Closed
Milestone
3.7.2
Bugfix release 3.7.2
(from redmine: created on 2018-09-11)
Unstarted Issues (open and unassigned)
0
Ongoing Issues (open and assigned)
0
Completed Issues (closed)
60
- [3.7] py-paramiko: Authentication bypass in auth_handler.py (CVE-2018-1000805)
- [3.7] py-django: memory exhaustion in django.utils.numberformat.format() (CVE-2019-6975)
- [3.7] openssh: Multiple vulnerabilities (CVE-2018-20685, CVE-2019-6109, CVE-2019-6111)
- [3.7] curl: Multiple vulnerabilities (CVE-2018-16890, CVE-2019-3822, CVE-2019-3823)
- [3.7] spice: Off-by-one error in array access in spice/server/memslot.c (CVE-2019-3813)
- [3.7] wavpack: Multiple vulnerabilities (CVE-2018-19840, CVE-2018-19841)
- [3.7] apache2: Multiple vulnerabilities (CVE-2018-17189, CVE-2018-17199)
- [3.7] aria2: Metadata and potential password leak (CVE-2019-3500)
- [3.7] gitolite: security issue in optional bundle helper ("rsync" command) (CVE-2018-20683)
- [3.7] zeromq: Integer overflow in zmq::v2_decoder_t::size_ready (CVE-2019-6250)
- [3.7] py-openssl: Multiple vulnerabilities (CVE-2018-1000807, CVE-2018-1000808)
- [3.7] tar: Infinite read loop in sparse_dump_region function in sparse.c (CVE-2018-20482)
- [3.7] xen: Multiple vulnerabilities (CVE-2018-19961, CVE-2018-19962, CVE-2018-18883, CVE-2018-19965, CVE-2018-19966, CVE-2018-19967)
- [3.7] tinc: Multiple issues (CVE-2018-16737, CVE-2018-16738, CVE-2018-16758)
- [3.7] wget: Information exposure in set_file_metadata function in xattr.c (CVE-2018-20483)
- [3.7] krb5: Ignore password attributes for S4U2Self requests (CVE-2018-20217)
- [3.7] openjpeg: Multiple vulnerabilities (CVE-2018-14423, CVE-2018-6616)
- [3.7] sqlite: integer overflow (resulting in buffer overflow) for FTS3 queries (CVE-2018-20346)
- [3.7] mariadb: Multiple vulnerabilities (CVE-2016-9843, CVE-2018-2755, CVE-2018-2761, CVE-2018-2766, CVE…, CVE-2018-3251, CVE-2018-3282)
- [3.7] cups: Predictable session cookie breaks CSRF protection (CVE-2018-4700)
- [3.7] polkit: Improper handling of user with uid > INT_MAX leading to authentication bypass (CVE-2018-19788)
- [3.7] perl: Multiple vulnerabilities (CVE-2018-18311, CVE-2018-18312, CVE-2018-18313, CVE-2018-18314)
- [3.7] tiff: Multiple vulnerabilities (CVE-2018-12900, CVE-2018-18557, CVE-2018-18661)
- [3.7] git: Improper handling of PATH allows for commands to executed from current directory (CVE-2018-19486)
- [3.7] samba: Multiple vulnerabilities (CVE-2018-14629, CVE-2018-16841, CVE-2018-16851)
- [3.7] ghostscript: Multiple vulnerabilities: (CVE-2018-19409, CVE-2018-19475, CVE-2018-19476, CVE-2018-19477)
- [3.7] clamav: Multiple vulnerabilities (CVE-2018-15378, CVE-2018-14680, CVE-2018-14681, CVE-2018-14682)
- [3.7] openjpeg: Multiple vulnerabilities (CVE-2017-17480, CVE-2018-18088)
- [3.7] cabextract: Buffer overflow (CVE-2018-18584)
- [3.7] libmspack: Multiple vulnerabilities (CVE-2018-18584, CVE-2018-18585, CVE-2018-18586)
- [3.7] nginx: Multiple vulnerabilities (CVE-2018-16843, CVE-2018-16844, CVE-2018-16845)
- [3.7] curl: Multiple vulnerabilities (CVE-2018-16839, CVE-2018-16840, CVE-2018-16842)
- [3.7] xorg-server: Incorrect permission check in Xorg X server allows for privilege escalation (CVE-2018-14665)
- [3.7] tiff: Multiple vulnerabilities (CVE-2018-10779, CVE-2018-17100, CVE-2018-17101)
- [3.7] apache2: DoS for HTTP/2 connections by continuous SETTINGS (CVE-2018-11763)
- [3.7] libssh: Authentication Bypass due to improper message callbacks implementation (CVE-2018-10933)
- [3.7] libxml2: Multiple vulnerabilities (CVE-2018-9251, CVE-2018-14404, CVE-2018-14567)
- [3.7] Git RCE vulnerability regarding submodules (CVE-2018-17456)
- [3.7] libx11: Multiple vulnerabilities (CVE-2018-14598, CVE-2018-14599, CVE-2018-14600)
- [3.7] libexif: Out-of-bounds heap read in exif_data_save_data_entry function (CVE-2017-7544)
- [3.7] strongswan: heap buffer overflow using crafted certificates (CVE-2018-17540)
- [3.7] gd: Double free in src/gd_bump.c:gdImageBmpPtr() via crafted JPEG (CVE-2018-1000222)
- [3.7] strongswan: Multiple vulnerabilities (CVE-2018-16151, CVE-2018-16152)
- [3.7] ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs (CVE-2018-10855)
- [3.7] bind: Update policies krb5-subdomain and ms-subdomain (CVE-2018-5741)
- [3.7] hylafax: JPEG support code execution (CVE-2018-17141)
- [3.7] pango: application crash triggered by unicode chars in pango-emoji.c (CVE-2018-15120)
- [3.7] ghostscript: Incorrect "restoration of privilege" checking when running out of stack during exception handling (CVE-2018-16802)
- [3.7] libjpeg-turbo: Multiple vulnerabilities (CVE-2017-15232, CVE-2018-1152, CVE-2018-11813)
- [3.7] curl: NTLM password overflow via integer overflow (CVE-2018-14618)
- [3.7] ghostscript: Multiple vulnerabilities (CVE-2018-10194, CVE-2018-15908, CVE-2018-15909, CVE-2018-15910, CVE-2018-15911)
- [3.7] dnsmasq: Improper validation of wildcard synthesized NSEC records (CVE-2017-15107)
- [3.7] dropbear: User enumeration vulnerability (CVE-2018-15599)
- [3.7] openssh: User enumeration via malformed packets in authentication requests (CVE-2018-15473)
- [3.7] spice: Missing check in demarshal.py:write_validate_array_item() allows for buffer overflow and denial of service (CVE-2018-10873)
- [3.7] libao: Invalid memory allocation in _tokenize_matrix function in audio_out.c (CVE-2017-11548)
- [3.7] py-django: Content spoofing via URL path in default 404 page (CVE-2019-3498)
- python3.6.5 upgrade pip says [Error relocating /usr/lib/libexpat.so.1: getrandom: symbol not found]
- [3.7] lcms2: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile (CVE-2018-16435)
- [3.7] vlc: type conversion vulnerability (CVE-2017-17670)