aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2019-07-23T11:11:07Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10322[3.9] wireshark: Multiple vulnerabilities (CVE-2019-10894, CVE-2019-10895, CV...2019-07-23T11:11:07ZAlicha CH[3.9] wireshark: Multiple vulnerabilities (CVE-2019-10894, CVE-2019-10895, CVE-2019-10896, CVE-2019-10899, CVE-2019-10901, CVE-2019-10903)CVE-2019-10894: GSS-API dissector crash
---------------------------------------
Affected versions: 3.0.0, 2.6.0 to 2.6.7, 2.4.0 to 2.4.13
Fixed versions: 3.0.1, 2.6.8, 2.4.14
### References:
https://www.wireshark.org/security/wnpa-s...CVE-2019-10894: GSS-API dissector crash
---------------------------------------
Affected versions: 3.0.0, 2.6.0 to 2.6.7, 2.4.0 to 2.4.13
Fixed versions: 3.0.1, 2.6.8, 2.4.14
### References:
https://www.wireshark.org/security/wnpa-sec-2019-14.html
CVE-2019-10895: NetScaler file parser crash
-------------------------------------------
Affected versions: 3.0.0, 2.6.0 to 2.6.7, 2.4.0 to 2.4.13
Fixed versions: 3.0.1, 2.6.8, 2.4.14
### References:
https://www.wireshark.org/security/wnpa-sec-2019-09.html
CVE-2019-10896: DOF dissector crash
-----------------------------------
Affected versions: 3.0.0, 2.6.0 to 2.6.7, 2.4.0 to 2.4.13
Fixed versions: 3.0.1, 2.6.8, 2.4.14
### References:
https://www.wireshark.org/security/wnpa-sec-2019-15.html
CVE-2019-10899: SRVLOC dissector crash
--------------------------------------
Affected versions: 3.0.0, 2.6.0 to 2.6.7, 2.4.0 to 2.4.13
Fixed versions: 3.0.1, 2.6.8, 2.4.14
### References:
https://www.wireshark.org/security/wnpa-sec-2019-10.html
CVE-2019-10901: LDSS dissector crash
------------------------------------
Affected versions: 3.0.0, 2.6.0 to 2.6.7, 2.4.0 to 2.4.13
Fixed versions: 3.0.1, 2.6.8, 2.4.14
### References:
https://www.wireshark.org/security/wnpa-sec-2019-17.html
CVE-2019-10903: DCERPC SPOOLSS dissector crash
----------------------------------------------
Affected versions: 3.0.0, 2.6.0 to 2.6.7, 2.4.0 to 2.4.13
Fixed versions: 3.0.1, 2.6.8, 2.4.14
### References:
https://www.wireshark.org/security/wnpa-sec-2019-18.html
*(from redmine: issue id 10322, created on 2019-04-24, closed on 2019-05-01)*
* Changesets:
* Revision ef58f692397187895ac48d0c5645aed9f75cc943 on 2019-04-29T12:18:20Z:
```
community/wireshark: security upgrade to 2.6.8
CVE-2019-10894, CVE-2019-10895, CVE-2019-10896, CVE-2019-10899, CVE-2019-10901, CVE-2019-10903
Fixes #10322
```3.9.4Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10325[3.9] freeradius: Multiple vulnerabilities (CVE-2019-11234, CVE-2019-11235)2019-07-23T11:11:05ZAlicha CH[3.9] freeradius: Multiple vulnerabilities (CVE-2019-11234, CVE-2019-11235)CVE-2019-11234: eap-pwd: fake authentication using reflection
-------------------------------------------------------------
A vulnerability was found in FreeRadius. An attacker can reflect the
received scalar and element from the server...CVE-2019-11234: eap-pwd: fake authentication using reflection
-------------------------------------------------------------
A vulnerability was found in FreeRadius. An attacker can reflect the
received scalar and element from the server in it’s own commit message,
and subsequently reflect the confirm value as well. This causes
the adversary to successfully authenticate as the victim. Fortunately,
the adversary will not posses the negotiated session key, meaning the
adversary cannot actually perform any actions as this user.
