aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2019-08-28T08:51:41Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10752openldap: Multiple vulnerabilities (CVE-2019-13057, CVE-2019-13565)2019-08-28T08:51:41ZAlicha CHopenldap: Multiple vulnerabilities (CVE-2019-13057, CVE-2019-13565)### CVE-2019-13565: ACL restrictions bypass due to sasl_ssf value being set permanently
An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layer...### CVE-2019-13565: ACL restrictions bypass due to sasl_ssf value being set permanently
An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches, modifications, etc.). In other words, a successful authorization step completed by one user affects the authorization requirement for a different user.
#### References:
* http://www.openldap.org/lists/openldap-announce/201907/msg00001.html
* https://nvd.nist.gov/vuln/detail/CVE-2019-13565
#### Patch:
https://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=0fa0f8ff078a3a49a19574eecaea797b7a55a665
### CVE-2019-13057: Information disclosure issue in slapd component
An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.)
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2019-13057
* https://openldap.org/its/?findid=9038
#### Patch:
https://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=patch;h=fbe5611e606e80e56e158cc42f0c7289975836a8
### Affected branches:
* [x] master (db9c4ef0969ffc3d9a13af60562424eaa05579ae) (eb7c99fb435406b592f0b923ab91a380ed04eb64)
* [x] 3.10-stable
* [x] 3.9-stable
* [x] 3.8-stable
* [x] 3.7-stableNatanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10755ansible: Multiple vulnerabilities (CVE-2019-10206, CVE-2019-10217)2019-09-12T11:34:41ZAlicha CHansible: Multiple vulnerabilities (CVE-2019-10206, CVE-2019-10217)### CVE-2019-10206: disclosure data when prompted for password and template characters are passed
ansible-playbook -k and ansible cli tools prompt passwords by expanding them from templates as they could
contain special characters. Pas...### CVE-2019-10206: disclosure data when prompted for password and template characters are passed
ansible-playbook -k and ansible cli tools prompt passwords by expanding them from templates as they could
contain special characters. Passwords should be wrapped to prevent templates trigger and exposing them.
#### Fixed In Version:
ansible 2.8.4, 2.7.13, 2.6.19
#### References:
* https://github.com/ansible/ansible/pull/59246
* https://github.com/ansible/ansible/blob/stable-2.7/changelogs/CHANGELOG-v2.7.rst
* https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2.8.rst#bugfixes
* 2.8.x https://github.com/ansible/ansible/pull/59552
* 2.7.x https://github.com/ansible/ansible/pull/59553
* 2.6.x https://github.com/ansible/ansible/pull/59554
### CVE-2019-10217: gcp modules do not flag sensitive data fields properly
Fields managing sensitive data should be set as such by no_log feature. Some of these fields in GCP modules are not set properly. service_account_contents() which is common class for all gcp modules is not setting no_log to True. Any sensitive data managed by that function would be leak as an output when running ansible playbooks.
#### Fixed In Version:
ansible 2.8.4
#### References:
* https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2.8.rst#bugfixes
* https://github.com/ansible/ansible/issues/56269
* https://github.com/ansible/ansible/pull/59427
### Affected branches:
* [x] master (0a567245f3079886830dc952c86c95d8f6b1c9de)
* [x] 3.10-stable (182478667066cdb118bb935c36c2ec0b92b0c70f)
* [x] 3.9-stable (6b30494af214be58009a464982e5f9bd4927e635)
* [x] 3.8-stable (b60d8b5c9d3dc25f386bae243a6153b3d4909567)
* [x] 3.7-stable (c2ee36626b02eea017fc2f4b14191904f952bc5d)https://gitlab.alpinelinux.org/alpine/aports/-/issues/10756wavpack: Multiple vulnerabilities (CVE-2019-11498, CVE-2019-1010315, CVE-2019...2019-08-26T17:12:17ZAlicha CHwavpack: Multiple vulnerabilities (CVE-2019-11498, CVE-2019-1010315, CVE-2019-1010317, CVE-2019-1010319)### CVE-2019-11498: dos in pack_utils.c in libwavpack.a
WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow atta...### CVE-2019-11498: dos in pack_utils.c in libwavpack.a
WavpackSetConfiguration64 in pack_utils.c in libwavpack.a in WavPack through 5.1.0 has a "Conditional jump or move depends on uninitialised value" condition, which might allow attackers to cause a denial of service (application crash) via a DFF file that lacks valid sample-rate data.
#### References:
* https://github.com/dbry/WavPack/issues/67
* https://nvd.nist.gov/vuln/detail/CVE-2019-11498
#### Patch:
https://github.com/dbry/WavPack/commit/bc6cba3f552c44565f7f1e66dc1580189addb2b4
### CVE-2019-1010315: divide by zero in ParseDsdiffHeaderConfig leads to crash
WavPack 5.1 and earlier in component ParseDsdiffHeaderConfig (dsdiff.c:282) has a Divide by Zero, leading to
sudden crash of a software/service that tries to parse a maliciously crafted .wav file.
#### References:
* https://github.com/dbry/WavPack/issues/65
* https://nvd.nist.gov/vuln/detail/CVE-2019-1010315
#### Patch:
https://github.com/dbry/WavPack/commit/4c0faba32fddbd0745cbfaf1e1aeb3da5d35b9fc
### CVE-2019-1010317: use of uninitialized variable in ParseCaffHeaderConfig leads to DoS
WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseCaffHeaderConfig (caff.c:486). The attack vector is: Maliciously crafted .wav file.
#### References:
https://github.com/dbry/WavPack/issues/66
https://nvd.nist.gov/vuln/detail/CVE-2019-1010317
#### Patch:
https://github.com/dbry/WavPack/commit/f68a9555b548306c5b1ee45199ccdc4a16a6101b
### CVE-2019-1010319: Improper Initialization
WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variable. The impact is: Unexpected control flow, crashes, and segfaults. The component is: ParseWave64HeaderConfig (wave64.c:211). The attack vector is: Maliciously crafted .wav file.
#### References:
* https://github.com/dbry/WavPack/issues/68
* https://nvd.nist.gov/vuln/detail/CVE-2019-1010319
#### Patch:
https://github.com/dbry/WavPack/commit/33a0025d1d63ccd05d9dbaa6923d52b1446a62fe
### Affected branches:
* [x] master (ac2fd8a89cfc84daba107884f80429f966353415)
* [x] 3.10-stable (cf8d2a4da0a509445e4b9e7eda5074c70fad88c6)
* [x] 3.9-stable (a72e9dec2ca905acb1090eae42c239c177a553f0)
* [x] 3.8-stable (d30d51c92e7333a663a22b2775a0b3f2dcadf976)
* [x] 3.7-stable (191092674935c795b8225c2830c1511c58e07b13)LeoLeohttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10759nodejs: Multiple vulnerabilities (CVE-2019-9511, CVE-2019-9512, CVE-2019-9513...2021-04-02T02:51:16ZAlicha CHnodejs: Multiple vulnerabilities (CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518)* CVE-2019-9511 “Data Dribble”: The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Dependi...* CVE-2019-9511 “Data Dribble”: The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.
* CVE-2019-9512 “Ping Flood”: The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.
* CVE-2019-9513 “Resource Loop”: The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU, potentially leading to a denial of service.
* CVE-2019-9514 “Reset Flood”: The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both, potentially leading to a denial of service.
* CVE-2019-9515 “Settings Flood”: The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.
* CVE-2019-9516 “0-Length Headers Leak”: The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory, potentially leading to a denial of service.
* CVE-2019-9517 “Internal Data Buffering”: The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both, potentially leading to a denial of service.
* CVE-2019-9518 “Empty Frames Flood”: The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU, potentially leading to a denial of service.
#### Affected Versions:
All versions of Node.js 8 (LTS "Carbon"), Node.js 10 (LTS "Dubnium"), and Node.js 12 (Current).
#### Fixed In Version:
Nodejs 8.16.1, Nodejs 10.16.3, Nodejs 12.8.1
#### Reference:
https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/
### Affected branches:
* [x] master
* [x] 3.10-stable
* [x] 3.9-stable
* [x] 3.8-stable
* [x] 3.7-stableLeonardo ArenaLeonardo Arenahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10760nghttp2: Multiple Vulnerabilities (CVE-2019-9511, CVE-2019-9513)2019-09-12T06:38:25ZAlicha CHnghttp2: Multiple Vulnerabilities (CVE-2019-9511, CVE-2019-9513)### CVE-2019-9511: Data Dribble
The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depend...### CVE-2019-9511: Data Dribble
The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both, potentially leading to a denial of service.
#### Affected versions:
nghttp2 version < 1.39.2
#### Fixed In Version:
nghttp2 v1.39.2
#### Reference:
https://nghttp2.org/blog/2019/08/19/nghttp2-v1-39-2/
### CVE-2019-9513: Resource Loop
The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes
substantial churn to the priority tree. This can consume excess CPU, potentially leading to a denial of service.
#### Affected versions:
nghttp2 version < 1.39.2
#### Fixed In Version:
nghttp2 v1.39.2
#### Reference:
https://nghttp2.org/blog/2019/08/19/nghttp2-v1-39-2/
### Affected branches:
* [x] master (47780ea9133a89dc26bf3c42a7b3c8eab9306c5d)
* [x] 3.10-stable (68587782ed49631dadd84c5a6aaf0380aabf30fb)
* [x] 3.9-stable
* [x] 3.8-stable
* [x] 3.7-stableFrancesco ColistaFrancesco Colistahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10761tiff: Integer overflow (CVE-2019-14973)2019-08-28T08:53:11ZAlicha CHtiff: Integer overflow (CVE-2019-14973)_TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they
rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an ap..._TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they
rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash.
#### References:
https://gitlab.com/libtiff/libtiff/merge_requests/90
https://nvd.nist.gov/vuln/detail/CVE-2019-14973
#### Patch:
https://gitlab.com/libtiff/libtiff/commit/1b5e3b6a23827c33acf19ad50ce5ce78f12b3773
### Affected branches:
* [x] master
* [x] 3.10-stable
* [x] 3.9-stable
* [x] 3.8-stable
* [x] 3.7-stableLeonardo ArenaLeonardo Arenahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10775varnish: DoS attack vector (CVE-2019-15892)2019-10-12T20:08:27ZAlicha CHvarnish: DoS attack vector (CVE-2019-15892)An HTTP/1 parsing failure has been uncovered in Varnish Cache that will allow a remote attacker to trigger an assert in Varnish
Cache by sending specially crafted HTTP/1 requests. The assert will cause Varnish to automatically restart w...An HTTP/1 parsing failure has been uncovered in Varnish Cache that will allow a remote attacker to trigger an assert in Varnish
Cache by sending specially crafted HTTP/1 requests. The assert will cause Varnish to automatically restart with a clean cache,
which makes it a Denial of Service attack.
The problem was uncovered by internal testing at Varnish Software. It has to the best of our knowledge not been exploited.
The following is required for a successful attack:
The attacker must be able to send multiple HTTP/1 requests processed on the same HTTP/1 keepalive connection.
Mitigation is possible from VCL or by updating to a fixed version of Varnish Cache.
#### Affected Versions:
6.1.0 and forward
6.0 LTS by Varnish Software up to and including 6.0.3
#### Fixed In Version:
6.2.1
6.0.4 LTS by Varnish Software
#### References:
* https://varnish-cache.org/security/VSV00003.html
* https://nvd.nist.gov/vuln/detail/CVE-2019-15892
### Affected branches:
* [x] master (784f03748a63ed8dec1d2de19bde5e67779d674b)
* [x] 3.10-stable (2fa274fe2c593821cb7d12715f6cd77210ee6348)
* [x] 3.9-stable (6de195054a46f2c336e6928317843c55e74fc1f0)
* [x] 3.8-stable (67b7be458895eb0d8faab3d9b232ec040e11ef26)LeoLeohttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10776ghostscript: Multiple Vulnerabilities (CVE-2019-14811, CVE-2019-14812, CVE-20...2019-10-21T06:41:00ZAlicha CHghostscript: Multiple Vulnerabilities (CVE-2019-14811, CVE-2019-14812, CVE-2019-14813, CVE-2019-14817)### CVE-2019-14811: Safer mode bypass by .forceput exposure in .pdf_hook_DSC_Creator (701445)
A flaw was found in, ghostscript versions prior to 9.28, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privilege...### CVE-2019-14811: Safer mode bypass by .forceput exposure in .pdf_hook_DSC_Creator (701445)
A flaw was found in, ghostscript versions prior to 9.28, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.References:
#### References:
* https://www.openwall.com/lists/oss-security/2019/08/28/2
* https://nvd.nist.gov/vuln/detail/CVE-2019-14811
#### Patch:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33
#### Fixed in
- master (47e96eb4a65356706c4e6344e74859d045d38237)
### CVE-2019-14812 : Safer Mode Bypass by .forceput Exposure in setuserparams (701444)
A flaw was found in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
#### References:
* https://www.openwall.com/lists/oss-security/2019/08/28/2
* https://bugs.ghostscript.com/show_bug.cgi?id=701444
#### Patch:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33
#### Fixed in
- master (47e96eb4a65356706c4e6344e74859d045d38237)
### CVE-2019-14813 : Safer Mode Bypass by .forceput Exposure in setsystemparams (701443)
A flaw was found in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
#### References:
https://www.openwall.com/lists/oss-security/2019/08/28/2
https://bugs.ghostscript.com/show_bug.cgi?id=701443
#### Patch:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33
#### Fixed in
- master (47e96eb4a65356706c4e6344e74859d045d38237)
### CVE-2019-14817 : Safer Mode Bypass by .forceput Exposure in .pdfexectoken and other procedures (701450)
A flaw was found in, ghostscript versions prior to 9.28, in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.
#### References:
* https://www.openwall.com/lists/oss-security/2019/08/28/2
* https://nvd.nist.gov/vuln/detail/CVE-2019-14817
#### Patch:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=cd1b1cacadac2479e291efe611979bdc1b3bdb19
### Affected branches:
* [x] master
* [x] 3.10-stable
* [x] 3.9-stable
* [x] 3.8-stable (743e9bd4848ed6040e641fbe96e145887fd8beb6)
* [x] 3.7-stable (ea68e3cb473042136c9f22682b51d67c84cadba4)https://gitlab.alpinelinux.org/alpine/aports/-/issues/10790asterisk: Multiple vulnerabilities (CVE-2018-19278, CVE-2019-7251, CVE-2019-1...2019-09-17T07:21:21ZAlicha CHasterisk: Multiple vulnerabilities (CVE-2018-19278, CVE-2019-7251, CVE-2019-12827, CVE-2019-13161, CVE-2019-15297, CVE-2019-15639)### CVE-2018-19278: Remote crash vulnerability DNS SRV and NAPTR lookups
There is a buffer overflow vulnerability in dns_srv and dns_naptr functions of Asterisk that allows an attacker to crash Asterisk via a
specially crafted DNS SRV ...### CVE-2018-19278: Remote crash vulnerability DNS SRV and NAPTR lookups
There is a buffer overflow vulnerability in dns_srv and dns_naptr functions of Asterisk that allows an attacker to crash Asterisk via a
specially crafted DNS SRV or NAPTR response. The attacker’s request causes Asterisk to segfault and crash.
#### Affected Versions:
Asterisk 15.x All releases, 16.x All releases
#### Fixed In Version:
Asterisk 15.6.2 , 16.0.1
* master: 04e63b7eebdee737b366fec36a0b089364551fc0
* 3.10-stable: 04e63b7eebdee737b366fec36a0b089364551fc0
* 3.9-stable: 04e63b7eebdee737b366fec36a0b089364551fc0
#### Reference:
http://downloads.asterisk.org/pub/security/AST-2018-010.html
### CVE-2019-7251: Remote crash vulnerability with SDP protocol violation
When Asterisk makes an outgoing call, a very specific SDP protocol violation by the
remote party can cause Asterisk to crash.
#### Affected Versions:
Asterisk 15.x All releases, 16.x All releases
#### Fixed In Version:
Asterisk 15.7.2, 16.2.1
* master: a752e63bd4811d0b656d656f69d5f4f2c9a36090
* 3.10-stable: a752e63bd4811d0b656d656f69d5f4f2c9a36090
#### Reference:
http://downloads.asterisk.org/pub/security/AST-2019-001.html
### CVE-2019-12827: Remote crash vulnerability with MESSAGE messages
A specially crafted SIP in-dialog MESSAGE message
can cause Asterisk to crash.
#### Affected Versions:
Asterisk 13.x All releases, 15.x All releases, 16.x All releases
#### Fixed In Version:
Asterisk 13.27.1, 15.7.3, 16.4.1
* master: cd7e79e49f9e9ee8de5fb1ce4f3234c9d119d4e7
#### Reference:
http://downloads.asterisk.org/pub/security/AST-2019-002.html
### CVE-2019-13161: Remote Crash Vulnerability in chan_sip channel driver
When T.38 faxing is done in Asterisk a T.38 reinvite may be sent to an endpoint to switch it to T.38. If the endpoint responds with an improperly formatted SDP answer including both a T.38 UDPTL stream and an audio or video stream containing only codecs not allowed on the SIP peer or user a crash will occur. The code incorrectly assumes that there will be at least one common codec when T.38 is also in the SDP answer.
This requires Asterisk to initiate a T.38 reinvite which is only done when executing the ReceiveFax dialplan application
or performing T.38 passthrough where a remote endpoint has requested T.38.
#### Affected Versions:
Asterisk 13.x All releases, 15.x All releases, 16.x All releases
#### Fixed In Version:
Asterisk 13.27.1, 15.7.3, 16.4.1
* master: cd7e79e49f9e9ee8de5fb1ce4f3234c9d119d4e7
#### Reference:
http://downloads.asterisk.org/pub/security/AST-2019-003.html
### CVE-2019-15297: Crash when negotiating for T.38 with a declined stream
When Asterisk sends a re-invite initiating T.38 faxing, and the endpoint responds with a
declined media stream a crash will then occur in Asterisk.
