alpine issueshttps://gitlab.alpinelinux.org/groups/alpine/-/issues2019-07-23T13:29:09Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/5990[3.3] collectd: heap overflow in the network plugin (CVE-2016-6254)2019-07-23T13:29:09ZAlicha CH[3.3] collectd: heap overflow in the network plugin (CVE-2016-6254)A heap overflow in collectd’s network plugin which can be triggered
remotely and is potentially exploitable.
### Fixed In Version:
collectd 5.5.2, collectd 5.4.3
### References:
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2016-6...A heap overflow in collectd’s network plugin which can be triggered
remotely and is potentially exploitable.
### Fixed In Version:
collectd 5.5.2, collectd 5.4.3
### References:
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2016-6254
### Patches:
https://github.com/collectd/collectd/commit/b589096f907052b3a4da2b9ccc9b0e2e888dfc18
https://github.com/collectd/collectd/commit/8b4fed9940e02138b7e273e56863df03d1a39ef7
The second patch is unrelated to CVE-2016-6254. It fixes an
initialization issue with libgcrypt which could theoretically lead to a
half-initialized library being used.
*(from redmine: issue id 5990, created on 2016-08-03, closed on 2016-12-15)*
* Relations:
* parent #5987
* Changesets:
* Revision 098260b04946c063be77108d7a498046a254403a on 2016-08-08T06:48:22Z:
```
main/collectd: security upgrade to 5.5.2 (CVE-2016-6254). Fixes #5990
(cherry picked from commit ac94d4b9a3edac9db7aa1481b4866cb39d032843)
```3.3.4Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/5991[3.2] collectd: heap overflow in the network plugin (CVE-2016-6254)2019-07-23T13:29:08ZAlicha CH[3.2] collectd: heap overflow in the network plugin (CVE-2016-6254)A heap overflow in collectd’s network plugin which can be triggered
remotely and is potentially exploitable.
### Fixed In Version:
collectd 5.5.2, collectd 5.4.3
### References:
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2016-6...A heap overflow in collectd’s network plugin which can be triggered
remotely and is potentially exploitable.
### Fixed In Version:
collectd 5.5.2, collectd 5.4.3
### References:
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2016-6254
### Patches:
https://github.com/collectd/collectd/commit/b589096f907052b3a4da2b9ccc9b0e2e888dfc18
https://github.com/collectd/collectd/commit/8b4fed9940e02138b7e273e56863df03d1a39ef7
The second patch is unrelated to CVE-2016-6254. It fixes an
initialization issue with libgcrypt which could theoretically lead to a
half-initialized library being used.
*(from redmine: issue id 5991, created on 2016-08-03, closed on 2016-12-15)*
* Relations:
* parent #5987
* Changesets:
* Revision 6632875a0180bd46dc39155d7eb28e4634a3f80c by Sergei Lukin on 2016-12-14T10:07:42Z:
```
main/collectd: security upgrade to 5.4.3 - fixes #5991
CVE-2016-6254
```3.2.4Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/5992[3.1] collectd: heap overflow in the network plugin (CVE-2016-6254)2019-07-23T13:29:07ZAlicha CH[3.1] collectd: heap overflow in the network plugin (CVE-2016-6254)A heap overflow in collectd’s network plugin which can be triggered
remotely and is potentially exploitable.
### Fixed In Version:
collectd 5.5.2, collectd 5.4.3
### References:
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2016-6...A heap overflow in collectd’s network plugin which can be triggered
remotely and is potentially exploitable.
### Fixed In Version:
collectd 5.5.2, collectd 5.4.3
### References:
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2016-6254
### Patches:
https://github.com/collectd/collectd/commit/b589096f907052b3a4da2b9ccc9b0e2e888dfc18
https://github.com/collectd/collectd/commit/8b4fed9940e02138b7e273e56863df03d1a39ef7
The second patch is unrelated to CVE-2016-6254. It fixes an
initialization issue with libgcrypt which could theoretically lead to a
half-initialized library being used.
*(from redmine: issue id 5992, created on 2016-08-03, closed on 2016-12-15)*
* Relations:
* parent #5987
* Changesets:
* Revision 67311d9cfa46e90309b7a3688c74c16bdd1eba1f by Sergei Lukin on 2016-12-15T08:17:30Z:
```
main/collectd: security upgrade to 5.4.3 - fixes #5992
CVE-2016-6254
```3.1.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/5993main/musl: /usr/bin/ldd -> ../../lib/2019-07-23T13:29:06ZJakub Jirutkamain/musl: /usr/bin/ldd -> ../../lib/ls -la /usr/bin/ldd
lrwxrwxrwx 1 root root 10 Aug 3 11:52 /usr/bin/ldd -> ../../lib/
This bug has been introduced in
https://github.com/alpinelinux/aports/commit/f2891b7653cdaae4e478503024f5e4bcaa45395e.
*(from ...ls -la /usr/bin/ldd
lrwxrwxrwx 1 root root 10 Aug 3 11:52 /usr/bin/ldd -> ../../lib/
This bug has been introduced in
https://github.com/alpinelinux/aports/commit/f2891b7653cdaae4e478503024f5e4bcaa45395e.
*(from redmine: issue id 5993, created on 2016-08-03, closed on 2017-04-07)*
* Changesets:
* Revision 0a74f23c42592b9d6957713cfc83a0371f253bcc by Natanael Copa on 2016-08-03T10:07:18Z:
```
main/musl: fix ldd symlink
fixes #5993
```Timo TeräsTimo Teräshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/5994dropbear: 2016.74 security update2019-07-23T13:29:05ZAlicha CHdropbear: 2016.74 security updateThis includes fixes for multiple security issues.
