alpine issueshttps://gitlab.alpinelinux.org/groups/alpine/-/issues2019-07-23T13:38:45Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/5251[3.3] putty: old-style scp downloads may allow remote code execution (CVE-201...2019-07-23T13:38:45ZAlicha CH[3.3] putty: old-style scp downloads may allow remote code execution (CVE-2016-2563)Prior to any download in the SCP sink protocol, the server sends a line
of text consisting
of an octal number encoding Unix file permissions, a decimal number
encoding the file size,
and the file name. Since the file size can exceed ...Prior to any download in the SCP sink protocol, the server sends a line
of text consisting
of an octal number encoding Unix file permissions, a decimal number
encoding the file size,
and the file name. Since the file size can exceed 232 bytes, and in some
compilation configurations
of PuTTY the host platform’s largest integer type is only 32 bits wide,
PuTTY extracts the decimal
file size into a temporary string variable to send to its own 64-bit
decimal decoding function.
### Fixed In Version:
putty 0.67
### References:
http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-pscp-sink-sscanf.html
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2016-2563
http://seclists.org/fulldisclosure/2016/Mar/22
### Patch:
http://tartarus.org/~simon-git/gitweb/?p=putty.git;a=commit;h=bc6c15ab5f636e05b7e91883f0031a7e06117947
*(from redmine: issue id 5251, created on 2016-03-10, closed on 2016-03-14)*
* Relations:
* parent #5249
* Changesets:
* Revision da0edcfa06c5c38fce0fd1a83a92ca3a3d9303f6 on 2016-03-14T10:21:01Z:
```
main/putty: security upgrade to 0.67 (CVE-2016-2563). Fixes #5251
(cherry picked from commit 7c18b536e1c1329ab8466eb402c956ebfff315ba)
```3.3.2Jeff Bilykjbilyk@gmail.comJeff Bilykjbilyk@gmail.comhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/5250[3.4] putty: old-style scp downloads may allow remote code execution (CVE-201...2019-07-23T13:38:46ZAlicha CH[3.4] putty: old-style scp downloads may allow remote code execution (CVE-2016-2563)Prior to any download in the SCP sink protocol, the server sends a line
of text consisting
of an octal number encoding Unix file permissions, a decimal number
encoding the file size,
and the file name. Since the file size can exceed ...Prior to any download in the SCP sink protocol, the server sends a line
of text consisting
of an octal number encoding Unix file permissions, a decimal number
encoding the file size,
and the file name. Since the file size can exceed 232 bytes, and in some
compilation configurations
of PuTTY the host platform’s largest integer type is only 32 bits wide,
PuTTY extracts the decimal
file size into a temporary string variable to send to its own 64-bit
decimal decoding function.
### Fixed In Version:
putty 0.67
### References:
http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-pscp-sink-sscanf.html
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2016-2563
http://seclists.org/fulldisclosure/2016/Mar/22
### Patch:
http://tartarus.org/~simon-git/gitweb/?p=putty.git;a=commit;h=bc6c15ab5f636e05b7e91883f0031a7e06117947
*(from redmine: issue id 5250, created on 2016-03-10, closed on 2016-03-14)*
* Relations:
* parent #5249
* Changesets:
* Revision 7c18b536e1c1329ab8466eb402c956ebfff315ba on 2016-03-14T10:19:47Z:
```
main/putty: security upgrade to 0.67 (CVE-2016-2563). Fixes #5250
```3.4.0Jeff Bilykjbilyk@gmail.comJeff Bilykjbilyk@gmail.comhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/5249putty: old-style scp downloads may allow remote code execution (CVE-2016-2563)2019-07-23T13:38:47ZAlicha CHputty: old-style scp downloads may allow remote code execution (CVE-2016-2563)Prior to any download in the SCP sink protocol, the server sends a line
of text consisting
of an octal number encoding Unix file permissions, a decimal number
encoding the file size,
and the file name. Since the file size can exceed ...Prior to any download in the SCP sink protocol, the server sends a line
of text consisting
of an octal number encoding Unix file permissions, a decimal number
encoding the file size,
and the file name. Since the file size can exceed 232 bytes, and in some
compilation configurations
of PuTTY the host platform’s largest integer type is only 32 bits wide,
PuTTY extracts the decimal
file size into a temporary string variable to send to its own 64-bit
decimal decoding function.
### Fixed In Version:
putty 0.67
### References:
http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-pscp-sink-sscanf.html
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2016-2563
http://seclists.org/fulldisclosure/2016/Mar/22
### Patch:
http://tartarus.org/~simon-git/gitweb/?p=putty.git;a=commit;h=bc6c15ab5f636e05b7e91883f0031a7e06117947
*(from redmine: issue id 5249, created on 2016-03-10, closed on 2016-03-14)*
* Relations:
* child #5250
* child #5251
* child #5252
* child #5253
* child #5254Jeff Bilykjbilyk@gmail.comJeff Bilykjbilyk@gmail.comhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/5248Courier was unable to deliver the parcel, ID0005711582019-07-12T15:07:16ZalgitbotCourier was unable to deliver the parcel, ID000571158Dear Customer,
We could not deliver your parcel.
You can review complete details of your order in the find attached.
Warm regards,
Jose Montgomery,
FedEx Delivery Manager.
*(from redmine: issue id 5248, created on 2016-03-10, c...Dear Customer,
We could not deliver your parcel.
You can review complete details of your order in the find attached.
Warm regards,
Jose Montgomery,
FedEx Delivery Manager.