#### Affected Versions:
Asterisk 15.x All releases, 16.x All releases
#### Fixed In Version:
Asterisk 15.7.4, 16.5.1
#### References:
http://downloads.asterisk.org/pub/security/AST-2019-004.html
### CVE-2019-15639: Remote Crash Vulnerability in audio transcoding
When audio frames are given to the audio transcoding support in Asterisk the number of samples are examined and as part of this a message is output to indicate that no samples are present. A change was done to suppress this message for a particular scenario in which the message was not relevant. This change assumed that information about the origin of a frame will always exist when in reality it may not.
This issue presented itself when an RTP packet containing no audio (and thus no samples) was received. In a particular transcoding scenario this audio frame would get turned into a frame with no origin information. If this new frame was then given to the audio transcoding support a crash would occur as no samples and no origin information would be present. The transcoding scenario requires the “genericplc” option to be set to enabled (the default) and a transcoding path from the source format into signed linear and then from signed linear into another format.
Note that there may be other scenarios that have not been found which can cause an audio frame with no origin to be given to the audio transcoding support and thus cause a crash.
#### Affected Versions:
Asterisk 13.x 13.28.0, 16.x 16.5.0
#### Fixed In Version:
Asterisk 13.28.1, 16.5.1
#### Reference:
http://downloads.asterisk.org/pub/security/AST-2019-005.html
### Affected branches:
* [x] master
* [x] 3.10-stable
* [x] 3.9-stable
* [x] 3.8-stable
* [x] 3.7-stableLeonardo ArenaLeonardo Arenahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10791expat: Heap overflow in XML_GetCurrentLineNumber (CVE-2019-15903)2019-09-14T23:17:36ZAlicha CHexpat: Heap overflow in XML_GetCurrentLineNumber (CVE-2019-15903)In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based ...In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.
#### References:
* https://github.com/libexpat/libexpat/issues/317
* https://nvd.nist.gov/vuln/detail/CVE-2019-15903
#### Patch:
https://github.com/libexpat/libexpat/commit/c20b758c332d9a13afbbb276d30db1d183a85d43
### Affected branches:
* [x] master (80209a8a1410935deaa223ea13b77b1679bd8e1d)
* [x] 3.10-stable (bb3e7ac09ba2b7a07cbf46deb00cff51e3037758)
* [x] 3.9-stable (f99152b5f555bb218d0f31324ab58d589fc9c68a)
* [x] 3.8-stable (9a9372b3f091845ba6a028b2ab8b0a6dcb937275)
* [x] 3.7-stable (190b36f9a208145ae20d54cea9575ebd14bbb213)Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10793curl: Multiple vulnerabilities (CVE-2019-5481, CVE-2019-5482)2019-09-17T12:10:05ZAlicha CHcurl: Multiple vulnerabilities (CVE-2019-5481, CVE-2019-5482)### CVE-2019-5481: FTP-KRB double-free
libcurl can be told to use kerberos over FTP to a server, as set with the CURLOPT_KRBLEVEL option.
During such kerberos FTP data transfer, the server sends data to curl in blocks with the 32 bit si...### CVE-2019-5481: FTP-KRB double-free
libcurl can be told to use kerberos over FTP to a server, as set with the CURLOPT_KRBLEVEL option.
During such kerberos FTP data transfer, the server sends data to curl in blocks with the 32 bit size of each block first and then that amount of data immediately following.
A malicious or just broken server can claim to send a very large block and if by doing that it makes curl's subsequent call to realloc() to fail, curl would then misbehave in the exit path and double-free the memory.
* Affected versions: libcurl >= 7.52.0 to and including 7.65.3
* Not affected versions: libcurl < 7.52.0
#### Fixed In Version:
libcurl 7.66.0
#### References
* https://curl.haxx.se/docs/CVE-2019-5481.html
* https://www.openwall.com/lists/oss-security/2019/09/11/5
#### Patch:
https://github.com/curl/curl/commit/9069838b30fb3b48af0123e39f664cea683254a5
### CVE-2019-5482: TFTP small blocksize heap buffer overflow
libcurl contains a heap buffer overflow in the function (tftp_receive_packet()) that receives data from a TFTP server. It can call recvfrom() with the default size for the buffer rather than with the size that was used to allocate it. Thus, the content that might overwrite the heap memory is controlled by the server.
This flaw is only triggered if the TFTP server sends an OACK without the BLKSIZE option, when a BLKSIZE smaller than 512 bytes was requested by the TFTP client. OACK is a TFTP extension and is not used by all TFTP servers.
* Affected versions: libcurl >= 7.19.4 to and including 7.65.3
* Not affected versions: libcurl < 7.19.4
#### Fixed In Version:
libcurl 7.66.0
#### References:
* https://curl.haxx.se/docs/CVE-2019-5482.html
* https://www.openwall.com/lists/oss-security/2019/09/11/6
#### Patch:
https://github.com/curl/curl/commit/facb0e4662415b5f28163e853dc6742ac5fafb3d
### Affected branches:
* [x] master
* [x] 3.10-stable
* [x] 3.9-stable
* [x] 3.8-stable
* [x] 3.7-stableLeonardo ArenaLeonardo Arenahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10794python2: Multiple vulnerabilities (CVE-2019-9740, CVE-2019-9947, CVE-2019-16056)2021-02-23T19:49:40ZAlicha CHpython2: Multiple vulnerabilities (CVE-2019-9740, CVE-2019-9947, CVE-2019-16056)#### CVE-2019-9740: Python urllib CRLF injection vulnerability
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, ...#### CVE-2019-9740: Python urllib CRLF injection vulnerability
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the query string after a ? character) followed by an HTTP header or a Redis command.
References:
* https://nvd.nist.gov/vuln/detail/CVE-2019-9740
* https://bugs.python.org/issue36276
#### CVE-2019-9947: Header Injection in urllib
An issue was discovered in urllib2 in Python 2.x through 2.7.16 and urllib in Python 3.x through 3.7.3. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with \r\n (specifically in the path component of a URL that lacks a ? character) followed by an HTTP header or a Redis command. This is similar to the CVE-2019-9740 query string issue.
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2019-9947
* https://bugs.python.org/issue35906
### CVE-2019-16056: email.utils.parseaddr mistakenly parse an email
An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied.
#### References:
* https://bugs.python.org/issue34155
* https://nvd.nist.gov/vuln/detail/CVE-2019-16056
### Affected branches:
* [x] master
* [x] 3.10-stable
* [x] 3.9-stable
* [ ] 3.8-stable
* [ ] 3.7-stableNatanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10795python3: email.utils.parseaddr mistakenly parse an email (CVE-2019-16056)2019-10-16T13:50:49ZAlicha CHpython3: email.utils.parseaddr mistakenly parse an email (CVE-2019-16056)An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email mod...An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address that should be denied.
* https://bugs.python.org/issue34155
* https://nvd.nist.gov/vuln/detail/CVE-2019-16056
#### Patches:
* https://github.com/python/cpython/commit/c48d606adcef395e59fd555496c42203b01dd3e8
* https://github.com/python/cpython/commit/13a19139b5e76175bc95294d54afc9425e4f36c9
### Affected branches:
* [x] master (41e574563a228c690047bb1b5c88c58978a2cfd5)
* [x] 3.10-stable (bab9a458665985f45b83a039c4f46b732a37b420)
* [x] 3.9-stable (aff70ee75a54dac4ce36137ef9d8e1d80e3f4c74)
* [x] 3.8-stable (0562e86c76fdabc97dfe78d850621ebd4360561a)
* [x] 3.7-stable (836b3a9938b9cc2baaf9884096cf298a80707a87)LeoLeohttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10799hostapd: AP mode PMF disconnection protection bypass (CVE-2019-16275)2019-09-17T12:45:12ZAlicha CHhostapd: AP mode PMF disconnection protection bypass (CVE-2019-16275)hostapd before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection...hostapd before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range.
#### References:
* https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt
* https://www.openwall.com/lists/oss-security/2019/09/12/6
#### Patch:
https://w1.fi/security/2019-7/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch
### Affected branches:
* [x] master
* [x] 3.10-stable
* [x] 3.9-stable
* [x] 3.8-stable
* [x] 3.7-stableLeonardo ArenaLeonardo Arenahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10800wpa_supplicant: AP mode PMF disconnection protection bypass (CVE-2019-16275)2019-09-17T13:20:04ZAlicha CHwpa_supplicant: AP mode PMF disconnection protection bypass (CVE-2019-16275)Wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame pro...Wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range.
#### References:
* https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt
* https://www.openwall.com/lists/oss-security/2019/09/12/6
#### Patch:
https://w1.fi/security/2019-7/0001-AP-Silently-ignore-management-frame-from-unexpected-.patch
### Affected branches:
* [x] master
* [x] 3.10-stable
* [x] 3.9-stable
* [x] 3.8-stable
* [x] 3.7-stableNatanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10811poppler: integer overflow in JPXStream::init function leading to memory consu...2019-09-24T14:15:09ZAlicha CHpoppler: integer overflow in JPXStream::init function leading to memory consumption (CVE-2019-9959)The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby
making it possible to allocate a large memory chunk on the heap, with a size controll...The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby
making it possible to allocate a large memory chunk on the heap, with a size controlled by an attacker, as demonstrated by pdftocairo.
#### Fixed In Version:
poppler 0.79
#### References:
* https://gitlab.freedesktop.org/poppler/poppler/blob/master/NEWS
* https://nvd.nist.gov/vuln/detail/CVE-2019-9959
* https://gitlab.freedesktop.org/poppler/poppler/issues/805
#### Patch:
https://gitlab.freedesktop.org/poppler/poppler/commit/68ef84e5968a4249c2162b839ca6d7975048a557
### Affected branches:
* [x] master
* [x] 3.10-stable
* [x] 3.9-stable
* [x] 3.8-stable
* [x] 3.7-stableNatanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10814libmspack: buffer overflow in function chmd_read_headers() (CVE-2019-1010305)2020-03-26T18:14:25ZAlicha CHlibmspack: buffer overflow in function chmd_read_headers() (CVE-2019-1010305)libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in
libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a special...libmspack 0.9.1alpha is affected by: Buffer Overflow. The impact is: Information Disclosure. The component is: function chmd_read_headers() in
libmspack(file libmspack/mspack/chmd.c). The attack vector is: the victim must open a specially crafted chm file.
#### References:
* https://github.com/kyz/libmspack/issues/27
* https://nvd.nist.gov/vuln/detail/CVE-2019-1010305
#### Patch:
https://github.com/kyz/libmspack/commit/2f084136cfe0d05e5bf5703f3e83c6d955234b4d
### Affected branches:
* [x] master
* [x] 3.11-stable
* [x] 3.10-stable
* [x] 3.9-stable
* [x] 3.8-stableNatanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10815nfdump: Multiple vulnerabilities (CVE-2019-14459, CVE-2019-1010057)2019-11-20T14:31:39ZAlicha CHnfdump: Multiple vulnerabilities (CVE-2019-14459, CVE-2019-1010057)### CVE-2019-14459: integer overflow in function Process_ipfix_template_withdraw in ipfix.c leads to denial of service
nfdump 1.6.17 and earlier is affected by an integer overflow in the function Process_ipfix_template_withdraw in ipfix...### CVE-2019-14459: integer overflow in function Process_ipfix_template_withdraw in ipfix.c leads to denial of service
nfdump 1.6.17 and earlier is affected by an integer overflow in the function Process_ipfix_template_withdraw in ipfix.c
that can be abused in order to crash the process remotely (denial of service).
#### References:
* https://github.com/phaag/nfdump/issues/171
* https://nvd.nist.gov/vuln/detail/CVE-2019-14459
#### Patch:
https://github.com/phaag/nfdump/commit/3b006ededaf351f1723aea6c727c9edd1b1fff9b
### CVE-2019-1010057: buffer overflow in nfx.c, nffile_inline.c and minilzo.c (3.7-stable only)
A vulnerability was found in nfdump 1.6.16 and earlier is affected by: Buffer Overflow. The impact is: The impact could range from a denial of service to local code execution. The component is: nfx.c:546, nffile_inline.c:83, minilzo.c (redistributed). The attack vector is: nfdump must read and process a specially crafted file.
#### Reference:
* https://github.com/phaag/nfdump/issues/104
* https://nvd.nist.gov/vuln/detail/CVE-2019-1010057
#### Patch:
https://github.com/phaag/nfdump/commit/9f0fe9563366f62a71d34c92229da3432ec5cf0e
### Affected branches:
* [x] master (c3827654c474f99d9f38da5787e152b45478dd4f)
* [x] 3.10-stable
* [x] 3.9-stable
* [x] 3.8-stable (c754c0cdd9)
* [x] 3.7-stable (34eaff89c07f1ff54a178e533eea071a315e1af8)Leonardo ArenaLeonardo Arenahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10822mosquitto: malicious MQTT sends SUBSCRIBE packet leads to stack over flow (CV...2019-09-26T18:39:31ZAlicha CHmosquitto: malicious MQTT sends SUBSCRIBE packet leads to stack over flow (CVE-2019-11779)In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow ...In Eclipse Mosquitto 1.5.0 to 1.6.5 inclusive, if a malicious MQTT client sends a SUBSCRIBE packet containing a topic that consists of approximately 65400 or more '/' characters, i.e. the topic hierarchy separator, then a stack overflow will occur.
#### Fixed In Version:
mosquitto 1.5.9 and 1.6.6.
#### Reference:
* https://bugs.eclipse.org/bugs/show_bug.cgi?id=551160
* https://nvd.nist.gov/vuln/detail/CVE-2019-11779
### Affected branches:
* [x] master (1a43a53ec67e2c5ca5fa770026cd904d745f32a1)
* [x] 3.10-stable (68e4e4a13ae7d52d37708f6d7393a5a6ef0ef856)
* [x] 3.9-stable (d2a7f0ccf6f57e24ef70b4177a6b763d7c747982)LeoLeohttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10823libgcrypt: ECDSA timing attack (CVE-2019-13627)2019-11-20T13:55:39ZAlicha CHlibgcrypt: ECDSA timing attack (CVE-2019-13627)A mitigation against an ECDSA timing attack was fixed in libgcrypt 1.8.5
#### References:
https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000440.html
#### Patches:
* https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a...A mitigation against an ECDSA timing attack was fixed in libgcrypt 1.8.5
#### References:
https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000440.html
#### Patches:
* https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=d5407b78cca9f9d318a4f4d2f6ba2b8388584cd9 (1.8.5)
* https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=db4e9976cc31b314aafad6626b2894e86ee44d60 (1.8.5)
### Affected branches:
* [x] master (f9cd8fbac76e354ca5b9d415cd4992375389bb31)
* [x] 3.10-stable (4edee7eef800091770a3def2296f36d9f9b8778d)
* [x] 3.9-stable (a8034aa3511680d7996e46d4cb0656d4d32df01d)
* [x] 3.8-stable (ccc5650a36)
* [x] 3.7-stable (1c4658e647d8946733688266ebe9784f71859fb6)Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10835e2fsprogs: Out-of-bounds write (CVE-2019-5094)2019-10-17T14:23:32ZAlicha CHe2fsprogs: Out-of-bounds write (CVE-2019-5094)The vulnerability allows a local user to escalate privileges on the vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in the quota file functionality. A local user can send a specially cr...The vulnerability allows a local user to escalate privileges on the vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in the quota file functionality. A local user can send a specially crafted xt4 partition, trigger out-of-bounds write on the heap and execute arbitrary code on the target system.
Note: An attacker can corrupt a partition to trigger this vulnerability.
#### Vulnerable versions:
E2fsprogs: 1.43.3, 1.43.4, 1.43.5, 1.43.6, 1.43.7, 1.43.8, 1.43.9, 1.44.0, 1.44.1, 1.44.2, 1.44.3, 1.44.4, 1.44.5, 1.44.6, 1.45.0, 1.45.1, 1.45.2, 1.45.3
#### References:
* https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0887
* https://www.cybersecurity-help.cz/vdb/SB2019092502
* https://nvd.nist.gov/vuln/detail/CVE-2019-5094
### Affected branches:
* [x] master (fdf4438fcf6168740693218f76800a221ff2e658)
* [x] 3.10-stable (bac324e9e42da71fd74dd386daf7f84aae6907dc)
* [x] 3.9-stable (3e1d286c529c3cace0231414810b22b8b20198fa)
* [x] 3.8-stable (b07e4ca0bd5a1542b96c14bfb7c9aed7fd0eaa70)
* [x] 3.7-stable (3ae476f3715e2011fce8fb62ecb98307aa497b10)LeoLeohttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10844openssl: Multiple vulnerabilities (CVE-2019-1547, CVE-2019-1549, CVE-2019-1563)2019-10-03T10:45:48ZAlicha CHopenssl: Multiple vulnerabilities (CVE-2019-1547, CVE-2019-1549, CVE-2019-1563)### CVE-2019-1547: ECDSA remote timing attack
Normally in OpenSSL EC groups always have a co-factor present and this is used
in side channel resistant code paths. However, in some cases, it is possible to
construct a group using explic...### CVE-2019-1547: ECDSA remote timing attack
Normally in OpenSSL EC groups always have a co-factor present and this is used
in side channel resistant code paths. However, in some cases, it is possible to
construct a group using explicit parameters (instead of using a named curve). In
those cases it is possible that such a group does not have the cofactor present.
This can occur even where all the parameters match a known named curve.
If such a curve is used then OpenSSL falls back to non-side channel resistant
code paths which may result in full key recovery during an ECDSA signature
operation.
In order to be vulnerable an attacker would have to have the ability to time
the creation of a large number of signatures where explicit parameters with no
co-factor present are in use by an application using libcrypto.
For the avoidance of doubt libssl is not vulnerable because explicit parameters
are never used.
