-23)*
* Changesets:
* Revision cb6c7c4b66dc4640425f875c7d9545dad9e7823c by Natanael Copa on 2019-01-17T18:59:46Z:
```
main/grub: misc alpine fixes for /etc/grub.d/10_linux
- do not depend on /etc/update-extlinux.conf
- remove GNU when GRUB_DISTRIBUTOR="Alpine"
- clean up initramfs search
fixes #8601
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8777Update smokeping to 2.7.x2019-07-23T11:32:53ZRui CarmoUpdate smokeping to 2.7.xThe current version of smokeping in 3.7/edge is 2.6.11, which is four
years old and does not support some probe types (in particular,
TraceroutePing cannot be made to work without a full manual reinstall).
Please consider updating the p...The current version of smokeping in 3.7/edge is 2.6.11, which is four
years old and does not support some probe types (in particular,
TraceroutePing cannot be made to work without a full manual reinstall).
Please consider updating the package for 3.8.
*(from redmine: issue id 8777, created on 2018-04-08, closed on 2019-01-10)*3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/8925please upgrade community/wxgtk2019-07-23T11:31:13Zalgitbotplease upgrade community/wxgtkCan you please upgrade wxgtk aport to latest version? (3.1.1)
https://github.com/wxWidgets/wxWidgets/releases/tag/v3.1.1
The maintainer doesn’t answer emails and appears to have abandoned
alpine (at least for now).
Thanks.
*(from...Can you please upgrade wxgtk aport to latest version? (3.1.1)
https://github.com/wxWidgets/wxWidgets/releases/tag/v3.1.1
The maintainer doesn’t answer emails and appears to have abandoned
alpine (at least for now).
Thanks.
*(from redmine: issue id 8925, created on 2018-05-22, closed on 2019-01-10)*3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9092[3.9] phpmyadmin: Multiple vulnerabilities (CVE-2018-12581, CVE-2018-12613)2019-07-23T11:25:43ZAlicha CH[3.9] phpmyadmin: Multiple vulnerabilities (CVE-2018-12581, CVE-2018-12613)CVE-2018-12581: XSS in Designer feature
---------------------------------------
A Cross-Site Scripting vulnerability was found in the Designer feature,
where an attacker can
deliver a payload to a user through a specially-crafted data...CVE-2018-12581: XSS in Designer feature
---------------------------------------
A Cross-Site Scripting vulnerability was found in the Designer feature,
where an attacker can
deliver a payload to a user through a specially-crafted database name.
### Affected Versions:
phpMyAdmin versions prior to 4.8.2.
### Reference:
https://www.phpmyadmin.net/security/PMASA-2018-3/
### Patch:
https://github.com/phpmyadmin/phpmyadmin/commit/6943fff87324bd54c3a37a5160a5fb77498c355e
CVE-2018-12613: File inclusion and remote code execution attack
---------------------------------------------------------------
A flaw has been discovered where an attacker can include (view and
potentially execute) files on the server.
The vulnerability comes from a portion of code where pages are
redirected and loaded within phpMyAdmin, and an improper test for
whitelisted pages.
An attacker must be authenticated, except in these situations:
- $cfg\[‘AllowArbitraryServer’\] = true: attacker can specify any host
he/she is already in control of, and execute arbitrary code on
phpMyAdmin
- $cfg\[‘ServerDefault’\] = 0: this bypasses the login and runs the
vulnerable code without any authentication
### Affected Versions:
phpMyAdmin 4.8.0 and 4.8.1 are affected.
### Reference:
https://www.phpmyadmin.net/security/PMASA-2018-4/
### Patch:
https://github.com/phpmyadmin/phpmyadmin/commit/7662d02939fb3cf6f0d9ec32ac664401dcfe7490
*(from redmine: issue id 9092, created on 2018-07-16, closed on 2018-07-17)*
* Relations:
* copied_to #9091
* parent #9091
* Changesets:
* Revision 7b247d9a30036bc793da142933227d7148840609 by Natanael Copa on 2018-07-16T17:52:52Z:
```
community/phpmyadmin: security upgrade to 4.8.2 (CVE-2018-12581,CVE-2018-12613)
fixes #9092
```3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9100[3.9] znc: Multiple vulnerabilities (CVE-2018-14055, CVE-2018-14056)2019-07-23T11:25:35ZAlicha CH[3.9] znc: Multiple vulnerabilities (CVE-2018-14055, CVE-2018-14056)**CVE-2018-14055**: ZNC before 1.7.1-rc1 does not properly validate
untrusted lines coming from the
network, allowing a non-admin user to escalate his privilege and inject
rogue values into znc.conf.
### Reference:
https://nvd.nist.g...**CVE-2018-14055**: ZNC before 1.7.1-rc1 does not properly validate
untrusted lines coming from the
network, allowing a non-admin user to escalate his privilege and inject
rogue values into znc.conf.
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14055
### Patches:
https://github.com/znc/znc/commit/a7bfbd93812950b7444841431e8e297e62cb524e
https://github.com/znc/znc/commit/d22fef8620cdd87490754f607e7153979731c69d
**CVE-2018-14056**: ZNC before 1.7.1-rc1 is prone to a path traversal
flaw via ../ in a web
skin name to access files outside of the intended skins directories.
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14056
### Patch:
https://github.com/znc/znc/commit/a4a5aeeb17d32937d8c7d743dae9a4cc755ce773
*(from redmine: issue id 9100, created on 2018-07-17, closed on 2018-07-19)*
* Relations:
* copied_to #9099
* parent #9099
* Changesets:
* Revision bd4fb24c372fc0a49ab402a6773ad26ee7314d80 by Natanael Copa on 2018-07-18T07:33:45Z:
```
main/znc: security upgrade to 1.7.1 (CVE-2018-14055,CVE-2018-14056)
fixes #9100
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9115[3.9] ffmpeg: Multiple vulnerabilities (CVE-2018-7557, CVE-2018-10001, CVE-20...2019-07-23T11:25:22ZAlicha CH[3.9] ffmpeg: Multiple vulnerabilities (CVE-2018-7557, CVE-2018-10001, CVE-2018-12458, CVE-2018-13300, CVE-2018-13302)**CVE-2018-7557**: The decode\_init function in libavcodec/utvideodec.c
in FFmpeg through 3.4.2 allows remote attackers
to cause a denial of service (Out of array read) via an AVI file with
crafted dimensions within chroma subsampling ...**CVE-2018-7557**: The decode\_init function in libavcodec/utvideodec.c
in FFmpeg through 3.4.2 allows remote attackers
to cause a denial of service (Out of array read) via an AVI file with
crafted dimensions within chroma subsampling data.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-7557
### Patch:
https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/7414d0bda7763f9bd69c26c068e482ab297c1c96
**CVE-2018-10001**: The decode\_init function in libavcodec/utvideodec.c
in FFmpeg through 3.4.2 allows
remote attackers to cause a denial of service (out of array read) via an
AVI file.
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-10001
### Patch:
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=47b7c68ae54560e2308bdb6be4fb076c73b93081
**CVE-2018-12458**: An improper integer type in the
mpeg4\_encode\_gop\_header function in libavcodec/mpeg4videoenc.c in
FFmpeg 4.0 may trigger an assertion violation while converting a crafted
AVI file to MPEG4, leading to a denial of service.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-12458
### Patch:
https://github.com/FFmpeg/FFmpeg/commit/e1182fac1afba92a4975917823a5f644bee7e6e8
**CVE-2018-13300**: In FFmpeg 4.0.1, an improper argument
(AVCodecParameters) passed to the avpriv\_request\_sample
function in the handle\_eac3 function in libavformat/movenc.c may
trigger an out-of-array read while converting a
crafted AVI file to MPEG4, leading to a denial of service and possibly
an information disclosure.
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-13300
### Patch:
https://github.com/FFmpeg/FFmpeg/commit/95556e27e2c1d56d9e18f5db34d6f756f3011148
**CVE-2018-13302**: In FFmpeg 4.0.1, improper handling of frame types
(other than EAC3\_FRAME\_TYPE\_INDEPENDENT) that
have multiple independent substreams in the handle\_eac3 function in
libavformat/movenc.c may trigger an out-of-array access
while converting a crafted AVI file to MPEG4, leading to a denial of
service or possibly unspecified other impact.
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-13302
### Patch:
https://github.com/FFmpeg/FFmpeg/commit/ed22dc22216f74c75ee7901f82649e1ff725ba50
*(from redmine: issue id 9115, created on 2018-07-19, closed on 2018-08-29)*
* Relations:
* copied_to #9114
* parent #9114
* Changesets:
* Revision 2a92300f12bdc3ed7fc960459e6b5a37868da059 by Natanael Copa on 2018-08-28T13:49:05Z:
```
community/ffmpeg: security upgrade to 3.4.4
fixes #9115
fixes #9353
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9128[3.9] mutt: Multiple vulnerabilities (CVE-2018-14349, CVE-2018-14350, CVE-201...2019-07-23T11:25:15ZAlicha CH[3.9] mutt: Multiple vulnerabilities (CVE-2018-14349, CVE-2018-14350, CVE-2018-14351, CVE-2018-14352, CVE-2018-14353, CVE-2018-14354, CVE-2018-14355, CVE-2018-14356, CVE-2018-14357, CVE-2018-14358, CVE-2018-14359, CVE-2018-14362)CVE-2018-14349: Heap Overflow in imap/command.c
-----------------------------------------------
### Fixed In Version:
mutt 1.10.1
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-14349
### Patches:
https://gitlab.com/muttm...CVE-2018-14349: Heap Overflow in imap/command.c
-----------------------------------------------
### Fixed In Version:
mutt 1.10.1
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-14349
### Patches:
https://gitlab.com/muttmua/mutt/commit/9347b5c01dc52682cb6be11539d9b7ebceae4416
CVE-2018-14350: stack-based buffer overflow in imap/message.c
-------------------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-14349
### Patch:
https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870
CVE-2018-14351: IMAP status mailbox literal mishandled in imap/command.c
------------------------------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### References:
http://www.mutt.org/news.html
https://nvd.nist.gov/vuln/detail/CVE-2018-14351
### Patch:
https://gitlab.com/muttmua/mutt/commit/e57a8602b45f58edf7b3ffb61bb17525d75dfcb1
CVE-2018-14352: stack-based buffer overflow in imap/util.c
----------------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14352
### Patch:
https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d
CVE-2018-14353: integer underflow in imap/util.c
------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### References:
http://www.mutt.org/news.html
https://nvd.nist.gov/vuln/detail/CVE-2018-14353
### Patch:
https://gitlab.com/muttmua/mutt/commit/e0131852c6059107939893016c8ff56b6e42865d
CVE-2018-14354: Remote code injection vulnerability to an IMAP mailbox
----------------------------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14354
### Patch:
https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d
CVE-2018-14355: IMAP header caching path traversal vulnerability
----------------------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14355
### Patch:
https://gitlab.com/muttmua/mutt/commit/31eef6c766f47df8281942d19f76e35f475c781d
CVE-2018-14356: mishandles a zero-length UID in pop.c
-----------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14356
### Patch:
https://gitlab.com/muttmua/mutt/commit/e154cba1b3fc52bb8cb8aa846353c0db79b5d9c6
CVE-2018-14357: Remote Code Execution via backquote characters
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14357
### Patch:
https://gitlab.com/muttmua/mutt/commit/185152818541f5cdc059cbff3f3e8b654fc27c1d
CVE-2018-14358: stack-based buffer overflow in imap/message.c
-------------------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14358
### Patch:
https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870
CVE-2018-14359: buffer overflow via base64 data
-----------------------------------------------
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14359
### Patch:
https://gitlab.com/muttmua/mutt/commit/3d9028fec8f4d08db2251096307c0bbbebce669a
CVE-2018-14362: POP body caching path traversal vulnerability
-------------------------------------------------------------
### Fixed In Version:
mutt 1.10.1
### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-14362
### Patch:
https://gitlab.com/muttmua/mutt/commit/6aed28b40a0410ec47d40c8c7296d8d10bae7576
*(from redmine: issue id 9128, created on 2018-07-24, closed on 2018-07-27)*
* Relations:
* copied_to #9127
* parent #9127
* Changesets:
* Revision ed115862c323b563d378a0ca48ef4f6e7cf55388 by Natanael Copa on 2018-07-24T15:23:25Z:
```
main/mutt: security upgrade to 1.10.1
CVE-2018-14349, CVE-2018-14350, CVE-2018-14351, CVE-2018-14352,
CVE-2018-14353, CVE-2018-14354, CVE-2018-14355, CVE-2018-14356,
CVE-2018-14357, CVE-2018-14358, CVE-2018-14359, CVE-2018-14362
fixes #9128
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9140[3.9] libvorbis: heap buffer overflow in mapping0_forward function (CVE-2018-...2019-07-23T11:25:07ZAlicha CH[3.9] libvorbis: heap buffer overflow in mapping0_forward function (CVE-2018-10392)A flaw was found in libvorbis 1.3.6. The mapping0\_forward function in
mapping0.c file in Xiph.Org does not validate the number of channels,
which allows remote attackers to cause a denial of service (heap-based
buffer overflow or over...A flaw was found in libvorbis 1.3.6. The mapping0\_forward function in
mapping0.c file in Xiph.Org does not validate the number of channels,
which allows remote attackers to cause a denial of service (heap-based
buffer overflow or over-read) via a crafted file.
### References:
https://gitlab.xiph.org/xiph/vorbis/issues/2335
https://nvd.nist.gov/vuln/detail/CVE-2018-10392
### Patch:
https://gitlab.xiph.org/xiph/vorbis/commit/112d3bd0aaacad51305e1464d4b381dabad0e88b
*(from redmine: issue id 9140, created on 2018-07-27, closed on 2018-07-30)*
* Relations:
* copied_to #9139
* parent #91393.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9151[3.9] fuse: bypass of the "user_allow_other" restriction when SELinux is acti...2019-07-23T11:24:57ZAlicha CH[3.9] fuse: bypass of the "user_allow_other" restriction when SELinux is active (CVE-2018-10906)In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is
vulnerable to a restriction bypass when SELinux is active. This allows
non-root users to mount a FUSE file system with the ‘allow\_other’
mount
option regardless of ...In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is
vulnerable to a restriction bypass when SELinux is active. This allows
non-root users to mount a FUSE file system with the ‘allow\_other’
mount
option regardless of whether ‘user\_allow\_other’ is set in the fuse
configuration. An attacker may use this flaw to mount a FUSE file
system,
accessible by other users, and trick them into accessing files on that
file
system, possibly causing Denial of Service or other unspecified effects.
### References:
http://openwall.com/lists/oss-security/2018/07/24/1
https://nvd.nist.gov/vuln/detail/CVE-2018-10906
### Patches:
https://github.com/libfuse/libfuse/commit/28bdae3d113ef479c1660a581ef720cdc33bf466
https://github.com/libfuse/libfuse/commit/5018a0c016495155ee598b7e0167b43d5d902414
*(from redmine: issue id 9151, created on 2018-07-30, closed on 2018-07-31)*
* Relations:
* copied_to #9150
* parent #9150
* Changesets:
* Revision cab094ae856f8729453475a6c5fff8e35d8844ab by Natanael Copa on 2018-07-30T16:03:32Z:
```
main/fuse: security upgrade to 2.9.8 (CVE-2018-10906)
fixes #9151
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9158[3.9] wireshark: Multiple vulnerabilities (CVE-2018-14339, CVE-2018-14340, CV...2019-07-23T11:24:50ZAlicha CH[3.9] wireshark: Multiple vulnerabilities (CVE-2018-14339, CVE-2018-14340, CVE-2018-14341, CVE-2018-14342, CVE-2018-14343, CVE-2018-14344, CVE-2018-14367, CVE-2018-14368, CVE-2018-14369, CVE-2018-14370)**CVE-2018-14339**: MMSE dissector infinite loop
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-38.html
**CVE-...**CVE-2018-14339**: MMSE dissector infinite loop
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-38.html
**CVE-2018-14340**: Multiple dissectors could crash
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-36.html
**CVE-2018-14341**: DICOM dissector large loop
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-39.html
**CVE-2018-14342**: BGP dissector large loop
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-34.html
**CVE-2018-14343**: ASN.1 BER and related dissectors crash.
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-37.html
**CVE-2018-14344**: ISMP dissector crash.
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-35.html
**CVE-2018-14367**: CoAP dissector crash
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7
Fixed versions: 2.6.2, 2.4.8
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-42.html
**CVE-2018-14368**: Bazaar dissector infinite loop
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-40.html
**CVE-2018-14369**: HTTP2 dissector crash
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, 2.2.0 to 2.2.15
Fixed versions: 2.6.2, 2.4.8, 2.2.16
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-41.html
**CVE-2018-14370**: IEEE 802.11 dissector crash
Affected versions: 2.6.0 to 2.6.1, 2.4.0 to 2.4.7
Fixed versions: 2.6.2, 2.4.8
### Reference:
https://www.wireshark.org/security/wnpa-sec-2018-43.html
*(from redmine: issue id 9158, created on 2018-07-30, closed on 2018-07-31)*
* Relations:
* copied_to #9157
* parent #91573.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9174[3.9] py-django: Open redirect possibility in CommonMiddleware (CVE-2018-14574)2019-07-23T11:24:36ZAlicha CH[3.9] py-django: Open redirect possibility in CommonMiddleware (CVE-2018-14574)If the django.middleware.common.CommonMiddleware and the APPEND\_SLASH
setting are both enabled, and if the project
has a URL pattern that accepts any path ending in a slash (many content
management systems have such a pattern), then a...If the django.middleware.common.CommonMiddleware and the APPEND\_SLASH
setting are both enabled, and if the project
has a URL pattern that accepts any path ending in a slash (many content
management systems have such a pattern), then a request to
a maliciously crafted URL of that site could lead to a redirect to
another site, enabling phishing and other attacks.