*(from redmine: issue id 5248, created on 2016-03-10, closed on 2016-03-10)*
* Uploads:
* [000571158.zip](/uploads/4404b44df6d8ceb1d0da155cebd32e60/000571158.zip) Nonehttps://gitlab.alpinelinux.org/alpine/aports/-/issues/5247[3.0] bind: Multiple issues (CVE-2016-1285, CVE-2016-1286, CVE-2016-2088)2019-07-23T13:38:48ZAlicha CH[3.0] bind: Multiple issues (CVE-2016-1285, CVE-2016-1286, CVE-2016-2088)### CVE-2016-1285: An error parsing input received by the rndc control channel can cause an assertion failure in sexpr.c or alist.c
### Versions affected:
9.2.0 ->9.8.8, 9.9.0<s><span style="text-align:right;">9.9.8-P3,
9.9.3-S1</span>...### CVE-2016-1285: An error parsing input received by the rndc control channel can cause an assertion failure in sexpr.c or alist.c
### Versions affected:
9.2.0 ->9.8.8, 9.9.0<s><span style="text-align:right;">9.9.8-P3,
9.9.3-S1</span></s>>9.9.8-S5, 9.10.0->**9.10.3-P3**
### Solution:
Upgrade to the patched release most closely related to your current
version of BIND.
BIND 9 version 9.9.8-P4
BIND 9 version 9.10.3-P4
### CVE-2016-1286: A problem parsing resource record signatures for DNAME resource records can lead to an assertion failure in resolver.c or db.c
### Versions affected:
9.0.0 ->9.8.8, 9.9.0 ->9.9.8-P3, 9.9.3-S1 ->9.9.8-S5, 9.10.0
->**9.10.3-P3**
### Solution:
Re-configure and re-build BIND without enabling cookie support or
upgrade to the patched release most closely related to your current
version of BIND.
BIND 9 version 9.10.3-P4
### CVE-2016-2088: A response containing multiple DNS cookies causes servers with cookie support enabled to exit with an assertion failure.
### Versions affected:
9.10.0 ->**9.10.3-P3**
### Solution:
Re-configure and re-build BIND without enabling cookie support or
upgrade to the patched release most closely related
to your current version of BIND.
BIND 9 version 9.10.3-P4
### References:
https://kb.isc.org/article/AA-01352
https://kb.isc.org/article/AA-01353
https://kb.isc.org/article/AA-01351
*(from redmine: issue id 5247, created on 2016-03-10, closed on 2016-03-14)*
* Relations:
* parent #5242
* Changesets:
* Revision cc2653729b75ff9137c3a4f50e2984a8d807cf41 on 2016-03-11T15:58:25Z:
```
main/bind: security upgrade to 9.10.3_p4 (CVE-2016-1285, CVE-2016-1286, CVE-2016-2088). Fixes #5247
```3.0.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/5246[3.1] bind: Multiple issues (CVE-2016-1285, CVE-2016-1286, CVE-2016-2088)2019-07-23T13:38:49ZAlicha CH[3.1] bind: Multiple issues (CVE-2016-1285, CVE-2016-1286, CVE-2016-2088)### CVE-2016-1285: An error parsing input received by the rndc control channel can cause an assertion failure in sexpr.c or alist.c
### Versions affected:
9.2.0 ->9.8.8, 9.9.0<s><span style="text-align:right;">9.9.8-P3,
9.9.3-S1</span>...### CVE-2016-1285: An error parsing input received by the rndc control channel can cause an assertion failure in sexpr.c or alist.c
### Versions affected:
9.2.0 ->9.8.8, 9.9.0<s><span style="text-align:right;">9.9.8-P3,
9.9.3-S1</span></s>>9.9.8-S5, 9.10.0->**9.10.3-P3**
### Solution:
Upgrade to the patched release most closely related to your current
version of BIND.
BIND 9 version 9.9.8-P4
BIND 9 version 9.10.3-P4
### CVE-2016-1286: A problem parsing resource record signatures for DNAME resource records can lead to an assertion failure in resolver.c or db.c
### Versions affected:
9.0.0 ->9.8.8, 9.9.0 ->9.9.8-P3, 9.9.3-S1 ->9.9.8-S5, 9.10.0
->**9.10.3-P3**
### Solution:
Re-configure and re-build BIND without enabling cookie support or
upgrade to the patched release most closely related to your current
version of BIND.
BIND 9 version 9.10.3-P4
### CVE-2016-2088: A response containing multiple DNS cookies causes servers with cookie support enabled to exit with an assertion failure.
### Versions affected:
9.10.0 ->**9.10.3-P3**
### Solution:
Re-configure and re-build BIND without enabling cookie support or
upgrade to the patched release most closely related
to your current version of BIND.
BIND 9 version 9.10.3-P4
### References:
https://kb.isc.org/article/AA-01352
https://kb.isc.org/article/AA-01353
https://kb.isc.org/article/AA-01351
*(from redmine: issue id 5246, created on 2016-03-10, closed on 2016-03-14)*
* Relations:
* parent #52423.1.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/5245[3.2] bind: Multiple issues (CVE-2016-1285, CVE-2016-1286, CVE-2016-2088)2019-07-23T13:38:50ZAlicha CH[3.2] bind: Multiple issues (CVE-2016-1285, CVE-2016-1286, CVE-2016-2088)### CVE-2016-1285: An error parsing input received by the rndc control channel can cause an assertion failure in sexpr.c or alist.c
### Versions affected:
9.2.0 ->9.8.8, 9.9.0<s><span style="text-align:right;">9.9.8-P3,
9.9.3-S1</span>...### CVE-2016-1285: An error parsing input received by the rndc control channel can cause an assertion failure in sexpr.c or alist.c
### Versions affected:
9.2.0 ->9.8.8, 9.9.0<s><span style="text-align:right;">9.9.8-P3,
9.9.3-S1</span></s>>9.9.8-S5, 9.10.0->**9.10.3-P3**
### Solution:
Upgrade to the patched release most closely related to your current
version of BIND.