\- Security: Message printout was vulnerable to format string injection.
If specific usernames including “%” symbols can be created on a system
(validated by getpwnam()) then an attac...This includes fixes for multiple security issues.
\- Security: Message printout was vulnerable to format string injection.
If specific usernames including “%” symbols can be created on a system
(validated by getpwnam()) then an attacker could run arbitrary code as
root
when connecting to Dropbear server.
A dbclient user who can control username or host arguments could
potentially
run arbitrary code as the dbclient user. This could be a problem if
scripts
or webpages pass untrusted input to the dbclient program.
\- Security: dropbearconvert import of OpenSSH keys could run arbitrary
code as
the local dropbearconvert user when parsing malicious key files
\- Security: dbclient could run arbitrary code as the local dbclient
user if
particular -m or -c arguments are provided. This could be an issue
where
dbclient is used in scripts.
\- Security: dbclient or dropbear server could expose process memory to
the
running user if compiled with DEBUG\_TRACE and running with -v
\- Fix port forwarding failure when connecting to domains that have
both
IPv4 and IPv6 addresses. The bug was introduced in 2015.68
\- Fix 100% CPU use while waiting for rekey to complete.
### References:
http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2016q3/001932.html
*(from redmine: issue id 5994, created on 2016-08-03, closed on 2016-08-17)*
* Relations:
* child #5995
* child #5996
* child #5997
* child #5998Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/5995[3.4] dropbear: 2016.74 security update2019-07-23T13:29:04ZAlicha CH[3.4] dropbear: 2016.74 security updateThis includes fixes for multiple security issues.
\- Security: Message printout was vulnerable to format string injection.
If specific usernames including “%” symbols can be created on a system
(validated by getpwnam()) then an attac...This includes fixes for multiple security issues.
\- Security: Message printout was vulnerable to format string injection.
If specific usernames including “%” symbols can be created on a system
(validated by getpwnam()) then an attacker could run arbitrary code as
root
when connecting to Dropbear server.
A dbclient user who can control username or host arguments could
potentially
run arbitrary code as the dbclient user. This could be a problem if
scripts
or webpages pass untrusted input to the dbclient program.
\- Security: dropbearconvert import of OpenSSH keys could run arbitrary
code as
the local dropbearconvert user when parsing malicious key files
\- Security: dbclient could run arbitrary code as the local dbclient
user if
particular -m or -c arguments are provided. This could be an issue
where
dbclient is used in scripts.
\- Security: dbclient or dropbear server could expose process memory to
the
running user if compiled with DEBUG\_TRACE and running with -v
\- Fix port forwarding failure when connecting to domains that have
both
IPv4 and IPv6 addresses. The bug was introduced in 2015.68
\- Fix 100% CPU use while waiting for rekey to complete.
### References:
http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2016q3/001932.html
*(from redmine: issue id 5995, created on 2016-08-03, closed on 2016-08-17)*
* Relations:
* parent #5994
* Changesets:
* Revision 6061dc440a65b7fab1e75f46b14958243d62d827 by Natanael Copa on 2016-08-11T15:21:07Z:
```
main/dropbear: security upgrade to 2016.74
fixes #5995
```3.4.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/5996[3.3] dropbear: 2016.74 security update2019-07-23T13:29:03ZAlicha CH[3.3] dropbear: 2016.74 security updateThis includes fixes for multiple security issues.
\- Security: Message printout was vulnerable to format string injection.
If specific usernames including “%” symbols can be created on a system
(validated by getpwnam()) then an attac...This includes fixes for multiple security issues.
\- Security: Message printout was vulnerable to format string injection.
If specific usernames including “%” symbols can be created on a system
(validated by getpwnam()) then an attacker could run arbitrary code as
root
when connecting to Dropbear server.
A dbclient user who can control username or host arguments could
potentially
run arbitrary code as the dbclient user. This could be a problem if
scripts
or webpages pass untrusted input to the dbclient program.
\- Security: dropbearconvert import of OpenSSH keys could run arbitrary
code as
the local dropbearconvert user when parsing malicious key files
\- Security: dbclient could run arbitrary code as the local dbclient
user if
particular -m or -c arguments are provided. This could be an issue
where
dbclient is used in scripts.
\- Security: dbclient or dropbear server could expose process memory to
the
running user if compiled with DEBUG\_TRACE and running with -v
\- Fix port forwarding failure when connecting to domains that have
both
IPv4 and IPv6 addresses. The bug was introduced in 2015.68
\- Fix 100% CPU use while waiting for rekey to complete.
### References:
http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2016q3/001932.html
*(from redmine: issue id 5996, created on 2016-08-03, closed on 2016-08-17)*
* Relations:
* parent #5994
* Changesets:
* Revision b33fceba51e51502076fbc73f68619f53daedc20 on 2016-08-12T09:38:46Z:
```
main/dropbear: security upgrade to 2016.74. Fixes #5996
```3.3.4Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/5997[3.2] dropbear: 2016.74 security update2019-07-23T13:29:02ZAlicha CH[3.2] dropbear: 2016.74 security updateThis includes fixes for multiple security issues.
\- Security: Message printout was vulnerable to format string injection.
If specific usernames including “%” symbols can be created on a system
(validated by getpwnam()) then an attac...This includes fixes for multiple security issues.