### Fixed In Version:
Django 1.11.15 and Django 2.0.8
### References:
https://www.djangoproject.com/weblog/2018/aug/01/security-releases/
http://openwall.com/lists/oss-security/2018/08/01/2
### Patch:
https://github.com/django/django/commit/d6eaee092709aad477a9894598496c6deec532ff
*(from redmine: issue id 9174, created on 2018-08-02, closed on 2018-08-07)*
* Relations:
* copied_to #9173
* parent #9173
* Changesets:
* Revision be7e22246de0916a68b640d89fc11fa95ea548b5 by Natanael Copa on 2018-08-06T15:15:13Z:
```
main/py-django: security upgrade to 1.11.15 (CVE-2018-14574)
fixes #9174
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9181[3.9] kamailio: Security vulnerability in Kamailio core related to To header ...2019-07-23T11:24:29ZAlicha CH[3.9] kamailio: Security vulnerability in Kamailio core related to To header processing (CVE-2018-14767)In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message
with a double “To” header and an empty “To” tag causes
a segmentation fault and crash. The reason is missing input validation
in the “build\_res\_buf\_from\_sip\_re...In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message
with a double “To” header and an empty “To” tag causes
a segmentation fault and crash. The reason is missing input validation
in the “build\_res\_buf\_from\_sip\_req” core function.
This could result in denial of service and potentially the execution of
arbitrary code.
### References:
https://skalatan.de/blog/advisory-hw-2018-05
https://nvd.nist.gov/vuln/detail/CVE-2018-14767
*(from redmine: issue id 9181, created on 2018-08-02, closed on 2018-09-20)*
* Relations:
* copied_to #9180
* parent #91803.9.0Nathan AngelacosNathan Angelacoshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9188chrt from util-linux not working2019-07-23T11:24:23ZGlenn Sommerchrt from util-linux not working“chrt” from util-linux/schedutils is currently using
“sched\_setscheduler()” for setting CPU scheduler and realtime
priority.
The musl implementation of this function is just returning “<s>1“, so
”chrt" is unable to change priority</s>...“chrt” from util-linux/schedutils is currently using
“sched\_setscheduler()” for setting CPU scheduler and realtime
priority.
The musl implementation of this function is just returning “<s>1“, so
”chrt" is unable to change priority</s> making ”chrt" nearly useless in
AlpineLinux.
musl source-code:
https://github.com/bpowers/musl/blob/master/src/sched/sched\_setscheduler.c
int sched_setscheduler(pid_t pid, int sched, const struct sched_param *param)
{
return __syscall_ret(-ENOSYS);
}
*(from redmine: issue id 9188, created on 2018-08-05, closed on 2019-01-23)*3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9208[3.9] libao: Invalid memory allocation in _tokenize_matrix function in audio_...2019-07-23T11:24:11ZAlicha CH[3.9] libao: Invalid memory allocation in _tokenize_matrix function in audio_out.c (CVE-2017-11548)The \_tokenize\_matrix function in audio\_out.c in Xiph.Org libao 1.2.0
allows remote attackers to cause
a denial of service (memory corruption) via a crafted MP3 file.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-11548 ...The \_tokenize\_matrix function in audio\_out.c in Xiph.Org libao 1.2.0
allows remote attackers to cause
a denial of service (memory corruption) via a crafted MP3 file.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-11548
http://seclists.org/fulldisclosure/2017/Jul/84
*(from redmine: issue id 9208, created on 2018-08-08, closed on 2019-01-01)*
* Relations:
* copied_to #9207
* parent #9207
* Changesets:
* Revision d25107e8a0abff1db592d5a79b4cd03b670ff905 by Natanael Copa on 2018-12-04T12:17:12Z:
```
main/libao: security fix for CVE-2017-11548
fixes #9208
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9219[3.9] wpa_supplicant: Unauthenticated EAPOL-Key decryption in wpa_supplicant ...2019-07-23T11:24:02ZAlicha CH[3.9] wpa_supplicant: Unauthenticated EAPOL-Key decryption in wpa_supplicant (CVE-2018-14526)An issue was discovered in rsn\_supp/wpa.c in wpa\_supplicant 2.0
through 2.6. Under certain conditions,
the integrity of EAPOL-Key messages is not checked, leading to a
decryption oracle. An attacker within
range of the Access Point...An issue was discovered in rsn\_supp/wpa.c in wpa\_supplicant 2.0
through 2.6. Under certain conditions,
the integrity of EAPOL-Key messages is not checked, leading to a
decryption oracle. An attacker within
range of the Access Point and client can abuse the vulnerability to
recover sensitive information.
### References:
https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt
http://openwall.com/lists/oss-security/2018/08/08/3
https://nvd.nist.gov/vuln/detail/CVE-2018-14526
*(from redmine: issue id 9219, created on 2018-08-10, closed on 2018-08-22)*
* Relations:
* copied_to #9218
* parent #9218
* Changesets:
* Revision ecc28455ea46b5da17cc43d1250d6a16ebeba169 by Natanael Copa on 2018-08-21T13:55:16Z:
```
main/wpa_supplicant: security fix (CVE-2018-14526)
fixes #9219
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9225[3.9] libmspack: Multiple vulnerabilities (CVE-2018-14679, CVE-2018-14680, CV...2019-07-23T11:23:57ZAlicha CH[3.9] libmspack: Multiple vulnerabilities (CVE-2018-14679, CVE-2018-14680, CVE-2018-14681, CVE-2018-14682)**CVE-2018-14679**: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha.
There is an off-by-one error in the CHM PMGI/PMGL chunk number validity
checks, which could lead
to denial of service (uninitialized data dere...**CVE-2018-14679**: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha.
There is an off-by-one error in the CHM PMGI/PMGL chunk number validity
checks, which could lead
to denial of service (uninitialized data dereference and application
crash).
### Fixed In Version:
libmspack 0.7alpha
### References:
http://www.openwall.com/lists/oss-security/2018/07/26/1
https://nvd.nist.gov/vuln/detail/CVE-2018-14679
### Patch:
https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a
**CVE-2018-14680**: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha.
It does not reject blank CHM filenames.
### Fixed In Version:
libmspack 0.7alpha
### References:
http://openwall.com/lists/oss-security/2018/07/28/1
### Patch:
https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a
**CVE-2018-14681**: An issue was discovered in kwajd\_read\_headers in
mspack/kwajd.c in libmspack before 0.7alpha.
A maliciously crafted KWAJ file header extensions could cause a one or
two byte overwrite.
### Fixed In Version:
libmspack 0.7alpha
### References:
http://www.openwall.com/lists/oss-security/2018/07/26/1
https://nvd.nist.gov/vuln/detail/CVE-2018-14681
### Patch:
https://github.com/kyz/libmspack/commit/0b0ef9344255ff5acfac6b7af09198ac9c9756c8
**CVE-2018-14682**: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha. There is an
off-by-one error in the TOLOWER() macro for CHM decompression.
### Fixed In Version:
libmspack 0.7alpha
### References:
http://openwall.com/lists/oss-security/2018/07/28/1
https://nvd.nist.gov/vuln/detail/CVE-2018-14682
### Patch:
https://github.com/kyz/libmspack/commit/4fd9ccaa54e1aebde1e4b95fb0163b699fd7bcc8
*(from redmine: issue id 9225, created on 2018-08-10, closed on 2018-08-23)*
* Relations:
* parent #9224
* Changesets:
* Revision 214cb233279c7ef0221557f24d0d0af79a46d3b7 by Natanael Copa on 2018-08-22T13:28:16Z:
```
main/libmspack: security upgrade to 0.7.1alpha
fixes #9225
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9249[3.9] samba: Multiple vulnerabilities (CVE-2018-10858, CVE-2018-10918, CVE-20...2019-07-23T11:23:41ZAlicha CH[3.9] samba: Multiple vulnerabilities (CVE-2018-10858, CVE-2018-10918, CVE-2018-10919, CVE-2018-1139, CVE-2018-1140)CVE-2018-10858: Insufficient input validation on client directory listing in libsmbclient.
------------------------------------------------------------------------------------------
Samba releases 3.2.0 to 4.8.3 (inclusive) contain an e...CVE-2018-10858: Insufficient input validation on client directory listing in libsmbclient.
------------------------------------------------------------------------------------------
Samba releases 3.2.0 to 4.8.3 (inclusive) contain an error in
libsmbclient that could allow a malicious server
to overwrite client heap memory by returning an extra long filename in a
directory listing.
### Fixed In Version:
samba 4.6.16, samba 4.7.9, samba 4.8.4
### References:
https://www.samba.org/samba/security/CVE-2018-10858.html
https://www.samba.org/samba/history/security.html
CVE-2018-10918: Denial of Service Attack on AD DC DRSUAPI server
----------------------------------------------------------------
All versions of Samba from 4.7.0 onwards are vulnerable to a denial of
service attack which can crash the “samba” process when Samba is an
Active Directory Domain Controller.
### Fixed In Version:
samba 4.7.9, samba 4.8.4
### References:
https://www.samba.org/samba/security/CVE-2018-10918.html
https://www.samba.org/samba/history/security.html
CVE-2018-10919: Confidential attribute disclosure via substring search
----------------------------------------------------------------------
All versions of the Samba Active Directory LDAP server from 4.0.0
onwards are vulnerable to the disclosure of confidential attribute
values, both of attributes where the schema SEARCH\_FLAG\_CONFIDENTIAL
(0x80) searchFlags bit and where an explicit Access Control Entry has
been specified on the ntSecurityDescriptor.
### Fixed In Version:
samba 4.6.16, samba 4.7.9, samba 4.8.4
### References:
https://www.samba.org/samba/security/CVE-2018-10919.html
https://www.samba.org/samba/history/security.html
CVE-2018-1139: Weak authentication protocol regression
------------------------------------------------------
Samba releases 4.7.0 to 4.8.3 (inclusive) contain an error which
allows authentication using NTLMv1 over an SMB1 transport (either
directory or via NETLOGON SamLogon calls from a member server), even
when NTLMv1 is explicitly disabled on the server.
Normally, the use of NTLMv1 is disabled by default in favor of NTLMv2.
This has been the default since Samba 4.5. A code restructuring in the
NTLM authentication implementation of Samba in 4.7.0 caused this
regression to occur.
### Fixed In Version:
samba 4.7.9, samba 4.8.4
### References:
https://www.samba.org/samba/security/CVE-2018-1139.html
https://www.samba.org/samba/history/security.html
CVE-2018-1140: Denial of Service Attack on DNS and LDAP server
--------------------------------------------------------------
All versions of Samba from 4.8.0 onwards are vulnerable to a denial of
service attack when Samba is an Active Directory Domain Controller.
### Fixed In Version:
samba 4.8.4
### References:
https://bugzilla.redhat.com/show\_bug.cgi?id=%20CVE-2018-1140
https://www.samba.org/samba/history/security.html
*(from redmine: issue id 9249, created on 2018-08-16, closed on 2018-08-23)*
* Relations:
* copied_to #9248
* parent #9248
* Changesets:
* Revision d773d4c9846c9af6fff4cf55c1942ce486760f82 by Andy Postnikov on 2018-08-20T14:33:06Z:
```
main/samba: security upgrade to 4.8.4
Fixes #9249
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9291PHP5 EOL2019-07-23T11:23:06ZAndy PostnikovPHP5 EOLAs **php5** is EOL in 31 Dec 2018
https://secure.php.net/supported-versions.php
\- remove php5\* packages & fix dependencies (5 - cacti-php5,
phoronix-test-suite, phpldapadmin, rutorrent, zoneminder)
\- rename php7 packages prefix to *...As **php5** is EOL in 31 Dec 2018
https://secure.php.net/supported-versions.php
\- remove php5\* packages & fix dependencies (5 - cacti-php5,
phoronix-test-suite, phpldapadmin, rutorrent, zoneminder)
\- rename php7 packages prefix to **php-**
- for 3.9 release split peal/non-pecl packages like \#9277
*(from redmine: issue id 9291, created on 2018-08-20, closed on 2019-01-23)*
* Relations:
* relates #9277
* relates #6810
* relates #63533.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9306[3.9] spice: Missing check in demarshal.py:write_validate_array_item() allows...2019-07-23T11:22:55ZAlicha CH[3.9] spice: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service (CVE-2018-10873)A vulnerability was discovered in SPICE before version 0.14.1 where the
generated code used for demarshalling messages
lacked sufficient bounds checks. A malicious client or server, after
authentication, could send specially crafted me...A vulnerability was discovered in SPICE before version 0.14.1 where the
generated code used for demarshalling messages
lacked sufficient bounds checks. A malicious client or server, after
authentication, could send specially crafted messages
to its peer which would result in a crash or, potentially, other
impacts.
### References:
http://openwall.com/lists/oss-security/2018/08/17/1
https://nvd.nist.gov/vuln/detail/CVE-2018-10873
### Patch:
https://gitlab.freedesktop.org/spice/spice-common/commit/bb15d4815ab586b4c4a20f4a565970a44824c42c
*(from redmine: issue id 9306, created on 2018-08-21, closed on 2018-11-08)*
* Relations:
* copied_to #9305
* parent #9305
* Changesets:
* Revision 4e1c871fdcc37ed141df6a2f53d3bd62fddd8fea on 2018-11-07T13:21:12Z:
```
main/spice: security upgrade to 0.14.1 (CVE-2018-10873)
Fixes #9306
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9317[3.9] openssh: User enumeration via malformed packets in authentication reque...2019-07-23T11:22:48ZAlicha CH[3.9] openssh: User enumeration via malformed packets in authentication requests (CVE-2018-15473)OpenSSH through 7.7 is prone to a user enumeration vulnerability due to
not delaying bailout for
an invalid authenticating user until after the packet containing the
request has been fully parsed,
related to auth2-gss.c, auth2-hostba...OpenSSH through 7.7 is prone to a user enumeration vulnerability due to
not delaying bailout for
an invalid authenticating user until after the packet containing the
request has been fully parsed,
related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c.
### References:
http://www.openwall.com/lists/oss-security/2018/08/15/5
https://nvd.nist.gov/vuln/detail/CVE-2018-15473
### Patch:
https://github.com/openbsd/src/commit/779974d35b4859c07bc3cb8a12c74b43b0a7d1e0
*(from redmine: issue id 9317, created on 2018-08-22, closed on 2018-09-20)*
* Relations:
* parent #9316
* Changesets:
* Revision c314d18b4e1c932d8670c49f265f919242b7a17b by Natanael Copa on 2018-08-22T08:56:21Z:
```
main/openssh: backport security fix (CVE-2018-15473)
fixes #9317
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9332[3.9] zutils: Heap-based buffer overflow (CVE-2018-1000637)2019-07-23T11:22:37ZAlicha CH[3.9] zutils: Heap-based buffer overflow (CVE-2018-1000637)zutils version prior to version 1.8-pre2 contains a Buffer Overflow
vulnerability in zcat that can result in Potential
denial of service or arbitrary code execution. This attack appear to be
exploitable via the victim openning a crafte...zutils version prior to version 1.8-pre2 contains a Buffer Overflow
vulnerability in zcat that can result in Potential
denial of service or arbitrary code execution. This attack appear to be
exploitable via the victim openning a crafted
compressed file. This vulnerability appears to have been fixed in
1.8-pre2.
### References:
https://lists.nongnu.org/archive/html/zutils-bug/2018-08/msg00000.html
https://nvd.nist.gov/vuln/detail/CVE-2018-1000637
http://openwall.com/lists/oss-security/2018/08/22/2
*(from redmine: issue id 9332, created on 2018-08-23, closed on 2018-08-27)*
* Relations:
* copied_to #9331
* parent #9331
* Changesets:
* Revision d031b70d32b89d1ced1b1d2a15195c0720915d5f by Natanael Copa on 2018-08-23T12:48:48Z:
```
community/zutils: security fix (CVE-2018-1000637)
fixes #9332
```3.9.0Roberto OliveiraRoberto Oliveirahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9334compile busybox cp with reflink support2019-07-23T11:22:35ZJohn Doecompile busybox cp with reflink supportGiven that:
(a) Alpine supports BTRFS
(b) Alpine uses busybox as its default coreutils
It would be useful if that enabled access to functionality useful for
BTRFS (namely —reflink).