BIND 9 version 9.9.8-P4
BIND 9 version 9.10.3-P4
### CVE-2016-1286: A problem parsing resource record signatures for DNAME resource records can lead to an assertion failure in resolver.c or db.c
### Versions affected:
9.0.0 ->9.8.8, 9.9.0 ->9.9.8-P3, 9.9.3-S1 ->9.9.8-S5, 9.10.0
->**9.10.3-P3**
### Solution:
Re-configure and re-build BIND without enabling cookie support or
upgrade to the patched release most closely related to your current
version of BIND.
BIND 9 version 9.10.3-P4
### CVE-2016-2088: A response containing multiple DNS cookies causes servers with cookie support enabled to exit with an assertion failure.
### Versions affected:
9.10.0 ->**9.10.3-P3**
### Solution:
Re-configure and re-build BIND without enabling cookie support or
upgrade to the patched release most closely related
to your current version of BIND.
BIND 9 version 9.10.3-P4
### References:
https://kb.isc.org/article/AA-01352
https://kb.isc.org/article/AA-01353
https://kb.isc.org/article/AA-01351
*(from redmine: issue id 5245, created on 2016-03-10, closed on 2016-03-14)*
* Relations:
* parent #5242
* Changesets:
* Revision f9aa3b90d2882bdc25d0159936a40252bef28990 on 2016-03-11T15:51:00Z:
```
main/bind: security upgrade to 9.10.3_p4 (CVE-2016-1285, CVE-2016-1286, CVE-2016-2088). Fixes #5245
```3.2.4Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/5244[3.3] bind: Multiple issues (CVE-2016-1285, CVE-2016-1286, CVE-2016-2088)2019-07-23T13:38:52ZAlicha CH[3.3] bind: Multiple issues (CVE-2016-1285, CVE-2016-1286, CVE-2016-2088)### CVE-2016-1285: An error parsing input received by the rndc control channel can cause an assertion failure in sexpr.c or alist.c
### Versions affected:
9.2.0 ->9.8.8, 9.9.0<s><span style="text-align:right;">9.9.8-P3,
9.9.3-S1</span>...### CVE-2016-1285: An error parsing input received by the rndc control channel can cause an assertion failure in sexpr.c or alist.c
### Versions affected:
9.2.0 ->9.8.8, 9.9.0<s><span style="text-align:right;">9.9.8-P3,
9.9.3-S1</span></s>>9.9.8-S5, 9.10.0->**9.10.3-P3**
### Solution:
Upgrade to the patched release most closely related to your current
version of BIND.
BIND 9 version 9.9.8-P4
BIND 9 version 9.10.3-P4
### CVE-2016-1286: A problem parsing resource record signatures for DNAME resource records can lead to an assertion failure in resolver.c or db.c
### Versions affected:
9.0.0 ->9.8.8, 9.9.0 ->9.9.8-P3, 9.9.3-S1 ->9.9.8-S5, 9.10.0
->**9.10.3-P3**
### Solution:
Re-configure and re-build BIND without enabling cookie support or
upgrade to the patched release most closely related to your current
version of BIND.
BIND 9 version 9.10.3-P4
### CVE-2016-2088: A response containing multiple DNS cookies causes servers with cookie support enabled to exit with an assertion failure.
### Versions affected:
9.10.0 ->**9.10.3-P3**
### Solution:
Re-configure and re-build BIND without enabling cookie support or
upgrade to the patched release most closely related
to your current version of BIND.
BIND 9 version 9.10.3-P4
### References:
https://kb.isc.org/article/AA-01352
https://kb.isc.org/article/AA-01353
https://kb.isc.org/article/AA-01351
*(from redmine: issue id 5244, created on 2016-03-10, closed on 2016-03-14)*
* Relations:
* parent #5242
* Changesets:
* Revision 042135a07668e262a438da14a580aa147d7fb7d3 by Natanael Copa on 2016-03-11T14:14:37Z:
```
main/bind: security upgrade to 9.10.3_p4 (CVE-2016-1285,CVE-2016-1286,CVE-2016-2088)
fixes #5244
```3.3.2Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/5243[3.4] bind: Multiple issues (CVE-2016-1285, CVE-2016-1286, CVE-2016-2088)2019-07-23T13:38:53ZAlicha CH[3.4] bind: Multiple issues (CVE-2016-1285, CVE-2016-1286, CVE-2016-2088)### CVE-2016-1285: An error parsing input received by the rndc control channel can cause an assertion failure in sexpr.c or alist.c
### Versions affected:
9.2.0 ->9.8.8, 9.9.0<s><span style="text-align:right;">9.9.8-P3,
9.9.3-S1</span>...### CVE-2016-1285: An error parsing input received by the rndc control channel can cause an assertion failure in sexpr.c or alist.c
### Versions affected:
9.2.0 ->9.8.8, 9.9.0<s><span style="text-align:right;">9.9.8-P3,
9.9.3-S1</span></s>>9.9.8-S5, 9.10.0->**9.10.3-P3**
### Solution:
Upgrade to the patched release most closely related to your current
version of BIND.