\- Security: Message printout was vulnerable to format string injection.
If specific usernames including “%” symbols can be created on a system
(validated by getpwnam()) then an attacker could run arbitrary code as
root
when connecting to Dropbear server.
A dbclient user who can control username or host arguments could
potentially
run arbitrary code as the dbclient user. This could be a problem if
scripts
or webpages pass untrusted input to the dbclient program.
\- Security: dropbearconvert import of OpenSSH keys could run arbitrary
code as
the local dropbearconvert user when parsing malicious key files
\- Security: dbclient could run arbitrary code as the local dbclient
user if
particular -m or -c arguments are provided. This could be an issue
where
dbclient is used in scripts.
\- Security: dbclient or dropbear server could expose process memory to
the
running user if compiled with DEBUG\_TRACE and running with -v
\- Fix port forwarding failure when connecting to domains that have
both
IPv4 and IPv6 addresses. The bug was introduced in 2015.68
\- Fix 100% CPU use while waiting for rekey to complete.
### References:
http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2016q3/001932.html
*(from redmine: issue id 5997, created on 2016-08-03, closed on 2016-08-17)*
* Relations:
* parent #5994
* Changesets:
* Revision 56e6ba68da07cd29f4383fb837c24dfae94e6b0c on 2016-08-12T09:50:04Z:
```
main/dropbear: security upgrade to 2016.74. Fixes #5997
```3.2.4Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/6001Critical Xen vulnerability unpatched2019-07-23T13:29:01ZalgitbotCritical Xen vulnerability unpatchedCVE-2016-6258 \[x86: Privilege escalation in PV guests\] still
unpatched
in Alpine
10 days after disclosure. CVE-2016-6259 and CVE-2016-5403 are also
unpatched.
*(from redmine: issue id 6001, created on 2016-08-04, closed on 2016...CVE-2016-6258 \[x86: Privilege escalation in PV guests\] still
unpatched
in Alpine
10 days after disclosure. CVE-2016-6259 and CVE-2016-5403 are also
unpatched.
*(from redmine: issue id 6001, created on 2016-08-04, closed on 2016-08-27)*https://gitlab.alpinelinux.org/alpine/aports/-/issues/6002curl: Several vulnerabilities (CVE-2016-5419, CVE-2016-5420, CVE-2016-5421)2019-07-23T13:29:00ZAlicha CHcurl: Several vulnerabilities (CVE-2016-5419, CVE-2016-5420, CVE-2016-5421)CVE-2016-5419: TLS session resumption client cert bypass
--------------------------------------------------------
### Fixed In Version:
curl 7.50.1
### Reference:
https://curl.haxx.se/docs/adv\_20160803A.html
### Patch:
https://cur...CVE-2016-5419: TLS session resumption client cert bypass
--------------------------------------------------------
### Fixed In Version:
curl 7.50.1
### Reference:
https://curl.haxx.se/docs/adv\_20160803A.html
### Patch:
https://curl.haxx.se/CVE-2016-5419.patch
CVE-2016-5420: Re-using connection with wrong client cert
---------------------------------------------------------
### Fixed In Version:
curl 7.50.1
### Reference:
https://curl.haxx.se/docs/adv\_20160803B.html
### Patch:
https://curl.haxx.se/CVE-2016-5420.patch
CVE-2016-5421: Use of connection struct after free
--------------------------------------------------
### Fixed In Version:
curl 7.50.1
### References:
https://curl.haxx.se/docs/adv\_20160803C.html
### Patch:
https://curl.haxx.se/CVE-2016-5421.patch
*(from redmine: issue id 6002, created on 2016-08-04, closed on 2016-08-17)*
* Relations:
* child #6003
* child #6004
* child #6005
* child #6006
* child #6007Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/6003[3.5] curl: Several vulnerabilities (CVE-2016-5419, CVE-2016-5420, CVE-2016-5...2019-07-23T13:28:58ZAlicha CH[3.5] curl: Several vulnerabilities (CVE-2016-5419, CVE-2016-5420, CVE-2016-5421)CVE-2016-5419: TLS session resumption client cert bypass
--------------------------------------------------------
### Fixed In Version:
curl 7.50.1
### Reference:
https://curl.haxx.se/docs/adv\_20160803A.html
### Patch:
https://cur...CVE-2016-5419: TLS session resumption client cert bypass
--------------------------------------------------------
### Fixed In Version:
curl 7.50.1
### Reference:
https://curl.haxx.se/docs/adv\_20160803A.html
### Patch:
https://curl.haxx.se/CVE-2016-5419.patch
CVE-2016-5420: Re-using connection with wrong client cert
---------------------------------------------------------
### Fixed In Version:
curl 7.50.1
### Reference:
https://curl.haxx.se/docs/adv\_20160803B.html
### Patch:
https://curl.haxx.se/CVE-2016-5420.patch
CVE-2016-5421: Use of connection struct after free
--------------------------------------------------
### Fixed In Version:
curl 7.50.1
### References:
https://curl.haxx.se/docs/adv\_20160803C.html
### Patch:
https://curl.haxx.se/CVE-2016-5421.patch
*(from redmine: issue id 6003, created on 2016-08-04, closed on 2016-08-17)*
* Relations:
* parent #6002
* Changesets:
* Revision da2c76f8a5b41b865d6af208d9bc32764eec75a6 by Natanael Copa on 2016-08-04T14:51:38Z:
```