Comments in the busybox code
(https://git.busybox...Given that:
(a) Alpine supports BTRFS
(b) Alpine uses busybox as its default coreutils
It would be useful if that enabled access to functionality useful for
BTRFS (namely —reflink).
Comments in the busybox code
(https://git.busybox.net/busybox/tree/coreutils/cp.c) seem to suggest
there is reflink support if you choose to compile it:
//config:config FEATURE_CP_REFLINK
//config: bool "Enable --reflink[=auto]"
//config: default y
//config: depends on FEATURE_CP_LONG_OPTIONS
*(from redmine: issue id 9334, created on 2018-08-23, closed on 2019-01-23)*
* Changesets:
* Revision 6e465f74c5d66caced2d255001dbb8d393d90f6a by Natanael Copa on 2019-01-10T14:57:24Z:
```
main/busybox: backport cp --reflink support
fixes #9334
```3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9347[3.9] dropbear: User enumeration vulnerability (CVE-2018-15599)2019-07-23T11:22:27ZAlicha CH[3.9] dropbear: User enumeration vulnerability (CVE-2018-15599)The recv\_msg\_userauth\_request function in svr-auth.c in Dropbear
through 2018.76 is prone to a user enumeration vulnerability because
username
validity affects how fields in SSH\_MSG\_USERAUTH messages are handled,
a similar issue t...The recv\_msg\_userauth\_request function in svr-auth.c in Dropbear
through 2018.76 is prone to a user enumeration vulnerability because
username
validity affects how fields in SSH\_MSG\_USERAUTH messages are handled,
a similar issue to CVE-2018-15473 in an unrelated codebase.
### References:
http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2018q3/002108.html
https://nvd.nist.gov/vuln/detail/CVE-2018-15599
### Patch:
https://secure.ucc.asn.au/hg/dropbear/rev/5d2d1021ca00
*(from redmine: issue id 9347, created on 2018-08-28, closed on 2018-11-08)*
* Relations:
* parent #9346
* Changesets:
* Revision 685fa426c5c984f78ebcf0ac1189fe147fc832c3 by Natanael Copa on 2018-09-10T10:40:02Z:
```
main/dropbear: backport security fix (CVE-2018-15599)
fixes #9347
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9353[3.9] ffmpeg: Multiple vulnerabilities (CVE-2018-6912, CVE-2018-7751, CVE-201...2019-07-23T11:22:20ZAlicha CH[3.9] ffmpeg: Multiple vulnerabilities (CVE-2018-6912, CVE-2018-7751, CVE-2018-12459, CVE-2018-12460, CVE-2018-13301, CVE-2018-13303, CVE-2018-13304, CVE-2018-14394, CVE-2018-14395)**CVE-2018-7751**: The svg\_probe function in libavformat/img2dec.c in
FFmpeg through 3.4.2 allows
remote attackers to cause a denial of service (Infinite Loop) via a
crafted XML file.
### Fixed In Version:
ffmpeg 3.4.3
### Referenc...**CVE-2018-7751**: The svg\_probe function in libavformat/img2dec.c in
FFmpeg through 3.4.2 allows
remote attackers to cause a denial of service (Infinite Loop) via a
crafted XML file.
### Fixed In Version:
ffmpeg 3.4.3
### References:
https://ffmpeg.org/security.html
https://nvd.nist.gov/vuln/detail/CVE-2018-7751
**CVE-2018-14394**: ibavformat/movenc.c in FFmpeg before 4.0.2 allows
attackers to cause a denial of service
(application crash caused by a divide-by-zero error) with a user crafted
Waveform audio file.
### Fixed In Version:
ffmpeg 3.4.3
### References:
https://ffmpeg.org/security.html
https://nvd.nist.gov/vuln/detail/CVE-2018-14394
**CVE-2018-14395**: libavformat/movenc.c in FFmpeg before 4.0.2 allows
attackers to cause a denial of service (application crash
caused by a divide-by-zero error) with a user crafted audio file when
converting to the MOV audio format.
### Fixed In Version:
ffmpeg 3.4.4
References:
https://ffmpeg.org/security.html
https://nvd.nist.gov/vuln/detail/CVE-2018-14395
**CVE-2018-6912**: The decode\_plane function in libavcodec/utvideodec.c
in FFmpeg through 3.4.2 allows remote
attackers to cause a denial of service (out of array read) via a crafted
AVI file.
### Fixed In Version:
ffmpeg 4.0
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-6912
https://ffmpeg.org/security.html
**CVE-2018-12459**: An inconsistent bits-per-sample value in the
ff\_mpeg4\_decode\_picture\_header function in
libavcodec/mpeg4videodec.c in
FFmpeg 4.0 may trigger an assertion violation while converting a crafted
AVI file to MPEG4, leading to a denial of service.
### Fixed In Version:
ffmpeg 4.0.1
### References:
https://ffmpeg.org/security.html
https://nvd.nist.gov/vuln/detail/CVE-2018-12459
**CVE-2018-12460**: libavcodec in FFmpeg 4.0 may trigger a NULL pointer
dereference if the studio profile is incorrectly detected
while converting a crafted AVI file to MPEG4, leading to a denial of
service, related to idctdsp.c and mpegvideo.c.
### Fixed In Version:
ffmpeg 4.0.1
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-12460
https://ffmpeg.org/security.html
**CVE-2018-13301**: In FFmpeg 4.0.1, due to a missing check of a profile
value before setting it, the ff\_mpeg4\_decode\_picture\_header function
in
libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while
converting a crafted AVI file to MPEG4, leading to a denial of service.
### Fixed In Version:
ffmpeg 4.0.2
### References:
https://ffmpeg.org/security.html
https://nvd.nist.gov/vuln/detail/CVE-2018-13301
**CVE-2018-13303**: In FFmpeg 4.0.1, a missing check for failure of a
call to init\_get\_bits8() in the avpriv\_ac3\_parse\_header function
in
libavcodec/ac3\_parser.c may trigger a NULL pointer dereference while
converting a crafted AVI file to MPEG4, leading to a denial of service.
### Fixed In Version:
ffmpeg 4.0.2
### References:
https://ffmpeg.org/security.html
**CVE-2018-13304**: In libavcodec in FFmpeg 4.0.1, improper maintenance
of the consistency between the context profile field and studio\_profile
in libavcodec may
trigger an assertion failure while converting a crafted AVI file to
MPEG4, leading to a denial of service, related to error\_resilience.c,
h263dec.c, and mpeg4videodec.c.
### Fixed In Version:
ffmpeg 4.0.2
### References:
https://ffmpeg.org/security.html
https://nvd.nist.gov/vuln/detail/CVE-2018-13304
*(from redmine: issue id 9353, created on 2018-08-28, closed on 2018-08-29)*
* Relations:
* copied_to #9352
* parent #9352
* Changesets:
* Revision 2a92300f12bdc3ed7fc960459e6b5a37868da059 by Natanael Copa on 2018-08-28T13:49:05Z:
```
community/ffmpeg: security upgrade to 3.4.4
fixes #9115
fixes #9353
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9356postfix 3.3.1-r1 is broken2019-07-23T11:22:17ZSteffen Nurpmesopostfix 3.3.1-r1 is brokenIt seems the paths have been mangled:
fatal: /usr/lib/postfix/postfix-script: No such file or directory
These are all in /usr/libexec/postfix/\*.
Guess what, exactly this time i simply updated the server and went
away.. 10 hours mail...It seems the paths have been mangled:
fatal: /usr/lib/postfix/postfix-script: No such file or directory
These are all in /usr/libexec/postfix/\*.
Guess what, exactly this time i simply updated the server and went
away.. 10 hours mails missing ;)
*(from redmine: issue id 9356, created on 2018-08-28, closed on 2019-01-10)*
* Relations:
* relates #93353.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9374open-vm-tools: /etc/modules-load.d/open-vm-tools missing.conf extension2019-07-23T11:22:04ZJohn Doeopen-vm-tools: /etc/modules-load.d/open-vm-tools missing.conf extensionShould “/etc/modules-load.d/open-vm-tools” not have a *.conf* extension
?
I was recently experimenting with btrfs and found that
/etc/modules-load.d/btrfs would not load, but
/etc/modules-load.d/btrfs.conf would. So surely it is the sam...Should “/etc/modules-load.d/open-vm-tools” not have a *.conf* extension
?
I was recently experimenting with btrfs and found that
/etc/modules-load.d/btrfs would not load, but
/etc/modules-load.d/btrfs.conf would. So surely it is the same with
others such as open-vm-tools ?
*(from redmine: issue id 9374, created on 2018-09-02, closed on 2019-01-10)*3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9382[3.9] ghostscript: Multiple vulnerabilities (CVE-2018-10194, CVE-2018-15908, ...2019-07-23T11:21:55ZAlicha CH[3.9] ghostscript: Multiple vulnerabilities (CVE-2018-10194, CVE-2018-15908, CVE-2018-15909, CVE-2018-15910, CVE-2018-15911)**CVE-2018-10194**: The set\_text\_distance function in
devices/vector/gdevpdts.c in the pdfwrite component in Artifex
Ghostscript
through 9.22 does not prevent overflows in text-positioning calculation,
which allows remote attackers t...**CVE-2018-10194**: The set\_text\_distance function in
devices/vector/gdevpdts.c in the pdfwrite component in Artifex
Ghostscript
through 9.22 does not prevent overflows in text-positioning calculation,
which allows remote attackers to cause a denial of service
(application crash) or possibly have unspecified other impact via a
crafted PDF document.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-10194
http://www.openwall.com/lists/oss-security/2018/04/19/5
### Patch:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=39b1e54b2968620723bf32e96764c88797714879
**CVE-2018-15908**: In Artifex Ghostscript 9.23 before 2018-08-23,
attackers are able to supply malicious
PostScript files to bypass .tempfile restrictions and write files.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-15908
### Patch:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0d3901189f245232f0161addf215d7268c4d05a3
**CVE-2018-15909**: In Artifex Ghostscript 9.23 before 2018-08-24, a
type confusion using the .shfill operator could be used by
attackers able to supply crafted PostScript files to crash the
interpreter or potentially execute code.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-15909
### Patches:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=0b6cd1918e1ec4ffd087400a754a845180a4522b
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e01e77a36cbb2e0277bc3a63852244bec41be0f6
**CVE-2018-15910**: In Artifex Ghostscript 9.23 before 2018-08-23,
attackers able to supply crafted PostScript files
could use a type confusion in the LockDistillerParams parameter to crash
the interpreter or execute code.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-15910
### Patch:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c3476dde7743761a4e1d39a631716199b696b880
**CVE-2018-15911**: In Artifex Ghostscript 9.23 before 2018-08-24,
attackers able to supply crafted PostScript could use uninitialized
memory access in the aesdecode operator to crash the interpreter or
potentially execute code.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-15911
### Patch:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=8e9ce5016db968b40e4ec255a3005f2786cce45f
*(from redmine: issue id 9382, created on 2018-09-04, closed on 2018-09-20)*
* Relations:
* parent #9381
* Changesets:
* Revision c13758613f3110e14c2e9eda818406f235d996c1 by Andy Postnikov on 2018-09-10T17:18:55Z:
```
main/ghostscript: security upgrade to 9.24
CVE-2018-15908, CVE-2018-15909, CVE-2018-15910, CVE-2018-15911
CVE-2018-10194
fixes #9382
```3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9393[3.9] curl: NTLM password overflow via integer overflow (CVE-2018-14618)2019-07-23T11:21:47ZAlicha CH[3.9] curl: NTLM password overflow via integer overflow (CVE-2018-14618)The internal function Curl\_ntlm\_core\_mk\_nt\_hash multiplies the
length of the password by two (SUM)
to figure out how large temporary storage area to allocate from the
heap. The length value is then subsequently
used to iterate o...The internal function Curl\_ntlm\_core\_mk\_nt\_hash multiplies the
length of the password by two (SUM)
to figure out how large temporary storage area to allocate from the
heap. The length value is then subsequently
used to iterate over the password and generate output into the allocated
storage buffer. On systems with a 32 bit size\_t,
the math to calculate SUM triggers an integer overflow when the password
length exceeds 2GB (2^31 bytes). This integer
overflow usually causes a very small buffer to actually get allocated
instead of the intended very huge one, making the
use of that buffer end up in a heap buffer overflow.
### Affected versions:
libcurl 7.15.4 to and including 7.61.0
### Not affected versions:
libcurl < 7.15.4 and >= 7.61.1
### References:
https://curl.haxx.se/docs/CVE-2018-14618.html
### Patch:
https://github.com/curl/curl/commit/57d299a499155d4b327e341c6024e293b0418243.patch
*(from redmine: issue id 9393, created on 2018-09-06, closed on 2018-09-20)*
* Relations:
* parent #9392
* Changesets:
* Revision a64f50f2f36792ffa6bf4ca8fa4339d6d373f4f7 by Natanael Copa on 2018-09-10T09:32:19Z:
```
main/curl: security upgrade to 7.61.1 (CVE-2018-14618)
fixes #9393
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9405[3.9] wireshark: Multiple vulnerabilities (CVE-2018-16056, CVE-2018-16057, CV...2019-07-23T11:21:37ZAlicha CH[3.9] wireshark: Multiple vulnerabilities (CVE-2018-16056, CVE-2018-16057, CVE-2018-16058)CVE-2018-16056: Bluetooth Attribute Protocol dissector crash
------------------------------------------------------------
Affected versions: 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, 2.2.0 to 2.2.16
Fixed versions: 2.6.3, 2.4.9, 2.2.17
### Ref...CVE-2018-16056: Bluetooth Attribute Protocol dissector crash
------------------------------------------------------------
Affected versions: 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, 2.2.0 to 2.2.16
Fixed versions: 2.6.3, 2.4.9, 2.2.17
### References:
https://www.wireshark.org/security/wnpa-sec-2018-45.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=14994
CVE-2018-16057: Radiotap dissector crash
----------------------------------------
Affected versions: 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, 2.2.0 to 2.2.16
Fixed versions: 2.6.3, 2.4.9, 2.2.17
### References:
https://www.wireshark.org/security/wnpa-sec-2018-46.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15022
CVE-2018-16058: Bluetooth AVDTP dissector crash
-----------------------------------------------
Affected versions: 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, 2.2.0 to 2.2.16
Fixed versions: 2.6.3, 2.4.9, 2.2.17
### References:
https://www.wireshark.org/security/wnpa-sec-2018-44.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=14884
*(from redmine: issue id 9405, created on 2018-09-10, closed on 2018-09-11)*
* Relations:
* parent #9404
* Changesets:
* Revision e9155647732297c2d4e384b3c1c9cca257f2416a by Natanael Copa on 2018-09-10T17:31:44Z:
```
community/wireshark: security upgrade to 2.6.3
CVE-2018-16056, CVE-2018-16057, CVE-2018-16058
fixes #9405
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9419libressl fails on kernels without getrandom (like debian 8)2019-07-23T11:21:31ZMartijn Braamlibressl fails on kernels without getrandom (like debian 8)One of the recent updates of libressl on alpine edge seem to break a lot
of tools that use ssl when running as a container on debian 8.
This is due to debian 8 using the 3.16 kernel but libressl seems to
crash on not having the getrando...One of the recent updates of libressl on alpine edge seem to break a lot
of tools that use ssl when running as a container on debian 8.
This is due to debian 8 using the 3.16 kernel but libressl seems to
crash on not having the getrandom syscall introduced in linux 3.17.
I’ve so far run into this with curl and git.
*(from redmine: issue id 9419, created on 2018-09-14, closed on 2019-01-10)*3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9427[3.9] libjpeg-turbo: "cjpeg" utility large loop because read_pixel in rdtarga...2019-07-23T11:11:16ZAlicha CH[3.9] libjpeg-turbo: "cjpeg" utility large loop because read_pixel in rdtarga.c mishandles EOF (CVE-2018-11813)“cjpeg” utility large loop because read\_pixel in rdtarga.c mishandles
EOF
### Reference:
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/242
### Patch:
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/19074854d9d8bc32dff3...“cjpeg” utility large loop because read\_pixel in rdtarga.c mishandles
EOF
### Reference:
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/242
### Patch:
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/19074854d9d8bc32dff3ed252eed17ed6cc2ecfc
*(from redmine: issue id 9427, created on 2018-09-20, closed on 2018-09-27)*
* Relations:
* parent #9426
* Changesets:
* Revision d99aa8e3f0c88299d5094270594708793d135723 by Natanael Copa on 2018-09-25T11:00:55Z:
```
main/libjpeg-turbo: backport security fix (CVE-2018-11813)
fixes #9427
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9433[3.9] ghostscript: Incorrect "restoration of privilege" checking when running...2019-07-23T11:21:21ZAlicha CH[3.9] ghostscript: Incorrect "restoration of privilege" checking when running out of stack during exception handling (CVE-2018-16802)An issue was discovered in Artifex Ghostscript before 9.25. Incorrect
“restoration of privilege”
checking when running out of stack during exception handling could be
used by attackers able to supply
crafted PostScript to execute cod...An issue was discovered in Artifex Ghostscript before 9.25. Incorrect
“restoration of privilege”
checking when running out of stack during exception handling could be
used by attackers able to supply
crafted PostScript to execute code using the “pipe” instruction. This is
due to an incomplete fix for CVE-2018-16509.