OpenSSL versions 1.1.1, 1.1.0 and 1.0.2 are affected by this issue.
* OpenSSL 1.1.1 users should upgrade to 1.1.1d
* OpenSSL 1.1.0 users should upgrade to 1.1.0l
* OpenSSL 1.0.2 users should upgrade to 1.0.2t
#### Reference:
https://www.openssl.org/news/secadv/20190910.txt
### CVE-2019-1549: Fork Protection
OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was
intended to include protection in the event of a fork() system call in order to
ensure that the parent and child processes did not share the same RNG state.
However this protection was not being used in the default case.
A partial mitigation for this issue is that the output from a high precision
timer is mixed into the RNG state so the likelihood of a parent and child
process sharing state is significantly reduced.
If an application already calls OPENSSL_init_crypto() explicitly using
OPENSSL_INIT_ATFORK then this problem does not occur at all.
OpenSSL version 1.1.1 is affected by this issue.
OpenSSL 1.1.1 users should upgrade to 1.1.1d
##### Reference:
https://www.openssl.org/news/secadv/20190910.txt
### CVE-2019-1563: Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey
In situations where an attacker receives automated notification of the success
or failure of a decryption attempt an attacker, after sending a very large
number of messages to be decrypted, can recover a CMS/PKCS7 transported
encryption key or decrypt any RSA encrypted message that was encrypted with the
public RSA key, using a Bleichenbacher padding oracle attack. Applications are
not affected if they use a certificate together with the private RSA key to the
CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to
decrypt.
* OpenSSL 1.1.1 users should upgrade to 1.1.1d
* OpenSSL 1.1.0 users should upgrade to 1.1.0l
* OpenSSL 1.0.2 users should upgrade to 1.0.2t
#### Reference:
https://www.openssl.org/news/secadv/20190910.txt
### Affected branches:
* [x] master (09a199deeac384bd1f22bb26c2ec5b3bd60257a2)
* [x] 3.10-stable (95e4899bd4d379e6dde69de81fb0506e00322dec)
* [x] 3.9-stable (02764f1bda32c4feca91b9bdc3b7870d637ff8a2)
* [x] 3.8-stable (c5a3b0b6d1ecd85d52e16f330be9478aca853348)
* [x] 3.7-stable (033f9730873ed7526ced21e72ba16a2937bab220)Timo TeräsTimo Teräshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10862libssh2: integer overflow in kex_method_diffie_hellman_group_exchange_sha256_...2019-10-16T14:15:16ZAlicha CHlibssh2: integer overflow in kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c leads to out-of-bounds write (CVE-2019-13115)A vulnerability was discovered in libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds write in the way packets are read from the server. ...A vulnerability was discovered in libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchange_sha256_key_exchange in kex.c has an integer overflow that could lead to an out-of-bounds write in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server. This is related to an _libssh2_check_length mistake, and is different from the various issues fixed in 1.8.1, such as CVE-2019-3855.
#### References:
* https://libssh2.org/changes.html
* https://github.com/libssh2/libssh2/pull/350
* https://nvd.nist.gov/vuln/detail/CVE-2019-13115
#### Patch:
https://github.com/doorsdown/libssh2/commit/7e7189e013db15c6306fab0ddb38c020c0de81ed
### Affected branches:
* [x] master (044c99c001c6f3750434d37d8c14d6622d30befd)
* [x] 3.10-stable (9c414d1b72c4b7778b41503b5d9d4cc448a6a5c5)
* [x] 3.9-stable (67790854e429c3bc73b13862d83ae4ce21b38f98)
* [x] 3.8-stable (21ea819c6bacbd5db33f986891363128655a77e1)
* [x] 3.7-stable (f5dad6eecb361cad9925f93fb5731a369e1e0687)Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10867libseccomp: An incorrect generation of syscall filters (CVE-2019-9893)2020-01-23T16:11:18ZAlicha CHlibseccomp: An incorrect generation of syscall filters (CVE-2019-9893)libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic
operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and potential privilege escalations.
#### Ref...libseccomp before 2.4.0 did not correctly generate 64-bit syscall argument comparisons using the arithmetic
operators (LT, GT, LE, GE), which might able to lead to bypassing seccomp filters and potential privilege escalations.
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2019-9893
* https://github.com/seccomp/libseccomp/issues/139
### Affected branches:
* [x] master (aa251917a923821de5ed0a20dabdb1a44f2adc00)
* [x] 3.10-stable (aa251917a923821de5ed0a20dabdb1a44f2adc00)
* [x] 3.9-stable (e657e0093ed9ebec652aae5c2d510e0a5148c095)
* [x] 3.8-stable (d7288e99061f0ea9be587cba5712912f10de33f9)
* [ ] 3.7-stable (WONTFIX, EOL)Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10868sqlite: Division by zero in the query planner (CVE-2019-16168)2019-10-22T18:12:49ZAlicha CHsqlite: Division by zero in the query planner (CVE-2019-16168)In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other
application because of missing
validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."
#### References:
*...In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other
application because of missing
validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2019-16168
* https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62
### Affected branches:
* [x] master (9d6ad16bcfa3c3a07524b30f986f01892a3c4454)
* [x] 3.10-stable (d5f87185a9e0878348a7b8340fbff4677e23d996)
* [x] 3.9-stable (18528a54c8a02fb5f59a2e8fb70ec0b83486acc6)
* [x] 3.8-stable (0aa5cea84fa7029c83cff7e6fab3046d80aa65e0)
* [x] 3.7-stable (1833ad9258bf53ebd1f42ccecc5bbf2696c7e19a)Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10871python3: XSS via the server_title field (CVE-2019-16935)2019-10-17T12:14:22ZAlicha CHpython3: XSS via the server_title field (CVE-2019-16935)The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If ...The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.
#### References:
* https://bugs.python.org/issue38243
* https://nvd.nist.gov/vuln/detail/CVE-2019-16935
#### Patches:
* https://github.com/python/cpython/commit/39a0c7555530e31c6941a78da19b6a5b61170687
* https://github.com/python/cpython/commit/1698cacfb924d1df452e78d11a4bf81ae7777389
### Affected branches:
* [x] master (41e574563a228c690047bb1b5c88c58978a2cfd5)
* [x] 3.10-stable (bab9a458665985f45b83a039c4f46b732a37b420)
* [x] 3.9-stable (acfecae8b1c02f9e1c60fd86eedbd287c2041972)
* [x] 3.8-stable (5ac7d9845072728829c7c7baa416b73cfd04dee9)
* [x] 3.7-stable (a78524311859be920dd94ea73d2b5ba63ec36c31)Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10872python2: The documentation XML-RPC server (CVE-2019-16935)2020-01-14T10:37:12ZAlicha CHpython2: The documentation XML-RPC server (CVE-2019-16935)The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If ...The documentation XML-RPC server in Python through 2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has XSS via the server_title field. This occurs in Lib/DocXMLRPCServer.py in Python 2.x, and in Lib/xmlrpc/server.py in Python 3.x. If set_server_title is called with untrusted input, arbitrary JavaScript can be delivered to clients that visit the http URL for this server.
#### References:
* https://bugs.python.org/issue38243
* https://nvd.nist.gov/vuln/detail/CVE-2019-16935
#### Patch:
https://github.com/python/cpython/commit/8eb64155ff26823542ccf0225b3d57b6ae36ea89
### Affected branches:
* [x] master (9c34a237cf52d34f870ec322b8a00a19f72b4616)
* [x] 3.10-stable
* [x] 3.9-stable
* [x] 3.8-stable
* [x] 3.7-stableLeonardo ArenaLeonardo Arenahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10874sudo needs updating to 1.8.28, due to security flaw (CVE-2019-14287)2020-02-05T11:20:22ZTom Parrottsudo needs updating to 1.8.28, due to security flaw (CVE-2019-14287)https://thehackernews.com/2019/10/linux-sudo-run-as-root-flaw.html
https://www.sudo.ws/alerts/minus_1_uid.html
Summary:
When sudo is configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specifi...https://thehackernews.com/2019/10/linux-sudo-run-as-root-flaw.html
https://www.sudo.ws/alerts/minus_1_uid.html
Summary:
When sudo is configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, it is possible to run commands as root by specifying the user ID -1 or 4294967295.
This can be used by a user with sufficient sudo privileges to run commands as root even if the Runas specification explicitly disallows root access as long as the ALL keyword is listed first in the Runas specification.
Log entries for commands run this way will list the target user as 4294967295 instead of root. In addition, PAM session modules will not be run for the command.
Sudo versions affected:
Sudo versions prior to 1.8.28 are affected.
CVE ID:
This vulnerability has been assigned CVE-2019-14287 in the Common Vulnerabilities and Exposures database.
### Affected branches:
* [x] master (87cda3c142a7ab418e7a25d79f226a7470ec3867)
* [x] 3.10-stable (3646eb84251dca32277b87ee540ad7062a909687)
* [x] 3.9-stable (4eb0cde945abbbc4072723fa88a36001fa50aef8)
* [x] 3.8-stable (65742d1686905358cb3f4a84098986fee39b760c)
* [ ] 3.7-stable (WONTFIX, EOL)https://gitlab.alpinelinux.org/alpine/aports/-/issues/10877sdl: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c (C...2019-11-20T11:14:39ZAlicha CHsdl: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c (CVE-2019-13616)SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.
#### References:
* https://nvd.nist.gov/vuln/de...SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2019-13616
* https://hg.libsdl.org/SDL/rev/ad1bbfbca760
### Affected branches:
* [x] master (7524badc16a4157691398a942c5a94069febe580)
* [x] 3.10-stable (8500a33291)
* [x] 3.9-stable (08adcfc479eef62bec301b3f917ee3e50960721d)
* [x] 3.8-stable (23f3bf9a8153dece9918c9b8d4bbcce11a53b594)
* [x] 3.7-stable (c22e88769d)Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10878sdl_image: heap-based buffer overflow in SDL blit functions in video/SDL_blit...2019-11-20T10:56:48ZAlicha CHsdl_image: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c (CVE-2019-13616)SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.
#### References:
* https://nvd.nist.gov/vuln/de...SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2019-13616
* https://bugzilla.libsdl.org/show_bug.cgi?id=4538
#### Patch:
https://hg.libsdl.org/SDL_image/rev/a59bfe382008
### Affected branches:
* [x] master (57df0876bfe6ab49dc759abbde418a91891fc5f4)
* [x] 3.10-stable (41c5bc74b5ac24cb063d2188b02ef2c9af61c2b0)
* [x] 3.9-stable (258d45e74735a475fb9e2df05c79b9f8304d1b9f)
* [x] 3.8-stable (e5f827ce9138a26780217975e2b90fda2ee3043d)
* [x] 3.7-stable (a50982cecf73dfa8a835012915ba76eab2dba9e2)Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10879sdl2_image: heap-based buffer overflow in SDL blit functions in video/SDL_bli...2019-12-31T10:09:17ZAlicha CHsdl2_image: heap-based buffer overflow in SDL blit functions in video/SDL_blit*.c (CVE-2019-13616)SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.
#### References:
* https://nvd.nist.gov/vuln/de...SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c.
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2019-13616
* https://bugzilla.libsdl.org/show_bug.cgi?id=4538
#### Patch:
https://hg.libsdl.org/SDL_image/rev/ba45f00879ba
### Affected branches:
* [x] master
* [x] 3.10-stable
* [x] 3.9-stable
* [x] 3.8-stable
* [x] 3.7-stableFrancesco ColistaFrancesco Colistahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10880rsyslog: Multiple Vulnerabilities (CVE-2019-17041, CVE-2019-17042)2019-10-22T18:11:12ZAlicha CHrsyslog: Multiple Vulnerabilities (CVE-2019-17041, CVE-2019-17042)### CVE-2019-17041
An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a...### CVE-2019-17041
An issue was discovered in Rsyslog v8.1908.0. contrib/pmaixforwardedfrom/pmaixforwardedfrom.c has a heap overflow in the parser for AIX log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon) but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.
#### References:
* https://github.com/rsyslog/rsyslog/pull/3884
* https://nvd.nist.gov/vuln/detail/CVE-2019-17041
#### Patch:
https://github.com/rsyslog/rsyslog/pull/3884/commits/10549ba915556c557b22b3dac7e4cb73ad22d3d8
### CVE-2019-17042
An issue was discovered in Rsyslog v8.1908.0. contrib/pmcisconames/pmcisconames.c has a heap overflow in the parser for Cisco log messages. The parser tries to locate a log message delimiter (in this case, a space or a colon), but fails to account for strings that do not satisfy this constraint. If the string does not match, then the variable lenMsg will reach the value zero and will skip the sanity check that detects invalid log messages. The message will then be considered valid, and the parser will eat up the nonexistent colon delimiter. In doing so, it will decrement lenMsg, a signed integer, whose value was zero and now becomes minus one. The following step in the parser is to shift left the contents of the message. To do this, it will call memmove with the right pointers to the target and destination strings, but the lenMsg will now be interpreted as a huge value, causing a heap overflow.
#### References:
* https://github.com/rsyslog/rsyslog/pull/3883
* https://nvd.nist.gov/vuln/detail/CVE-2019-17042
#### Patch:
https://github.com/rsyslog/rsyslog/pull/3883/commits/abc0960a7561e18944a0e08d48f4eb570ea7435a
### Affected branches:
* [x] master (fb0705945971ff53797273dd8c262991529048a3)
* [x] 3.10-stable (8a52368e6a35515b79c35269568b95fdcf606b4f)
* [x] 3.9-stable (ba93705f698eb64a2519ba1380f83d9238db90e2)
* [x] 3.8-stable (44d4603afebae99966171e69bddc5dcfd2be3bf9)
* [x] 3.7-stable (7544d63c6aab6c75c1675f3eab478f28d6278f69)LeoLeohttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10883libssh2: integer overflow (CVE-2019-17498)2019-10-17T09:32:54ZNatanael Copalibssh2: integer overflow (CVE-2019-17498)An integer overflow vulnerability exists in libssh2 version 1.9.0 and earlier.
The vulnerability is an out-of-bounds read, potentially leading to either denial of service or remote information disclosure. It is triggered when libssh2 is...An integer overflow vulnerability exists in libssh2 version 1.9.0 and earlier.
The vulnerability is an out-of-bounds read, potentially leading to either denial of service or remote information disclosure. It is triggered when libssh2 is used to connect to a malicious SSH server. The overflow occurs when the SSH server sends a disconnect message, which means that the vulnerability can be triggered early in the connection process, before authentication is completed.
#### References
https://blog.semmle.com/libssh2-integer-overflow-CVE-2019-17498/
#### Patch
https://github.com/libssh2/libssh2/pull/402/commits/1c6fa92b77e34d089493fe6d3e2c6c8775858b94
### Affected branches
- [x] master (6c763143a08a56997ee6f88f9329cfc17d6b56b5)
- [x] 3.10-stable (abdf2ab6d79a67fd9049354e301836e75be57fce)
- [x] 3.9-stable (db43cc6825c1432f1f003c621cee428ba844860f)
- [x] 3.8-stable (7e5d7dd70d3c19875845f534826625d7071f222d)
- [x] 3.7-stable (d33ef701a0f9572919bab33d45f26a7e53ddb156)https://gitlab.alpinelinux.org/alpine/aports/-/issues/10890tcpdump: Multiple vulnerabilities2021-01-28T19:58:18ZAlicha CHtcpdump: Multiple vulnerabilities* CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print and lookup_emem.
* CVE-2018-10103: Fixed a mishandling of the printing of SMB data.
* CVE-2018-10105: Fixed a mishandling of the printing of SMB data.
* CVE-...* CVE-2017-16808: Fixed a heap-based buffer over-read related to aoe_print and lookup_emem.
* CVE-2018-10103: Fixed a mishandling of the printing of SMB data.
* CVE-2018-10105: Fixed a mishandling of the printing of SMB data.
* CVE-2018-14461: Fixed a buffer over-read in print-ldp.c:ldp_tlv_print.
* CVE-2018-14462: Fixed a buffer over-read in print-icmp.c:icmp_print.
* CVE-2018-14463: Fixed a buffer over-read in print-vrrp.c:vrrp_print.
* CVE-2018-14464: Fixed a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs.
* CVE-2018-14465: Fixed a buffer over-read in print-rsvp.c:rsvp_obj_print.
* CVE-2018-14466: Fixed a buffer over-read in print-rx.c:rx_cache_find.
* CVE-2018-14467: Fixed a buffer over-read in print-bgp.c:bgp_capabilities_print.
* CVE-2018-14468: Fixed a buffer over-read in print-fr.c:mfr_print.
* CVE-2018-14469: Fixed a buffer over-read in print-isakmp.c:ikev1_n_print.
* CVE-2018-14470: Fixed a buffer over-read in print-babel.c:babel_print_v2.
* CVE-2018-14879: Fixed a buffer overflow in the command-line argument parser.
* CVE-2018-14880: Fixed a buffer over-read in the OSPFv3 parser.
* CVE-2018-14881: Fixed a buffer over-read in the BGP parser.
* CVE-2018-14882: Fixed a buffer over-read in the ICMPv6 parser
* CVE-2018-16227: Fixed a buffer over-read in the IEEE 802.11 parser in print-802_11.c for the Mesh Flags subfield.
* CVE-2018-16228: Fixed a buffer over-read in the HNCP parser.
* CVE-2018-16229: Fixed a buffer over-read in the DCCP parser.
* CVE-2018-16230: Fixed a buffer over-read in the BGP parser in print-bgp.c:bgp_attr_print.
* CVE-2018-16300: Fixed an unlimited recursion in the BGP parser that allowed denial-of-service by stack consumption.
* CVE-2018-16301: Fixed a buffer overflow (bsc#1153332 bsc#1153098).
* CVE-2018-16451: Fixed several buffer over-reads in print-smb.c:print_trans.
* CVE-2018-16452: Fixed a stack exhaustion in smbutil.c:smb_fdata.