main/curl: security upgrade to 7.50.1 (CVE-2016-5419,CVE-2016-5420,CVE-2016-5421)
fixes #6003
```3.5.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/6004[3.4] curl: Several vulnerabilities (CVE-2016-5419, CVE-2016-5420, CVE-2016-5...2019-07-23T13:28:57ZAlicha CH[3.4] curl: Several vulnerabilities (CVE-2016-5419, CVE-2016-5420, CVE-2016-5421)CVE-2016-5419: TLS session resumption client cert bypass
--------------------------------------------------------
### Fixed In Version:
curl 7.50.1
### Reference:
https://curl.haxx.se/docs/adv\_20160803A.html
### Patch:
https://cur...CVE-2016-5419: TLS session resumption client cert bypass
--------------------------------------------------------
### Fixed In Version:
curl 7.50.1
### Reference:
https://curl.haxx.se/docs/adv\_20160803A.html
### Patch:
https://curl.haxx.se/CVE-2016-5419.patch
CVE-2016-5420: Re-using connection with wrong client cert
---------------------------------------------------------
### Fixed In Version:
curl 7.50.1
### Reference:
https://curl.haxx.se/docs/adv\_20160803B.html
### Patch:
https://curl.haxx.se/CVE-2016-5420.patch
CVE-2016-5421: Use of connection struct after free
--------------------------------------------------
### Fixed In Version:
curl 7.50.1
### References:
https://curl.haxx.se/docs/adv\_20160803C.html
### Patch:
https://curl.haxx.se/CVE-2016-5421.patch
*(from redmine: issue id 6004, created on 2016-08-04, closed on 2016-08-17)*
* Relations:
* parent #6002
* Changesets:
* Revision 4bdd777b8634c3c2ef8d4bb6254f22cea78b46d6 by Natanael Copa on 2016-08-04T14:56:59Z:
```
main/curl: security upgrade to 7.50.1 (CVE-2016-5419,CVE-2016-5420,CVE-2016-5421)
fixes #6004
(cherry picked from commit da2c76f8a5b41b865d6af208d9bc32764eec75a6)
```3.4.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/6005[3.3] curl: Several vulnerabilities (CVE-2016-5419, CVE-2016-5420, CVE-2016-5...2019-07-23T13:28:56ZAlicha CH[3.3] curl: Several vulnerabilities (CVE-2016-5419, CVE-2016-5420, CVE-2016-5421)CVE-2016-5419: TLS session resumption client cert bypass
--------------------------------------------------------
### Fixed In Version:
curl 7.50.1
### Reference:
https://curl.haxx.se/docs/adv\_20160803A.html
### Patch:
https://cur...CVE-2016-5419: TLS session resumption client cert bypass
--------------------------------------------------------
### Fixed In Version:
curl 7.50.1
### Reference:
https://curl.haxx.se/docs/adv\_20160803A.html
### Patch:
https://curl.haxx.se/CVE-2016-5419.patch
CVE-2016-5420: Re-using connection with wrong client cert
---------------------------------------------------------
### Fixed In Version:
curl 7.50.1
### Reference:
https://curl.haxx.se/docs/adv\_20160803B.html
### Patch:
https://curl.haxx.se/CVE-2016-5420.patch
CVE-2016-5421: Use of connection struct after free
--------------------------------------------------
### Fixed In Version:
curl 7.50.1
### References:
https://curl.haxx.se/docs/adv\_20160803C.html
### Patch:
https://curl.haxx.se/CVE-2016-5421.patch
*(from redmine: issue id 6005, created on 2016-08-04, closed on 2016-08-17)*
* Relations:
* parent #6002
* Changesets:
* Revision 773b3cce8cf0ef9f65aa00ac6985aaba3f582b2c on 2016-08-12T09:56:17Z:
```
main/curl: security fixes (CVE-2016-5419, CVE-2016-5420, CVE-2016-5421)
Fixes #6005
```3.3.4Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/6006[3.2] curl: Several vulnerabilities (CVE-2016-5419, CVE-2016-5420, CVE-2016-5...2019-07-23T13:28:55ZAlicha CH[3.2] curl: Several vulnerabilities (CVE-2016-5419, CVE-2016-5420, CVE-2016-5421)CVE-2016-5419: TLS session resumption client cert bypass
--------------------------------------------------------
### Fixed In Version:
curl 7.50.1
### Reference:
https://curl.haxx.se/docs/adv\_20160803A.html
### Patch:
https://cur...CVE-2016-5419: TLS session resumption client cert bypass
--------------------------------------------------------
### Fixed In Version:
curl 7.50.1
### Reference:
https://curl.haxx.se/docs/adv\_20160803A.html
### Patch:
https://curl.haxx.se/CVE-2016-5419.patch
CVE-2016-5420: Re-using connection with wrong client cert
---------------------------------------------------------
### Fixed In Version:
curl 7.50.1
### Reference:
https://curl.haxx.se/docs/adv\_20160803B.html
### Patch:
https://curl.haxx.se/CVE-2016-5420.patch
CVE-2016-5421: Use of connection struct after free
--------------------------------------------------
### Fixed In Version:
curl 7.50.1
### References:
https://curl.haxx.se/docs/adv\_20160803C.html
### Patch:
https://curl.haxx.se/CVE-2016-5421.patch
*(from redmine: issue id 6006, created on 2016-08-04, closed on 2016-08-17)*
* Relations:
* parent #6002
* Changesets:
* Revision b3856e2451bda630479c7afb5594d7a8a181099e on 2016-08-12T10:00:44Z:
```
main/curl: security fixes (CVE-2016-5419, CVE-2016-5420, CVE-2016-5421)
Fixes #6006
(cherry picked from commit 773b3cce8cf0ef9f65aa00ac6985aaba3f582b2c)