BIND 9 version 9.9.8-P4
BIND 9 version 9.10.3-P4
### CVE-2016-1286: A problem parsing resource record signatures for DNAME resource records can lead to an assertion failure in resolver.c or db.c
### Versions affected:
9.0.0 ->9.8.8, 9.9.0 ->9.9.8-P3, 9.9.3-S1 ->9.9.8-S5, 9.10.0
->**9.10.3-P3**
### Solution:
Re-configure and re-build BIND without enabling cookie support or
upgrade to the patched release most closely related to your current
version of BIND.
BIND 9 version 9.10.3-P4
### CVE-2016-2088: A response containing multiple DNS cookies causes servers with cookie support enabled to exit with an assertion failure.
### Versions affected:
9.10.0 ->**9.10.3-P3**
### Solution:
Re-configure and re-build BIND without enabling cookie support or
upgrade to the patched release most closely related
to your current version of BIND.
BIND 9 version 9.10.3-P4
### References:
https://kb.isc.org/article/AA-01352
https://kb.isc.org/article/AA-01353
https://kb.isc.org/article/AA-01351
*(from redmine: issue id 5243, created on 2016-03-10, closed on 2016-03-14)*
* Relations:
* parent #5242
* Changesets:
* Revision c99a79bf991efbe20551a9c6f522b984d5d1fe1d by Natanael Copa on 2016-03-10T16:27:54Z:
```
main/bind: security upgrade to 9.10.3_p4 (CVE-2016-1285,CVE-2016-1286,CVE-2016-2088)
fixes #5243
```3.4.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/5242bind: Multiple issues (CVE-2016-1285, CVE-2016-1286, CVE-2016-2088)2019-07-23T13:38:54ZAlicha CHbind: Multiple issues (CVE-2016-1285, CVE-2016-1286, CVE-2016-2088)### CVE-2016-1285: An error parsing input received by the rndc control channel can cause an assertion failure in sexpr.c or alist.c
### Versions affected:
9.2.0 ->9.8.8, 9.9.0<s><span style="text-align:right;">9.9.8-P3,
9.9.3-S1</span>...### CVE-2016-1285: An error parsing input received by the rndc control channel can cause an assertion failure in sexpr.c or alist.c
### Versions affected:
9.2.0 ->9.8.8, 9.9.0<s><span style="text-align:right;">9.9.8-P3,
9.9.3-S1</span></s>>9.9.8-S5, 9.10.0->**9.10.3-P3**
### Solution:
Upgrade to the patched release most closely related to your current
version of BIND.
BIND 9 version 9.9.8-P4
BIND 9 version 9.10.3-P4
### CVE-2016-1286: A problem parsing resource record signatures for DNAME resource records can lead to an assertion failure in resolver.c or db.c
### Versions affected:
9.0.0 ->9.8.8, 9.9.0 ->9.9.8-P3, 9.9.3-S1 ->9.9.8-S5, 9.10.0
->**9.10.3-P3**
### Solution:
Re-configure and re-build BIND without enabling cookie support or
upgrade to the patched release most closely related to your current
version of BIND.
BIND 9 version 9.10.3-P4
### CVE-2016-2088: A response containing multiple DNS cookies causes servers with cookie support enabled to exit with an assertion failure.
### Versions affected:
9.10.0 ->**9.10.3-P3**
### Solution:
Re-configure and re-build BIND without enabling cookie support or
upgrade to the patched release most closely related
to your current version of BIND.
BIND 9 version 9.10.3-P4
### References:
https://kb.isc.org/article/AA-01352
https://kb.isc.org/article/AA-01353
https://kb.isc.org/article/AA-01351
*(from redmine: issue id 5242, created on 2016-03-10, closed on 2016-03-14)*
* Relations:
* child #5243
* child #5244
* child #5245
* child #5246
* child #5247
* Changesets:
* Revision 8b571b68d5ba963a333609d0bf9fb345afa09238 on 2016-03-11T15:55:07Z:
```
main/bind: security upgrade to 9.10.3_p4 (CVE-2016-1285, CVE-2016-1286, CVE-2016-2088). Fixes #5242
```Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/5241Add GeoIP support to goaccess2019-07-23T13:38:55ZKévin GuignardAdd GeoIP support to goaccessThe web log analyzer goaccess can provide *GeoLocation* support but need
to be compiled with **—enable-geoip** option. It also need **geoip-dev**
as a new make dependency.
You can use **—geoip-database** or **—geoip-city-data** to spec...The web log analyzer goaccess can provide *GeoLocation* support but need
to be compiled with **—enable-geoip** option. It also need **geoip-dev**
as a new make dependency.
You can use **—geoip-database** or **—geoip-city-data** to specify path
to GeoIP database (it is not usable as is, .dat file needs to be
downloaded from MaxMind.com).