### Affected Versions:
freeradius 3.0.0 through 3.0.18
### Fixed In Version:
freeradius 3.0.19
References:
https://freeradius.org/security/
https://freeradius.org/release\_notes/?br=3.0.x&re=3.0.19
Patches:
https://github.com/FreeRADIUS/freeradius-server/commit/85497b5ff37ccb656895b826b88585898c209586
https://github.com/FreeRADIUS/freeradius-server/commit/ab4c767099f263a7cd4109bcdca80ee74210a769
CVE-2019-11235: eap-pwd: authentication bypass via an invalid curve attack
--------------------------------------------------------------------------
A vulnerability was found in FreeRadius. An invalid curve attack allows
an attacker to authenticate as any user (without knowing the password).
The problem is
that on the reception of an EAP-PWD Commit frame, FreeRADIUS doesn’t
verify whether the received elliptic curve point is valid.
### Fixed In Version:
freeradius 3.0.19
### References:
https://freeradius.org/security/
https://security-tracker.debian.org/tracker/CVE-2019-11235
### Patches:
https://github.com/FreeRADIUS/freeradius-server/commit/85497b5ff37ccb656895b826b88585898c209586
https://github.com/FreeRADIUS/freeradius-server/commit/ab4c767099f263a7cd4109bcdca80ee74210a769
*(from redmine: issue id 10325, created on 2019-04-25, closed on 2019-04-29)*
* Relations:
* parent #10324
* Changesets:
* Revision 065f2876051f76809327b30c47239ed3b8db0bd5 on 2019-04-25T14:16:50Z:
```
main/freeradius: security fixes (CVE-2019-11234, CVE-2019-11235)
Fixes #10325
```3.9.4Leonardo ArenaLeonardo Arenahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10362[3.9] libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)2019-07-23T11:10:46ZAlicha CH[3.9] libpng: use-after-free in png_image_free in png.c (CVE-2019-7317)A vulnerability was found in libpng 1.6.36. The function
png\_image\_free in png.c has
a use-after-free because png\_image\_free\_function is called under
png\_safe\_execute.
This flaw is in the PNG Simplified API, which was introduce...A vulnerability was found in libpng 1.6.36. The function
png\_image\_free in png.c has
a use-after-free because png\_image\_free\_function is called under
png\_safe\_execute.
This flaw is in the PNG Simplified API, which was introduced
upstream in libpng-1.6.0. Previous versions of libpng are not affected.
### References:
https://github.com/glennrp/libpng/issues/275
https://nvd.nist.gov/vuln/detail/CVE-2019-7317
### Patch:
https://github.com/glennrp/libpng/commit/9c0d5c77bf5bf2d7c1e11f388de40a70e0191550
*(from redmine: issue id 10362, created on 2019-04-29, closed on 2019-05-06)*
* Relations:
* parent #10360
* Changesets:
* Revision c6ea56540262710775618c19e90adbe0e1177be3 by Leo Leo on 2019-05-06T07:42:25Z:
```
main/libpng: upgrade to 1.6.37
- Add secfixes
CVE-2019-7317
CVE-2018-14048
CVE-2018-14550
- Remove pkg-config detected depends_dev
- Split $pkgname-static
fixes #10362
```3.9.4Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10368[3.9] bind: Multiple vulnerabilities (CVE-2018-5743, CVE-2019-6467)2019-07-23T11:10:38ZAlicha CH[3.9] bind: Multiple vulnerabilities (CVE-2018-5743, CVE-2019-6467)CVE-2018-5743: Limiting simultaneous TCP clients is ineffective
---------------------------------------------------------------
By design, BIND is intended to limit the number of TCP clients that can
be connected at any given time. The ...CVE-2018-5743: Limiting simultaneous TCP clients is ineffective
---------------------------------------------------------------
By design, BIND is intended to limit the number of TCP clients that can
be connected at any given time. The number of allowed connections is a
tunable parameter which, if unset, defaults to a conservative value
for
most servers. Unfortunately, the code which was intended to limit the
number of simultaneous connections contains an error which can be
exploited to grow the number of simultaneous connections beyond this
limit.
### Affected Versions:
BIND 9.9.0 ->9.10.8-P1, 9.11.0 ->9.11.6, 9.12.0 ->9.12.4,
9.14.0. BIND 9 Supported Preview Edition versions 9.9.3-S1 ->
9.11.5-S3, and 9.11.5-S5.
Versions 9.13.0 ->9.13.7 of the 9.13 development branch are also
affected.