```3.2.4Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/6007[3.1] curl: Several vulnerabilities (CVE-2016-5419, CVE-2016-5420, CVE-2016-5...2019-07-23T13:28:54ZAlicha CH[3.1] curl: Several vulnerabilities (CVE-2016-5419, CVE-2016-5420, CVE-2016-5421)CVE-2016-5419: TLS session resumption client cert bypass
--------------------------------------------------------
### Fixed In Version:
curl 7.50.1
### Reference:
https://curl.haxx.se/docs/adv\_20160803A.html
### Patch:
https://cur...CVE-2016-5419: TLS session resumption client cert bypass
--------------------------------------------------------
### Fixed In Version:
curl 7.50.1
### Reference:
https://curl.haxx.se/docs/adv\_20160803A.html
### Patch:
https://curl.haxx.se/CVE-2016-5419.patch
CVE-2016-5420: Re-using connection with wrong client cert
---------------------------------------------------------
### Fixed In Version:
curl 7.50.1
### Reference:
https://curl.haxx.se/docs/adv\_20160803B.html
### Patch:
https://curl.haxx.se/CVE-2016-5420.patch
CVE-2016-5421: Use of connection struct after free
--------------------------------------------------
### Fixed In Version:
curl 7.50.1
### References:
https://curl.haxx.se/docs/adv\_20160803C.html
### Patch:
https://curl.haxx.se/CVE-2016-5421.patch
*(from redmine: issue id 6007, created on 2016-08-04, closed on 2016-08-17)*
* Relations:
* parent #6002
* Changesets:
* Revision e2a41181980948dc15f6b20a9b6980444f9f73df on 2016-08-12T10:00:25Z:
```
main/curl: security fixes (CVE-2016-5419, CVE-2016-5420, CVE-2016-5421)
Fixes #6007
(cherry picked from commit 773b3cce8cf0ef9f65aa00ac6985aaba3f582b2c)
```3.1.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/6008tiff: Several vulnerabilities (CVE-2015-7554, CVE-2015-8668, CVE-2016-3945, C...2019-07-23T13:28:53ZAlicha CHtiff: Several vulnerabilities (CVE-2015-7554, CVE-2015-8668, CVE-2016-3945, CVE-2016-3632, CVE-2016-3990, CVE-2016-3991)CVE-2015-7554: invalid write
----------------------------
The \_TIFFVGetField function in tif\_dir.c in libtiff 4.0.6 allows
attackers to cause a denial of service
(invalid memory write and crash) or possibly have unspecified other
im...CVE-2015-7554: invalid write
----------------------------
The \_TIFFVGetField function in tif\_dir.c in libtiff 4.0.6 allows
attackers to cause a denial of service
(invalid memory write and crash) or possibly have unspecified other
impact via crafted field data in an extension tag in a TIFF image.
### References:
http://seclists.org/bugtraq/2015/Dec/137
http://www.openwall.com/lists/oss-security/2015/12/26/7
CVE-2015-8668: OOB read in bmp2tiff
-----------------------------------
Heap-based buffer overflow in the PackBitsPreEncode function in
tif\_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier
allows remote attackers to execute arbitrary code or cause a denial of
service via a large width field in a BMP image.
### Reference:
http://seclists.org/bugtraq/2015/Dec/138
CVE-2016-3945: out-of-bounds write in the tiff2rgba tool
--------------------------------------------------------
When libtiff 4.0.6 tiff2rgba handle malicious tif file(width= 8388640,
height=31) and set param -b will cause illegal
write. The vulnerability exist in function cvt\_by\_strip (also exist in
cvt\_by\_tile ) without checking the buffer
allocate result. An attacker may control the write address and/or value
to result in denial-of-service or command
execution.
### Reference:
http://seclists.org/oss-sec/2016/q2/30
CVE-2016-3632: out-of-bounds write in \_TIFFVGetField function
--------------------------------------------------------------
Out-of-bounds write vulnerability was found in \_TIFFVGetField function
in tif\_dirinfo.c, allowing attacker to cause
a denial of service or command execution via a crafted TIFF image.
### Reference:
http://seclists.org/oss-sec/2016/q2/33
CVE-2016-3990: out-of-bounds write in horizontalDifference8()
-------------------------------------------------------------
An out-of-bounds write flaw was found in libtiff v4.0.6 when using
tiffcp command to handle malicious tiff file.
The vulnerability exists in function horizontalDifference8()
An attacker could control the head data of next heap which contains
pre\_size field and size filed to result in DoS or potential code
execution.
### Reference:
http://seclists.org/oss-sec/2016/q2/57
CVE-2016-3991: out-of-bounds write in loadImage() function
----------------------------------------------------------
An Out-of-bounds write vulnerability caused by heap overflow when using
tiffcrop tool was found in the libtiff library.
The vulnerability is in loadImage() function in tiffcrop.c. loadImage()
will read the numbers of tiles by calling TIFFNumberOfTiles().
### References:
http://www.openwall.com/lists/oss-security/2016/04/12/3
http://bugzilla.maptools.org/show\_bug.cgi?id=2543
CVE-2016-5320: Out-of-bounds write in PixarLogDecode() function in tif\_pixarlog.c
----------------------------------------------------------------------------------
A maliciously crafted TIFF file could cause the application to crash or
even enable RCE on vulnerable machine when using rgb2ycbcr command.