*(from redmine: issue id 5241, created on 2016-03-10, closed on 2017-05-22)*
* Changesets:
* Revision fa82b09c44d668ed81b152a0f7a03eb6f0d4a539 by Fabian Affolter on 2016-05-24T09:40:43Z:
```
main/goaccess: add geoip support (fixes #5241)
```Fabian AffolterFabian Affolterhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/5240Package request: percona xtradb cluster 5.62020-01-18T21:25:16ZPeter SzalatnayPackage request: percona xtradb cluster 5.6Installation from source
https://www.percona.com/doc/percona-xtradb-cluster/5.6/installation/compiling\_xtradb\_cluster.html
Pre-complied source for generic linux
https://www.percona.com/downloads/Percona-XtraDB-Cluster-56/LATEST/
*(f...Installation from source
https://www.percona.com/doc/percona-xtradb-cluster/5.6/installation/compiling\_xtradb\_cluster.html
Pre-complied source for generic linux
https://www.percona.com/downloads/Percona-XtraDB-Cluster-56/LATEST/
*(from redmine: issue id 5240, created on 2016-03-10)*https://gitlab.alpinelinux.org/alpine/aports/-/issues/5239[3.3] drupal7: Multiple Vulnerabilities (no CVE)2019-07-23T13:38:56ZAlicha CH[3.3] drupal7: Multiple Vulnerabilities (no CVE)**CVE ID:** not yet available
### File upload access bypass and denial of service (File module - Drupal 7 and 8 - Moderately Critical)
A vulnerability exists in the File module that allows a malicious user
to view, delete or substitute...**CVE ID:** not yet available
### File upload access bypass and denial of service (File module - Drupal 7 and 8 - Moderately Critical)
A vulnerability exists in the File module that allows a malicious user
to view, delete or substitute
a link to a file that the victim has uploaded to a form while the form
has not yet been submitted and processed.
If an attacker carries out this attack continuously, all file uploads to
a site could be blocked by deleting
all temporary files before they can be saved.
### Brute force amplification attacks via XML-RPC (XML-RPC server - Drupal 6 and 7 - Moderately Critical)
The XML-RPC system allows a large number of calls to the same method to
be made at once, which can be
used as an enabling factor in brute force attacks (for example,
attempting to determine user passwords
by submitting a large number of password variations at once). This
vulnerability is mitigated by the
fact that you must have enabled a module that provides an XML-RPC method
that is vulnerable to brute-forcing.
There are no such modules in Drupal 7 core, but Drupal 6 core is
vulnerable via the Blog API module.
It is additionally mitigated if flood control protection is in place for
the method in question.
### Open redirect via path manipulation (Base system - Drupal 6, 7 and 8 - Moderately Critical)
In Drupal 6 and 7, the current path can be populated with an external
URL.
This can lead to Open Redirect vulnerabilities.
### Reflected file download vulnerability (System module - Drupal 6 and 7 - Moderately Critical)
Drupal core has a reflected file download vulnerability that could allow
an attacker
to trick a user into downloading and running a file with arbitrary
JSON-encoded content.
### Saving user accounts can sometimes grant the user all roles (User module - Drupal 6 and 7 - Less Critical)
Some specific contributed or custom code may call Drupal’s user\_save()
API in a manner different than Drupal core.
Depending on the data that has been added to a form or the array prior
to saving, this can lead to a user gaining all roles on a site.
### Email address can be matched to an account (User module - Drupal 7 and 8 - Less Critical)
In certain configurations where a user’s email addresses could be used
to log in instead of their username,
links to “have you forgotten your password” could reveal the username
associated with a particular email address,
leading to an information disclosure vulnerability.
### Affected versions:
Drupal core 6.x versions prior to 6.38
**Drupal core 7.x versions prior to 7.43**
Drupal core 8.0.x versions prior to 8.0.4
### Solution:
Install the latest version:
If you use Drupal 6.x, upgrade to Drupal core 6.38
**If you use Drupal 7.x, upgrade to Drupal core 7.43**
If you use Drupal 8.0.x, upgrade to Drupal core 8.0.4
### References:
https://www.drupal.org/SA-CORE-2016-001
*(from redmine: issue id 5239, created on 2016-03-08, closed on 2016-03-14)*
* Relations:
* parent #5237
* Changesets:
* Revision 8191e78d1fd2fa4408d90ec29cf4809cb566753f on 2016-03-11T15:20:03Z:
```
main/drupal7: security upgrade to 7.43. Fixes #5239
(cherry picked from commit 88647c550362ddfd9fef660d16d75c265df67c8d)
```3.3.2https://gitlab.alpinelinux.org/alpine/aports/-/issues/5238[3.4] drupal7: Multiple Vulnerabilities (no CVE)2019-07-23T13:38:57ZAlicha CH[3.4] drupal7: Multiple Vulnerabilities (no CVE)**CVE ID:** not yet available
### File upload access bypass and denial of service (File module - Drupal 7 and 8 - Moderately Critical)
A vulnerability exists in the File module that allows a malicious user
to view, delete or substitute...**CVE ID:** not yet available
### File upload access bypass and denial of service (File module - Drupal 7 and 8 - Moderately Critical)
A vulnerability exists in the File module that allows a malicious user
to view, delete or substitute
a link to a file that the victim has uploaded to a form while the form
has not yet been submitted and processed.
If an attacker carries out this attack continuously, all file uploads to
a site could be blocked by deleting
all temporary files before they can be saved.
### Brute force amplification attacks via XML-RPC (XML-RPC server - Drupal 6 and 7 - Moderately Critical)
The XML-RPC system allows a large number of calls to the same method to
be made at once, which can be
used as an enabling factor in brute force attacks (for example,
attempting to determine user passwords
by submitting a large number of password variations at once). This
vulnerability is mitigated by the
fact that you must have enabled a module that provides an XML-RPC method
that is vulnerable to brute-forcing.