* CVE-2019-15166: Fixed a bounds check in lmp_print_data_link_subobjs.
* CVE-2019-15167: Fixed a vulnerability in VRRP.
#### Fixed In Version:
tcpdump 4.9.3
#### References:
https://github.com/the-tcpdump-group/tcpdump/blob/tcpdump-4.9/CHANGES
### Affected branches:
* [x] master (552c3620773db0fb6a4d1e714eaa49b6a16de052)
* [x] 3.10-stable (e3e3e3952958b31bf6f3e01e6c73b30e3e126745)
* [ ] 3.9-stable
* [ ] 3.8-stable
* [ ] 3.7-stableNatanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10897unbound: pointer dereference in uninitialized memory (CVE-2019-16866)2019-10-31T17:12:29ZAlicha CHunbound: pointer dereference in uninitialized memory (CVE-2019-16866)Due to an error in parsing NOTIFY queries, it is possible for Unbound to
continue processing malformed queries and may ultimately result in a
pointer dereference in uninitialized memory. This results in a crash of
the Unbound daemon.
Wh...Due to an error in parsing NOTIFY queries, it is possible for Unbound to
continue processing malformed queries and may ultimately result in a
pointer dereference in uninitialized memory. This results in a crash of
the Unbound daemon.
Whether this issue leads to a crash depends on the content of the
uninitialized memory space and cannot be predicted. This issue can only
be triggered by queries received from addresses that are allowed to send
queries according to Unbound's ACL (access-control in the Unbound
configuration).
#### Affected Versions:
Unbound 1.7.1 up to and including 1.9.3.
#### Fixed In Version:
Unbound 1.9.4
#### References:
* https://nlnetlabs.nl/downloads/unbound/CVE-2019-16866.txt
* https://nvd.nist.gov/vuln/detail/CVE-2019-16866
#### Patch:
https://nlnetlabs.nl/downloads/unbound/patch_cve_2019-16866.diff
### Affected branches:
* [x] master (07f51c5e91d1951db83c0eea2e99febdae2855f4)
* [x] 3.10-stable
* [x] 3.9-stable
* [x] 3.8-stableLeoLeohttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10898aspell: stack-based buffer over-read (CVE-2019-17544)2019-10-31T17:15:39ZAlicha CHaspell: stack-based buffer over-read (CVE-2019-17544)libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in
acommon::unescape in common/getdata.cpp via an isolated \ character.
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2019-17544
* https://cve.mitre....libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer over-read in
acommon::unescape in common/getdata.cpp via an isolated \ character.
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2019-17544
* https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17544
#### Patch:
https://github.com/GNUAspell/aspell/commit/80fa26c74279fced8d778351cff19d1d8f44fe4e
### Affected branches:
* [x] master (225e389a87f90dfce90af37db5c8da3b976b1a53)
* [x] 3.10-stable
* [x] 3.9-stable
* [x] 3.8-stable
* [x] 3.7-stableLeoLeohttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10899nmap: Multiple vulnerabilities (CVE-2017-18594, CVE-2018-15173)2019-10-28T21:17:11ZAlicha CHnmap: Multiple vulnerabilities (CVE-2017-18594, CVE-2018-15173)### CVE-2017-18594: denial of service condition due to a double free when SSH connection fails
A vulnerability was found in nse_libssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when
an SSH connec...### CVE-2017-18594: denial of service condition due to a double free when SSH connection fails
A vulnerability was found in nse_libssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when
an SSH connection fails, as demonstrated by a leading \n character to ssh-brute.nse or ssh-auth-methods.nse.
#### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-18594
### CVE-2018-15173: Stack exhausation when -sV option is used allows for DoS
Nmap through 7.70, when the -sV option is used, allows remote attackers to cause a denial of
service (stack consumption and application crash) via a crafted TCP-based service.
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2018-15173
* http://code610.blogspot.com/2018/07/crashing-nmap-770.html
### Affected branches:
* [x] master (3861e35f229fff31e65d5f554c8ae776b4336f86)
* [x] 3.10-stable
* [x] 3.9-stable
* [x] 3.8-stable
* [x] 3.7-stableLeoLeohttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10911file: heap-based buffer overflow in cdf_read_property_info in cdf.c (CVE-2019...2019-11-14T17:38:25ZAlicha CHfile: heap-based buffer overflow in cdf_read_property_info in cdf.c (CVE-2019-18218)cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).
#### References:
* https://nvd.nist.gov/vuln/detail/CVE...cdf_read_property_info in cdf.c in file through 5.37 does not restrict the number of CDF_VECTOR elements, which allows a heap-based buffer overflow (4-byte out-of-bounds write).
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2019-18218
* https://security-tracker.debian.org/tracker/CVE-2019-18218
#### Patch:
https://github.com/file/file/commit/46a8443f76cec4b41ec736eca396984c74664f84
### Affected branches:
* [x] master
* [x] 3.10-stable
* [x] 3.9-stable
* [x] 3.8-stable
* [x] 3.7-stableLeoLeohttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10916libxslt: dangling pointer in xsltCopyText (CVE-2019-18197)2019-10-31T17:13:41ZAlicha CHlibxslt: dangling pointer in xsltCopyText (CVE-2019-18197)In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a bu...In xsltCopyText in transform.c in libxslt 1.1.33, a pointer variable isn't reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed.
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2019-18197
* https://security-tracker.debian.org/tracker/CVE-2019-18197
#### Patch:
https://gitlab.gnome.org/GNOME/libxslt/commit/2232473733b7313d67de8836ea3b29eec6e8e285
### Affected branches:
* [x] master
* [x] 3.10-stable
* [x] 3.9-stable
* [x] 3.8-stable
* [x] 3.7-stableLeoLeohttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10919lz4: heap-based buffer overflow in LZ4_write32 (CVE-2019-17543)2021-04-02T02:47:38ZAlicha CHlz4: heap-based buffer overflow in LZ4_write32 (CVE-2019-17543)LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor s...LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4_write32 (related to LZ4_compress_destSize), affecting applications that call LZ4_compress_fast with a large input. (This issue can also lead to data corruption.) NOTE: the vendor states "only a few specific / uncommon usages of the API are at risk."
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2019-17543
* https://github.com/lz4/lz4/pull/756
* https://github.com/lz4/lz4/pull/760
### Affected branches:
* [x] master (cd1f4c1a98949365fb26014853a1f48000142e05)
* [x] 3.10-stable
* [x] 3.9-stable
* [x] 3.8-stable
* [x] 3.7-stablehttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10921samba: Multiple vulnerabilities (CVE-2019-10218, CVE-2019-14833, CVE-2019-14847)2020-04-03T06:00:16ZAlicha CHsamba: Multiple vulnerabilities (CVE-2019-10218, CVE-2019-14833, CVE-2019-14847)### CVE-2019-10218: Client code can return filenames containing path separators
Samba client code (libsmbclient) returns server-supplied filenames to
calling code without checking for pathname separators (such as "/" or
"../") in the s...### CVE-2019-10218: Client code can return filenames containing path separators
Samba client code (libsmbclient) returns server-supplied filenames to
calling code without checking for pathname separators (such as "/" or
"../") in the server returned names.
A malicious server can craft a pathname containing separators and
return this to client code, causing the client to use this access local
pathnames for reading or writing instead of SMB network pathnames.
This access is done using the local privileges of the client.
This attack can be achieved using any of SMB1/2/3 as it is not reliant
on any specific SMB protocol version.
#### Fixed In Versions:
Samba 4.11.2, 4.10.10 and 4.9.15
#### References:
https://www.samba.org/samba/security/CVE-2019-10218.html
### CVE-2019-14833: Samba AD DC check password script does not receive the full password.
Since Samba Version 4.5.0 a Samba AD DC can use a custom command to
verify the password complexity. The command can be specified with
the "check password script" smb.conf parameter.
This command is called when Samba handles a user password change or
a new user password is set. The script receives the new cleartext
password string in order to run custom password complexity checks
like dictionary checks to avoid weak user passwords.
When the password contains multi-byte (non-ASCII) characters, the
check password script does not receive the full password string.
#### Fixed In Versions:
Samba 4.11.2, 4.10.10 and 4.9.15
#### References:
https://www.samba.org/samba/security/CVE-2019-14833.html
### CVE-2019-14847: User with "get changes" permission can crash AD DC LDAP server via dirsync
Since Samba 4.0.0 Samba has implemented, in the AD DC, the "dirsync"
LDAP control specified in MS-ADTS "3.1.1.3.4.1.3
LDAP_SERVER_DIRSYNC_OID".
However, when combined with the ranged results feature specified in
MS-ADTS "3.1.1.3.1.3.3 Range Retrieval of Attribute Values" a NULL
pointer is can be de-referenced.
This is a Denial of Service only, no further escalation of privilege
is associated with this issue.
Samba 4.11 is not affected as the issue was fixed as a result of
Coverity static analysis, before the potential for denial of service
became apparent.
#### Fixed In Version:
Samba 4.9.15 and 4.10.10
#### References:
https://www.samba.org/samba/security/CVE-2019-14847.html
### Affected branches:
* [x] master
* [x] 3.10-stable (1a4e1a61106f66fdcf65ec33a37a99cea23db966)
* [x] 3.9-stable (2eff8a828fa8e0df24702602a7a3280016efebf3)
* [x] 3.8-stable (4da1ee1a718f0e9dfd6a6e91f9348fa96a58567d)
* [ ] 3.7-stable (EOL)Leonardo ArenaLeonardo Arenahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10924libvncserver: Memory leak in VNC server code (CVE-2019-15681)2019-11-03T22:08:09ZAlicha CHlibvncserver: Memory leak in VNC server code (CVE-2019-15681)LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerabi...LibVNC commit before d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a contains a memory leak (CWE-655) in VNC server code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appear to be exploitable via network connectivity.
#### Affected Versions:
libvncserver 0.9.12 and earlier.
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2019-15681
* https://security-tracker.debian.org/tracker/CVE-2019-15681
#### Patch:
https://github.com/LibVNC/libvncserver/commit/d01e1bb4246323ba6fcee3b82ef1faa9b1dac82a
### Affected branches:
* [x] master
* [x] 3.10-stable
* [x] 3.9-stable
* [x] 3.8-stable
* [x] 3.7-stableLeoLeohttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10926libarchive: use-after-free (CVE-2019-18408)2019-11-02T07:06:30ZAlicha CHlibarchive: use-after-free (CVE-2019-18408)archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0
has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.
#### References:
https://nvd.nist.gov/vuln/de...archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0
has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.
#### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-18408
#### Patch:
https://github.com/libarchive/libarchive/commit/b8592ecba2f9e451e1f5cb7ab6dcee8b8e7b3f60
### Affected branches:
* [x] master (6787a7e2434a85069463e3ce9ec04398c233d5c6)
* [x] 3.10-stable
* [x] 3.9-stable
* [x] 3.8-stable
* [x] 3.7-stableLeoLeohttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10927tiff: integer overflow leading to heap-based buffer overflow in tif_getimage....2019-11-03T21:24:49ZAlicha CHtiff: integer overflow leading to heap-based buffer overflow in tif_getimage.c (CVE-2019-17546)tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" conditi...tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.
#### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-17546
#### Patch:
https://gitlab.com/libtiff/libtiff/commit/4bb584a35f87af42d6cf09d15e9ce8909a839145
### Affected branches:
* [x] master
* [x] 3.10-stable
* [x] 3.9-stable
* [x] 3.8-stable
* [x] 3.7-stableLeoLeohttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10943fribidi: Stack-based buffer overflow (CVE-2019-18397)2020-05-09T20:19:56ZAlicha CHfribidi: Stack-based buffer overflow (CVE-2019-18397)The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in GNU fribidi when processing a large number of unicode isolate directional characters. A remote...The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in GNU fribidi when processing a large number of unicode isolate directional characters. A remote attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
#### Affected Versions:
From 1.0.0 to 1.0.7
#### References:
* https://seclists.org/oss-sec/2019/q4/59
* https://security-tracker.debian.org/tracker/CVE-2019-18397
Patch:
* Fixed by: https://github.com/fribidi/fribidi/commit/034c6e9a1d296286305f4cfd1e0072b879f52568
* Introduced by: https://github.com/fribidi/fribidi/commit/f20b6480b9cd46dae8d82a6f95d9c53558fcfd20 (v1.0.0)
### Affected branches:
* [x] master (0cac76661fd3b286f052ef3d4343a5458b71b306)
* [x] 3.10-stable (056e278147ebf0f3781926c395e533081eb8c0f9)
* [x] 3.9-stable (e245657e6ddf7511c3bb512238a8b2fc8df56be3)
* [x] 3.8-stable (f49f79ef74f6410eadb866875ab2c2e95bd96ba8)LeoLeohttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10944Oniguruma: Multiple vulnerabilities (CVE-2019-13224, CVE-2019-13225, CVE-2019...2019-11-14T08:50:01ZAlicha CHOniguruma: Multiple vulnerabilities (CVE-2019-13224, CVE-2019-13225, CVE-2019-16163)### CVE-2019-13224: use-after-free in onig_new_deluxe() in regext.c
A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code e...### CVE-2019-13224: use-after-free in onig_new_deluxe() in regext.c
A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe().
#### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-13224
#### Patch:
https://github.com/kkos/oniguruma/commit/0f7f61ed1b7b697e283e37bd2d731d0bd57adb55
### CVE-2019-13225: null-pointer dereference in match_at() in regexec.c
A NULL Pointer Dereference in match_at() in regexec.c in Oniguruma 6.9.2 allows attackers to potentially cause denial of service by providing a crafted regular expression.
#### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-13225
#### Patch:
https://github.com/kkos/oniguruma/commit/c509265c5f6ae7264f7b8a8aae1cfa5fc59d108c
### CVE-2019-16163: stack exhaustion in regcomp.c because of recursion in regparse.c
Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c.
#### References:
https://github.com/kkos/oniguruma/issues/147
#### Patch:
https://github.com/kkos/oniguruma/commit/4097828d7cc87589864fecf452f2cd46c5f37180
### Affected branches:
* [x] master (81bbfcc4024b83f3292bcace77baa02984d72841)
* [x] 3.10-stable
* [x] 3.9-stable
* [x] 3.8-stableFrancesco ColistaFrancesco Colistahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10945freetds: buffer overflow vulnerability (CVE-2019-13508)2019-11-13T10:46:01ZAlicha CHfreetds: buffer overflow vulnerability (CVE-2019-13508)FreeTDS prior to 1.1.11 has a Buffer Overflow.
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2019-13508
* https://github.com/FreeTDS/freetds/commit/962306a1e42590e7b93dcd9d771fdc2348df6239
#### Patch:
https://github.com/F...FreeTDS prior to 1.1.11 has a Buffer Overflow.
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2019-13508
* https://github.com/FreeTDS/freetds/commit/962306a1e42590e7b93dcd9d771fdc2348df6239
#### Patch:
https://github.com/FreeTDS/freetds/commit/0df4eb82a0e3ff844e373d7c9f9c6c813925e2ac
### Affected branches:
* [x] master (cc3bf8e425d6a75093512a7c3bbd5beeaabde813)
* [x] 3.10-stable
* [x] 3.9-stable
* [x] 3.8-stableLeonardo ArenaLeonardo Arenahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10946squid: Information Disclosure issue in HTTP Digest Authentication (CVE-2019-1...2020-12-10T02:29:32ZAlicha CHsquid: Information Disclosure issue in HTTP Digest Authentication (CVE-2019-18679)Due to incorrect data management Squid is vulnerable to a
information disclosure when processing HTTP Digest Authentication.
#### Fixed in version:
Squid 4.9
#### References:
http://www.squid-cache.org/Advisories/SQUID-2019_11.txt...Due to incorrect data management Squid is vulnerable to a
information disclosure when processing HTTP Digest Authentication.
#### Fixed in version:
Squid 4.9
#### References:
http://www.squid-cache.org/Advisories/SQUID-2019_11.txt
#### Patch:
http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch
### Affected branches:
* [x] master
* [x] 3.10-stable
* [x] 3.9-stable
* [x] 3.8-stableLeonardo ArenaLeonardo Arenahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10948libjpeg-turbo: code execution (CVE-2019-2201)2020-01-23T12:33:20ZAlicha CHlibjpeg-turbo: code execution (CVE-2019-2201)There is an integer overflow and subsequent heap corruption in
libjpeg-turbo 2.0.3 and earlier.
#### References:
* https://github.com/libjpeg-turbo/libjpeg-turbo/issues/361
* https://www.openwall.com/lists/oss-security/2019/11/11/1...There is an integer overflow and subsequent heap corruption in
libjpeg-turbo 2.0.3 and earlier.
#### References:
* https://github.com/libjpeg-turbo/libjpeg-turbo/issues/361
* https://www.openwall.com/lists/oss-security/2019/11/11/1
#### Patch:
- https://github.com/libjpeg-turbo/libjpeg-turbo/commit/2a9e3bd7430cfda1bc812d139e0609c6aca0b884
- https://github.com/libjpeg-turbo/libjpeg-turbo/commit/c30b1e72dac76343ef9029833d1561de07d29bad
### Affected branches:
* [x] master (b6439b6d58b8a76bfe414723b033a34c5275502e)
* [x] 3.11-stable (88cf1dcb5c371de4fe74b08039d09a7d400a326b)
* [x] 3.10-stable (e852bf9467a5250a1d3eab5770c859c0c2878788)
* [x] 3.9-stable (be90230363da27cdade94d0f3c3e2a5569690163)
* [x] 3.8-stable (8c593acdd5ae3aa50db4851fe92f8b3eea5fd0e9)Leonardo ArenaLeonardo Arenahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10959squid: Multiple vulnerabilities (CVE-2019-12523, CVE-2019-12525, CVE-2019-125...2021-01-09T12:57:16ZAlicha CHsquid: Multiple vulnerabilities (CVE-2019-12523, CVE-2019-12525, CVE-2019-12526, CVE-2019-12529, CVE-2019-18676, CVE-2019-18677, CVE-2019-18678)### CVE-2019-12523, CVE-2019-18676: Improper input validation and Buffer overflow in URI processor
#### Affected Versions:
All Squid-3.x up to and including 3.5.28, All Squid-4.x up to and including 4.8.