### Reference:
http://seclists.org/oss-sec/2016/q2/551
*(from redmine: issue id 6008, created on 2016-08-05, closed on 2017-09-05)*
* Relations:
* child #6009
* child #6010
* child #6011
* child #6012
* child #6013https://gitlab.alpinelinux.org/alpine/aports/-/issues/6009[3.5] tiff: Several vulnerabilities (CVE-2015-7554, CVE-2015-8668, CVE-2016-3...2019-07-23T13:28:51ZAlicha CH[3.5] tiff: Several vulnerabilities (CVE-2015-7554, CVE-2015-8668, CVE-2016-3945, CVE-2016-3632, CVE-2016-3990, CVE-2016-3991)CVE-2015-7554: invalid write
----------------------------
The \_TIFFVGetField function in tif\_dir.c in libtiff 4.0.6 allows
attackers to cause a denial of service
(invalid memory write and crash) or possibly have unspecified other
im...CVE-2015-7554: invalid write
----------------------------
The \_TIFFVGetField function in tif\_dir.c in libtiff 4.0.6 allows
attackers to cause a denial of service
(invalid memory write and crash) or possibly have unspecified other
impact via crafted field data in an extension tag in a TIFF image.
### References:
http://seclists.org/bugtraq/2015/Dec/137
http://www.openwall.com/lists/oss-security/2015/12/26/7
CVE-2015-8668: OOB read in bmp2tiff
-----------------------------------
Heap-based buffer overflow in the PackBitsPreEncode function in
tif\_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier
allows remote attackers to execute arbitrary code or cause a denial of
service via a large width field in a BMP image.
### Reference:
http://seclists.org/bugtraq/2015/Dec/138
CVE-2016-3945: out-of-bounds write in the tiff2rgba tool
--------------------------------------------------------
When libtiff 4.0.6 tiff2rgba handle malicious tif file(width= 8388640,
height=31) and set param -b will cause illegal
write. The vulnerability exist in function cvt\_by\_strip (also exist in
cvt\_by\_tile ) without checking the buffer
allocate result. An attacker may control the write address and/or value
to result in denial-of-service or command
execution.
### Reference:
http://seclists.org/oss-sec/2016/q2/30
CVE-2016-3632: out-of-bounds write in \_TIFFVGetField function
--------------------------------------------------------------
Out-of-bounds write vulnerability was found in \_TIFFVGetField function
in tif\_dirinfo.c, allowing attacker to cause
a denial of service or command execution via a crafted TIFF image.
### Reference:
http://seclists.org/oss-sec/2016/q2/33
CVE-2016-3990: out-of-bounds write in horizontalDifference8()
-------------------------------------------------------------
An out-of-bounds write flaw was found in libtiff v4.0.6 when using
tiffcp command to handle malicious tiff file.
The vulnerability exists in function horizontalDifference8()
An attacker could control the head data of next heap which contains
pre\_size field and size filed to result in DoS or potential code
execution.
### Reference:
http://seclists.org/oss-sec/2016/q2/57
CVE-2016-3991: out-of-bounds write in loadImage() function
----------------------------------------------------------
An Out-of-bounds write vulnerability caused by heap overflow when using
tiffcrop tool was found in the libtiff library.
The vulnerability is in loadImage() function in tiffcrop.c. loadImage()
will read the numbers of tiles by calling TIFFNumberOfTiles().
### References:
http://www.openwall.com/lists/oss-security/2016/04/12/3
http://bugzilla.maptools.org/show\_bug.cgi?id=2543
CVE-2016-5320: Out-of-bounds write in PixarLogDecode() function in tif\_pixarlog.c
----------------------------------------------------------------------------------
A maliciously crafted TIFF file could cause the application to crash or
even enable RCE on vulnerable machine when using rgb2ycbcr command.
### Reference:
http://seclists.org/oss-sec/2016/q2/551
*(from redmine: issue id 6009, created on 2016-08-05, closed on 2017-09-05)*
* Relations:
* parent #60083.5.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/6010[3.4] tiff: Several vulnerabilities (CVE-2015-7554, CVE-2015-8668, CVE-2016-3...2019-07-23T13:28:50ZAlicha CH[3.4] tiff: Several vulnerabilities (CVE-2015-7554, CVE-2015-8668, CVE-2016-3945, CVE-2016-3632, CVE-2016-3990, CVE-2016-3991)CVE-2015-7554: invalid write
----------------------------
The \_TIFFVGetField function in tif\_dir.c in libtiff 4.0.6 allows
attackers to cause a denial of service
(invalid memory write and crash) or possibly have unspecified other
im...CVE-2015-7554: invalid write
----------------------------
The \_TIFFVGetField function in tif\_dir.c in libtiff 4.0.6 allows
attackers to cause a denial of service
(invalid memory write and crash) or possibly have unspecified other
impact via crafted field data in an extension tag in a TIFF image.
### References:
http://seclists.org/bugtraq/2015/Dec/137
http://www.openwall.com/lists/oss-security/2015/12/26/7
CVE-2015-8668: OOB read in bmp2tiff
-----------------------------------
Heap-based buffer overflow in the PackBitsPreEncode function in
tif\_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier
allows remote attackers to execute arbitrary code or cause a denial of
service via a large width field in a BMP image.