### References:
https://seclists.org/oss-sec/2018/q3/228
https://seclists.org/oss-sec/2018/q3/229
https://seclists.org/oss-sec/2018/q3/233
### Patches:
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=643b24db
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3e5d316b
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5812b1b7
*(from redmine: issue id 9433, created on 2018-09-20, closed on 2018-11-08)*
* Relations:
* copied_to #9432
* parent #94323.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9441mariadb: testsuite hangs on aarch642019-07-23T11:21:15ZNatanael Copamariadb: testsuite hangs on aarch64build-edge-aarch64:~/aports/main/mariadb/src/mariadb-10.3.9$ ctest -V -I 20,20 -E test-connect
UpdateCTestConfiguration from :/home/buildozer/aports/main/mariadb/src/mariadb-10.3.9/DartConfiguration.tcl
UpdateCTestConfiguration...build-edge-aarch64:~/aports/main/mariadb/src/mariadb-10.3.9$ ctest -V -I 20,20 -E test-connect
UpdateCTestConfiguration from :/home/buildozer/aports/main/mariadb/src/mariadb-10.3.9/DartConfiguration.tcl
UpdateCTestConfiguration from :/home/buildozer/aports/main/mariadb/src/mariadb-10.3.9/DartConfiguration.tcl
Test project /home/buildozer/aports/main/mariadb/src/mariadb-10.3.9
Constructing a list of tests
Done constructing a list of tests
Updating test list for fixtures
Added 0 tests to meet fixture requirements
Checking test dependency graph...
Checking test dependency graph end
test 20
Start 20: my_apc
20: Test command: /home/buildozer/aports/main/mariadb/src/mariadb-10.3.9/unittest/sql/my_apc-t
20: Test timeout computed to be: 10000000
20: 1..1
20: # Testing APC delivery and execution
20: # test_apc_service_thread started
20: # test_apc_requestor_thread started
20: # test_apc_requestor_thread started
20: # test_apc_requestor_thread started
20: # test_apc_requestor_thread started
20: # test_apc_requestor_thread started
20: # test_apc_requestor_thread started
20: # test_apc_requestor_thread started
20: # test_apc_requestor_thread started
20: # test_apc_requestor_thread started
20: # test_apc_requestor_thread started
20: # test_apc_requestor_thread started
20: # test_apc_requestor_thread started
20: # test_apc_requestor_thread started
20: # test_apc_requestor_thread started
20: # test_apc_requestor_thread started
20: # test_apc_requestor_thread started
20: # test_apc_requestor_thread started
20: # test_apc_requestor_thread started
20: # test_apc_requestor_thread started
20: # test_apc_requestor_thread started
20: # test_apc_requestor_thread started
20: # test_apc_requestor_thread started
20: # test_apc_requestor_thread started
20: # 832 APCs served 0 missed
20: # 1646 APCs served 0 missed
20: # 2468 APCs served 0 missed
20: # 3272 APCs served 0 missed
20: # 4088 APCs served 0 missed
20: # 4924 APCs served 0 missed
20: # 5770 APCs served 0 missed
20: # 6577 APCs served 0 missed
20: # 7389 APCs served 0 missed
20: # 8232 APCs served 0 missed
20: # 9035 APCs served 0 missed
20: # 9847 APCs served 0 missed
20: # 10651 APCs served 0 missed
20: # 11477 APCs served 0 missed
20: # 12306 APCs served 0 missed
20: # Shutting down requestors
20: # test_apc_requestor_thread exiting
20: # test_apc_requestor_thread exiting
20: # test_apc_requestor_thread exiting
20: # test_apc_requestor_thread exiting
20: # test_apc_requestor_thread exiting
20: # test_apc_requestor_thread exiting
20: # test_apc_requestor_thread exiting
20: # test_apc_requestor_thread exiting
20: # test_apc_requestor_thread exiting
20: # test_apc_requestor_thread exiting
20: # test_apc_requestor_thread exiting
20: # test_apc_requestor_thread exiting
20: # test_apc_requestor_thread exiting
20: # test_apc_requestor_thread exiting
20: # test_apc_requestor_thread exiting
20: # # # # test_apc_requestor_thread exiting
*(from redmine: issue id 9441, created on 2018-09-21, closed on 2019-01-10)*3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9443[3.9] lcms2: heap-based buffer overflow in SetData function in cmsIT8LoadFrom...2019-07-23T11:21:13ZAlicha CH[3.9] lcms2: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile (CVE-2018-16435)A flaw was found in Little CMS (aka Little Color Management System) 2.9.
An integer overflow
in the AllocateDataSet function in cmscgats.c, leading to a heap-based
buffer overflow in the
SetData function via a crafted file in the sec...A flaw was found in Little CMS (aka Little Color Management System) 2.9.
An integer overflow
in the AllocateDataSet function in cmscgats.c, leading to a heap-based
buffer overflow in the
SetData function via a crafted file in the second argument to
cmsIT8LoadFromFile.
### References:
https://github.com/mm2/Little-CMS/issues/171
https://nvd.nist.gov/vuln/detail/CVE-2018-16435
### Patch:
https://github.com/mm2/Little-CMS/commit/768f70ca405cd3159d990e962d54456773bb8cf8
*(from redmine: issue id 9443, created on 2018-09-21, closed on 2018-11-08)*
* Relations:
* parent #9442
* Changesets:
* Revision 348c14c7421c7d8fcdc82fd7014fb75eed11f56f on 2018-11-06T15:54:09Z:
```
main/lcms2: security fix (CVE-2018-16435)
Fixes #9443
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9452[3.9] webkit2gtk: Multiple vulnerabilities (CVE-2018-4246, CVE-2018-4261, CVE...2019-07-23T11:21:07ZAlicha CH[3.9] webkit2gtk: Multiple vulnerabilities (CVE-2018-4246, CVE-2018-4261, CVE-2018-4262, CVE-2018-4263, CVE-2018-4264, CVE-2018-4265, CVE-2018-4266, CVE-2018-4267, CVE-2018-4270, CVE-2018-4272, CVE-2018-4273, CVE-2018-4278, CVE-2018-4284, CVE-2018-12911)**CVE-2018-4246**
Processing maliciously crafted web content may lead to arbitrary code
execution.
A type confusion issue was addressed with improved memory handling.
Versions affected: WebKitGTK+ before 2.20.4
**CVE-2018-4261**
P...**CVE-2018-4246**
Processing maliciously crafted web content may lead to arbitrary code
execution.
A type confusion issue was addressed with improved memory handling.
Versions affected: WebKitGTK+ before 2.20.4
**CVE-2018-4261**
Processing maliciously crafted web content may lead to arbitrary code
execution.
A memory corruption issue was addressed with improved memory handling.
Versions affected: WebKitGTK+ before 2.20.4
**CVE-2018-4262**
Processing maliciously crafted web content may lead to arbitrary code
execution.
A memory corruption issue was addressed with improved memory handling.
Versions affected: WebKitGTK+ before 2.20.4
**CVE-2018-4263**
Processing maliciously crafted web content may lead to arbitrary code
execution.
A memory corruption issue was addressed with improved memory handling.
Versions affected: WebKitGTK+ before 2.20.4
**CVE-2018-4264**
Processing maliciously crafted web content may lead to arbitrary code
execution.
A memory corruption issue was addressed with improved memory handling.
Versions affected: WebKitGTK+ before 2.20.4
**CVE-2018-4265**
Processing maliciously crafted web content may lead to arbitrary code
execution.
A memory corruption issue was addressed with improved memory handling.
Versions affected: WebKitGTK+ before 2.20.4
**CVE-2018-4266**
A malicious website may be able to cause a denial of service.
A race condition was addressed with additional validation.
Versions affected: WebKitGTK+ before 2.20.4 and WPE WebKit before
2.20.2.
**CVE-2018-4267**
Processing maliciously crafted web content may lead to arbitrary code
execution.
A memory corruption issue was addressed with improved memory handling.
Versions affected: WebKitGTK+ before 2.20.4
**CVE-2018-4270**
Processing maliciously crafted web content may lead to an unexpected
application crash.
A memory corruption issue was addressed with improved memory handling.
Versions affected: WebKitGTK+ before 2.20.4
**CVE-2018-4272**
Processing maliciously crafted web content may lead to arbitrary code
execution.
A memory corruption issue was addressed with improved memory handling.
Versions affected: WebKitGTK+ before 2.20.4
**CVE-2018-4273**
Processing maliciously crafted web content may lead to an unexpected
application crash.
A memory corruption issue was addressed with improved input
validation.
Versions affected: WebKitGTK+ before 2.20.4
**CVE-2018-4278**
A malicious website may exfiltrate audio data cross-origin. Sound
fetched through audio elements
may be exfiltrated cross-origin. This issue was addressed with improved
audio taint tracking.
Versions affected: WebKitGTK+ before 2.20.4
**CVE-2018-4284**
Processing maliciously crafted web content may lead to arbitrary code
execution.
A type confusion issue was addressed with improved memory handling
Versions affected: WebKitGTK+ before 2.20.4
.
**CVE-2018-12911**
Processing maliciously crafted web content may lead to arbitrary code
execution.
A buffer overflow issue was addressed with improved memory handling.
Versions affected: WebKitGTK+ before 2.20.4
### Reference:
https://webkitgtk.org/security/WSA-2018-0006.html
*(from redmine: issue id 9452, created on 2018-09-21, closed on 2018-10-02)*
* Relations:
* parent #9451
* Changesets:
* Revision 609fbb0235cf6440f5d502885c4e0531c835aed7 by Natanael Copa on 2018-09-27T10:37:24Z:
```
community/webkit2gtk: upgrade to 2.22.2
fixes #9473
fixes #9452
```3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9456[3.9] hylafax: JPEG support code execution (CVE-2018-17141)2019-07-23T11:21:03ZAlicha CH[3.9] hylafax: JPEG support code execution (CVE-2018-17141)HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute
arbitrary code via a dial-in session that provides a FAX page
with the JPEG bit enabled, which is mishandled in
FaxModem::writeECMData() in the faxd/CopyQuality.c<span
...HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute
arbitrary code via a dial-in session that provides a FAX page
with the JPEG bit enabled, which is mishandled in
FaxModem::writeECMData() in the faxd/CopyQuality.c<span
class="underline"></span> file.
### References:
https://www.openwall.com/lists/oss-security/2018/09/20/1
https://nvd.nist.gov/vuln/detail/CVE-2018-17141
### Patch:
http://git.hylafax.org/HylaFAX?a=commit;h=82fa7bdbffc253de4d3e80a87d47fdbf68eabe36
*(from redmine: issue id 9456, created on 2018-09-24, closed on 2018-10-09)*
* Relations:
* parent #9455
* Changesets:
* Revision d4ebd7cc66c32690a483cb6e2b1d825429a4920c on 2018-10-09T06:08:39Z:
```
main/hylafax: security fix (CVE-2018-17141)
Fixes #9456
```3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9462[3.9] bind: Update policies krb5-subdomain and ms-subdomain (CVE-2018-5741)2019-07-23T11:20:58ZAlicha CH[3.9] bind: Update policies krb5-subdomain and ms-subdomain (CVE-2018-5741)In order to provide fine-grained controls over the ability to use
Dynamic DNS (DDNS) to update records in a zone, BIND provides a feature
called update-policy. Various rules can be configured to limit the types
of updates that can be per...In order to provide fine-grained controls over the ability to use
Dynamic DNS (DDNS) to update records in a zone, BIND provides a feature
called update-policy. Various rules can be configured to limit the types
of updates that can be performed by a client, depending on the key used
when sending the update request. Unfortunately some rule types were not
initially documented, and when documentation for them was added to the
Administrator Reference Manual (ARM) in change, the language that was
added to the ARM at that time incorrectly described the behavior of two
rule types, krb5-subdomain and ms-subdomain. This incorrect
documentation could mislead operators into believing that policies they
had configured were more restrictive than they actually were.
### Versions affected:
The behavior described is present in all versions of BIND 9 which
contain the krb5-subdomain and ms-subdomain update
policies prior to our upcoming maintenance releases, BIND 9.11.5 and
9.12.3. However, the misleading documentation
is not present in all versions.
### References:
https://kb.isc.org/docs/cve-2018-5741
https://www.openwall.com/lists/oss-security/2018/09/19/11
*(from redmine: issue id 9462, created on 2018-09-25, closed on 2018-12-04)*
* Relations:
* parent #9461
* Changesets:
* Revision 51978afa8a1151a013383d4dfe8297e90c29ff31 by Taner Tas on 2018-11-29T14:47:56Z:
```
main/bind: Upgrade to 9.12.3
* Add "--disable-isc-spnego" to use gss-spnego instead.
fixes #9462
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9483[3.9] strongswan: Multiple vulnerabilities (CVE-2018-16151, CVE-2018-16152)2019-07-23T11:20:40ZAlicha CH[3.9] strongswan: Multiple vulnerabilities (CVE-2018-16151, CVE-2018-16152)**CVE-2018-16151**: In verify\_emsa\_pkcs1\_signature() in
gmp\_rsa\_public\_key.c in the gmp plugin in strongSwan 4.x and 5.x
before 5.7.0,
the RSA implementation based on GMP does not reject excess data after
the encoded algorithm OI...**CVE-2018-16151**: In verify\_emsa\_pkcs1\_signature() in
gmp\_rsa\_public\_key.c in the gmp plugin in strongSwan 4.x and 5.x
before 5.7.0,
the RSA implementation based on GMP does not reject excess data after
the encoded algorithm OID during PKCS\#1 v1.5 signature verification.
Similar to the flaw in the same version of strongSwan regarding
digestAlgorithm.parameters, a remote attacker can forge signatures when
small
public exponents are being used, which could lead to impersonation when
only an RSA signature is used for IKEv2 authentication.
### References:
https://www.strongswan.org/blog/2018/09/24/strongswan-vulnerability-(cve-2018-16151,-cve-2018-16152).html
https://nvd.nist.gov/vuln/detail/CVE-2018-16151
### Patches:
https://download.strongswan.org/patches/27\_gmp\_pkcs1\_verify\_patch/strongswan-5.3.1-5.6.0\_gmp-pkcs1-verify.patch
https://download.strongswan.org/patches/27\_gmp\_pkcs1\_verify\_patch/strongswan-5.6.1-5.6.3\_gmp-pkcs1-verify.patch
**CVE-2018-16152**: In verify\_emsa\_pkcs1\_signature() in
gmp\_rsa\_public\_key.c in the gmp plugin in strongSwan 4.x and 5.x
before 5.7.0,
the RSA implementation based on GMP does not reject excess data in the
digestAlgorithm.parameters field during PKCS\#1 v1.5 signature
verification. Consequently, a remote attacker can forge signatures when
small public exponents are being used, which could lead to
impersonation when only an RSA signature is used for IKEv2
authentication.
### References:
https://www.strongswan.org/blog/2018/09/24/strongswan-vulnerability-(cve-2018-16151,-cve-2018-16152).html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-16152
### Patches:
https://download.strongswan.org/patches/27\_gmp\_pkcs1\_verify\_patch/strongswan-5.3.1-5.6.0\_gmp-pkcs1-verify.patch
https://download.strongswan.org/patches/27\_gmp\_pkcs1\_verify\_patch/strongswan-5.6.1-5.6.3\_gmp-pkcs1-verify.patch
*(from redmine: issue id 9483, created on 2018-09-27, closed on 2018-10-04)*
* Relations:
* parent #9482
* Changesets:
* Revision 69cb3c4ebb573f4427b512a8f3ce9f8da6edc356 on 2018-10-02T08:30:00Z:
```
main/strongswan: security upgrade to 5.7.0
- CVE-2018-16151
- CVE-2018-16152
fixes #9483
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9498[3.9] gd: Double free in src/gd_bump.c:gdImageBmpPtr() via crafted JPEG (CVE-...2019-07-23T11:20:31ZAlicha CH[3.9] gd: Double free in src/gd_bump.c:gdImageBmpPtr() via crafted JPEG (CVE-2018-1000222)Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability
in gdImageBmpPtr Function that can result
in Remote Code Execution . This attack appear to be exploitable via
Specially Crafted Jpeg Image can trigger double free. ...Libgd version 2.2.5 contains a Double Free Vulnerability vulnerability
in gdImageBmpPtr Function that can result
in Remote Code Execution . This attack appear to be exploitable via
Specially Crafted Jpeg Image can trigger double free.