There are no such modules in Drupal 7 core, but Drupal 6 core is
vulnerable via the Blog API module.
It is additionally mitigated if flood control protection is in place for
the method in question.
### Open redirect via path manipulation (Base system - Drupal 6, 7 and 8 - Moderately Critical)
In Drupal 6 and 7, the current path can be populated with an external
URL.
This can lead to Open Redirect vulnerabilities.
### Reflected file download vulnerability (System module - Drupal 6 and 7 - Moderately Critical)
Drupal core has a reflected file download vulnerability that could allow
an attacker
to trick a user into downloading and running a file with arbitrary
JSON-encoded content.
### Saving user accounts can sometimes grant the user all roles (User module - Drupal 6 and 7 - Less Critical)
Some specific contributed or custom code may call Drupal’s user\_save()
API in a manner different than Drupal core.
Depending on the data that has been added to a form or the array prior
to saving, this can lead to a user gaining all roles on a site.
### Email address can be matched to an account (User module - Drupal 7 and 8 - Less Critical)
In certain configurations where a user’s email addresses could be used
to log in instead of their username,
links to “have you forgotten your password” could reveal the username
associated with a particular email address,
leading to an information disclosure vulnerability.
### Affected versions:
Drupal core 6.x versions prior to 6.38
**Drupal core 7.x versions prior to 7.43**
Drupal core 8.0.x versions prior to 8.0.4
### Solution:
Install the latest version:
If you use Drupal 6.x, upgrade to Drupal core 6.38
**If you use Drupal 7.x, upgrade to Drupal core 7.43**
If you use Drupal 8.0.x, upgrade to Drupal core 8.0.4
### References:
https://www.drupal.org/SA-CORE-2016-001
*(from redmine: issue id 5238, created on 2016-03-08, closed on 2016-03-14)*
* Relations:
* parent #5237
* Changesets:
* Revision 88647c550362ddfd9fef660d16d75c265df67c8d on 2016-03-11T15:19:09Z:
```
main/drupal7: security upgrade to 7.43. Fixes #5238
```3.4.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/5237drupal7: Multiple Vulnerabilities (no CVE)2019-07-23T13:38:58ZAlicha CHdrupal7: Multiple Vulnerabilities (no CVE)**CVE ID:** not yet available
### File upload access bypass and denial of service (File module - Drupal 7 and 8 - Moderately Critical)
A vulnerability exists in the File module that allows a malicious user
to view, delete or substitute...**CVE ID:** not yet available
### File upload access bypass and denial of service (File module - Drupal 7 and 8 - Moderately Critical)
A vulnerability exists in the File module that allows a malicious user
to view, delete or substitute
a link to a file that the victim has uploaded to a form while the form
has not yet been submitted and processed.
If an attacker carries out this attack continuously, all file uploads to
a site could be blocked by deleting
all temporary files before they can be saved.
### Brute force amplification attacks via XML-RPC (XML-RPC server - Drupal 6 and 7 - Moderately Critical)
The XML-RPC system allows a large number of calls to the same method to
be made at once, which can be
used as an enabling factor in brute force attacks (for example,
attempting to determine user passwords
by submitting a large number of password variations at once). This
vulnerability is mitigated by the
fact that you must have enabled a module that provides an XML-RPC method
that is vulnerable to brute-forcing.
There are no such modules in Drupal 7 core, but Drupal 6 core is
vulnerable via the Blog API module.
It is additionally mitigated if flood control protection is in place for
the method in question.
### Open redirect via path manipulation (Base system - Drupal 6, 7 and 8 - Moderately Critical)
In Drupal 6 and 7, the current path can be populated with an external
URL.
This can lead to Open Redirect vulnerabilities.
### Reflected file download vulnerability (System module - Drupal 6 and 7 - Moderately Critical)
Drupal core has a reflected file download vulnerability that could allow
an attacker
to trick a user into downloading and running a file with arbitrary
JSON-encoded content.
### Saving user accounts can sometimes grant the user all roles (User module - Drupal 6 and 7 - Less Critical)
Some specific contributed or custom code may call Drupal’s user\_save()
API in a manner different than Drupal core.
Depending on the data that has been added to a form or the array prior
to saving, this can lead to a user gaining all roles on a site.
### Email address can be matched to an account (User module - Drupal 7 and 8 - Less Critical)
In certain configurations where a user’s email addresses could be used
to log in instead of their username,
links to “have you forgotten your password” could reveal the username
associated with a particular email address,
leading to an information disclosure vulnerability.
### Affected versions:
Drupal core 6.x versions prior to 6.38
**Drupal core 7.x versions prior to 7.43**
Drupal core 8.0.x versions prior to 8.0.4
### Solution:
Install the latest version:
If you use Drupal 6.x, upgrade to Drupal core 6.38
**If you use Drupal 7.x, upgrade to Drupal core 7.43**
If you use Drupal 8.0.x, upgrade to Drupal core 8.0.4
### References:
https://www.drupal.org/SA-CORE-2016-001
*(from redmine: issue id 5237, created on 2016-03-08, closed on 2016-03-14)*
* Relations:
* child #5238
* child #5239https://gitlab.alpinelinux.org/alpine/aports/-/issues/5236[3.0] jasper: Security issues (CVE-2016-1577, CVE-2016-2089, CVE-2016-2116)2019-07-23T13:38:59ZAlicha CH[3.0] jasper: Security issues (CVE-2016-1577, CVE-2016-2089, CVE-2016-2116)### CVE-2016-1577:
A double free vulnerability in jas\_iccattrval\_destroy function in
JasPer 1.900.1 and earlier
allowing remote attackers to cause a denial of service (crash) or
possibly execute arbitrary
code via a crafted ICC co...### CVE-2016-1577:
A double free vulnerability in jas\_iccattrval\_destroy function in
JasPer 1.900.1 and earlier
allowing remote attackers to cause a denial of service (crash) or
possibly execute arbitrary
code via a crafted ICC color profile in a JPEG 2000 image file was
found.