#### Fixed In Version:
squi...### CVE-2019-12523, CVE-2019-18676: Improper input validation and Buffer overflow in URI processor
#### Affected Versions:
All Squid-3.x up to and including 3.5.28, All Squid-4.x up to and including 4.8.
#### Fixed In Version:
squid 4.9
#### Reference:
http://www.squid-cache.org/Advisories/SQUID-2019_8.txt
#### Patch:
http://www.squid-cache.org/Versions/v4/changesets/squid-4-fbbdf75efd7a5cc244b4886a9d42ea458c5a3a73.patch
### CVE-2019-12525: parsing of header Proxy-Authentication leads to memory corruption
#### Fixed In Version:
squid 4.8
#### Reference:
http://www.squid-cache.org/Advisories/SQUID-2019_3.txt
#### Patch:
Squid 3.5:
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-ec0d0f39cf28da14eead0ba5e777e95855bc2f67.patch
Only affects Alpine 3.8-stable
### CVE-2019-12526: Heap overflow issue in URN processing
#### Affected Versions:
All Squid-3.x up to and including 3.5.28, All Squid-4.x up to and including 4.8.
#### Fixed In Version:
squid 4.9
#### Reference:
http://www.squid-cache.org/Advisories/SQUID-2019_7.txt
#### Patch:
http://www.squid-cache.org/Versions/v4/changesets/squid-4-7aa0184a720fd216191474e079f4fe87de7c4f5a.patch
### CVE-2019-12529: OOB read in Proxy-Authorization header causes DoS
#### Affected Versions:
#### Fixed In Version:
squid 4.8
#### Reference:
http://www.squid-cache.org/Advisories/SQUID-2019_2.txt
#### Patch:
http://www.squid-cache.org/Versions/v4/changesets/squid-4-dd46b5417809647f561d8a5e0e74c3aacd235258.patch
Only affects Alpine 3.8-stable
### CVE-2019-18677: Cross-Site Request Forgery issue in HTTP Request processing
#### Affected Versions:
All Squid-3.x up to and including 3.5.28, All Squid-4.x up to and including 4.8.
#### Fixed In Version:
squid 4.9
#### Reference:
http://www.squid-cache.org/Advisories/SQUID-2019_9.txt
#### Patches:
Squid 3.5:
<http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-e5f1813a674848dde570f7920873e1071f96e0b4.patch>
Squid 4:
<http://www.squid-cache.org/Versions/v4/changesets/squid-4-36492033ea4097821a4f7ff3ddcb971fbd1e8ba0.patch>
### CVE-2019-18678: HTTP Request Splitting issue in HTTP message processing
#### Fixed In Version:
squid 4.9
http://www.squid-cache.org/Advisories/SQUID-2019_10.txt
#### Patch:
http://www.squid-cache.org/Versions/v4/changesets/squid-4-671ba97abe929156dc4c717ee52ad22fba0f7443.patch
Only affects Alpine 3.8-stable
### Affected branches:
* [x] master (c960394d423ce258a68bf53364ae13b6e331d8fe)
* [x] 3.10-stable
* [x] 3.9-stable
* [x] 3.8-stableNatanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10965unbound: Vulnerability in IPSEC module (CVE-2019-18934)2019-11-20T10:35:17ZAlicha CHunbound: Vulnerability in IPSEC module (CVE-2019-18934)Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` sup...Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This issue can only be triggered if unbound was compiled with `--enable-ipsecmod` support, and ipsecmod is enabled and used in the configuration.
References:
https://www.nlnetlabs.nl/downloads/unbound/CVE-2019-18934.txt
https://www.openwall.com/lists/oss-security/2019/11/19/1
https://nvd.nist.gov/vuln/detail/CVE-2019-18934
### Affected branches:
* [x] master (0525728247e68c3ea0700787e56ad61836eb3069)
* [x] 3.10-stable (407d97afdcc1f3eabf878b21614f0cc72b0f336f )
* [x] 3.9-stable (85b36404206898cf9dc3221509b3e0ddac87c7ae)
* [x] 3.8-stable (ae112bcbe065a2f232ad8c641ab8da6b84f7e74c)Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10968xen: Multiple vulnerabilities (CVE-2018-12207, CVE-2019-18421, CVE-2019-18422...2020-05-09T20:19:55ZAlicha CHxen: Multiple vulnerabilities (CVE-2018-12207, CVE-2019-18421, CVE-2019-18422, CVE-2019-18423, CVE-2019-18424, CVE-2019-18425, CVE-2019-11135)### CVE-2019-18425, XSA-298: missing descriptor table limit checking in x86 PV emulation.
Xen versions from at least 3.2 onwards are affected.
#### Reference:
http://xenbits.xen.org/xsa/advisory-298.html
### CVE-2019-18421, XSA-299: ...### CVE-2019-18425, XSA-298: missing descriptor table limit checking in x86 PV emulation.
Xen versions from at least 3.2 onwards are affected.
#### Reference:
http://xenbits.xen.org/xsa/advisory-298.html
### CVE-2019-18421, XSA-299: Issues with restartable PV type change operations
#### Reference:
http://xenbits.xen.org/xsa/advisory-299.html
### CVE-2019-18423, XSA-301: add-to-physmap can be abused to DoS Arm hosts
#### Reference:
http://xenbits.xen.org/xsa/advisory-301.html
### CVE-2019-18424, XSA-302: passed through PCI devices may corrupt host memory after deassignment
#### Reference:
http://xenbits.xen.org/xsa/advisory-302.html
### CVE-2019-18422, XSA-303: ARM: Interrupts are unconditionally unmasked in exception handlers
#### Reference:
http://xenbits.xen.org/xsa/advisory-303.html
### CVE-2018-12207, XSA-304: x86: Machine Check Error on Page Size Change DoS
#### Reference:
http://xenbits.xen.org/xsa/advisory-304.html
### CVE-2019-11135, XSA-305: TSX Asynchronous Abort speculative side channel
#### Reference:
http://xenbits.xen.org/xsa/advisory-305.html
### Affected branches:
* [x] master
* [x] 3.10-stable
* [x] 3.9-stable
* [x] 3.8-stableLeonardo ArenaLeonardo Arenahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10970bind: TCP-pipelined queries can bypass tcp-clients limit (CVE-2019-6477)2021-04-02T02:51:12ZAlicha CHbind: TCP-pipelined queries can bypass tcp-clients limit (CVE-2019-6477)By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The update to this functionality introduced by CVE-2018-5743 changed how BIND calculates the number of concurrent TCP clients from co...By design, BIND is intended to limit the number of TCP clients that can be connected at any given time. The update to this functionality introduced by CVE-2018-5743 changed how BIND calculates the number of concurrent TCP clients from counting the outstanding TCP queries to counting the TCP client connections. On a server with TCP-pipelining capability, it is possible for one TCP client to send a large number of DNS requests over a single connection. Each outstanding query will be handled internally as an independent client request, thus bypassing the new TCP clients limit.
#### Affected Versions:
bind 9.11.6-P1 -> 9.11.12, 9.12.4-P1 -> 9.12.4-P2, 9.14.1 -> 9.14.7
#### Fixed In Version:
bind 9.11.13, 9.14.8, 9.15.6.
#### References:
* https://kb.isc.org/docs/cve-2019-6477
* https://www.openwall.com/lists/oss-security/2019/11/20/8
### Affected branches:
* [x] master (85f2bc39b0cdf3fbb1804e1bde6a0f1570c8931d)
* [x] 3.10-stable (9e6955f54ef0ef060d47afd63899a6d9379a6edf)
* [x] 3.9-stable
* [x] 3.8-stablehttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10972clamav: denial of service via crafted message (CVE-2019-12625)2021-04-02T02:50:11ZAlicha CHclamav: denial of service via crafted message (CVE-2019-12625)A vulnerability was found in ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated
attacker can cause a denial of service condition by sending crafted messages to an affected system.
####...A vulnerability was found in ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated
attacker can cause a denial of service condition by sending crafted messages to an affected system.
#### References:
* https://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html
* https://nvd.nist.gov/vuln/detail/CVE-2019-12625
### Affected branches:
* [x] master (5bb204ff60776c4dfcfd6cab8310d72325d5641f)
* [x] 3.10-stable (cf6b14480665acd8c533d8a514cb32bf74f565d7)
* [x] 3.9-stable
* [x] 3.8-stableCarlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10973mariadb: Multiple vulnerabilities (CVE-2019-2938, CVE-2019-2974)2019-12-02T14:39:16ZAlicha CHmariadb: Multiple vulnerabilities (CVE-2019-2938, CVE-2019-2974)* CVE-2019-2938: MariaDB 10.3.19, MariaDB 10.2.28
* CVE-2019-2974: MariaDB 10.3.19, MariaDB 10.2.28
References:
* https://mariadb.com/kb/en/library/mariadb-10319-release-notes/
* https://mariadb.com/kb/en/library/mariadb-10228-re...* CVE-2019-2938: MariaDB 10.3.19, MariaDB 10.2.28
* CVE-2019-2974: MariaDB 10.3.19, MariaDB 10.2.28
References:
* https://mariadb.com/kb/en/library/mariadb-10319-release-notes/
* https://mariadb.com/kb/en/library/mariadb-10228-release-notes/
### Affected branches:
* [x] master (04ffd24b186af4b064d5c00e85e0536832c29154)
* [x] 3.10-stable
* [x] 3.9-stable
* [x] 3.8-stableLeonardo ArenaLeonardo Arenahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10982ghostscript: -dSAFER escape in .charkeys (CVE-2019-14869)2020-12-11T03:32:34ZAlicha CHghostscript: -dSAFER escape in .charkeys (CVE-2019-14869)This is another instance of a highly priviledged operator being
accessible by specially crafted Postscript code, that can be used to
break out of the -dSAFER limitations.
It was found that `.forceput` operator was present and unprotecte...This is another instance of a highly priviledged operator being
accessible by specially crafted Postscript code, that can be used to
break out of the -dSAFER limitations.
It was found that `.forceput` operator was present and unprotected in
the `.charkeys` method and could be retrieved via manipulation of the
error handler.
The `.charkeys` method was vulnerable since ghostscript-9.15, in one way
or another: the privileged operator was `superexec` instead of
`.forceput` until a more recent version.
#### References:
https://www.openwall.com/lists/oss-security/2019/11/15/1
https://bugs.ghostscript.com/show_bug.cgi?id=701841
#### Patch:
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=485904772c5f
### Affected branches:
* [x] master (e48e96ca52799eb62afc59fff61860a3b5b62fea)
* [x] 3.10-stable (d7d7d0f8fd4b586ec7469c101d322f011949610a)
* [x] 3.9-stable
* [ ] 3.8-stableLeonardo ArenaLeonardo Arenahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10996tiff: memory leak in TIFFFdOpen function in tif_unix.c when using pal2rgb (CV...2020-05-09T20:19:55ZAlicha CHtiff: memory leak in TIFFFdOpen function in tif_unix.c when using pal2rgb (CVE-2019-6128)The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.
#### References:
* http://bugzilla.maptools.org/show_bug.cgi?id=2836
* https://nvd.nist.gov/vuln/detail/CVE-2019-6128
#### Patch:...The TIFFFdOpen function in tif_unix.c in LibTIFF 4.0.10 has a memory leak, as demonstrated by pal2rgb.
#### References:
* http://bugzilla.maptools.org/show_bug.cgi?id=2836
* https://nvd.nist.gov/vuln/detail/CVE-2019-6128
#### Patch:
https://gitlab.com/libtiff/libtiff/commit/ae0bed1fe530a82faf2e9ea1775109dbf301a971
### Affected branches:
* [x] master (b6b472198d2967129bb8e42d7ddf72aa6c803567)
* [x] 3.10-stable (967440f6a7)
* [x] 3.9-stable (c99c0aa831ae95cde868a15fc9714c4e57ddca5a)
* [x] 3.8-stable (035d2d008545b9061386ab12de0263222558a272)
https://gitlab.alpinelinux.org/alpine/aports/-/issues/11003haproxy: HTTP/2 implementation vulnerable to intermediary encapsulation attac...2020-01-23T13:40:56ZAlicha CHhaproxy: HTTP/2 implementation vulnerable to intermediary encapsulation attacks (CVE-2019-19330)The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks.
#### ...The HTTP/2 implementation in HAProxy before 2.0.10 mishandles headers, as demonstrated by carriage return (CR, ASCII 0xd), line feed (LF, ASCII 0xa), and the zero character (NUL, ASCII 0x0), aka Intermediary Encapsulation Attacks.
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2019-19330
* https://seclists.org/bugtraq/2019/Nov/45
#### Patches:
* https://git.haproxy.org/?p=haproxy.git;a=commit;h=54f53ef7ce4102be596130b44c768d1818570344
* https://git.haproxy.org/?p=haproxy.git;a=commit;h=146f53ae7e97dbfe496d0445c2802dd0a30b0878
* https://git.haproxy.org/?p=haproxy-2.0.git;a=commit;h=ac198b92d461515551b95daae20954b3053ce87e
### Affected branches:
* [x] master (1ec0ef986c567eae00414b20612e216242bbfece)
* [x] 3.10-stable (93080dac2fc349d9fdd148de126f3eaf749cb373)
* [x] 3.9-stable (d69c3c394b7bb54a302fe90b9f5227c6d204446c)
* [x] 3.8-stable (45e394536a3bf2a562ad861feeca530477d4dfd0)Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11008gnupg: Web of Trust forgeries using collisions in SHA-1 (CVE-2019-14855)2019-12-18T10:03:46ZAlicha CHgnupg: Web of Trust forgeries using collisions in SHA-1 (CVE-2019-14855)Web of Trust forgeries using collisions in SHA-1 signatures (CVE-2019-14855)
Note that this change removes all SHA-1 based key signature newer than
2019-01-19 from the web-of-trust. This includes all key signature created
with dsa1024 k...Web of Trust forgeries using collisions in SHA-1 signatures (CVE-2019-14855)
Note that this change removes all SHA-1 based key signature newer than
2019-01-19 from the web-of-trust. This includes all key signature created
with dsa1024 keys. The new option --allow-weak-key-signatues can be used
to override the new and safer behaviour.
#### Fixed In Version:
gnupg 2.2.18
#### References:
* https://dev.gnupg.org/T4755
* https://security-tracker.debian.org/tracker/CVE-2019-14855
### Affected branches:
* [x] master (94ffa605a4208f620a3f267dd8c13bf7958d1e30)
* [x] 3.10-stable
* [x] 3.9-stable
* [x] 3.8-stableLeonardo ArenaLeonardo Arenahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11013Oniguruma: Multiple vulnerabilities CVE-2019-19012, CVE-2019-19203, CVE-2019-...2019-12-31T10:06:17ZAlicha CHOniguruma: Multiple vulnerabilities CVE-2019-19012, CVE-2019-19203, CVE-2019-19204, CVE-2019-19246)### CVE-2019-19246: heap-based buffer overflow in str_lower_case_match in regexec.c
Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer
over-read in str_lower_case_match in regexec.c.
#### Referen...### CVE-2019-19246: heap-based buffer overflow in str_lower_case_match in regexec.c
Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer
over-read in str_lower_case_match in regexec.c.
#### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-19246
#### Patch:
https://github.com/kkos/oniguruma/commit/d3e402928b6eb3327f8f7d59a9edfa622fec557b
### CVE-2019-19012: Integer overflow related to reg->dmax in search_in_range (regexec.c)
An integer overflow in the search_in_range function in regexec.c in Oniguruma 6.x before 6.9.4_rc2 leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression.
#### References:
* https://github.com/kkos/oniguruma/issues/164
* https://nvd.nist.gov/vuln/detail/CVE-2019-19012
### CVE-2019-19203: heap-buffer-overflow in gb18030_mbc_enc_len
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function gb18030_mbc_enc_len in file gb18030.c, a UChar pointer
is dereferenced without checking if it passed the end of the matched string. This leads to a heap-based buffer over-read.
#### References:
* https://github.com/kkos/oniguruma/issues/163
* https://nvd.nist.gov/vuln/detail/CVE-2019-19203
### CVE-2019-19204: heap-buffer-overflow in fetch_interval_quantifier due to double PFETCH
An issue was discovered in Oniguruma 6.x before 6.9.4_rc2. In the function fetch_interval_quantifier (formerly known as fetch_range_quantifier) in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read.
#### References:
* https://github.com/kkos/oniguruma/issues/162
* https://nvd.nist.gov/vuln/detail/CVE-2019-19204
### Affected branches:
* [x] master (e51c59c5ce3fa8445cad2a03f5727add40b44a8e)
* [x] 3.10-stable
* [x] 3.9-stable
* [x] 3.8-stableFrancesco ColistaFrancesco Colistahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11015sqlite: Multiple vulnerabilities (CVE-2019-19242, CVE-2019-19244)2019-12-17T15:49:27ZAlicha CHsqlite: Multiple vulnerabilities (CVE-2019-19242, CVE-2019-19244)### CVE-2019-19242: SQL injection in sqlite3ExprCodeTarget in expr.c
SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN
case in sqlite3ExprCodeTarget in expr.c.
#### References:
https://nvd.nist.gov/vuln/detail/...### CVE-2019-19242: SQL injection in sqlite3ExprCodeTarget in expr.c
SQLite 3.30.1 mishandles pExpr->y.pTab, as demonstrated by the TK_COLUMN
case in sqlite3ExprCodeTarget in expr.c.
#### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-19242
#### Patch:
https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c
### CVE-2019-19244: Input validation error
sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-select uses both DISTINCT and window functions,
and also has certain ORDER BY usage.
#### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-19244
#### Patch:
https://github.com/sqlite/sqlite/commit/e59c562b3f6894f84c715772c4b116d7b5c01348
### Affected branches:
* [x] master
* [x] 3.10-stable
* [x] 3.9-stable
* [x] 3.8-stableLeonardo ArenaLeonardo Arenahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11018exiv2: out-of-bounds read in CiffDirectory::readDirectory due to lack of size...2019-12-26T13:25:05ZAlicha CHexiv2: out-of-bounds read in CiffDirectory::readDirectory due to lack of size check (CVE-2019-17402)Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to ...Exiv2 0.27.2 allows attackers to trigger a crash in Exiv2::getULong in types.cpp when called from Exiv2::Internal::CiffDirectory::readDirectory in crwimage_int.cpp, because there is no validation of the relationship of the total size to the offset and size.
#### References:
* https://github.com/Exiv2/exiv2/issues/1019
* https://github.com/Exiv2/exiv2/issues/1026
* https://nvd.nist.gov/vuln/detail/CVE-2019-17402
#### Patch:
https://github.com/Exiv2/exiv2/commit/50e9dd964a439da357798344ed1dd86edcadf0ec
### Affected branches:
* [x] master (a1cb55c75af83953d7cb42730649b063fb88bb45)
* [x] 3.10-stable (243172b8ed91455899894296f46693ffa3d4f695)
* [x] 3.9-stable (3c5375cf80f0d9cec96b892955916e5f6f62d8b0)
* [x] 3.8-stable (bab0ca7478ac3b2bb801ceadbd71523d043174b5)Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11041spamassassin: Multiple vulnerabilities (CVE-2018-11805, CVE-2019-12420)2019-12-31T09:02:07ZAlicha CHspamassassin: Multiple vulnerabilities (CVE-2018-11805, CVE-2019-12420)### CVE-2018-11805: Nefarious CF files can be configured to run system commands without any output or errors.
In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors....### CVE-2018-11805: Nefarious CF files can be configured to run system commands without any output or errors.
In Apache SpamAssassin before 3.4.3, nefarious CF files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA 3.4.3, we recommend that users should only use update channels or 3rd party .cf files from trusted places.
#### References:
* https://www.openwall.com/lists/oss-security/2019/12/12/1
* https://nvd.nist.gov/vuln/detail/CVE-2018-11805
### CVE-2019-12420: Multipart Denial of Service Vulnerability
In Apache SpamAssassin before 3.4.3, a message can be crafted in a way to use excessive resources.
#### References:
* https://svn.apache.org/viewvc?view=revision&revision=1866128
* https://nvd.nist.gov/vuln/detail/CVE-2019-12420
### Affected branches:
* [x] master (920c66f72c3e2cc23d7aed42e9ffa0d3a355494d)
* [x] 3.10-stable
* [x] 3.9-stable
* [x] 3.8-stableLeonardo ArenaLeonardo Arenahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11042libssh: unsanitized location in scp could lead to unwanted command execution ...2019-12-26T12:11:45ZAlicha CHlibssh: unsanitized location in scp could lead to unwanted command execution (CVE-2019-14889)When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence the third parameter of ssh_scp_new(), i...When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence the third parameter of ssh_scp_new(), it would become possible for an attacker to inject arbitrary commands, leading to a compromise of the remote target.
#### Fixed In Version:
libssh 0.9.3, libssh 0.8.8
#### Reference:
https://www.libssh.org/security/advisories/CVE-2019-14889.txt
### Affected branches:
* [x] master (94410d4589eefca6191eb868fe534c981d9454c3)
* [x] 3.10-stable (4e617546654863ca795146a23e2e4c5037c7fa9f)
* [x] 3.9-stable (981d44c46ea20fd4e9e399ee666437a7fdf2d574)
* [x] 3.8-stable (f853c4e3ca0c6161fd59ddb75b3f4e57c2d024f5)Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11051dnsmasq: Memory leak in helper.c (CVE-2019-14834)2019-12-19T09:26:30ZAlicha CHdnsmasq: Memory leak in helper.c (CVE-2019-14834)A vulnerability was found in dnsmsq through version 2.90, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation.
#### References:
* https://bugzill...A vulnerability was found in dnsmsq through version 2.90, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation.
#### References:
* https://bugzilla.redhat.com/show_bug.cgi?id=1764425
* https://vulmon.com/vulnerabilitydetails?qid=CVE-2019-14834
#### Patch:
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=patch;h=69bc94779c2f035a9fffdb5327a54c3aeca73ed5
### Affected branches:
* [x] master (3d8b873b09c0b9376f725751a66987c9d498acce)
* [x] 3.10-stable (c2e70834ec4dc383d3870aab4902a511b8855cd3)
* [x] 3.9-stable (2a8dcde66ca811babbbb7d8a2e11bed8dd4a0880)
* [x] 3.8-stable (756199c70f06ea647ed81f59c6282ef53f0371aa)Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11052clamav: Long scanning time of specially crafted email file leads to denial of...2021-04-02T02:50:20ZAlicha CHclamav: Long scanning time of specially crafted email file leads to denial of service (CVE-2019-15961)A Denial-of-Service (DoS) vulnerability may occur when scanning a specially crafted email file as a result of excessively long scan times. The issue is resolved by implementing several maximums in parsing MIME messages and by optimizing ...A Denial-of-Service (DoS) vulnerability may occur when scanning a specially crafted email file as a result of excessively long scan times. The issue is resolved by implementing several maximums in parsing MIME messages and by optimizing use of memory allocation.
#### Affected Versions:
clamav 0.102.0 and 0.101.4 and prior.
#### Fixed In Version:
clamav 0.102.1, 0.101.5.
#### References:
https://blog.clamav.net/2019/11/clamav-01021-and-01015-patches-have.html
### Affected branches:
* [x] master (96acef60c9151088282c9cfee2085369f44d4855)
* [x] 3.10-stable (d4a978d74e6d14729113d02112827a851a2e53fd)
* [x] 3.9-stable
* [x] 3.8-stableLeonardo ArenaLeonardo Arenahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11053py-django: Potential account hijack via password reset form (CVE-2019-19844)2019-12-26T13:54:41ZAlicha CHpy-django: Potential account hijack via password reset form (CVE-2019-19844)By submitting a suitably crafted email address making use of Unicode
characters, that compared equal to an existing user email when
lower-cased for
comparison, an attacker could be sent a password reset token for the matched
account.
#...By submitting a suitably crafted email address making use of Unicode
characters, that compared equal to an existing user email when
lower-cased for
comparison, an attacker could be sent a password reset token for the matched
account.
#### Fixed In Version:
py-django 3.0.1, 2.2.9, and 1.11.27.
#### References:
* https://www.djangoproject.com/weblog/2019/dec/18/security-releases/
* https://www.openwall.com/lists/oss-security/2019/12/18/1
### Affected branches:
* [x] master (731de66686d43f91b9dcf733ba91acc55958879d)
* [x] 3.11-stable (0a61f467253f16ad94147ac4b2a312d3757f376f)
* [x] 3.10-stable (6325592173cbeb85e408e522b379427c261a5e81)
* [x] 3.9-stable (bf781eafc1b4129d2ec86c3aec0762934678d52f)
* [x] 3.8-stable (ba5bb4ce8d9a7670ec346bcbae065887dc50f5d3)Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11054dovecot: NULL Pointer Dereference (CVE-2019-19722)2019-12-24T12:51:43ZAlicha CHdovecot: NULL Pointer Dereference (CVE-2019-19722)In Dovecot before 2.3.9.2, an attacker can crash a push-notification driver with a crafted email when push notifications are used, because of a NULL Pointer Dereference. The email must use a group address as either the sender or the reci...In Dovecot before 2.3.9.2, an attacker can crash a push-notification driver with a crafted email when push notifications are used, because of a NULL Pointer Dereference. The email must use a group address as either the sender or the recipient.
#### Fixed In Version:
dovecot 2.3.9.2.
#### References:
* https://dovecot.org/pipermail/dovecot-news/2019-December/000428.html
* https://nvd.nist.gov/vuln/detail/CVE-2019-19722
### Affected branches:
* [x] master (ec546a095b9a86c6491327ebf5358fdc8d95ab3c)
* [x] 3.10-stable
* [x] 3.9-stable
* [x] 3.8-stableLeonardo ArenaLeonardo Arenahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11074libxslt: Multiple vulnerabilities (CVE-2019-13117, CVE-2019-13118)2020-05-09T20:19:55ZAlicha CHlibxslt: Multiple vulnerabilities (CVE-2019-13117, CVE-2019-13118)### CVE-2019-13117: an xsl number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers.
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized r...### CVE-2019-13117: an xsl number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers.
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character.
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2019-13117
* https://security-tracker.debian.org/tracker/CVE-2019-13117
#### Patch:
https://gitlab.gnome.org/GNOME/libxslt/commit/c5eb6cf3aba0af048596106ed839b4ae17ecbcb1
### CVE-2019-13118: read of uninitialized stack data due to too narrow xsl:number instruction and an invalid character.
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data.
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2019-13118
* https://security-tracker.debian.org/tracker/CVE-2019-13118
#### Patch:
https://gitlab.gnome.org/GNOME/libxslt/commit/6ce8de69330783977dd14f6569419489875fb71b
### Affected branches:
* [x] master (15d065f8bf5e73b1d88ca046d99933d217781aab)
* [x] 3.11-stable (15d065f8bf5e73b1d88ca046d99933d217781aab)
* [x] 3.10-stable (6e3bb6bd9e635d4d171d323935e6a9721ef4c740)
* [x] 3.9-stable (27b3948601965509fee472f606c59626221f5398)
* [x] 3.8-stable (b98ba48c0925b8f0093983262b8d3fb122ee97dc)Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11079cyrus-sasl: Off by one in _sasl_add_string function (CVE-2019-19906)2019-12-24T11:45:51ZAlicha CHcyrus-sasl: Off by one in _sasl_add_string function (CVE-2019-19906)Cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string...Cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.
#### References:
* https://github.com/cyrusimap/cyrus-sasl/issues/587
* https://nvd.nist.gov/vuln/detail/CVE-2019-19906
### Affected branches:
* [x] master (e20d740be6dacfa112b97d79489bcf960eb2c7f8)
* [x] 3.11-stable (320e9fe25de21594bb1ef20b31586ec775ab1758)
* [x] 3.10-stable (0595a8cfd177012e492000c76033a8a089b51270)
* [x] 3.9-stable (336ed678178032d07a97fee172237315410e8d3c)
* [x] 3.8-stable (ae0d0538a6d887aa919e257b5d2e386000418efa)Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11085openssl: Integer overflow in RSAZ modular exponentiation on x86_64 (CVE-2019-...2019-12-26T14:23:37ZAlicha CHopenssl: Integer overflow in RSAZ modular exponentiation on x86_64 (CVE-2019-1551)There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a res...There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e-dev (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u-dev (Affected 1.0.2-1.0.2t).
#### References:
* https://www.openssl.org/news/secadv/20191206.txt
* https://security-tracker.debian.org/tracker/CVE-2019-1551
#### Patch:
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=419102400a2811582a7a3d4a4e317d72e5ce0a8f
### Affected branches:
* [x] master (1e697147022325620c2e31c4417460f09c9df59d)
* [x] 3.11-stable (d5cdcefa208fa600971caccebd3ab1c7304fec16)
* [x] 3.10-stable (a27739f065dcbb1cbd3d59a5afff5656ca312abc)
* [x] 3.9-stable (d2ad91c7e3ded723ce9e34e95e66ad524f11833d)
* [x] 3.8-stable (33832d93c0d87e0c90f543ea973e7d12ea27a3ee)https://gitlab.alpinelinux.org/alpine/aports/-/issues/11087openjpeg: heap buffer overflow in color_apply_icc_profile in bin/common/color...2019-12-31T10:05:03ZAlicha CHopenjpeg: heap buffer overflow in color_apply_icc_profile in bin/common/color.c (CVE-2018-21010)A vulnerability was found in OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c.
References:
* https://nvd.nist.gov/vuln/detail/CVE-2018-21010
* https://security-tracker.debian.org/track...A vulnerability was found in OpenJPEG before 2.3.1 has a heap buffer overflow in color_apply_icc_profile in bin/common/color.c.
References:
* https://nvd.nist.gov/vuln/detail/CVE-2018-21010
* https://security-tracker.debian.org/tracker/CVE-2018-21010
Patch:
https://github.com/uclouvain/openjpeg/commit/2e5ab1d9987831c981ff05862e8ccf1381ed58ea
### Affected branches:
* [x] master (93bf9f9069473ebff3bdf9956681ce7dd4a04b7f)
* [x] 3.11-stable (93bf9f9069473ebff3bdf9956681ce7dd4a04b7f)
* [x] 3.10-stable (93bf9f9069473ebff3bdf9956681ce7dd4a04b7f)
* [x] 3.9-stable
* [x] 3.8-stableFrancesco ColistaFrancesco Colistahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11094putty: use-after-free on SSH1_MSG_DISCONNECT (CVE-2019-17069)2019-12-31T10:36:59ZAlicha CHputty: use-after-free on SSH1_MSG_DISCONNECT (CVE-2019-17069)PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing
freed memory locations via an SSH1_MSG_DISCONNECT message.
#### References:
* https://lists.tartarus.org/pipermail/putty-announce/2019/00002...PuTTY before 0.73 might allow remote SSH-1 servers to cause a denial of service by accessing
freed memory locations via an SSH1_MSG_DISCONNECT message.
#### References:
* https://lists.tartarus.org/pipermail/putty-announce/2019/000029.html
* https://nvd.nist.gov/vuln/detail/CVE-2019-17069
#### Patch:
https://git.tartarus.org/?p=simon/putty.git;a=commit;h=69201ad8936fe0ff1b8723b7a43accb5e9f1c888
### Affected branches:
* [x] master (8d7092356e7b101ff1c39be6009da6297e5aa418)
* [x] 3.11-stable (8d7092356e7b101ff1c39be6009da6297e5aa418)
* [x] 3.10-stable (cee3cd28a75386eb0461f2355237396c014c6a8e)
* [x] 3.9-stable (25b4361bdc9f4c39a1e66d492117f90e6701832b)
* [x] 3.8-stable (d21e62f341aa3be70aa5dc967aeebdf6a54e04d2)https://gitlab.alpinelinux.org/alpine/aports/-/issues/11098libxml2: Memory leak in xmlParseBalancedChunkMemoryRecover (CVE-2019-19956)2021-03-05T17:09:20ZAlicha CHlibxml2: Memory leak in xmlParseBalancedChunkMemoryRecover (CVE-2019-19956)xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.
#### References:
* https://gitlab.gnome.org/GNOME/libxml2/issues/82
* https://nvd.nist.gov/vuln/detail/CVE-2019-19956...xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs.
#### References:
* https://gitlab.gnome.org/GNOME/libxml2/issues/82
* https://nvd.nist.gov/vuln/detail/CVE-2019-19956
#### Patch:
https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549
### Affected branches:
* [x] master (fb5111db5b8f2683c9f244d68f47292318cab808)
* [x] 3.11-stable (fb5111db5b8f2683c9f244d68f47292318cab808)
* [x] 3.10-stable
* [x] 3.9-stable
* [x] 3.8-stableCarlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11101hunspell: out-of-bounds read in SuggestMgr::leftcommonsubstring in suggestmgr...2020-01-07T13:11:13ZAlicha CHhunspell: out-of-bounds read in SuggestMgr::leftcommonsubstring in suggestmgr.cxx (CVE-2019-16707)Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx.
#### References:
* https://github.com/butterflyhack/hunspell-crash
* https://nvd.nist.gov/vuln/detail/CVE-2019-16707
#### Patch:
htt...Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx.
#### References:
* https://github.com/butterflyhack/hunspell-crash
* https://nvd.nist.gov/vuln/detail/CVE-2019-16707
#### Patch:
https://github.com/hunspell/hunspell/commit/ac938e2ecb48ab4dd21298126c7921689d60571b
### Affected branches:
* [x] master (270ea23c9be20cfc1d3f8c0ecbaddf35ba238cbb)
* [x] 3.11-stable
* [x] 3.10-stable
* [x] 3.9-stable
* [x] 3.8-stableLeonardo ArenaLeonardo Arenahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11132xen: Multiple vulnerabilities (CVE-2019-19577, CVE-2019-19578, CVE-2019-19580...2020-01-15T08:08:54ZAlicha CHxen: Multiple vulnerabilities (CVE-2019-19577, CVE-2019-19578, CVE-2019-19580, CVE-2019-19581, CVE-2019-19582, CVE-2019-19583)### CVE-2019-19581, CVE-2019-19582, XSA-307: find_next_bit() issues
All versions of Xen are vulnerable.
#### Reference:
http://xenbits.xen.org/xsa/advisory-307.html
### CVE-2019-19583, XSA-308: VMX: VMentry failure with debug excepti...### CVE-2019-19581, CVE-2019-19582, XSA-307: find_next_bit() issues
All versions of Xen are vulnerable.
#### Reference:
http://xenbits.xen.org/xsa/advisory-307.html
### CVE-2019-19583, XSA-308: VMX: VMentry failure with debug exceptions and blocked states
All versions of Xen are affected.
##### Reference:
http://xenbits.xen.org/xsa/advisory-308.html
### CVE-2019-19578, XSA-309: Linear pagetable use / entry miscounts
All versions of Xen are vulnerable.
Only x86 systems are affected. Arm systems are not affected.