This vulnerability appears to have been fixed in after commit
ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5.
### References:
https://github.com/libgd/libgd/issues/447
https://nvd.nist.gov/vuln/detail/CVE-2018-1000222
### Patch:
https://github.com/libgd/libgd/commit/ac16bdf2d41724b5a65255d4c28fb0ec46bc42f5
*(from redmine: issue id 9498, created on 2018-10-02, closed on 2018-10-04)*
* Relations:
* parent #9497
* Changesets:
* Revision 406fd782d7205c90c4586a1716ec8f6698263dd3 by Natanael Copa on 2018-10-02T14:04:27Z:
```
main/gd: backport security fix for CVE-2018-1000222
fixes #9498
```3.9.0Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9508Upgrade gnutls to 3.6.4 to support TLS 1.32019-07-23T11:20:25ZJonathan CoetzeeUpgrade gnutls to 3.6.4 to support TLS 1.3Gnutls 3.6.4 was released on 24/09/2018 with support for final TLS 1.3
spec, enabled by default
([source](https://lists.gnupg.org/pipermail/gnutls-help/2018-September/004457.html)).
Think it would be a good idea for Alpine 3.9 to pull th...Gnutls 3.6.4 was released on 24/09/2018 with support for final TLS 1.3
spec, enabled by default
([source](https://lists.gnupg.org/pipermail/gnutls-help/2018-September/004457.html)).
Think it would be a good idea for Alpine 3.9 to pull this in so packages
that depend on it will have support for the improved protocol.
*(from redmine: issue id 9508, created on 2018-10-04, closed on 2019-01-10)*
* Changesets:
* Revision a76c5dbc923991172425263d8952dbe5d6762e99 on 2018-10-14T10:29:16Z:
```
main/gnutls: upgrade to 3.6.4
Fixes #9508
```
* Revision 336d5782ce41d5f07e6fde083d6efc8cfaeaedc5 on 2019-04-12T06:17:35Z:
```
main/gnutls: upgrade to 3.6.4
Fixes #9508
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9521[3.9] libexif: Out-of-bounds heap read in exif_data_save_data_entry function ...2019-07-23T11:20:12ZAlicha CH[3.9] libexif: Out-of-bounds heap read in exif_data_save_data_entry function (CVE-2017-7544)One heap-based out-of-bounds read vulnerabiltiy exists in
libexif-0.6.21. When saving the data of an entry tagged with
“EXIF\_TAG\_MAKER\_NOTE” to
a buffer and copying the data of the exif entry, there is a mismatch
between the compute...One heap-based out-of-bounds read vulnerabiltiy exists in
libexif-0.6.21. When saving the data of an entry tagged with
“EXIF\_TAG\_MAKER\_NOTE” to
a buffer and copying the data of the exif entry, there is a mismatch
between the computed read size of the entry data and the size of the
allocated entry data.
The vulnerability can cause Denial-of-Service, even Information
Disclosure (disclosing some critical heap chunk metadata, even other
applications’ private data).
### References:
https://sourceforge.net/p/libexif/bugs/130/
https://nvd.nist.gov/vuln/detail/CVE-2017-7544
*(from redmine: issue id 9521, created on 2018-10-08, closed on 2018-10-09)*
* Relations:
* parent #9520
* Changesets:
* Revision 9d34941961856b21028cb4a838a1218a8edf332b on 2018-10-08T13:45:08Z:
```
main/libexif: security fix (CVE-2017-7544)
Fixes #9521
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9533[3.9] libx11: Multiple vulnerabilities (CVE-2018-14598, CVE-2018-14599, CVE-2...2019-07-23T11:20:04ZAlicha CH[3.9] libx11: Multiple vulnerabilities (CVE-2018-14598, CVE-2018-14599, CVE-2018-14600)CVE-2018-14598: Crash on invalid reply in XListExtensions in ListExt.c
----------------------------------------------------------------------
An issue was discovered in ListExt.c:XListExtensions and
GetFPath.c:XGetFontPath in libX11 thr...CVE-2018-14598: Crash on invalid reply in XListExtensions in ListExt.c
----------------------------------------------------------------------
An issue was discovered in ListExt.c:XListExtensions and
GetFPath.c:XGetFontPath in libX11 through version 1.6.5. A malicious
server can send
a reply in which the first string overflows, causing a variable to be
set to NULL that will be freed later on, leading to DoS (segmentation
fault).
### Fixed In Version:
libX11 1.6.6
### References:
http://www.openwall.com/lists/oss-security/2018/08/21/6
https://lists.x.org/archives/xorg-announce/2018-August/002916.html
### Patch:
https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=e83722768fd5c467ef61fa159e8c6278770b45c2
CVE-2018-14599: off-by-one error in XListExtensions in ListExt.c
----------------------------------------------------------------
An issue was discovered in libX11 through 1.6.5. Functions
GetFPath.c:XGetFontPath, ListExt.c:XListExtensions and
FontNames.c:XListFonts are
vulnerable to an off-by-one error when parsing list of strings returned
by malicious server responses, leading to DoS.
### Fixed In Version:
libX11 1.6.6
### References:
http://www.openwall.com/lists/oss-security/2018/08/21/6
https://lists.x.org/archives/xorg-announce/2018-August/002916.html
### Patch:
https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=b469da1430cdcee06e31c6251b83aede072a1ff0
CVE-2018-14600: Out of Bounds write in XListExtensions in ListExt.c
-------------------------------------------------------------------
An issue was discovered in libX11 through 1.6.5. Functions
ListExt.c:XListExtensions and GetFPath.c:XGetFontPath interpret a
variable as signed instead
of unsigned, resulting in an out-of-bounds write (of up to 128 bytes),
leading to DoS or remote code execution.
### Fixed In Version:
libX11 1.6.6
### References:
http://www.openwall.com/lists/oss-security/2018/08/21/6
https://lists.x.org/archives/xorg-announce/2018-August/002916.html
### Patch:
https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=dbf72805fd9d7b1846fe9a11b46f3994bfc27fea
*(from redmine: issue id 9533, created on 2018-10-08, closed on 2018-10-09)*
* Relations:
* parent #9532
* Changesets:
* Revision f673b89cd43dc3fe12a443558e82318ed03fb6ef by Natanael Copa on 2018-10-08T11:49:37Z:
```
main/libx11: security upgrade to 1.6.6
CVE-2018-14598
CVE-2018-14599
CVE-2018-14600
fixes #9533
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9548Freeswitch: upgrade to 1.82019-07-23T11:19:51ZFrancesco ColistaFreeswitch: upgrade to 1.8Freeswitch 1.6.x is EoL: the website
https://freeswitch.org/confluence/display/FREESWITCH/Installation states
“The current public version/release of FreeSWITCH™ recommended for
production systems is 1.8, created 31 July, 2018 followed by...Freeswitch 1.6.x is EoL: the website
https://freeswitch.org/confluence/display/FREESWITCH/Installation states
“The current public version/release of FreeSWITCH™ recommended for
production systems is 1.8, created 31 July, 2018 followed by maintenance
levels. The current release of sounds and prompts is 1.0.51 as of 9
October, 2014.
If you’re using FreeSWITCH™ version 1.6 which is tagged End Of Life, you
should upgrade to 1.8 NOW.”
Can we package the new FS 1.8? At the moment it does not build due to
libressl incompatibility.
Thanks.
.: Francesco
*(from redmine: issue id 9548, created on 2018-10-09, closed on 2019-01-10)*
* Changesets:
* Revision 0ddc3765e529787e59084f84b6006eb2c7b22a21 by Natanael Copa on 2018-11-07T16:46:09Z:
```
main/freeswitch: upgrade to 1.8.2
fixes #9548
```3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9558glib-dev 2.58: don't depend on perl2019-07-23T11:19:46ZMohammed Sadiqglib-dev 2.58: don't depend on perlglib-dev, since 2.58, no longer requires perl. All scripts are now
ported to python.
*(from redmine: issue id 9558, created on 2018-10-19, closed on 2019-01-10)*
* Changesets:
* Revision 3d02166a3dfa7b700716202544ed8b5eab146ee4 by N...glib-dev, since 2.58, no longer requires perl. All scripts are now
ported to python.
*(from redmine: issue id 9558, created on 2018-10-19, closed on 2019-01-10)*
* Changesets:
* Revision 3d02166a3dfa7b700716202544ed8b5eab146ee4 by Natanael Copa on 2018-10-30T10:18:09Z:
```
main/glib: replace perl depends with python
upsteram has ported all perl scripts to python
fixes #9558
```3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9564[3.9] libxml2: Multiple vulnerabilities (CVE-2018-9251, CVE-2018-14404, CVE-2...2019-07-23T11:19:43ZAlicha CH[3.9] libxml2: Multiple vulnerabilities (CVE-2018-9251, CVE-2018-14404, CVE-2018-14567)**CVE-2018-9251**: The xz\_decomp function in xzlib.c in libxml2 2.9.8,
if —with-lzma is used, allows remote attackers to cause a denial of
service (infinite loop) via
a crafted XML file that triggers LZMA\_MEMLIMIT\_ERROR, as demonstr...**CVE-2018-9251**: The xz\_decomp function in xzlib.c in libxml2 2.9.8,
if —with-lzma is used, allows remote attackers to cause a denial of
service (infinite loop) via
a crafted XML file that triggers LZMA\_MEMLIMIT\_ERROR, as demonstrated
by xmllint, a different vulnerability than CVE-2015-8035.
### References:
https://bugzilla.gnome.org/show\_bug.cgi?id=794914
### Patch:
https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74
**CVE-2018-14404**: A NULL pointer dereference vulnerability exists in
the xpath.c:xmlXPathCompOpEval() function of libxml2 through 2.9.8 when
parsing an invalid XPath expression in the XPATH\_OP\_AND or
XPATH\_OP\_OR case. Applications processing untrusted XSL format inputs
with the use of the libxml2 library may be vulnerable to a denial of
service attack due to a crash of the application.
### References:
https://gitlab.gnome.org/GNOME/libxml2/issues/5
https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14404.html
### Patch:
https://gitlab.gnome.org/GNOME/libxml2/commit/a436374994c47b12d5de1b8b1d191a098fa23594
**CVE-2018-14567**: libxml2 2.9.8, if —with-lzma is used, allows remote
attackers to cause a denial of service (infinite loop) via a crafted XML
file that triggers
LZMA\_MEMLIMIT\_ERROR, as demonstrated by xmllint, a different
vulnerability than CVE-2015-8035 and CVE-2018-9251.
### References:
https://gitlab.gnome.org/GNOME/libxml2/issues/13
https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-14567.html
### Patch:
https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74
*(from redmine: issue id 9564, created on 2018-10-23, closed on 2018-10-25)*
* Relations:
* parent #9563
* Changesets:
* Revision a6c278e2f3d21e7ffc9b25ad0cd3845c3caafcf9 by Natanael Copa on 2018-10-24T16:18:38Z:
```
main/libxml2: backport security fixes
- CVE-2018-9251
- CVE-2018-14404
- CVE-2018-14567
fixes #9564
```3.9.0Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9577[3.9] apache2: DoS for HTTP/2 connections by continuous SETTINGS (CVE-2018-11...2019-07-23T11:19:30ZAlicha CH[3.9] apache2: DoS for HTTP/2 connections by continuous SETTINGS (CVE-2018-11763)In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large
SETTINGS frames a client can occupy a connection, server thread and CPU
time
without any connection timeout coming to effect. This affects only
HTTP/2 connections. A ...In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large
SETTINGS frames a client can occupy a connection, server thread and CPU
time
without any connection timeout coming to effect. This affects only
HTTP/2 connections. A possible mitigation is to not enable the h2
protocol.
### Fixed in Version:
Apache httpd 2.4.35
### References:
https://httpd.apache.org/security/vulnerabilities\_24.html
*(from redmine: issue id 9577, created on 2018-10-25, closed on 2018-10-29)*
* Relations:
* parent #9576
* Changesets:
* Revision f6d1356e6015d7539e9c147abbd2e13d4e2e0251 by Andy Postnikov on 2018-10-25T10:07:45Z:
```
main/apache2: security upgrade to 2.4.35 (CVE-2018-11763)
fixes #9577
```3.9.0Kaarle RitvanenKaarle Ritvanenhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9583[3.9] tiff: Multiple vulnerabilities (CVE-2018-10779, CVE-2018-17100, CVE-201...2019-07-23T11:19:23ZAlicha CH[3.9] tiff: Multiple vulnerabilities (CVE-2018-10779, CVE-2018-17100, CVE-2018-17101)**CVE-2018-10779**: Heap Buffer Overflow in TIFFWriteScanline of
tif\_write.c
### References:
http://bugzilla.maptools.org/show\_bug.cgi?id=2788
https://nvd.nist.gov/vuln/detail/CVE-2018-10779
### Patch:
https://gitlab.com/libtiff/...**CVE-2018-10779**: Heap Buffer Overflow in TIFFWriteScanline of
tif\_write.c
### References:
http://bugzilla.maptools.org/show\_bug.cgi?id=2788
https://nvd.nist.gov/vuln/detail/CVE-2018-10779
### Patch:
https://gitlab.com/libtiff/libtiff/commit/981e43ecae83935625c86c9118c0778c942c7048
**CVE-2018-17100**: An issue was discovered in LibTIFF 4.0.9. There is a
int32 overflow in multiply\_ms in tools/ppm2tiff.c,
which can cause a denial of service (crash) or possibly have unspecified
other impact via a crafted image file.
### References:
http://bugzilla.maptools.org/show\_bug.cgi?id=2810
### Patch:
https://gitlab.com/libtiff/libtiff/merge\_requests/33/diffs?commit\_id=6da1fb3f64d43be37e640efbec60400d1f1ac39e
**CVE-2018-17101**: An issue was discovered in LibTIFF 4.0.9. There are
two out-of-bounds writes in cpTags in tools/tiff2bw.c and
tools/pal2rgb.c,
which can cause a denial of service (application crash) or possibly have
unspecified other impact via a crafted image file.
### References:
http://bugzilla.maptools.org/show\_bug.cgi?id=2807
### Patch:
https://gitlab.com/libtiff/libtiff/merge\_requests/33/diffs?commit\_id=f1b94e8a3ba49febdd3361c0214a1d1149251577
*(from redmine: issue id 9583, created on 2018-10-25, closed on 2018-11-08)*
* Relations:
* parent #9582
* Changesets:
* Revision fb2c4a5aa0c36030c950f7885b60c306268666c8 on 2018-11-06T15:33:55Z:
```
main/tiff: security fixes
(CVE-2018-10779, CVE-2018-17100, CVE-2018-17101)
Fixes #9583
```3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9597[3.9] xorg-server: Incorrect permission check in Xorg X server allows for pri...2019-07-23T11:19:15ZAlicha CH[3.9] xorg-server: Incorrect permission check in Xorg X server allows for privilege escalation (CVE-2018-14665)A flaw was found in xorg-x11-server before 1.20.3. An incorrect
permission check for -modulepath and -logfile options when
starting Xorg. X server allows unprivileged users with the ability to
log in to the system via physical console ...A flaw was found in xorg-x11-server before 1.20.3. An incorrect
permission check for -modulepath and -logfile options when
starting Xorg. X server allows unprivileged users with the ability to
log in to the system via physical console to escalate their
privileges and run arbitrary code under root privileges.