### Reference:
http://seclists.org/bugtraq/2015/Dec/138
CVE-2016-3945: out-of-bounds write in the tiff2rgba tool
--------------------------------------------------------
When libtiff 4.0.6 tiff2rgba handle malicious tif file(width= 8388640,
height=31) and set param -b will cause illegal
write. The vulnerability exist in function cvt\_by\_strip (also exist in
cvt\_by\_tile ) without checking the buffer
allocate result. An attacker may control the write address and/or value
to result in denial-of-service or command
execution.
### Reference:
http://seclists.org/oss-sec/2016/q2/30
CVE-2016-3632: out-of-bounds write in \_TIFFVGetField function
--------------------------------------------------------------
Out-of-bounds write vulnerability was found in \_TIFFVGetField function
in tif\_dirinfo.c, allowing attacker to cause
a denial of service or command execution via a crafted TIFF image.
### Reference:
http://seclists.org/oss-sec/2016/q2/33
CVE-2016-3990: out-of-bounds write in horizontalDifference8()
-------------------------------------------------------------
An out-of-bounds write flaw was found in libtiff v4.0.6 when using
tiffcp command to handle malicious tiff file.
The vulnerability exists in function horizontalDifference8()
An attacker could control the head data of next heap which contains
pre\_size field and size filed to result in DoS or potential code
execution.
### Reference:
http://seclists.org/oss-sec/2016/q2/57
CVE-2016-3991: out-of-bounds write in loadImage() function
----------------------------------------------------------
An Out-of-bounds write vulnerability caused by heap overflow when using
tiffcrop tool was found in the libtiff library.
The vulnerability is in loadImage() function in tiffcrop.c. loadImage()
will read the numbers of tiles by calling TIFFNumberOfTiles().
### References:
http://www.openwall.com/lists/oss-security/2016/04/12/3
http://bugzilla.maptools.org/show\_bug.cgi?id=2543
CVE-2016-5320: Out-of-bounds write in PixarLogDecode() function in tif\_pixarlog.c
----------------------------------------------------------------------------------
A maliciously crafted TIFF file could cause the application to crash or
even enable RCE on vulnerable machine when using rgb2ycbcr command.
### Reference:
http://seclists.org/oss-sec/2016/q2/551
*(from redmine: issue id 6010, created on 2016-08-05, closed on 2017-09-05)*
* Relations:
* parent #6008
* Changesets:
* Revision b4f84337cf6bca17493e2185d14e8cc4c34b143d by Sergei Lukin on 2016-12-26T09:15:21Z:
```
main/tiff: security fixes #6010
CVE-2015-7554, CVE-2015-8668, CVE-2016-3945,
CVE-2016-3632, CVE-2016-3990, CVE-2016-3991
```3.4.4https://gitlab.alpinelinux.org/alpine/aports/-/issues/6011[3.3] tiff: Several vulnerabilities (CVE-2015-7554, CVE-2015-8668, CVE-2016-3...2019-07-23T13:28:48ZAlicha CH[3.3] tiff: Several vulnerabilities (CVE-2015-7554, CVE-2015-8668, CVE-2016-3945, CVE-2016-3632, CVE-2016-3990, CVE-2016-3991)CVE-2015-7554: invalid write
----------------------------
The \_TIFFVGetField function in tif\_dir.c in libtiff 4.0.6 allows
attackers to cause a denial of service
(invalid memory write and crash) or possibly have unspecified other
im...CVE-2015-7554: invalid write
----------------------------
The \_TIFFVGetField function in tif\_dir.c in libtiff 4.0.6 allows
attackers to cause a denial of service
(invalid memory write and crash) or possibly have unspecified other
impact via crafted field data in an extension tag in a TIFF image.
### References:
http://seclists.org/bugtraq/2015/Dec/137
http://www.openwall.com/lists/oss-security/2015/12/26/7
CVE-2015-8668: OOB read in bmp2tiff
-----------------------------------
Heap-based buffer overflow in the PackBitsPreEncode function in
tif\_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier
allows remote attackers to execute arbitrary code or cause a denial of
service via a large width field in a BMP image.
### Reference:
http://seclists.org/bugtraq/2015/Dec/138
CVE-2016-3945: out-of-bounds write in the tiff2rgba tool
--------------------------------------------------------
When libtiff 4.0.6 tiff2rgba handle malicious tif file(width= 8388640,
height=31) and set param -b will cause illegal
write. The vulnerability exist in function cvt\_by\_strip (also exist in
cvt\_by\_tile ) without checking the buffer
allocate result. An attacker may control the write address and/or value
to result in denial-of-service or command
execution.
### Reference:
http://seclists.org/oss-sec/2016/q2/30
CVE-2016-3632: out-of-bounds write in \_TIFFVGetField function
--------------------------------------------------------------
Out-of-bounds write vulnerability was found in \_TIFFVGetField function
in tif\_dirinfo.c, allowing attacker to cause
a denial of service or command execution via a crafted TIFF image.
### Reference:
http://seclists.org/oss-sec/2016/q2/33
CVE-2016-3990: out-of-bounds write in horizontalDifference8()
-------------------------------------------------------------
An out-of-bounds write flaw was found in libtiff v4.0.6 when using
tiffcp command to handle malicious tiff file.
The vulnerability exists in function horizontalDifference8()
An attacker could control the head data of next heap which contains
pre\_size field and size filed to result in DoS or potential code
execution.