### CVE-2016-2089:
The jas\_matrix\_clip function in jas\_seq.c in JasPer 1.900.1 allows
remote
attackers to cause a denial of service (invalid read and application
crash)
via a crafted JPEG 2000 image.
### CVE-2016-2116:
Memory leak in jas\_iccprof\_createfrombuf function in JasPer 1.900.1
and earlier was found,
allowing remote attackers to cause a denial of service (memory
consumption) via a crafted
ICC color profile in a JPEG 2000 image file.
### References:
http://seclists.org/oss-sec/2016/q1/507
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2016-2089
http://seclists.org/oss-sec/2016/q1/233
http://seclists.org/oss-sec/2016/q1/235
### Patches:
http://seclists.org/oss-sec/2016/q1/att-507/CVE-2016-1577.patch
https://bugzilla.redhat.com/attachment.cgi?id=1120247 (CVE-2016-2089)
http://seclists.org/oss-sec/2016/q1/att-507/CVE-2016-2116.patch
*(from redmine: issue id 5236, created on 2016-03-08, closed on 2017-05-22)*
* Relations:
* parent #5231
* Changesets:
* Revision e8da5230ad1d093c3862cca920ceec95b812f23d on 2016-03-11T15:16:30Z:
```
main/jasper: security fixes (CVE-2016-1577, CVE-2016-2089, CVE-2016-2116). Fixes #5236
(cherry picked from commit 244e4d797e740c7fedf8e3e9df9d9d85859b11b4)
```3.0.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/5235[3.1] jasper: Security issues (CVE-2016-1577, CVE-2016-2089, CVE-2016-2116)2019-07-23T13:39:00ZAlicha CH[3.1] jasper: Security issues (CVE-2016-1577, CVE-2016-2089, CVE-2016-2116)### CVE-2016-1577:
A double free vulnerability in jas\_iccattrval\_destroy function in
JasPer 1.900.1 and earlier
allowing remote attackers to cause a denial of service (crash) or
possibly execute arbitrary
code via a crafted ICC co...### CVE-2016-1577:
A double free vulnerability in jas\_iccattrval\_destroy function in
JasPer 1.900.1 and earlier
allowing remote attackers to cause a denial of service (crash) or
possibly execute arbitrary
code via a crafted ICC color profile in a JPEG 2000 image file was
found.
### CVE-2016-2089:
The jas\_matrix\_clip function in jas\_seq.c in JasPer 1.900.1 allows
remote
attackers to cause a denial of service (invalid read and application
crash)
via a crafted JPEG 2000 image.
### CVE-2016-2116:
Memory leak in jas\_iccprof\_createfrombuf function in JasPer 1.900.1
and earlier was found,
allowing remote attackers to cause a denial of service (memory
consumption) via a crafted
ICC color profile in a JPEG 2000 image file.
### References:
http://seclists.org/oss-sec/2016/q1/507
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2016-2089
http://seclists.org/oss-sec/2016/q1/233
http://seclists.org/oss-sec/2016/q1/235
### Patches:
http://seclists.org/oss-sec/2016/q1/att-507/CVE-2016-1577.patch
https://bugzilla.redhat.com/attachment.cgi?id=1120247 (CVE-2016-2089)
http://seclists.org/oss-sec/2016/q1/att-507/CVE-2016-2116.patch
*(from redmine: issue id 5235, created on 2016-03-08, closed on 2016-03-14)*
* Relations:
* parent #5231
* Changesets:
* Revision 0d073f6c289592065b773cef9b13f0559dd4d58e on 2016-03-11T15:15:39Z:
```
main/jasper: security fixes (CVE-2016-1577, CVE-2016-2089, CVE-2016-2116). Fixes #5235
(cherry picked from commit 244e4d797e740c7fedf8e3e9df9d9d85859b11b4)
```3.1.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/5234[3.2] jasper: Security issues (CVE-2016-1577, CVE-2016-2089, CVE-2016-2116)2019-07-23T13:39:01ZAlicha CH[3.2] jasper: Security issues (CVE-2016-1577, CVE-2016-2089, CVE-2016-2116)### CVE-2016-1577:
A double free vulnerability in jas\_iccattrval\_destroy function in
JasPer 1.900.1 and earlier
allowing remote attackers to cause a denial of service (crash) or
possibly execute arbitrary
code via a crafted ICC co...### CVE-2016-1577:
A double free vulnerability in jas\_iccattrval\_destroy function in
JasPer 1.900.1 and earlier
allowing remote attackers to cause a denial of service (crash) or
possibly execute arbitrary
code via a crafted ICC color profile in a JPEG 2000 image file was
found.
### CVE-2016-2089:
The jas\_matrix\_clip function in jas\_seq.c in JasPer 1.900.1 allows
remote
attackers to cause a denial of service (invalid read and application
crash)
via a crafted JPEG 2000 image.