#### Reference:
http://xenbits.xen.org/xsa/advisory-309.html
### CVE-2019-19580, XSA-310: Further issues with restartable PV type change operations
#### Reference:
http://xenbits.xen.org/xsa/advisory-310.html
### CVE-2019-19577, XSA-311: Bugs in dynamic height handling for AMD IOMMU pagetables
#### Reference:
http://xenbits.xen.org/xsa/advisory-311.html
### Affected branches:
* [x] master
* [x] 3.11-stable
* [x] 3.10-stable
* [x] 3.9-stable
* [x] 3.8-stableLeonardo ArenaLeonardo Arenahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11133e2fsprogs: Out-of-bounds write in e2fsck/rehash.c (CVE-2019-5188)2020-01-20T17:11:54ZAlicha CHe2fsprogs: Out-of-bounds write in e2fsck/rehash.c (CVE-2019-5188)A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can cor...A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.
#### Fixed In Version:
e2fsprogs 1.45.5
#### References:
* https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973
* https://nvd.nist.gov/vuln/detail/CVE-2019-5188
#### Patches:
* https://github.com/tytso/e2fsprogs/commit/8dd73c149f418238f19791f9d666089ef9734dff
* https://github.com/tytso/e2fsprogs/commit/71ba13755337e19c9a826dfc874562a36e1b24d3
### Affected branches:
* [x] master (d8efadc5c1f1ea65c6ae440cc76b28fd844055b2)
* [x] 3.11-stable (961349519affeaa193ce9d638736f4482ff4576a)
* [x] 3.10-stable (2ed804fc262d008a2558bd3ca7287479e85929ba)
* [x] 3.9-stable (948fd324de9029f91e5a736dd623b8f1390256e5)
* [x] 3.8-stable (18b5cab25223debddf802a6309b15db6947dba96)Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11134nginx: HTTP request smuggling via error pages in http/ngx_http_special_respon...2020-05-09T20:19:55ZAlicha CHnginx: HTTP request smuggling via error pages in http/ngx_http_special_response.c (CVE-2019-20372)NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer. The...NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer. The bug appeared in 0.7.12.
#### Fixed In Version:
nginx 1.17.7
#### References:
* http://nginx.org/en/CHANGES
* https://nvd.nist.gov/vuln/detail/CVE-2019-20372
#### Patch:
https://github.com/nginx/nginx/commit/c1be55f97211d38b69ac0c2027e6812ab8b1b94e
### Affected branches:
* [x] master (732a2a015029f60efed0ccc9118d8a16bf7f860e)
* [x] 3.11-stable (dd81abbcbedbddfc50c0d20af4559ecc142d2278)
* [x] 3.10-stable
* [x] 3.9-stable
* [x] 3.8-stabledLeonardo ArenaLeonardo Arenahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11155samba: Multiple vulnerabilities (CVE-2019-14902, CVE-2019-14907, CVE-2019-19344)2020-04-03T06:01:13ZAlicha CHsamba: Multiple vulnerabilities (CVE-2019-14902, CVE-2019-14907, CVE-2019-19344)### CVE-2019-14902: Replication of ACLs set to inherit down a subtree on Directory not automatic.
A newly delegated right, but more importantly the removal of a
delegated right, would not be inherited on any DC other than the one
where ...### CVE-2019-14902: Replication of ACLs set to inherit down a subtree on Directory not automatic.
A newly delegated right, but more importantly the removal of a
delegated right, would not be inherited on any DC other than the one
where the change was made.
#### Fixed In Version:
Samba 4.11.5, 4.10.12 and 4.9.18
#### References:
* https://www.samba.org/samba/security/CVE-2019-14902.html
* https://www.samba.org/samba/history/security.html
### CVE-2019-14907: Crash after failed character conversion at log level 3 or above.
If samba is set with "log level = 3" (or above) then the string
obtained from the client, after a failed character conversion, is
printed. Such strings can be provided during the NTLMSSP
authentication exchange.
#### Fixed In Version:
Samba 4.11.5, 4.10.12 and 4.9.18
#### References:
* https://www.samba.org/samba/security/CVE-2019-14907.html
* https://www.samba.org/samba/history/security.html
### CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC.
Samba 4.9 introduced an off-by-default feature to tombstone
dynamically created DNS records that had reached their expiry time.
This feature is controlled by the smb.conf option:
dns zone scavenging = yes
There is a use-after-free issue in this code, essentially due to a
call to realloc() while other local variables still point at the
original buffer.
Does not affect alpine 3.8 and 3.9.
#### Fixed In Version:
Samba 4.11.5, 4.10.12 and 4.9.18
#### References:
* https://www.samba.org/samba/security/CVE-2019-19344.html
* https://www.samba.org/samba/history/security.html
### Affected branches:
* [x] master (fddd8a3d858001f0e0d27c7fd9e1ffddf8ccdd2e)
* [x] 3.11-stable
* [x] 3.10-stable
* [x] 3.9-stable (46ba7ec46d3cb4084489531ce10e71e17963495b)
* [x] 3.8-stable (515e98e6bdc49a7db3aa081e1de4fd5f727bb851)Leonardo ArenaLeonardo Arenahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11188sudo: Buffer overflow when pwfeedback is set in sudoers (CVE-2019-18634)2020-02-05T11:17:48ZAlicha CHsudo: Buffer overflow when pwfeedback is set in sudoers (CVE-2019-18634)In Sudo before 1.8.31, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the def...In Sudo before 1.8.31, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.
#### References:
* https://www.sudo.ws/alerts/pwfeedback.html
* https://www.openwall.com/lists/oss-security/2020/01/30/6
#### Patch:
https://github.com/sudo-project/sudo/commit/fa8ffeb17523494f0e8bb49a25e53635f4509078
### Affected branches:
* [x] master (35cc1de5b1dd6af591cc931b96b045edab5d8525)
* [x] 3.11-stable (691af4d751b10236efa6cce5e2866dabfc5047dd)
* [x] 3.10-stable (335b433870315222476ab36d3844ac5782cfddbe)
* [x] 3.9-stable (8788474ba192c238921e2fbe2ff7e930445dcf24)
* [x] 3.8-stable (76c7cb0ae293d4800b471c9d7793a59609e304b1)Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11189openjpeg: Multiple vulnerabilities (CVE-2020-6851, CVE-2020-8112)2020-02-05T12:37:23ZAlicha CHopenjpeg: Multiple vulnerabilities (CVE-2020-6851, CVE-2020-8112)### CVE-2020-6851: Heap-based buffer overflow.
OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in libopenjp2.so.
#### References:
* https://github.com/uclouvain/openjpeg/issues/1228
* https://...### CVE-2020-6851: Heap-based buffer overflow.
OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in libopenjp2.so.
#### References:
* https://github.com/uclouvain/openjpeg/issues/1228
* https://nvd.nist.gov/vuln/detail/CVE-2020-6851
#### Patch:
https://github.com/uclouvain/openjpeg/commit/46c1eff9e98bbcf794d042f7b2e3d45556e805ce
### CVE-2020-8112: Heap-based buffer overflow in the qmfbid.
opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851.
#### References:
* https://github.com/uclouvain/openjpeg/issues/1231
* https://nvd.nist.gov/vuln/detail/CVE-2020-8112
#### Patch:
https://github.com/uclouvain/openjpeg/commit/05f9b91e60debda0e83977e5e63b2e66486f7074
### Affected branches:
* [x] master (570efe74c1b275bfb920f1434d2a877123df4fcc)
* [x] 3.11-stable (a60544e51180dade6c8e710f1bfd7060618ede11)
* [x] 3.10-stable (61851c5e9528fc803ee3dff5431d76482e125ba3)
* [x] 3.9-stable (d3cf817a7725469c0dc61da3cdb79395f0f951d2)
* [x] 3.8-stable (86f2db7e3bb8c5fe41cfdab6eb9e12d3f0288408)Francesco ColistaFrancesco Colistahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11191exiv2: An infinite loop and hang (CVE-2019-20421)2020-03-15T18:16:10ZAlicha CHexiv2: An infinite loop and hang (CVE-2019-20421)In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted ...In Jp2Image::readMetadata() in jp2image.cpp in Exiv2 0.27.2, an input file can result in an infinite loop and hang, with high CPU consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file.
#### References:
* https://github.com/Exiv2/exiv2/issues/1011
* https://nvd.nist.gov/vuln/detail/CVE-2019-20421
#### Patch:
https://github.com/Exiv2/exiv2/commit/a82098f4f90cd86297131b5663c3dec6a34470e8LeoLeohttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11273RTSP support broken in live-media package2020-03-08T14:29:40ZLeonardo ArenaRTSP support broken in live-media packageThis affects at least from AL3.7 or greater including edge.
<pre>
Error relocating /usr/lib/libliveMedia.so.78.0.3: _Z12ourIPAddressR16UsageEnvironment: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZN7NoReuseC1ER1...This affects at least from AL3.7 or greater including edge.
<pre>
Error relocating /usr/lib/libliveMedia.so.78.0.3: _Z12ourIPAddressR16UsageEnvironment: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZN7NoReuseC1ER16UsageEnvironment: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZN13AddressStringD1Ev: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: TLS_client_method: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZN14NetAddressListD1Ev: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: SSL_get_error: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZN22AddressPortLookupTableC1Ev: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZN9GroupsockC1ER16UsageEnvironmentRK7in_addr4Porth: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZN22AddressPortLookupTable3AddEjj4PortPv: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: SSL_write: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _Znam: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZN9Groupsock6outputER16UsageEnvironmentPhjP20DirectedNetInterface: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZN9HashTable8getFirstEv: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: SSL_free: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: __cxa_end_catch: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: __cxa_allocate_exception: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZN13AddressStringC1ERK11sockaddr_in: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZN13AddressStringC1ERK7in_addr: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: AES_set_encrypt_key: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _Z17setupStreamSocketR16UsageEnvironment4Porthh: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: EVP_sha1: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZN10NetAddressaSERKS_: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: EVP_DigestInit: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZN9Groupsock21removeAllDestinationsEv: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _Z10readSocketR16UsageEnvironmentiPhjR11sockaddr_in: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: our_random32: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _Z10strDupSizePKcRm: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _Z21ignoreSigPipeOnSocketi: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: BIO_new_socket: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZN9Groupsock17multicastSendOnlyEv: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: SSL_read: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _Z18makeSocketBlockingij: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZNK14NetAddressList12firstAddressEv: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZN9GroupsockC1ER16UsageEnvironmentRK7in_addrS4_4Port: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: SSL_new: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZN10NetAddressC1Ej: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: SSL_set_connect_state: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: SSL_shutdown: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _Z10strDupSizePKc: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZN10NetAddressD1Ev: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: our_inet_addr: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: EVP_DigestUpdate: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: SSL_CTX_new: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZN14NetAddressListC1EPKc: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZdaPv: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZN22AddressPortLookupTable6LookupEjj4Port: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZN9HashTable6createEi: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZN22AddressPortLookupTable6RemoveEjj4Port: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: OPENSSL_init_ssl: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _Z6strDupPKc: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: AES_encrypt: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: __cxa_begin_catch: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: EVP_MD_CTX_new: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _Z13getSourcePortR16UsageEnvironmentiR4Port: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: __cxa_throw: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZN7NoReuseD1Ev: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: EVP_DigestFinal: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZN13AddressStringC1Ej: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _Z23increaseReceiveBufferToR16UsageEnvironmentij: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZN6Socket5resetEv: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: SSL_connect: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: SSL_CTX_free: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: our_random: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _Znwm: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZN9HashTable8Iterator6createERKS_: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _Z18IsMulticastAddressj: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZdaPvm: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZN9HashTable10RemoveNextEv: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZdlPvm: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _Z20increaseSendBufferToR16UsageEnvironmentij: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZN22AddressPortLookupTable8Iterator4nextEv: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _Z21makeSocketNonBlockingi: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZN22AddressPortLookupTable8IteratorD1Ev: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZN4PortC1Et: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZN9Groupsock27changeDestinationParametersERK7in_addr4Portij: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZN22AddressPortLookupTable8IteratorC1ERS_: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZN9Groupsock19wasLoopedBackFromUsER16UsageEnvironmentR11sockaddr_in: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: SSL_set_bio: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv117__class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTVN10__cxxabiv120__si_class_type_infoE: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: __cxa_pure_virtual: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: __cxa_pure_virtual: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: __cxa_pure_virtual: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: __cxa_pure_virtual: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: __cxa_pure_virtual: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: __cxa_pure_virtual: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: __cxa_pure_virtual: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: __cxa_pure_virtual: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: __cxa_pure_virtual: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: __cxa_pure_virtual: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: __cxa_pure_virtual: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: __cxa_pure_virtual: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: __cxa_pure_virtual: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: __cxa_pure_virtual: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: __cxa_pure_virtual: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: __cxa_pure_virtual: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: __cxa_pure_virtual: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: __cxa_pure_virtual: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: __cxa_pure_virtual: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: __cxa_pure_virtual: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: __cxa_pure_virtual: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: __cxa_pure_virtual: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: __cxa_pure_virtual: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: __cxa_pure_virtual: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: __cxa_pure_virtual: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: __cxa_pure_virtual: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: __cxa_pure_virtual: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: __cxa_pure_virtual: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: __cxa_pure_virtual: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: __cxa_pure_virtual: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: __cxa_pure_virtual: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: SendingInterfaceAddr: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: ReceivingInterfaceAddr: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTIi: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: _ZTIi: symbol not found
Error relocating /usr/lib/libliveMedia.so.78.0.3: __gxx_personality_v0: symbol not found
</pre>3.12.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11284squid: Multiple vulnerabilities (CVE-2020-8449, CVE-2020-8450, CVE-2020-8517,...2020-04-02T15:49:36ZAlicha CHsquid: Multiple vulnerabilities (CVE-2020-8449, CVE-2020-8450, CVE-2020-8517, CVE-2019-12528)### CVE-2020-8449: Improper input validation issues in HTTP Request processing
* Affected versions: Squid 2.x -> 2.7.STABLE9, Squid 3.x -> 3.5.28, Squid 4.x -> 4.9.
* Fixed in version: Squid 4.10
#### Reference:
http://www.squid-...### CVE-2020-8449: Improper input validation issues in HTTP Request processing
* Affected versions: Squid 2.x -> 2.7.STABLE9, Squid 3.x -> 3.5.28, Squid 4.x -> 4.9.
* Fixed in version: Squid 4.10
#### Reference:
http://www.squid-cache.org/Advisories/SQUID-2020_1.txt
### CVE-2020-8450: Buffer overflow in a Squid acting as reverse-proxy
* Affected versions: Squid 2.x -> 2.7.STABLE9, Squid 3.x -> 3.5.28, Squid 4.x -> 4.9.
* Fixed in version: Squid 4.10
#### Reference:
http://www.squid-cache.org/Advisories/SQUID-2020_1.txt
### CVE-2020-8517: Buffer Overflow issue in ext_lm_group_acl helper.
* Affected versions: Squid 2.x -> 2.7.STABLE9, Squid 3.x -> 3.5.28, Squid 4.x -> 4.9.
* Fixed in version: Squid 4.10
#### Reference:
http://www.squid-cache.org/Advisories/SQUID-2020_3.txt
### CVE-2019-12528: Information Disclosure issue in FTP Gateway
* Affected versions: Squid 2.x -> 2.7.STABLE9, Squid 3.x -> 3.5.28, Squid 4.x -> 4.9.
* Fixed in version: Squid 4.10
#### Reference:
http://www.squid-cache.org/Advisories/SQUID-2020_2.txt
### Affected branches:
* [x] master (a4301166888c0e2c8a72be8e5d3ec1747a6ab6bf)
* [x] 3.11-stable (04e707dce3ab5d71feecb123c8bbffd3b2b42985)
* [x] 3.10-stable (a03c8d1518674fd14946096bb8a7db67ad565315)
* [x] 3.9-stable (cca1978fca0677250ca84f4bdcb86b395a64b6e9)
* [x] 3.8-stable (3db264c1978654cc19d61a5feaf1b0ee54e0a85b)Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11288py-django: Potential SQL injection via tolerance parameter in GIS functions a...2020-05-09T20:19:55ZAlicha CHpy-django: Potential SQL injection via tolerance parameter in GIS functions and aggregates on Oracle (CVE-2020-9402)A flaw was found in Django in a way that GIS functions and aggregates on Oracle were subject to SQL injection, using a suitably crafted tolerance.
#### Fixed In Version:
Django 1.11.29
#### References:
* https://www.djangoproject.c...A flaw was found in Django in a way that GIS functions and aggregates on Oracle were subject to SQL injection, using a suitably crafted tolerance.
#### Fixed In Version:
Django 1.11.29
#### References:
* https://www.djangoproject.com/weblog/2020/mar/04/security-releases/
* https://www.openwall.com/lists/oss-security/2020/03/04/1
### Affected branches:
* [x] master (5625fb449efe16648b2ed8607e52e667b2bb5731)
* [x] 3.11-stable (0301b076d7141df079a9815a6fc9e7cde6b9cc31)
* [x] 3.10-stable (de8f6b009ad388a047a6b85ec224d599ad583676)
* [x] 3.9-stable (032abeb0cb17ff90166fdbce07c4a921c9147e45)
* [x] 3.8-stable (ec2cb0ea688e8d4c4ccf31b7434ab4b5cb111e66)LeoLeohttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11291libarchive: Multiple vulnerabilities (CVE-2019-19221, 2020-9308)2020-03-12T21:36:45ZAlicha CHlibarchive: Multiple vulnerabilities (CVE-2019-19221, 2020-9308)### CVE-2019-19221: out-of-bounds read in archive_wstring_append_from_mbs in archive_string.c
A vulnerability was found in Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an inc...### CVE-2019-19221: out-of-bounds read in archive_wstring_append_from_mbs in archive_string.c
A vulnerability was found in Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive.
#### References:
* https://github.com/libarchive/libarchive/issues/1276
* https://nvd.nist.gov/vuln/detail/CVE-2019-19221
#### Patch:
https://github.com/libarchive/libarchive/commit/22b1db9d46654afc6f0c28f90af8cdc84a199f41
### CVE-2020-9308: attempts to unpack a RAR5 file with an invalid or corrupted header leads to a SIGSEGV
archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header (such as a header size of zero), leading to a SIGSEGV or possibly unspecified other impact.
