alpine issueshttps://gitlab.alpinelinux.org/groups/alpine/-/issues2019-07-23T12:02:23Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/6616busybox: NTP server denial of service flaw (CVE-2016-6301)2019-07-23T12:02:23ZAlicha CHbusybox: NTP server denial of service flaw (CVE-2016-6301)The busybox NTP implementation doesn’t check the NTP mode of packets
received on the server port and responds to any packet with the right
size.
This includes responses from another NTP server. An attacker can send a
packet with a spoo...The busybox NTP implementation doesn’t check the NTP mode of packets
received on the server port and responds to any packet with the right
size.
This includes responses from another NTP server. An attacker can send a
packet with a spoofed source address in order to create an infinite
loop of responses between two busybox NTP servers. Adding more packets
to the loop increases the traffic between the servers
until one of them has a fully loaded CPU and/or network.
### Fixed upstream in:
busybox 1.26.0
### Reference:
http://seclists.org/oss-sec/2016/q3/240
### Patch:
https://git.busybox.net/busybox/commit/?id=150dc7a2b483b8338a3e185c478b4b23ee884e71
*(from redmine: issue id 6616, created on 2017-01-03, closed on 2017-01-23)*
* Relations:
* child #6617
* child #6618
* child #6619Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/6617[3.4] busybox: NTP server denial of service flaw (CVE-2016-6301)2019-07-23T12:02:22ZAlicha CH[3.4] busybox: NTP server denial of service flaw (CVE-2016-6301)The busybox NTP implementation doesn’t check the NTP mode of packets
received on the server port and responds to any packet with the right
size.
This includes responses from another NTP server. An attacker can send a
packet with a spoo...The busybox NTP implementation doesn’t check the NTP mode of packets
received on the server port and responds to any packet with the right
size.
This includes responses from another NTP server. An attacker can send a
packet with a spoofed source address in order to create an infinite
loop of responses between two busybox NTP servers. Adding more packets
to the loop increases the traffic between the servers
until one of them has a fully loaded CPU and/or network.
### Fixed upstream in:
busybox 1.26.0
### Reference:
http://seclists.org/oss-sec/2016/q3/240
### Patch:
https://git.busybox.net/busybox/commit/?id=150dc7a2b483b8338a3e185c478b4b23ee884e71
*(from redmine: issue id 6617, created on 2017-01-03, closed on 2017-01-23)*
* Relations:
* parent #6616
* Changesets:
* Revision e616b1654ebcdfb83285f27a6eb3639ac35cdb0a by Sergei Lukin on 2017-01-18T14:13:32Z:
```
main/busybox: security fixes #6617
CVE-2016-6301: NTP server denial of service flaw
```3.4.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/6618[3.3] busybox: NTP server denial of service flaw (CVE-2016-6301)2019-07-23T12:02:21ZAlicha CH[3.3] busybox: NTP server denial of service flaw (CVE-2016-6301)The busybox NTP implementation doesn’t check the NTP mode of packets
received on the server port and responds to any packet with the right
size.
This includes responses from another NTP server. An attacker can send a
packet with a spoo...The busybox NTP implementation doesn’t check the NTP mode of packets
received on the server port and responds to any packet with the right
size.
This includes responses from another NTP server. An attacker can send a
packet with a spoofed source address in order to create an infinite
loop of responses between two busybox NTP servers. Adding more packets
to the loop increases the traffic between the servers
until one of them has a fully loaded CPU and/or network.
### Fixed upstream in:
busybox 1.26.0
### Reference:
http://seclists.org/oss-sec/2016/q3/240
### Patch:
https://git.busybox.net/busybox/commit/?id=150dc7a2b483b8338a3e185c478b4b23ee884e71
*(from redmine: issue id 6618, created on 2017-01-03, closed on 2017-01-23)*
* Relations:
* parent #6616
* Changesets:
* Revision aa0e78b591f5cda199ecb44555f518e0ff6b847c by Sergei Lukin on 2017-01-19T08:00:59Z:
```
main/busybox: security fixes #6618
CVE-2016-6301: NTP server denial of service flaw
```3.3.4Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/6619[3.2] busybox: NTP server denial of service flaw (CVE-2016-6301)2019-07-23T12:02:20ZAlicha CH[3.2] busybox: NTP server denial of service flaw (CVE-2016-6301)The busybox NTP implementation doesn’t check the NTP mode of packets
received on the server port and responds to any packet with the right
size.
This includes responses from another NTP server. An attacker can send a
packet with a spoo...The busybox NTP implementation doesn’t check the NTP mode of packets
received on the server port and responds to any packet with the right
size.
This includes responses from another NTP server. An attacker can send a
packet with a spoofed source address in order to create an infinite
loop of responses between two busybox NTP servers. Adding more packets
to the loop increases the traffic between the servers
until one of them has a fully loaded CPU and/or network.