### Fixed In Version:
xorg-server 1.20.3
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-14665
https://marc.info/?l=oss-security&m=154047832307726&w=2
### Patch:
Introduced by:
https://gitlab.freedesktop.org/xorg/xserver/commit/032b1d79b7d04d47814a5b3a9fdd162249fea74c
(1.19.0)
Fixed by:
https://gitlab.freedesktop.org/xorg/xserver/commit/50c0cf885a6e91c0ea71fb49fa8f1b7c86fe330e
*(from redmine: issue id 9597, created on 2018-10-29, closed on 2018-10-30)*
* Relations:
* copied_to #9596
* parent #95963.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9602[3.9] wireshark: Multiple vulnerabilities (CVE-2018-12086, CVE-2018-18225, CV...2019-07-23T11:19:09ZAlicha CH[3.9] wireshark: Multiple vulnerabilities (CVE-2018-12086, CVE-2018-18225, CVE-2018-18226, CVE-2018-18227)CVE-2018-12086: OpcUa dissector crash
-------------------------------------
Affected versions: 2.6.0 to 2.6.3, 2.4.0 to 2.4.9
Fixed versions: 2.6.4, 2.4.10
### References:
https://www.wireshark.org/security/wnpa-sec-2018-50.html
CV...CVE-2018-12086: OpcUa dissector crash
-------------------------------------
Affected versions: 2.6.0 to 2.6.3, 2.4.0 to 2.4.9
Fixed versions: 2.6.4, 2.4.10
### References:
https://www.wireshark.org/security/wnpa-sec-2018-50.html
CVE-2018-18225: CoAP dissector crash
------------------------------------
Affected versions: 2.6.0 to 2.6.3
Fixed versions: 2.6.4
### References:
https://www.wireshark.org/security/wnpa-sec-2018-49.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15172
CVE-2018-18226: Steam IHS Discovery dissector memory leak
---------------------------------------------------------
Affected versions: 2.6.0 to 2.6.3
Fixed versions: 2.6.4
### References:
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15171
https://www.wireshark.org/security/wnpa-sec-2018-48.html
CVE-2018-18227: MS-WSP dissector crash
--------------------------------------
Affected versions: 2.6.0 to 2.6.3, 2.4.0 to 2.4.9
Fixed versions: 2.6.4, 2.4.10
### References:
https://www.wireshark.org/security/wnpa-sec-2018-47.html
https://www.wireshark.org/security/wnpa-sec-2018-48.html
*(from redmine: issue id 9602, created on 2018-10-29, closed on 2018-10-30)*
* Relations:
* parent #9601
* Changesets:
* Revision 9f7a391b8a4478f35a1b1f3b3b49a51a820e005e by Natanael Copa on 2018-10-29T17:16:56Z:
```
community/wireshark: security upgrade to 2.6.4
CVE-2018-12086, CVE-2018-18225, CVE-2018-18226, CVE-2018-18227
fixes #9602
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9611[3.9] curl: Multiple vulnerabilities (CVE-2018-16839, CVE-2018-16840, CVE-201...2019-07-23T11:19:01ZAlicha CH[3.9] curl: Multiple vulnerabilities (CVE-2018-16839, CVE-2018-16840, CVE-2018-16842)CVE-2018-16839: SASL password overflow via integer overflow
-----------------------------------------------------------
The internal function Curl\_auth\_create\_plain\_message fails to
correctly verify that the passed in lengths
for ...CVE-2018-16839: SASL password overflow via integer overflow
-----------------------------------------------------------
The internal function Curl\_auth\_create\_plain\_message fails to
correctly verify that the passed in lengths
for name and password aren’t too long, then calculates a buffer size to
allocate.
On systems with a 32 bit size\_t, the math to calculate the buffer size
triggers an integer overflow when the user name length exceeds 2GB (2^31
bytes).
This integer overflow usually causes a very small buffer to actually get
allocated instead of the intended very huge one, making the use of that
buffer end up in a heap buffer overflow.
### Affected versions:
libcurl 7.33.0 to and including 7.61.1
### Not affected versions:
libcurl < 7.33.0 and >= 7.62.0
### Reference:
https://curl.haxx.se/docs/CVE-2018-16839.html
### Patch:
https://github.com/curl/curl/commit/f3a24d7916b9173c69a3e0ee790102993833d6c5
CVE-2018-16840: use-after-free in handle close
----------------------------------------------
When closing and cleaning up an “easy” handle in the Curl\_close()
function, the library code first frees a struct (without nulling the
pointer) and might
then subsequently erroneously write to a struct field within that
already freed struct.
### Affected versions:
libcurl 7.59.0 to and including 7.61.1
### Not affected versions:
libcurl < 7.59.0 and >= 7.62.0
### Reference:
https://curl.haxx.se/docs/CVE-2018-16840.html
### Patch:
https://github.com/curl/curl/commit/81d135d67155c5295b1033679c606165d4e28f3f
CVE-2018-16842: warning message out-of-buffer read
--------------------------------------------------
The command line tool has a generic function for displaying warning and
informational messages to stderr for various
situations. For example if an unknown command line argument is used, or
passed to it in a “config” file.
This display function formats the output to wrap at 80 columns. The wrap
logic is however flawed, so if a single word in the message is itself
longer than 80 bytes
the buffer arithmetic calculates the remainder wrong and will end up
reading behind the end of the buffer. This could lead to information
disclosure or crash.
### Reference:
https://curl.haxx.se/docs/CVE-2018-16842.html
### Patch:
https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211
*(from redmine: issue id 9611, created on 2018-11-01, closed on 2018-11-08)*
* Relations:
* parent #9610
* Changesets:
* Revision 8776c8cc044196f8f87d6fbc51e38dfa0f5aa438 on 2018-11-05T08:17:04Z:
```
main/curl: security upgrade to 7.62.0
CVE-2018-16839, CVE-2018-16840, CVE-2018-16842
Fixes #9611
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9619Support for xenpci in initramfs so we can build XEN storage driver domains wi...2019-07-23T11:18:54ZHenrik RiomarSupport for xenpci in initramfs so we can build XEN storage driver domains with alpineAdd a new feature to mkinitfs allowing xen-pcifront.ko to be part of
initramfs
PR: https://github.com/alpinelinux/mkinitfs/pull/45
*(from redmine: issue id 9619, created on 2018-11-02, closed on 2019-01-23)*Add a new feature to mkinitfs allowing xen-pcifront.ko to be part of
initramfs
PR: https://github.com/alpinelinux/mkinitfs/pull/45
*(from redmine: issue id 9619, created on 2018-11-02, closed on 2019-01-23)*3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9663[3.9] libmspack: Multiple vulnerabilities (CVE-2018-18584, CVE-2018-18585, CV...2019-07-23T11:18:41ZAlicha CH[3.9] libmspack: Multiple vulnerabilities (CVE-2018-18584, CVE-2018-18585, CVE-2018-18586)CVE-2018-18584: A CAB file with a Quantum-compressed block of exactly 38912 bytes will write one byte beyond the end of the input buffer
----------------------------------------------------------------------------------------------------...CVE-2018-18584: A CAB file with a Quantum-compressed block of exactly 38912 bytes will write one byte beyond the end of the input buffer
----------------------------------------------------------------------------------------------------------------------------------------
In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8,
the CAB
block input buffer is one byte too small for the maximal Quantum block,
leading to an out-of-bounds write.
### References:
https://www.cabextract.org.uk/libmspack/
https://nvd.nist.gov/vuln/detail/CVE-2018-18584
### Patch:
https://github.com/kyz/libmspack/commit/40ef1b4093d77ad3a5cfcee1f5cb6108b3a3bcc2
CVE-2018-18585: CHM files with blank filenames (by having embedded nulls) are allowed, which trips up clients that expect non-blank filenames
---------------------------------------------------------------------------------------------------------------------------------------------
chmd\_read\_headers in mspack/chmd.c in libmspack before 0.8alpha
accepts a filename
that has ‘\\0’ as its first or second character (such as the “/\\0”
name).
### References:
https://www.cabextract.org.uk/libmspack/
https://nvd.nist.gov/vuln/detail/CVE-2018-18585
### Patch:
https://github.com/kyz/libmspack/commit/8759da8db6ec9e866cb8eb143313f397f925bb4f
CVE-2018-18586: chmextract makes no attempt to protect you from relative/absolute paths in CHM filenames
--------------------------------------------------------------------------------------------------------
DISPUTED chmextract.c in the chmextract sample program, as distributed
with libmspack before 0.8alpha, does not protect against
absolute/relative pathnames in CHM files, leading to Directory
Traversal. NOTE: the vendor disputes that this is a libmspack
vulnerability, because chmextract.c was only intended as a source-code
example, not a supported application.
### References:
https://www.cabextract.org.uk/libmspack/
https://nvd.nist.gov/vuln/detail/CVE-2018-18586
### Patch:
https://github.com/kyz/libmspack/commit/7cadd489698be117c47efcadd742651594429e6d
*(from redmine: issue id 9663, created on 2018-11-21, closed on 2018-11-28)*
* Relations:
* parent #9662
* Changesets:
* Revision 3a49d88a9384e72b92ad518a7f8cf56dfe1c4513 by Natanael Copa on 2018-11-27T12:30:37Z:
```
main/libmspack: security upgrade to 0.8_alpha
CVE-2018-18584, CVE-2018-18585, CVE-2018-18586
fixes #9663
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9668[3.9] cabextract: Buffer overflow (CVE-2018-18584)2019-07-23T11:18:35ZAlicha CH[3.9] cabextract: Buffer overflow (CVE-2018-18584)cabextract before 1.8, the CAB block input buffer is one byte too small
for the maximal Quantum block,
leading to an out-of-bounds write.
### Fixed In Version:
cabextract 1.8
### References:
https://www.cabextract.org.uk
https://...cabextract before 1.8, the CAB block input buffer is one byte too small
for the maximal Quantum block,
leading to an out-of-bounds write.
### Fixed In Version:
cabextract 1.8
### References:
https://www.cabextract.org.uk
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18584
https://www.openwall.com/lists/oss-security/2018/10/22/1
*(from redmine: issue id 9668, created on 2018-11-21, closed on 2018-11-28)*
* Relations:
* parent #96673.9.0Leonardo ArenaLeonardo Arenahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9679[3.9] openjpeg: Multiple vulnerabilities (CVE-2017-17480, CVE-2018-18088)2019-07-23T11:18:28ZAlicha CH[3.9] openjpeg: Multiple vulnerabilities (CVE-2017-17480, CVE-2018-18088)CVE-2018-18088: NULL pointer dereference in the imagetopnm function of jp2/convert.c
------------------------------------------------------------------------------------
A flaw was found in OpenJPEG 2.3.0. A NULL pointer dereference for...CVE-2018-18088: NULL pointer dereference in the imagetopnm function of jp2/convert.c
------------------------------------------------------------------------------------
A flaw was found in OpenJPEG 2.3.0. A NULL pointer dereference for “red”
in the
imagetopnm function of jp2/convert.c
### References:
https://github.com/uclouvain/openjpeg/issues/1152
https://nvd.nist.gov/vuln/detail/CVE-2018-18088
### Patch:
https://github.com/uclouvain/openjpeg/commit/cab352e249ed3372dd9355c85e837613fff98fa2
CVE-2017-17480: Stack-buffer overflow in the pgxtovolume function
-----------------------------------------------------------------
In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the
pgxtovolume function in jp3d/convert.c. The vulnerability
causes an out-of-bounds write, which may lead to remote denial of
service or possibly remote code execution.
### References:
https://github.com/uclouvain/openjpeg/issues/1044
https://security-tracker.debian.org/tracker/CVE-2017-17480
### Patch:
https://github.com/uclouvain/openjpeg/commit/0bc90e4062a5f9258c91eca018c019b179066c62
*(from redmine: issue id 9679, created on 2018-11-22, closed on 2018-11-26)*
* Relations:
* parent #9678
* Changesets:
* Revision 5b27b635acbe69cadaffce1fbe4b69d8256c1315 by Natanael Copa on 2018-11-22T15:57:59Z:
```
main/openjpeg: security fix for CVE-2017-17480
also remove unused patches
fixes #9679
```3.9.0Francesco ColistaFrancesco Colistahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9685[3.9] clamav: Multiple vulnerabilities (CVE-2018-15378, CVE-2018-14680, CVE-2...2019-07-23T11:18:21ZAlicha CH[3.9] clamav: Multiple vulnerabilities (CVE-2018-15378, CVE-2018-14680, CVE-2018-14681, CVE-2018-14682)### Fixes for the following ClamAV vulnerabilities:
**CVE-2018-15378**: Vulnerability in ClamAV’s MEW unpacking feature that
could allow an unauthenticated,
remote attacker to cause a denial of service (DoS) condition on an
affected d...### Fixes for the following ClamAV vulnerabilities:
**CVE-2018-15378**: Vulnerability in ClamAV’s MEW unpacking feature that
could allow an unauthenticated,
remote attacker to cause a denial of service (DoS) condition on an
affected device.
### Fixes for the following vulnerabilities in bundled third-party libraries:
**CVE-2018-14680**: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha. It does not reject blank CHM filenames.
**CVE-2018-14681**: An issue was discovered in kwajd\_read\_headers in
mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header
extensions could cause a one or two byte overwrite.
**CVE-2018-14682**: An issue was discovered in mspack/chmd.c in
libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER()
macro for CHM decompression.
### Fixed In Version:
clamav 0.100.2
### References:
https://github.com/Cisco-Talos/clamav-devel/blob/dev/0.100/NEWS.md\#01002
http://lists.clamav.net/pipermail/clamav-announce/2018/000033.html
*(from redmine: issue id 9685, created on 2018-11-26, closed on 2018-11-28)*
* Relations:
* parent #9684
* Changesets:
* Revision 5412962cc2f34d4bb2f2996918e1384eda223946 on 2018-11-27T15:19:52Z:
```
main/clamav: security upgrade to 0.100.2 - CVE-2018-15378 - CVE-2018-14680 - CVE-2018-14681 - CVE-2018-14682
fixes #9685
```3.9.0Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9690[3.9] ghostscript: Multiple vulnerabilities: (CVE-2018-19409, CVE-2018-19475,...2019-07-23T11:18:16ZAlicha CH[3.9] ghostscript: Multiple vulnerabilities: (CVE-2018-19409, CVE-2018-19475, CVE-2018-19476, CVE-2018-19477)**CVE-2018-19409**: An issue was discovered in Artifex Ghostscript
before 9.26. LockSafetyParams is not
checked correctly if another device is used.
### Fixed In Version:
ghostscript 9.26
### References:
https://www.ghostscript.com...**CVE-2018-19409**: An issue was discovered in Artifex Ghostscript
before 9.26. LockSafetyParams is not
checked correctly if another device is used.
### Fixed In Version:
ghostscript 9.26
### References:
https://www.ghostscript.com/doc/9.26/History9.htm\#Version9.26
https://nvd.nist.gov/vuln/detail/CVE-2018-19409
### Patches:
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=661e8d8fb
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=ea1b3ef43
**CVE-2018-19475**: psi/zdevice2.c in Artifex Ghostscript before 9.26
allows remote attackers to bypass intended access restrictions because
available stack space is not checked when the device remains the same.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-19475
https://bugs.ghostscript.com/show\_bug.cgi?id=700153
### Patches:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3005fcb9bb160af199e761e03bc70a9f249a987e
(ghostscript-9.26)
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=aeea342904978c9fe17d85f4906a0f6fcce2d315
(master)
**CVE-2018-19476**: psi/zicc.c in Artifex Ghostscript before 9.26 allows
remote attackers to bypass intended
access restrictions because of a setcolorspace type confusion.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-19476
https://bugs.ghostscript.com/show\_bug.cgi?id=700169
### Patches:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=67d760ab775dae4efe803b5944b0439aa3c0b04a
(ghostscript-9.26)
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=434753adbe8be5534bfb9b7d91746023e8073d16
(master)
**CVE-2018-19477**: psi/zfjbig2.c in Artifex Ghostscript before 9.26
allows remote attackers to bypass intended access restrictions because
of a JBIG2Decode type confusion.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-19477
https://bugs.ghostscript.com/show\_bug.cgi?id=700168
### Patches:
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ef252e7dc214bcbd9a2539216aab9202848602bb
(ghostscript-9.26)
http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=606a22e77e7f081781e99e44644cd0119f559e03
(master)
*(from redmine: issue id 9690, created on 2018-11-26, closed on 2018-12-07)*
* Relations:
* parent #96893.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9696[3.9] roundcubemail: Cross-site Scripting issue in email attachments (CVE-201...2019-07-23T11:18:10ZAlicha CH[3.9] roundcubemail: Cross-site Scripting issue in email attachments (CVE-2018-19206)steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of
<svg>
<style>
, as demonstrated by
an onload attribute in a BODY element, within an HTML attachment.
### References:
https://github.com/roundcube/roundcubemai...steps/mail/func.inc in Roundcube before 1.3.8 has XSS via crafted use of
<svg>
<style>
, as demonstrated by
an onload attribute in a BODY element, within an HTML attachment.
### References:
https://github.com/roundcube/roundcubemail/issues/6410
https://nvd.nist.gov/vuln/detail/CVE-2018-19206
### Patch:
https://github.com/roundcube/roundcubemail/commit/102fbf1169116fef32a940b9fb1738bc45276059
*(from redmine: issue id 9696, created on 2018-11-26, closed on 2018-12-04)*
* Relations:
* parent #9695
* Changesets:
* Revision 1d5dbd01274ff36d9839dac79b36803262c62bfa by Natanael Copa on 2018-11-29T14:42:08Z:
```
community/roundcubemail: security upgrade to 1.3.8 (CVE-2018-19206)
fixes #9696
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9704[3.9] webkit2gtk: Multiple memory corruption issues (CVE-2018-4372)2020-06-23T23:02:11ZAlicha CH[3.9] webkit2gtk: Multiple memory corruption issues (CVE-2018-4372)Processing maliciously crafted web content may lead to arbitrary code
execution. Multiple memory
corruption issues were addressed with improved memory handling.