#### References:
* https://github.com/libarchive/libarchive/pull/1326
* https://nvd.nist.gov/vuln/detail/CVE-2020-9308
#### Patch:
https://github.com/libarchive/libarchive/commit/94821008d6eea81e315c5881cdf739202961040a
### Affected branches:
* [x] master (98a20682f4336788dac336ff23e25571663137de)
* [x] 3.11-stable
* [x] 3.10-stable
* [x] 3.9-stable
* [x] 3.8-stableNatanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11307ansible: Multiple vulnerabilities (CVE-2020-1737, CVE-2020-1739)2020-09-02T09:18:24ZAlicha CHansible: Multiple vulnerabilities (CVE-2020-1737, CVE-2020-1739)### CVE-2020-1737: Extract-Zip function in win_unzip module does not check extracted path
A flaw was found in the Ansible Engine when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if t...### CVE-2020-1737: Extract-Zip function in win_unzip module does not check extracted path
A flaw was found in the Ansible Engine when using the Extract-Zip function from the win_unzip module as the extracted file(s) are not checked if they belong to the destination folder. An attacker could take advantage of this flaw by crafting an archive anywhere in the file system, using a path traversal.
#### Fixed In Version:
ansible 2.7.17, 2.8.9, 2.9.6
#### References:
* https://github.com/ansible/ansible/issues/67795
* https://github.com/ansible/ansible/pull/67799
* https://nvd.nist.gov/vuln/detail/CVE-2020-1737
### CVE-2020-1739: svn module leaks password when specified as a parameter
A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.
#### Fixed In Version:
ansible 2.7.17, 2.8.9, 2.9.7
#### References:
* https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#v297
* https://github.com/ansible/ansible/issues/67797
* https://bugzilla.redhat.com/show_bug.cgi?id=1802178
### Affected branches:
* [x] master (e4542eb1cd224dd533ac2808658bf16561bcdc3b)
* [x] 3.11-stable (899a908f75043f9a408b168005ecc557d060f15e)
* [x] 3.10-stable (457913175597d4cf53123064b576a5527a9aa0de)
* [x] 3.9-stable (ec2f3b6aa9db9937f43c70b5c3caa8fbf7132575)
* [ ] 3.8-stablehttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11328bluez: Improper access control in subsystem could result in privilege escalat...2020-03-24T12:28:44ZAlicha CHbluez: Improper access control in subsystem could result in privilege escalation and DoS (CVE-2020-0556)Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access.
#### References:
* https://www.intel.com/con...Improper access control in subsystem for BlueZ before version 5.54 may allow an unauthenticated user to potentially enable escalation of privilege and denial of service via adjacent access.
#### References:
* https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html
* https://lore.kernel.org/linux-bluetooth/20200310023516.209146-1-alainm@chromium.org/
#### Patches:
- https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8cdbd3b09f29da29374e2f83369df24228da0ad1
- https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=3cccdbab2324086588df4ccf5f892fb3ce1f1787
Second commit introduces new configuration option "ClassicBondedOnly" which defaults
to false, and allows to make sure that input connections only come from bonded
device connections.
Followup commits to avoid (functional) regression:
- https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=35d8d895cd0b724e58129374beb0bb4a2edf9519
- https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=f2778f5877d20696d68a452b26e4accb91bfb19e
### Affected branches:
* [x] master (95b04c285345549aa27b34fe7fd9bb663e050a03)
* [x] 3.11-stable
* [x] 3.10-stable
* [x] 3.9-stable
* [x] 3.8-stableLeoLeohttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11329icu: Integer overflow in UnicodeString::doAppend() (CVE-2020-10531)2020-04-02T15:16:54ZAlicha CHicu: Integer overflow in UnicodeString::doAppend() (CVE-2020-10531)An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.
#### Refe...An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.
#### References:
* https://bugs.chromium.org/p/chromium/issues/detail?id=1044570
* h ttps://unicode-org.atlassian.net/browse/ICU-20958
* https://github.com/unicode-org/icu/pull/971
#### Patch:
https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca
### Affected branches:
* [x] master
* [x] 3.11-stable
* [x] 3.10-stable
* [x] 3.9-stable
* [x] 3.8-stable (248b3fa9ef3ac2d1eecc6514fa4e1e9368fa4d86)LeoLeohttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11365gnutls: Uses incorrect cryptography for DTLS (CVE-2020-11501)2020-04-07T11:56:58ZAlicha CHgnutls: Uses incorrect cryptography for DTLS (CVE-2020-11501)GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thu...GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol.
#### References:
* https://gitlab.com/gnutls/gnutls/-/issues/960
* https://nvd.nist.gov/vuln/detail/CVE-2020-11501
* Broken-by: https://gitlab.com/gnutls/gnutls/-/commit/bcf4de0371efbdf0846388e2df0cb14b5db09954 (gnutls_3_6_3)
#### Patch:
https://gitlab.com/gnutls/gnutls/-/commit/c01011c2d8533dbbbe754e49e256c109cb848d0d (3.6.13)
### Affected branches:
* [x] master
* [x] 3.11-stable
* [x] 3.10-stable
* [x] 3.9-stable
* [x] 3.8-stableNatanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11400xen: Multiple vulnerabilities (CVE-2020-11739, CVE-2020-11740, CVE-2020-11741...2020-04-19T16:03:01ZAlicha CHxen: Multiple vulnerabilities (CVE-2020-11739, CVE-2020-11740, CVE-2020-11741, CVE-2020-11742, CVE-2020-11743)### CVE-2020-11740, CVE-2020-11741, XSA-313: Multiple xenoprof issues
All Xen versions back to at least 3.2 are vulnerable.
#### Reference:
http://xenbits.xen.org/xsa/advisory-313.html
### CVE-2020-11739, XSA-314: Missing memory barr...### CVE-2020-11740, CVE-2020-11741, XSA-313: Multiple xenoprof issues
All Xen versions back to at least 3.2 are vulnerable.
#### Reference:
http://xenbits.xen.org/xsa/advisory-313.html
### CVE-2020-11739, XSA-314: Missing memory barriers in read-write unlock paths
#### Reference:
http://xenbits.xen.org/xsa/advisory-314.html
### CVE-2020-11742, XSA-318: Bad continuation handling in GNTTABOP_copy
#### Reference:
http://xenbits.xen.org/xsa/advisory-318.html
### CVE-2020-11743, XSA-316: Bad error path in GNTTABOP_map_grant
### Reference:
http://xenbits.xen.org/xsa/advisory-316.html
### Affected branches:
* [x] master
* [x] 3.11-stable
* [x] 3.10-stable
* [x] 3.9-stable
* [x] 3.8-stableNatanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11424git: Crafted URL containing new lines, empty host or lacks a scheme can cause...2020-04-21T19:13:09ZAlicha CHgit: Crafted URL containing new lines, empty host or lacks a scheme can cause credential leak (CVE-2020-11008)The vulnerability can be triggered by feeding a malicious URL to git clone. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git...The vulnerability can be triggered by feeding a malicious URL to git clone. However, the affected URLs look rather suspicious; the likely vector would be through systems which automatically clone URLs not visible to the user, such as Git submodules, or package systems built around Git.
This bug is similar to the one mentioned in CVE-2020-5260. The fix for that bug still left the door open for an exploit where some credential is leaked (but the attacker cannot control which one).
The root of the problem is in Git itself, which should not be feeding blank input to helpers. However, the ability to exploit the vulnerability in practice depends on which helpers are in use.
#### Affected versions
git <= 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2, 2.24.2, 2.25.3, 2.26.1
#### Fixed In Version:
git 2.17.5, 2.18.4, 2.19.5, 2.20.4, 2.21.3, 2.22.4, 2.23.3, 2.24.3, 2.25.4, 2.26.2
#### References:
* https://github.com/git/git/security/advisories/GHSA-hjc9-x69f-jqj7
* https://lore.kernel.org/git/xmqq4kterq5s.fsf@gitster.c.googlers.com/
### Affected branches:
* [x] master (e964b427700d05033702d989be968bdd17d391ad)
* [x] 3.11-stable (88e1a78be765dc06805c03a6099406b8ca4ae21b)
* [x] 3.10-stable (c0456ebf2823e5d0bbe77d9a844cafacf6a2d17d)
* [x] 3.9-stable (d8f98f1d364cc22538f4999b495d0cc90de59440)
* [x] 3.8-stable (f32b8f8df8e99e7b325c18d9faefd359d2f1a39a)Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11429openssl: Segmentation fault in SSL_check_chain (CVE-2020-1967)2020-04-21T17:23:54ZAlicha CHopenssl: Segmentation fault in SSL_check_chain (CVE-2020-1967)Server or client applications that call the SSL_check_chain() function during or
after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a
result of incorrect handling of the "signature_algorithms_cert" TLS extension.
Th...Server or client applications that call the SSL_check_chain() function during or
after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a
result of incorrect handling of the "signature_algorithms_cert" TLS extension.
The crash occurs if an invalid or unrecognised signature algorithm is received
from the peer. This could be exploited by a malicious peer in a Denial of
Service attack.
OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This
issue did not affect OpenSSL versions prior to 1.1.1d.
Affected OpenSSL 1.1.1 users should upgrade to 1.1.1g
#### References:
https://www.openssl.org/news/secadv/20200421.txt
### Affected branches:
* [x] master (8d308c15ed58152196218b079d66720ad606405a)
* [x] 3.11-stable (e54b51b1d389ed731a8bce1f0a24c45820619dbd)
* [x] 3.10-stable (11ace5cb8b9c94ef9fcca23e4b0401d06c7e399c)
* [x] 3.9-stable (9919f140cf7d3ff305dda398a2a2605489202e60)Timo TeräsTimo Teräshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11456squid: Multiple issues (CVE-2019-12519, CVE-2019-12521, CVE-2020-11945)2020-12-11T03:25:19ZAlicha CHsquid: Multiple issues (CVE-2019-12519, CVE-2019-12521, CVE-2020-11945)### CVE-2019-12519: mproper check for new member in ESIExpression::Evaluate allows for stack buffer overflow
Affected versions: Squid 3.x -> 3.5.28, Squid 4.x -> 4.10 and Squid 5.x -> 5.0.1
Fixed in version: Squid 4.11 and 5.0.2
##...### CVE-2019-12519: mproper check for new member in ESIExpression::Evaluate allows for stack buffer overflow
Affected versions: Squid 3.x -> 3.5.28, Squid 4.x -> 4.10 and Squid 5.x -> 5.0.1
Fixed in version: Squid 4.11 and 5.0.2
#### Reference:
http://www.squid-cache.org/Advisories/SQUID-2019_12.txt
### CVE-2019-12521: off-by-one error in addStackElement allows for a heap buffer overflow and a crash
Affected versions: Squid 3.x -> 3.5.28, Squid 4.x -> 4.10 and Squid 5.x -> 5.0.1
Fixed in version: Squid 4.11 and 5.0.2
#### Reference:
http://www.squid-cache.org/Advisories/SQUID-2019_12.txt
### CVE-2020-11945: improper access restriction upon Digest Authentication nonce replay could lead to remote code execution
Affected versions: Squid 2.x -> 2.7.STABLE9, Squid 3.x -> 3.5.28, Squid 4.x -> 4.10, Squid 5.x -> 5.0.1
Fixed in version: Squid 4.11 and 5.0.2
#### Reference:
http://www.squid-cache.org/Advisories/SQUID-2020_4.txt
### Affected branches:
* [x] master (7b0fa28ce15c281d08db0347143a99669ce16e1a)
* [x] 3.11-stable
* [x] 3.10-stable
* [x] 3.9-stable
* [ ] 3.8-stableNatanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11508sqlite: malformed window-function query leads to DoS (CVE-2020-11655)2020-05-07T14:14:14ZAlicha CHsqlite: malformed window-function query leads to DoS (CVE-2020-11655)SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
#### References:
* https://www3.sqlite.org/cgi/s...SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.
#### References:
* https://www3.sqlite.org/cgi/src/tktview?name=af4556bb5c
* https://nvd.nist.gov/vuln/detail/CVE-2020-11655
#### Patch:
https://www.sqlite.org/cgi/src/info/4a302b42c7bf5e11
### Affected branches:
* [x] master
* [x] 3.11-stable
* [x] 3.10-stable
* [x] 3.9-stable
* [x] 3.8-stableLeonardo ArenaLeonardo Arenahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11509openldap: Denial of service vulnerability in filter.c (CVE-2020-12243)2020-05-07T12:49:49ZAlicha CHopenldap: Denial of service vulnerability in filter.c (CVE-2020-12243)In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).
#### Reference:
* https://nvd.nist.gov/vuln/detail/CVE-2020-12243
* https://bugs.open...In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).
#### Reference:
* https://nvd.nist.gov/vuln/detail/CVE-2020-12243
* https://bugs.openldap.org/show_bug.cgi?id=9202
#### Patch:
https://git.openldap.org/openldap/openldap/-/commit/98464c11df8247d6a11b52e294ba5dd4f0380440
### Affected branches:
* [x] master
* [x] 3.11-stable
* [x] 3.10-stable
* [x] 3.9-stable
* [x] 3.8-stableNatanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11525jbig2dec: Heap-buffer-overflow in jbig2_image_compose (CVE-2020-12268)2020-12-11T04:55:23ZAlicha CHjbig2dec: Heap-buffer-overflow in jbig2_image_compose (CVE-2020-12268)jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow.
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2020-12268
* https://security-tracker.debian.org/tracker/CVE-2020-12268
#...jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow.
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2020-12268
* https://security-tracker.debian.org/tracker/CVE-2020-12268
#### Patch:
https://github.com/ArtifexSoftware/jbig2dec/commit/0726320a4b55078e9d8deb590e477d598b3da66e
### Affected branches:
* [x] master (3844aa04647ff7fe7442c0b1575c01a394878975)
* [x] 3.11-stable
* [x] 3.10-stable
* [x] 3.9-stable
* [ ] 3.8-stableNatanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11526libvirt: Multiple vulnerabilities (CVE-2020-10703, CVE-2020-12430)2020-05-14T06:51:56ZAlicha CHlibvirt: Multiple vulnerabilities (CVE-2020-10703, CVE-2020-12430)### CVE-2020-10703: Potential denial of service via active pool without target path
A flaw was found in libvirt. A pool created without a target path may lead to segmentation fault and denial of service. This issue may be triggered by a...### CVE-2020-10703: Potential denial of service via active pool without target path
A flaw was found in libvirt. A pool created without a target path may lead to segmentation fault and denial of service. This issue may be triggered by a read only user.
#### Fixed In Version:
libvirt 6.0.0
#### Reference:
https://security-tracker.debian.org/tracker/CVE-2020-10703
#### Patch:
https://libvirt.org/git/?p=libvirt.git;a=commit;h=dfff16a7c261f8d28e3abe60a47165f845fa952f
### CVE-2020-12430: memory leak in domstats may allow read-only user to perform DoS attack
An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0. A memory leak was found in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. This flaw allows unprivileged users with a read-only connection to cause a memory leak in the domstats command, resulting in a potential denial of service.
#### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2020-12430
#### Patch:
https://libvirt.org/git/?p=libvirt.git;a=commit;h=9bf9e0ae6af38c806f4672ca7b12a6b38d5a9581
### Affected branches:
* [x] master (7734b4b3e750791216f1558be58f0b51607e788d)
* [x] 3.11-stable
* [x] 3.10-stable
* [x] 3.9-stable
* [x] 3.8-stableFrancesco ColistaFrancesco Colistahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11539libexif: Multiple vulnerabilities (CVE-2018-20030, CVE-2020-12767)2020-05-19T11:59:55ZAlicha CHlibexif: Multiple vulnerabilities (CVE-2018-20030, CVE-2020-12767)### CVE-2018-20030: Input validation issue resulting in a denial of service
An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU resources....### CVE-2018-20030: Input validation issue resulting in a denial of service
An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU resources.
#### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-20030
#### Patch:
https://github.com/libexif/libexif/commit/6aa11df549114ebda520dde4cdaea2f9357b2c89
### CVE-2020-12767: divide-by-zero in exif_entry_get_value function in exif-entry.c
Exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error.
#### References:
* https://github.com/libexif/libexif/issues/31
* https://nvd.nist.gov/vuln/detail/CVE-2020-12767
#### Patch:
https://github.com/libexif/libexif/pull/32/commits/4431cd0d67c2b17bf764fa9c253f11051ae8355a
### Affected branches:
* [x] master (9959b863135bbaa1251dbddfa038c9256e155702)
* [x] 3.11-stable (7d1a8137daa5c1f5312ad957dc1857027b8999df)
* [x] 3.10-stable (726529dabef044127d02831c4b26fa6c6fc9d5f5)
* [x] 3.9-stable (cc9c8ab403cd5dfa204be58c326dd98d0702d70c)
* [x] 3.8-stable (5dea23e076ed7123339473f529d74d8a9362e7c6)Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/11541iproute2: Use-after-free (CVE-2019-20795)2020-05-21T10:38:53ZAlicha CHiproute2: Use-after-free (CVE-2019-20795)iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c.
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2019-20795
* https://security-tracker.debian.org/tracker/CVE-2019-2079
* Introduced in: htt...iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c.
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2019-20795
* https://security-tracker.debian.org/tracker/CVE-2019-2079
* Introduced in: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=86bf43c7c2fdc33d7c021b4a1add1c8facbca51c (v4.15.0)
#### Patch:
https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit/?id=9bf2c538a0eb10d66e2365a655bf6c52f5ba3d10
### Affected branches:
* [x] master (04ff1e80f29b49189cfa18e59ec2e328b33222df)
* [x] 3.11-stable (04ff1e80f29b49189cfa18e59ec2e328b33222df)
* [x] 3.10-stable
* [x] 3.9-stableNatanael CopaNatanael Copa