### Fixed In Version:
bind 9.11.6-P1, bind 9.12.4-P1, bind 9.14.1
### References:
https://kb.isc.org/docs/cve-2018-5743
https://www.openwall.com/lists/oss-security/2019/04/25/3
CVE-2019-6467: flaw in nxredirect can cause assertion failure
-------------------------------------------------------------
A programming error in the nxdomain-redirect feature can cause an
assertion failure in query.c if the alternate namespace used by
nxdomain-redirect is a descendant of a zone that is served locally.
The most likely scenario where this might occur is if the server, in
addition to performing NXDOMAIN redirection for recursive clients, is
also serving a local copy of the root zone or using mirroring
to provide the root zone, although other configurations are also
possible.
### Affected Versions:
BIND 9.12.0->9.12.4, 9.14.0. Also affects all releases in the 9.13
development branch.
### Fixed In Version:
bind 9.12.4-P1, bind 9.14.1
### References:
https://kb.isc.org/docs/cve-2019-6467
https://www.openwall.com/lists/oss-security/2019/04/25/3
*(from redmine: issue id 10368, created on 2019-04-29, closed on 2019-05-03)*
* Relations:
* parent #10366
* Changesets:
* Revision 06bfe718fd41663cb0f35a441af82a32ca3ec15b by Natanael Copa on 2019-05-02T11:51:29Z:
```
main/bind: security upgrade to 9.12.4_p1 (CVE-2018-5743,CVE-2019-6467)
This release introduced 3 new tools with python dependency
(dnssec-checkdns, dnssec-coverage and dnssec-keymgr). Move those tools
to a subpackage, bind-dnssec-tools, to avoid unexpectedly pull in python
as dependency for stable upgraders.
There are other tools in bind-tools that belongs to bind-dnssec-tools,
but we dont move those in a stable branch to avoid breaking things for
current users.
fixes #10368
```3.9.4Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10383[3.9] znc: crash on invalid encoding (CVE-2019-9917)2019-07-23T11:10:29ZAlicha CH[3.9] znc: crash on invalid encoding (CVE-2019-9917)ZNC before 1.7.3-rc1 allows an existing remote user to cause
a Denial of Service (crash) via invalid encoding.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-9917
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925285
...ZNC before 1.7.3-rc1 allows an existing remote user to cause
a Denial of Service (crash) via invalid encoding.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-9917
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=925285
### Patch:
https://github.com/znc/znc/commit/64613bc8b6b4adf1e32231f9844d99cd512b8973
*(from redmine: issue id 10383, created on 2019-05-01, closed on 2019-05-06)*
* Changesets:
* Revision 16956b90ab430f1836112c44807b832d8f520760 by Natanael Copa on 2019-05-06T16:17:54Z:
```
community/znc: security fix for CVE-2019-9917
fixes #10383
```3.9.4Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10388[3.9] dovecot: Multiple vulnerabilities (CVE-2019-11494, CVE-2019-11499)2019-07-23T11:10:25ZAlicha CH[3.9] dovecot: Multiple vulnerabilities (CVE-2019-11494, CVE-2019-11499)**CVE-2019-11494**: Submission-login crashes with signal 11 due to null
pointer access when authentication is
aborted by disconnecting. This can lead to denial-of-service attack by
persistent attacker(s).
Vulnerable version: 2.3.0 - 2...**CVE-2019-11494**: Submission-login crashes with signal 11 due to null
pointer access when authentication is
aborted by disconnecting. This can lead to denial-of-service attack by
persistent attacker(s).
Vulnerable version: 2.3.0 - 2.3.5.2
Fixed version: 2.3.6
### Reference:
https://dovecot.org/list/dovecot-news/2019-April/000409.html
**CVE-2019-11499**: Submission-login crashes when authentication is
started over TLS secured channel and invalid
authentication message is sent. This can lead to denial-of-service
attack by persistent attacker(s).
Vulnerable version: 2.3.0 - 2.3.5.2
Fixed version: 2.3.6
### Reference:
https://dovecot.org/list/dovecot-news/2019-April/000410.html
*(from redmine: issue id 10388, created on 2019-05-02, closed on 2019-05-28)*
* Relations:
* parent #10386
* Changesets:
* Revision f82ad4a4bd0bcfe6c75ff43189ad29dc14c38add on 2019-05-06T09:09:53Z:
```
main/dovecot: security upgrade to 2.3.6 (CVE-2019-11494, CVE-2019-11499)
Fixes #10388
Signed-off-by: Leonardo Arena <rnalrd@alpinelinux.org>
```3.9.4Natanael CopaNatanael Copa