Versions affected: WebKitGTK+ before 2.22.4
### Reference:
https://webk...Processing maliciously crafted web content may lead to arbitrary code
execution. Multiple memory
corruption issues were addressed with improved memory handling.
Versions affected: WebKitGTK+ before 2.22.4
### Reference:
https://webkitgtk.org/security/WSA-2018-0008.html
*(from redmine: issue id 9704, created on 2018-11-27, closed on 2018-11-28)*
* Changesets:
* Revision 041fef015184af46bcc6eb6e421bdc5e3259c709 by Natanael Copa on 2018-11-27T13:38:59Z:
```
community/webkit2gtk: security upgrade to 2.22.4 (CVE-2018-4372)
fixes #9704
```3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9715[3.9] tiff: Multiple vulnerabilities (CVE-2018-12900, CVE-2018-18557, CVE-201...2019-07-23T11:17:58ZAlicha CH[3.9] tiff: Multiple vulnerabilities (CVE-2018-12900, CVE-2018-18557, CVE-2018-18661)CVE-2018-12900: Heap-based buffer overflow in the cpSeparateBufToContigBuf function resulting in a denial of service
--------------------------------------------------------------------------------------------------------------------
He...CVE-2018-12900: Heap-based buffer overflow in the cpSeparateBufToContigBuf function resulting in a denial of service
--------------------------------------------------------------------------------------------------------------------
Heap-based buffer overflow in the cpSeparateBufToContigBuf function in
tiffcp.c in LibTIFF 4.0.9 allows remote
attackers to cause a denial of service (crash) or possibly have
unspecified other impact via a crafted TIFF file.
### References:
http://bugzilla.maptools.org/show\_bug.cgi?id=2798
https://nvd.nist.gov/vuln/detail/CVE-2018-12900
CVE-2018-18557: Out-of-bounds write in tif\_jbig.c
--------------------------------------------------
LibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into a
buffer,
ignoring the buffer size, which leads to a tif\_jbig.c JBIGDecode
out-of-bounds write.
### References:
https://bugs.chromium.org/p/project-zero/issues/detail?id=1697
https://nvd.nist.gov/vuln/detail/CVE-2018-18557
CVE-2018-18661: tiff2bw tool failed memory allocation leads to crash
--------------------------------------------------------------------
An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer
dereference in the function
LZWDecode in the file tif\_lzw.c.
### References:
http://bugzilla.maptools.org/show\_bug.cgi?id=2819
https://nvd.nist.gov/vuln/detail/CVE-2018-18661
### Patch:
https://gitlab.com/libtiff/libtiff/commit/99b10edde9a0fc28cc0e7b7757aa18ac4c8c225f
*(from redmine: issue id 9715, created on 2018-11-29, closed on 2018-12-07)*
* Relations:
* parent #9714
* Changesets:
* Revision 0c504ed6ce49ffab8f4090a5a3ddaeeda27ecbf5 by Natanael Copa on 2018-11-30T11:58:02Z:
```
main/tiff: security upgrade to 4.0.10
CVE-2018-12900, CVE-2018-18557, CVE-2018-18661
fixes #9715
```3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9727[3.9] perl: Multiple vulnerabilities (CVE-2018-18311, CVE-2018-18312, CVE-201...2019-07-23T11:17:48ZAlicha CH[3.9] perl: Multiple vulnerabilities (CVE-2018-18311, CVE-2018-18312, CVE-2018-18313, CVE-2018-18314)CVE-2018-18311: Integer overflow leading to buffer overflow
-----------------------------------------------------------
A flaw was found in Perl versions 5.8.0 through 5.28. An Integer
overflow leading to buffer overflow
in Perl\_my\_...CVE-2018-18311: Integer overflow leading to buffer overflow
-----------------------------------------------------------
A flaw was found in Perl versions 5.8.0 through 5.28. An Integer
overflow leading to buffer overflow
in Perl\_my\_setenv function in util.c
### Fixed In Version:
perl 5.29.1, perl 5.26.3
### Reference:
https://rt.perl.org/Public/Bug/Display.html?id=133204
### Patch:
https://github.com/Perl/perl5/commit/34716e2a6ee2af96078d62b065b7785c001194be
Introduced by:
https://perl5.git.perl.org/perl.git/commitdiff/e658793210bbe632a5e80a876acfcd0984c46b87
CVE-2018-18312: Heap-buffer-overflow write / reg\_node overrun
--------------------------------------------------------------
A flaw was found in Perl versions 5.18 through 5.26. A
Heap-buffer-overflow write / reg\_node overrun
### Fixed In Version:
perl 5.26.3, perl 5.28.1
### References:
https://rt.perl.org/Ticket/Display.html?id=133423
https://security-tracker.debian.org/tracker/CVE-2018-18312
CVE-2018-18313: Heap-buffer-overflow read in regcomp.c
------------------------------------------------------
A flaw was found in Perl versions 5.22 through 5.26.
Heap-buffer-overflow read in regcomp.c
### Fixed In Version:
perl 5.26.3, perl 5.28.1
### Reference:
https://rt.perl.org/Public/Bug/Display.html?id=133192
### Patch:
https://github.com/Perl/perl5/commit/43b2f4ef399e2fd7240b4eeb0658686ad95f8e62
CVE-2018-18314: Heap-based buffer overflow
------------------------------------------
A flaw was found in Perl versions 5.18 through 5.28. A Heap-based buffer
overflow
### Fixed In Version:
perl 5.26.3, perl 5.28.1
### Reference:
https://rt.perl.org/Public/Bug/Display.html?id=131649
### Patch:
https://github.com/Perl/perl5/commit/19a498a461d7c81ae3507c450953d1148efecf4f
*(from redmine: issue id 9727, created on 2018-12-04, closed on 2018-12-06)*
* Relations:
* parent #9726
* Changesets:
* Revision 13074bff64787b9251ec396b8ac6ecd18718d2a0 by Natanael Copa on 2018-12-04T14:46:15Z:
```
main/perl: security upgrade to 5.26.3
CVE-2018-18311, CVE-2018-18312, CVE-2018-18313, CVE-2018-18314
fixes #9727
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9763[3.9] wireshark: Multiple vulnerabilities (CVE-2018-19622, CVE-2018-19623, CV...2019-07-23T11:17:23ZAlicha CH[3.9] wireshark: Multiple vulnerabilities (CVE-2018-19622, CVE-2018-19623, CVE-2018-19624, CVE-2018-19625 CVE-2018-19626, CVE-2018-19627, CVE-2018-19628)### CVE-2018-19622: MMSE dissector infinite loop
Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10
Fixed versions: 2.6.5, 2.4.11
### References:
https://www.wireshark.org/security/wnpa-sec-2018-54.html
https://bugs.wireshark.org/...### CVE-2018-19622: MMSE dissector infinite loop
Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10
Fixed versions: 2.6.5, 2.4.11
### References:
https://www.wireshark.org/security/wnpa-sec-2018-54.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15250
### CVE-2018-19623: LBMPDM dissector crash
Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10
Fixed versions: 2.6.5, 2.4.11
### References:
https://www.wireshark.org/security/wnpa-sec-2018-53.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15132
### CVE-2018-19624: PVFS dissector crash
Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10
Fixed versions: 2.6.5, 2.4.11
### References:
https://www.wireshark.org/security/wnpa-sec-2018-56.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15280
### CVE-2018-19625: Wireshark dissection engine crash
Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10
Fixed versions: 2.6.5, 2.4.11
### References:
https://www.wireshark.org/security/wnpa-sec-2018-51.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=14466
### CVE-2018-19626: DCOM dissector crash
Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10
Fixed versions: 2.6.5, 2.4.11
### References:
https://www.wireshark.org/security/wnpa-sec-2018-52.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15130
### CVE-2018-19627: IxVeriWave file parser crash.
Affected versions: 2.6.0 to 2.6.4, 2.4.0 to 2.4.10
Fixed versions: 2.6.5, 2.4.11
### References:
https://www.wireshark.org/security/wnpa-sec-2018-55.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15279
### CVE-2018-19628: ZigBee ZCL dissector crash
Affected versions: 2.6.0 to 2.6.4
Fixed versions: 2.6.5
### References:
https://www.wireshark.org/security/wnpa-sec-2018-57.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15281
*(from redmine: issue id 9763, created on 2018-12-12, closed on 2019-01-01)*
* Relations:
* parent #9762
* Changesets:
* Revision d0f7f9ff6bb890cdeda8dcc9bce15ad49d4d8205 by Milan P. Stanić on 2019-01-01T08:48:05Z:
```
community/wireshark: security upgrade to 2.6.5
CVE-2018-19622, CVE-2018-19623, CVE-2018-19624, CVE-2018-19625
CVE-2018-19626, CVE-2018-19627, CVE-2018-19628
Fixes #9763
Signed-off-by: Leonardo Arena <rnalrd@alpinelinux.org>
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9774Qemu Guest Agent can't shut down Alpine2019-07-23T11:17:16ZAdam CrowderQemu Guest Agent can't shut down AlpineBecause Alpine doesn’t use posix shutdown, the Qemu Guest Agent is
unable to perform a system shutdown (as it is hardcoded to use
/sbin/shutdown)
A patch needs to be made for qga/commands-posix.c (from the qemu source)
which modifies th...Because Alpine doesn’t use posix shutdown, the Qemu Guest Agent is
unable to perform a system shutdown (as it is hardcoded to use
/sbin/shutdown)
A patch needs to be made for qga/commands-posix.c (from the qemu source)
which modifies the qmp\_guest\_shutdown function to shutdown alpine
(with /sbin/poweroff) appropriately.
*(from redmine: issue id 9774, created on 2018-12-19, closed on 2018-12-25)*
* Changesets:
* Revision 76b81b486480fd9c3294cd420bcf2df01c27790d by Natanael Copa on 2018-12-20T16:21:11Z:
```
main/qemu: fix shutdown from guest agent
we dont have /sbin/shutdown so provide a fallback to the busybox
/sbin/poweroff, /sbin/halt and /sbin/reboot.
fixes #9774
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9777init.d/urandom: increase saved entropy2019-07-23T11:17:15ZSteffen Nurpmesoinit.d/urandom: increase saved entropymy startup (whether on real hardware or my server VM) currently involves
long hangs of sshd, and warnings on uninitialized random reads by
dnsmasq.
When i look into init.d/urandom i see mysterious calculations which
result in 512 bytes...my startup (whether on real hardware or my server VM) currently involves
long hangs of sshd, and warnings on uninitialized random reads by
dnsmasq.
When i look into init.d/urandom i see mysterious calculations which
result in 512 bytes to be saved for restoring purposes, and i wonder why
this is so.
I would assume that the kernel passes data fed in to seed the PRNG
through (possibly even multiple) sophisticated algorithms.., and uses
conservative guessing on the quality of bytes fed into urandom.
Hence my suggestion to increase the number of bytes saved in between
reboots, e.g., like so (untested):
save\_seed()
{
local ibs=1024
if \[ -e /proc/sys/kernel/random/poolsize \]; then
ibs=$(cat /proc/sys/kernel/random/poolsize)
fi
( \# sub shell to prevent umask pollution
umask 077
dd if=/dev/urandom of=“$urandom\_seed” \\
ibs=$ibs count=1 2>/dev/null
)
}
*(from redmine: issue id 9777, created on 2018-12-19, closed on 2019-01-08)*3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9778busybox-initscripts: add ttyUSB[0-9] to dialout group2019-07-23T11:17:14ZMilan P. Stanićbusybox-initscripts: add ttyUSB[0-9] to dialout groupAdd /dev/ttyUSB\[0-9\] to dialout group in /etc/mdev.conf, so normal
users can use attached devices in programs like ‘screen’, ‘minicom’ etc.
without need for su or sudo. One line patch is posted at the next url:
https://patchwork.alpi...Add /dev/ttyUSB\[0-9\] to dialout group in /etc/mdev.conf, so normal
users can use attached devices in programs like ‘screen’, ‘minicom’ etc.
without need for su or sudo. One line patch is posted at the next url:
https://patchwork.alpinelinux.org/patch/4283/
*(from redmine: issue id 9778, created on 2018-12-20, closed on 2019-01-10)*3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9785[3.9] phpmyadmin: Multiple vulnerabilities (CVE-2018-19968, CVE-2018-19969, C...2019-07-23T11:17:09ZAlicha CH[3.9] phpmyadmin: Multiple vulnerabilities (CVE-2018-19968, CVE-2018-19969, CVE-2018-19970)CVE-2018-19968: Local file inclusion through transformation feature.
--------------------------------------------------------------------
A flaw has been found where an attacker can exploit phpMyAdmin to leak
the contents of a local fil...CVE-2018-19968: Local file inclusion through transformation feature.
--------------------------------------------------------------------
A flaw has been found where an attacker can exploit phpMyAdmin to leak
the contents of a local file. The attacker must have access
to the phpMyAdmin Configuration Storage tables, although these can
easily be created in any database to which the attacker has access.
An attacker must have valid credentials to log in to phpMyAdmin; this
vulnerability does not allow an attacker to circumvent the login system.
### Affected Versions:
phpMyAdmin versions from at least 4.0 through 4.8.3 are affected
Reference:
https://www.phpmyadmin.net/security/PMASA-2018-6/
Patch:
https://github.com/phpmyadmin/phpmyadmin/commit/6a1ba61e29002f0305a9322a8af4eaaeb11c0732
CVE-2018-19969: XSRF/CSRF vulnerability
---------------------------------------
By deceiving a user to click on a crafted URL, it is possible to perform
harmful SQL operations such as renaming databases, creating new
tables/routines, deleting designer pages, adding/deleting users,
updating user passwords, killing SQL processes, etc.
### Affected Versions
phpMyAdmin versions 4.7.0 through 4.7.6 and 4.8.0 through 4.8.3 are
affected.
### Reference:
https://www.phpmyadmin.net/security/PMASA-2018-7/
### Patches:
see https://www.phpmyadmin.net/security/PMASA-2018-7/
CVE-2018-19970: XSS vulnerability in navigation tree
----------------------------------------------------
A Cross-Site Scripting vulnerability was found in the navigation tree,
where an attacker can deliver
a payload to a user through a specially-crafted database/table name.
### Affected Versions
phpMyAdmin versions from at least 4.0 through 4.8.3 are affected
### Reference:
https://www.phpmyadmin.net/security/PMASA-2018-8/
### Patch:
https://github.com/phpmyadmin/phpmyadmin/commit/b293ff5f234ef493336ed8638f623a12164d359e
*(from redmine: issue id 9785, created on 2018-12-24, closed on 2019-01-09)*
* Relations:
* parent #9784
* Changesets:
* Revision 327df2ce21328db30da75277c323014af26c0b5c on 2019-01-08T10:44:14Z:
```
community/phpmyadmin: security upgrade to 4.8.4
CVE-2018-19968, CVE-2018-19969, CVE-2018-19970
Fixes #9785
```3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9797[3.9] openjpeg: Multiple vulnerabilities (CVE-2018-14423, CVE-2018-6616)2019-07-23T11:16:57ZAlicha CH[3.9] openjpeg: Multiple vulnerabilities (CVE-2018-14423, CVE-2018-6616)**CVE-2018-14423**: Division-by-zero vulnerabilities in the functions
pi\_next\_pcrl, pi\_next\_cprl, and pi\_next\_rpcl in
lib/openjp3d/pi.c
in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of
service (application cr...**CVE-2018-14423**: Division-by-zero vulnerabilities in the functions
pi\_next\_pcrl, pi\_next\_cprl, and pi\_next\_rpcl in
lib/openjp3d/pi.c
in OpenJPEG through 2.3.0 allow remote attackers to cause a denial of
service (application crash).
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-14423
https://github.com/uclouvain/openjpeg/issues/1123
### Patch:
https://github.com/uclouvain/openjpeg/commit/bd88611ed9ad7144ec4f3de54790cd848175891b
**CVE-2018-6616**: In OpenJPEG 2.3.0, there is excessive iteration in
the opj\_t1\_encode\_cblks function of openjp2/t1.c. Remote
attackers could leverage this vulnerability to cause a denial of service
via a crafted bmp file.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-6616
https://github.com/uclouvain/openjpeg/issues/1059
### Patch:
https://github.com/hlef/openjpeg/commit/8ee335227bbcaf1614124046aa25e53d67b11ec3
*(from redmine: issue id 9797, created on 2018-12-27, closed on 2019-01-01)*
* Relations:
* parent #9796
* Changesets:
* Revision 50f991efc36983c48ef31001e2cb0433b2745479 by Francesco Colista on 2019-01-01T07:33:41Z:
```
main/openjpeg: security fixes
- CVE-2018-14423
- CVE-2018-6616
this commit fixes #9797
```3.9.0Francesco ColistaFrancesco Colistahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9802[3.9] krb5: Ignore password attributes for S4U2Self requests (CVE-2018-20217)2019-07-23T11:16:51ZAlicha CH[3.9] krb5: Ignore password attributes for S4U2Self requests (CVE-2018-20217)A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5
(aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket
using
an older encryption type (single-DES, triple-DES, or RC4), the attacker
can crash the KDC b...A Reachable Assertion issue was discovered in the KDC in MIT Kerberos 5
(aka krb5) before 1.17. If an attacker can obtain a krbtgt ticket
using
an older encryption type (single-DES, triple-DES, or RC4), the attacker
can crash the KDC by making an S4U2Self request.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-20217
http://krbdev.mit.edu/rt/Ticket/Display.html?id=8763
### Patch:
https://github.com/krb5/krb5/commit/5e6d1796106df8ba6bc1973ee0917c170d929086
*(from redmine: issue id 9802, created on 2018-12-27, closed on 2019-01-09)*
* Relations:
* parent #9801
* Changesets:
* Revision bd4ce5b0529e8f12a984bdfd4d231664a613454a on 2019-01-07T07:52:42Z:
```
main/krb5: upgrade to 1.15.4, security fix for CVE-2018-20217
Fixes #9802
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9815Firefox: tidy-up for Alpine 3.9 release2020-01-18T00:12:52ZRep HFirefox: tidy-up for Alpine 3.9 releaseHello folks.