### Reference:
http://seclists.org/oss-sec/2016/q2/57
CVE-2016-3991: out-of-bounds write in loadImage() function
----------------------------------------------------------
An Out-of-bounds write vulnerability caused by heap overflow when using
tiffcrop tool was found in the libtiff library.
The vulnerability is in loadImage() function in tiffcrop.c. loadImage()
will read the numbers of tiles by calling TIFFNumberOfTiles().
### References:
http://www.openwall.com/lists/oss-security/2016/04/12/3
http://bugzilla.maptools.org/show\_bug.cgi?id=2543
CVE-2016-5320: Out-of-bounds write in PixarLogDecode() function in tif\_pixarlog.c
----------------------------------------------------------------------------------
A maliciously crafted TIFF file could cause the application to crash or
even enable RCE on vulnerable machine when using rgb2ycbcr command.
### Reference:
http://seclists.org/oss-sec/2016/q2/551
*(from redmine: issue id 6011, created on 2016-08-05, closed on 2017-09-05)*
* Relations:
* parent #6008
* Changesets:
* Revision a3b99586de0a409186c869dc5612f94aedbc9021 by Sergei Lukin on 2016-12-26T09:16:52Z:
```
main/tiff: security fixes #6011
CVE-2015-7554, CVE-2015-8668, CVE-2016-3945,
CVE-2016-3632, CVE-2016-3990, CVE-2016-3991
```3.3.4https://gitlab.alpinelinux.org/alpine/aports/-/issues/6012[3.2] tiff: Several vulnerabilities (CVE-2015-7554, CVE-2015-8668, CVE-2016-3...2019-07-23T13:28:47ZAlicha CH[3.2] tiff: Several vulnerabilities (CVE-2015-7554, CVE-2015-8668, CVE-2016-3945, CVE-2016-3632, CVE-2016-3990, CVE-2016-3991)CVE-2015-7554: invalid write
----------------------------
The \_TIFFVGetField function in tif\_dir.c in libtiff 4.0.6 allows
attackers to cause a denial of service
(invalid memory write and crash) or possibly have unspecified other
im...CVE-2015-7554: invalid write
----------------------------
The \_TIFFVGetField function in tif\_dir.c in libtiff 4.0.6 allows
attackers to cause a denial of service
(invalid memory write and crash) or possibly have unspecified other
impact via crafted field data in an extension tag in a TIFF image.
### References:
http://seclists.org/bugtraq/2015/Dec/137
http://www.openwall.com/lists/oss-security/2015/12/26/7
CVE-2015-8668: OOB read in bmp2tiff
-----------------------------------
Heap-based buffer overflow in the PackBitsPreEncode function in
tif\_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier
allows remote attackers to execute arbitrary code or cause a denial of
service via a large width field in a BMP image.
### Reference:
http://seclists.org/bugtraq/2015/Dec/138
CVE-2016-3945: out-of-bounds write in the tiff2rgba tool
--------------------------------------------------------
When libtiff 4.0.6 tiff2rgba handle malicious tif file(width= 8388640,
height=31) and set param -b will cause illegal
write. The vulnerability exist in function cvt\_by\_strip (also exist in
cvt\_by\_tile ) without checking the buffer
allocate result. An attacker may control the write address and/or value
to result in denial-of-service or command
execution.
### Reference:
http://seclists.org/oss-sec/2016/q2/30
CVE-2016-3632: out-of-bounds write in \_TIFFVGetField function
--------------------------------------------------------------
Out-of-bounds write vulnerability was found in \_TIFFVGetField function
in tif\_dirinfo.c, allowing attacker to cause
a denial of service or command execution via a crafted TIFF image.
### Reference:
http://seclists.org/oss-sec/2016/q2/33
CVE-2016-3990: out-of-bounds write in horizontalDifference8()
-------------------------------------------------------------
An out-of-bounds write flaw was found in libtiff v4.0.6 when using
tiffcp command to handle malicious tiff file.
The vulnerability exists in function horizontalDifference8()
An attacker could control the head data of next heap which contains
pre\_size field and size filed to result in DoS or potential code
execution.
### Reference:
http://seclists.org/oss-sec/2016/q2/57
CVE-2016-3991: out-of-bounds write in loadImage() function
----------------------------------------------------------
An Out-of-bounds write vulnerability caused by heap overflow when using
tiffcrop tool was found in the libtiff library.
The vulnerability is in loadImage() function in tiffcrop.c. loadImage()
will read the numbers of tiles by calling TIFFNumberOfTiles().
### References:
http://www.openwall.com/lists/oss-security/2016/04/12/3
http://bugzilla.maptools.org/show\_bug.cgi?id=2543
CVE-2016-5320: Out-of-bounds write in PixarLogDecode() function in tif\_pixarlog.c
----------------------------------------------------------------------------------
A maliciously crafted TIFF file could cause the application to crash or
even enable RCE on vulnerable machine when using rgb2ycbcr command.
### Reference:
http://seclists.org/oss-sec/2016/q2/551
*(from redmine: issue id 6012, created on 2016-08-05, closed on 2017-09-05)*
* Relations:
* parent #6008
* Changesets:
* Revision 5bfab05c1b1c9659ce7262a83185d62e3648cf8a by Sergei Lukin on 2016-12-26T10:25:09Z:
```
main/tiff: security fixes #6012
CVE-2015-7554, CVE-2015-8668, CVE-2016-3945,
CVE-2016-3632, CVE-2016-3990, CVE-2016-3991
```3.2.4