### CVE-2016-2116:
Memory leak in jas\_iccprof\_createfrombuf function in JasPer 1.900.1
and earlier was found,
allowing remote attackers to cause a denial of service (memory
consumption) via a crafted
ICC color profile in a JPEG 2000 image file.
### References:
http://seclists.org/oss-sec/2016/q1/507
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2016-2089
http://seclists.org/oss-sec/2016/q1/233
http://seclists.org/oss-sec/2016/q1/235
### Patches:
http://seclists.org/oss-sec/2016/q1/att-507/CVE-2016-1577.patch
https://bugzilla.redhat.com/attachment.cgi?id=1120247 (CVE-2016-2089)
http://seclists.org/oss-sec/2016/q1/att-507/CVE-2016-2116.patch
*(from redmine: issue id 5234, created on 2016-03-08, closed on 2016-03-14)*
* Relations:
* parent #5233
* Changesets:
* Revision 81be3fe3c463ee04af98ce512eeb4953800941b9 on 2016-03-11T15:14:00Z:
```
main/jasper: security fixes (CVE-2016-1577, CVE-2016-2089, CVE-2016-2116). Fixes #5234
(cherry picked from commit 244e4d797e740c7fedf8e3e9df9d9d85859b11b4)
```3.2.4Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/5233[3.3] jasper: Security issues (CVE-2016-1577, CVE-2016-2089, CVE-2016-2116)2019-07-23T13:39:02ZAlicha CH[3.3] jasper: Security issues (CVE-2016-1577, CVE-2016-2089, CVE-2016-2116)### CVE-2016-1577:
A double free vulnerability in jas\_iccattrval\_destroy function in
JasPer 1.900.1 and earlier
allowing remote attackers to cause a denial of service (crash) or
possibly execute arbitrary
code via a crafted ICC co...### CVE-2016-1577:
A double free vulnerability in jas\_iccattrval\_destroy function in
JasPer 1.900.1 and earlier
allowing remote attackers to cause a denial of service (crash) or
possibly execute arbitrary
code via a crafted ICC color profile in a JPEG 2000 image file was
found.
### CVE-2016-2089:
The jas\_matrix\_clip function in jas\_seq.c in JasPer 1.900.1 allows
remote
attackers to cause a denial of service (invalid read and application
crash)
via a crafted JPEG 2000 image.
### CVE-2016-2116:
Memory leak in jas\_iccprof\_createfrombuf function in JasPer 1.900.1
and earlier was found,
allowing remote attackers to cause a denial of service (memory
consumption) via a crafted
ICC color profile in a JPEG 2000 image file.
### References:
http://seclists.org/oss-sec/2016/q1/507
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2016-2089
http://seclists.org/oss-sec/2016/q1/233
http://seclists.org/oss-sec/2016/q1/235
### Patches:
http://seclists.org/oss-sec/2016/q1/att-507/CVE-2016-1577.patch
https://bugzilla.redhat.com/attachment.cgi?id=1120247 (CVE-2016-2089)
http://seclists.org/oss-sec/2016/q1/att-507/CVE-2016-2116.patch
*(from redmine: issue id 5233, created on 2016-03-08, closed on 2016-03-14)*
* Relations:
* child #5234
* parent #5231
* Changesets:
* Revision aad6049e893525da6da4ffa07329f4fe1377b55c on 2016-03-11T15:11:58Z:
```
main/jasper: security fixes (CVE-2016-1577, CVE-2016-2089, CVE-2016-2116). Fixes #5233
(cherry picked from commit 244e4d797e740c7fedf8e3e9df9d9d85859b11b4)
```3.3.2Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/5232[3.4] jasper: Security issues (CVE-2016-1577, CVE-2016-2089, CVE-2016-2116)2019-07-23T13:39:03ZAlicha CH[3.4] jasper: Security issues (CVE-2016-1577, CVE-2016-2089, CVE-2016-2116)### CVE-2016-1577:
A double free vulnerability in jas\_iccattrval\_destroy function in
JasPer 1.900.1 and earlier
allowing remote attackers to cause a denial of service (crash) or
possibly execute arbitrary
code via a crafted ICC co...### CVE-2016-1577:
A double free vulnerability in jas\_iccattrval\_destroy function in
JasPer 1.900.1 and earlier
allowing remote attackers to cause a denial of service (crash) or
possibly execute arbitrary
code via a crafted ICC color profile in a JPEG 2000 image file was
found.
### CVE-2016-2089:
The jas\_matrix\_clip function in jas\_seq.c in JasPer 1.900.1 allows
remote
attackers to cause a denial of service (invalid read and application
crash)
via a crafted JPEG 2000 image.
### CVE-2016-2116:
Memory leak in jas\_iccprof\_createfrombuf function in JasPer 1.900.1
and earlier was found,
allowing remote attackers to cause a denial of service (memory
consumption) via a crafted
ICC color profile in a JPEG 2000 image file.
### References:
http://seclists.org/oss-sec/2016/q1/507
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2016-2089
http://seclists.org/oss-sec/2016/q1/233
http://seclists.org/oss-sec/2016/q1/235
### Patches:
http://seclists.org/oss-sec/2016/q1/att-507/CVE-2016-1577.patch
https://bugzilla.redhat.com/attachment.cgi?id=1120247 (CVE-2016-2089)
http://seclists.org/oss-sec/2016/q1/att-507/CVE-2016-2116.patch
*(from redmine: issue id 5232, created on 2016-03-08, closed on 2016-03-14)*
* Relations:
* parent #52313.4.0Natanael CopaNatanael Copa