I have a few comments on Firefox state on Alpine and suggestions for
tidying up.
First, package firefox-esr (52.9.0 on Alpine) lives in community but
firefox (62.0.3 on Alpine) lives in testing.
Well, firefox should be ...Hello folks.
I have a few comments on Firefox state on Alpine and suggestions for
tidying up.
First, package firefox-esr (52.9.0 on Alpine) lives in community but
firefox (62.0.3 on Alpine) lives in testing.
Well, firefox should be in community too. The packages are very similar
besides the rust/cargo dependency and both have been shown to work.
When you go to firefox.com, the default is Alpine’s @testing version.
OK, second point.
For Alpine release 3.9 it would be great if those packages could be
upgraded.
firefox-esr is already on version 60 upstream and firefox is on version
64.
firefox-esr needs to stay low because rust on Alpine is x64 only for
now.
I think the latest firefox that didn’t need rust was firefox 53.
firefox on the other hand can be upgraded all the way to version 64.
That’s it…
Just an idea to get firefox in shape to the 3.9 release.
Even more important now then ever.
*(from redmine: issue id 9815, created on 2018-12-31, closed on 2019-01-10)*3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9817[3.9] wget: Information exposure in set_file_metadata function in xattr.c (CV...2019-07-23T11:16:40ZAlicha CH[3.9] wget: Information exposure in set_file_metadata function in xattr.c (CVE-2018-20483)set\_file\_metadata in xattr.c in GNU Wget before 1.20.1 stores a file’s
origin URL in the user.xdg.origin.url metadata attribute of the extended
attributes of the
downloaded file, which allows local users to obtain sensitive
informati...set\_file\_metadata in xattr.c in GNU Wget before 1.20.1 stores a file’s
origin URL in the user.xdg.origin.url metadata attribute of the extended
attributes of the
downloaded file, which allows local users to obtain sensitive
information (e.g., credentials contained in the URL) by reading this
attribute, as demonstrated by getfattr.
This also applies to Referer information in the user.xdg.referrer.url
metadata attribute. According to 2016-07-22 in the Wget ChangeLog,
user.xdg.origin.url was
partially based on the behavior of fwrite\_xattr in tool\_xattr.c in
curl.
### Fixed In Version:
wget 1.20.1
### References:
http://git.savannah.gnu.org/cgit/wget.git/tree/NEWS
https://nvd.nist.gov/vuln/detail/CVE-2018-20483
### Patches:
Introduced by:
https://git.savannah.gnu.org/cgit/wget.git/commit/?id=a933bdd31eee9c956a3b5cc142f004ef1fa94cb3
(v1.19)
http://git.savannah.gnu.org/cgit/wget.git/commit/?id=c125d24762962d91050d925fbbd9e6f30b2302f8
http://git.savannah.gnu.org/cgit/wget.git/commit/?id=3cdfb594cf75f11cdbb9702ac5e856c332ccacfa
*(from redmine: issue id 9817, created on 2019-01-01, closed on 2019-01-09)*
* Relations:
* parent #9816
* Changesets:
* Revision e6404a21b246558e15ba90e0a54011392d26c497 on 2019-01-03T07:51:58Z:
```
main/wget: security upgrade to 1.20.1 (CVE-2018-20483)
Fixes #9817
```3.9.0Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9823[3.9] keepalived: Multiple vulnerabilities (CVE-2018-19044, CVE-2018-19045, C...2019-07-23T11:16:34ZAlicha CH[3.9] keepalived: Multiple vulnerabilities (CVE-2018-19044, CVE-2018-19045, CVE-2018-19046)**CVE-2018-19044**: kkeepalived before version 2.0.9 didn’t check for
pathnames with symlinks when writing data to a temporary file upon a
call to PrintData or PrintStats. This allowed local users to overwrite
arbitrary files if fs.prote...**CVE-2018-19044**: kkeepalived before version 2.0.9 didn’t check for
pathnames with symlinks when writing data to a temporary file upon a
call to PrintData or PrintStats. This allowed local users to overwrite
arbitrary files if fs.protected\_symlinks is set to 0, as demonstrated
by a symlink from /tmp/keepalived.data or /tmp/keepalived.stats to
/etc/passwd.
### Fixed In Version:
keepalived 2.0.9
### References:
https://github.com/acassen/keepalived/issues/1048
http://www.keepalived.org/changelog.html
### Patch:
https://github.com/acassen/keepalived/commit/04f2d32871bb3b11d7dc024039952f2fe2750306
**CVE-2018-19045**: keepalived 2.0.8 used mode 0666 when creating new
temporary files upon a call to PrintData
or PrintStats, potentially leaking sensitive information.
### Fixed In Version:
keepalived 2.0.9
### References:
https://github.com/acassen/keepalived/issues/1048
https://nvd.nist.gov/vuln/detail/CVE-2018-19045
### Patches:
https://github.com/acassen/keepalived/commit/5241e4d7b177d0b6f073cfc9ed5444bf51ec89d6
https://github.com/acassen/keepalived/commit/c6247a9ef2c7b33244ab1d3aa5d629ec49f0a067
**CVE-2018-19046**: keepalived before version 2.0.10 didn’t check for
existing plain files when writing data to a temporary file upon a call
to PrintData or PrintStats. If a local attacker had previously created a
file with the expected name (e.g., /tmp/keepalived.data or
/tmp/keepalived.stats), with read access for the attacker and write
access for the keepalived process, then this potentially leaked
sensitive information.
### Fixed In Version:
keepalived 2.0.10
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-19046
https://github.com/acassen/keepalived/issues/1048
### Patches:
https://github.com/acassen/keepalived/commit/ac8e2ef053de273ce7a0cf0cb611e599dca4b298
https://github.com/acassen/keepalived/commit/26c8d6374db33bcfcdcd758b1282f12ceef4b94f
https://github.com/acassen/keepalived/commit/17f944144b3d9c5131569b1cc988cc90fd676671
*(from redmine: issue id 9823, created on 2019-01-02, closed on 2019-01-09)*
* Relations:
* parent #9822
* Changesets:
* Revision d5456c04c54ef1071228fe009595f420a2dd7e42 on 2019-01-08T11:02:05Z:
```
community/keepalived: security upgrade to 2.0.11
CVE-2018-19044, CVE-2018-19045, CVE-2018-19046
Fixes #9823
```3.9.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9863[3.9] irssi: Use-after-free when hidden lines were expired from the scroll (C...2019-07-23T11:16:00ZAlicha CH[3.9] irssi: Use-after-free when hidden lines were expired from the scroll (CVE-2019-5882)Irssi 1.1.x before 1.1.2 has a use after free when hidden lines are
expired
from the scroll buffer.
### Fixed In Version:
Irssi 1.1.2
### References:
https://irssi.org/security/irssi\_sa\_2019\_01.txt
https://www.openwall.com/lis...Irssi 1.1.x before 1.1.2 has a use after free when hidden lines are
expired
from the scroll buffer.
### Fixed In Version:
Irssi 1.1.2
### References:
https://irssi.org/security/irssi\_sa\_2019\_01.txt
https://www.openwall.com/lists/oss-security/2019/01/10/1
*(from redmine: issue id 9863, created on 2019-01-17, closed on 2019-01-18)*
* Relations:
* parent #9862
* Changesets:
* Revision c4e35c92e1389de8f3e842a194ec98a50a96e219 by Natanael Copa on 2019-01-17T15:13:04Z:
```
main/irssi: security upgrade to 1.1.2 (CVE-2019-5882)
fixes #9863
```3.9.0Natanael CopaNatanael Copa2019-01-17https://gitlab.alpinelinux.org/alpine/aports/-/issues/9884[3.9] gitolite: security issue in optional bundle helper ("rsync" command) (C...2019-07-23T11:15:46ZAlicha CH[3.9] gitolite: security issue in optional bundle helper ("rsync" command) (CVE-2018-20683)commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync,
mishandles the rsync command line, which allows
attackers to have a “bad” impact by triggering use of an option other
than -v, -n, -q, or -P.
### References:
ht...commands/rsync in Gitolite before 3.6.11, if .gitolite.rc enables rsync,
mishandles the rsync command line, which allows
attackers to have a “bad” impact by triggering use of an option other
than -v, -n, -q, or -P.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-20683
https://github.com/sitaramc/gitolite/blob/master/CHANGELOG
### Patch:
https://github.com/sitaramc/gitolite/commit/5df2b817255ee919991da6c310239e08c8fcc1ae
*(from redmine: issue id 9884, created on 2019-01-21, closed on 2019-01-24)*
* Relations:
* parent #9883
* Changesets:
* Revision 87c443db8dd4907c90a4b6077c6d61946fc30816 by Natanael Copa on 2019-01-23T19:14:38Z:
```
main/gitolite: security upgrade to 3.6.11 (CVE-2018-20683)
fixes #9884
```3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9903grub-mkconfig can't properly setup f2fs root fs2019-07-23T11:15:33ZTaner Tasgrub-mkconfig can't properly setup f2fs root fsMy Alpine (edge) system uses f2fs root file system. After new grub
trigger subsystem, my system became non bootable.
I noticed that grub.cfg configuration uses static device names instead
of partition UUID.
My file system is f2fs and ...My Alpine (edge) system uses f2fs root file system. After new grub
trigger subsystem, my system became non bootable.
I noticed that grub.cfg configuration uses static device names instead
of partition UUID.
My file system is f2fs and it seems this issue is not affected ext4 root
file system (tested).
According to my working setup, grub.cfg must be generated as
`linux /vmlinuz-vanilla root=UUID=... rootfstype=f2fs` instead
`linux /vmlinuz-vanilla root=/dev/sdc3`
*(from redmine: issue id 9903, created on 2019-01-24, closed on 2019-01-29)*
* Changesets:
* Revision cb5d66dfdf57d13714e111eda2ef7f9f552d380d by Natanael Copa on 2019-01-24T18:01:30Z:
```
main/grub: add post-ugprade to import default config
import boot options to /etc/default/grub on upgrade to make sure we can
still boot.
ref #9903
```
* Revision 26b88dbce397bc282c399e39b55cec4579c3b42e by Natanael Copa on 2019-01-25T16:01:44Z:
```
main/grub: backport f2fs support
fixes #9903
```3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9906[3.9] apache2: Multiple vulnerabilities (CVE-2018-17189, CVE-2018-17199, CVE-...2019-07-23T11:15:30ZAlicha CH[3.9] apache2: Multiple vulnerabilities (CVE-2018-17189, CVE-2018-17199, CVE-2019-0190)CVE-2018-17189: DoS for HTTP/2 connections via slow request bodies
------------------------------------------------------------------
By sending request bodies in a slow loris way to plain resources, the h2
stream for that request unnec...CVE-2018-17189: DoS for HTTP/2 connections via slow request bodies
------------------------------------------------------------------
By sending request bodies in a slow loris way to plain resources, the h2
stream for that request unnecessarily occupied a server
thread cleaning up that incoming data. This affects only HTTP/2
connections. A possible mitigation is to not enable the h2 protocol.
### Fixed In Version:
Apache httpd 2.4.38
### References:
https://httpd.apache.org/security/vulnerabilities\_24.html
CVE-2018-17199: mod\_session\_cookie does not respect expiry time
-----------------------------------------------------------------
In Apache HTTP Server 2.4 release 2.4.37 and prior, mod\_session checks
the session expiry time before decoding the session. This causes
session
expiry time to be ignored for mod\_session\_cookie sessions since the
expiry time is loaded when the session is decoded.
### Fixed In Version:
Apache httpd 2.4.38
### References:
https://httpd.apache.org/security/vulnerabilities\_24.html
CVE-2019-0190: mod\_ssl: remote DoS when used with OpenSSL 1.1.1
----------------------------------------------------------------
A bug exists in the way mod\_ssl handled client renegotiations. A remote
attacker could send a carefully crafted request that would cause
mod\_ssl to enter a loop leading to a denial of service. This bug can be
only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL
version 1.1.1 or later, due to an interaction in changes to handling of
renegotiation attempts.
### Fixed In Version:
Apache httpd 2.4.38
### References:
https://httpd.apache.org/security/vulnerabilities\_24.html
https://seclists.org/oss-sec/2019/q1/82
*(from redmine: issue id 9906, created on 2019-01-24, closed on 2019-01-28)*
* Relations:
* parent #9905
* Changesets:
* Revision e82176fd8bf8ac0c0089a9b3daedcd2c52dafea3 on 2019-01-25T19:34:59Z:
```
main/apache2: security upgrade to 2.4.38
fixes #9906
```3.9.0Kaarle RitvanenKaarle Ritvanenhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9920dovecot split protocol default config error2019-07-23T11:15:17Zalgitbotdovecot split protocol default config errorhttps://git.alpinelinux.org/aports/tree/main/dovecot/APKBUILD?id=e02aad8c475a7413777e720103c1694f0d5e8487\#n192
instead of concatenating with $protocols, it concatenates with $protocol
fix: append an s to $protocol
please fix before 3...https://git.alpinelinux.org/aports/tree/main/dovecot/APKBUILD?id=e02aad8c475a7413777e720103c1694f0d5e8487\#n192
instead of concatenating with $protocols, it concatenates with $protocol
fix: append an s to $protocol
please fix before 3.9 is released, because the default config is broken
now (complaint by doveconf)
*(from redmine: issue id 9920, created on 2019-01-26, closed on 2019-01-29)*
* Changesets:
* Revision 6cfc6137d7936ef4e37fa4ca269b560a001936ca by Jakub Jirutka on 2019-01-26T17:05:56Z:
```
main/dovecot: fix typo $protocol -> $protocols
Fixes #9920 (https://bugs.alpinelinux.org/issues/9920)
```3.9.0Jakub JirutkaJakub Jirutkahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9935ca-certificates is broken and needs an update2019-07-23T11:15:10ZJohn Smithca-certificates is broken and needs an updateAlpine 3.8 has ‘20171114-r3’ version of ‘ca-certificates’ package, which
is quite old and looks like it is broken:
mail server mail.amur-cit.ru:587 uses self-signed certificate, which I
need to add to the list of trusted ones on Alpine ...Alpine 3.8 has ‘20171114-r3’ version of ‘ca-certificates’ package, which
is quite old and looks like it is broken:
mail server mail.amur-cit.ru:587 uses self-signed certificate, which I
need to add to the list of trusted ones on Alpine for the connection to
succeed.
1. get their certificate via this command:
openssl s\_client -starttls smtp -showcerts -connect
mail.amur-cit.ru:587
from the output of that command I copy 1st (well, 0th in terms of that
command’s output) certificate from the certificate chain.
2. save it into a file on Alpine node as
/usr/local/share/ca-certificates/mail.amur-cit.ru.crt
3. run update-ca-certificates
result:
WARNING: ca-certificates.crt does not contain exactly one certificate or
CRL: skipping
On a Debian-based node that was enough to add the certificate to the
list of trusted ones, the output there was the following:
Updating certificates in /etc/ssl/certs…
1 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d…
done.
*(from redmine: issue id 9935, created on 2019-01-29, closed on 2019-01-29)*
* Changesets:
* Revision e52ca18af87015baba0756530ff0fd6b7b6ea081 by Natanael Copa on 2019-01-29T16:26:25Z:
```
main/ca-certificates: upgrade to 20190108
fixes #9935
```
* Revision ef889967982b9e04edc9a0dbb02231e47e41f03c by Natanael Copa on 2019-05-27T12:31:10Z:
```
main/ca-certificates: upgrade to 20190108
fixes #9935
```
* Revision acbc0e0a89f2c917c5c949d5e3ece043c8a9ec58 by Natanael Copa on 2019-05-27T12:35:15Z:
```
main/ca-certificates: upgrade to 20190108
fixes #9935
```3.9.0