### Fixed upstream in:
busybox 1.26.0
### Reference:
http://seclists.org/oss-sec/2016/q3/240
### Patch:
https://git.busybox.net/busybox/commit/?id=150dc7a2b483b8338a3e185c478b4b23ee884e71
*(from redmine: issue id 6619, created on 2017-01-03, closed on 2017-01-23)*
* Relations:
* parent #6616
* Changesets:
* Revision 1a3429764d88d4b178f1002b87b9599f09ef960a by Sergei Lukin on 2017-01-20T12:23:59Z:
```
main/busybox: security fixes #6619
CVE-2016-6301: NTP server denial of service flaw
```3.2.4Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/6622phpmailer: Remote Code Execution (CVE-2016-10033, CVE-2016-10045)2019-07-23T12:02:19ZAlicha CHphpmailer: Remote Code Execution (CVE-2016-10033, CVE-2016-10045)### CVE-2016-10033:
The mailSend function in the isMail transport in PHPMailer before
5.2.18, when the Sender property is not set,
might allow remote attackers to pass extra parameters to the mail
command and consequently execute arbi...### CVE-2016-10033:
The mailSend function in the isMail transport in PHPMailer before
5.2.18, when the Sender property is not set,
might allow remote attackers to pass extra parameters to the mail
command and consequently execute arbitrary
code via a \\" (backslash double quote) in a crafted From address.
### Fixed In Version:
phpmailer 5.2.18
### Reference:
http://seclists.org/oss-sec/2016/q4/750
### CVE-2016-10045:
The isMail transport in PHPMailer before 5.2.20, when the Sender
property is not set, might allow remote attackers to pass extra
parameters
to the mail command and consequently execute arbitrary code by
leveraging improper interaction between the escapeshellarg function
and
internal escaping performed in the mail function. NOTE: this
vulnerability exists because of an incorrect fix for CVE-2016-10033.
### Fixed in Version:
phpmailer 5.2.20
### Reference:
https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html
*(from redmine: issue id 6622, created on 2017-01-04, closed on 2017-01-23)*
* Relations:
* child #6623
* child #6624
* child #6625
* child #6626Timo TeräsTimo Teräshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/6623[3.5] phpmailer: Remote Code Execution (CVE-2016-10033, CVE-2016-10045)2019-07-23T12:02:18ZAlicha CH[3.5] phpmailer: Remote Code Execution (CVE-2016-10033, CVE-2016-10045)### CVE-2016-10033:
The mailSend function in the isMail transport in PHPMailer before
5.2.18, when the Sender property is not set,
might allow remote attackers to pass extra parameters to the mail
command and consequently execute arbi...### CVE-2016-10033:
The mailSend function in the isMail transport in PHPMailer before
5.2.18, when the Sender property is not set,
might allow remote attackers to pass extra parameters to the mail
command and consequently execute arbitrary
code via a \\" (backslash double quote) in a crafted From address.
### Fixed In Version:
phpmailer 5.2.18
### Reference:
http://seclists.org/oss-sec/2016/q4/750
### CVE-2016-10045:
The isMail transport in PHPMailer before 5.2.20, when the Sender
property is not set, might allow remote attackers to pass extra
parameters
to the mail command and consequently execute arbitrary code by
leveraging improper interaction between the escapeshellarg function
and
internal escaping performed in the mail function. NOTE: this
vulnerability exists because of an incorrect fix for CVE-2016-10033.
### Fixed in Version:
phpmailer 5.2.20
### Reference:
https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html
*(from redmine: issue id 6623, created on 2017-01-04, closed on 2017-01-23)*
* Relations:
* parent #6622
* Changesets:
* Revision 66935a2a80b13056fe0c3f0a127c540f6ea337e1 by Sergei Lukin on 2017-01-12T07:56:56Z:
```
main/php5-phpmailer: security fixes #6623
CVE-2016-10033
CVE-2016-10045
Issues were fixed in 5.2.18 and 5.2.20
However, there were major changes between 5.2.4 and 5.2.20
https://github.com/PHPMailer/PHPMailer/blob/master/changelog.md
This upgrade contains patch which is based on 2 commits
containing fix for CVE-2016-10045 and CVE-2016-10033:
https://github.com/PHPMailer/PHPMailer/commit/9743ff5c7ee16e8d49187bd2e11149afb9485eae
https://github.com/PHPMailer/PHPMailer/commit/833c35fe39715c3d01934508987e97af1fbc1ba0
Commits were adjusted to 5.2.4
```3.5.1Timo TeräsTimo Teräshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/6624[3.4] phpmailer: Remote Code Execution (CVE-2016-10033, CVE-2016-10045)2019-07-23T12:02:17ZAlicha CH[3.4] phpmailer: Remote Code Execution (CVE-2016-10033, CVE-2016-10045)### CVE-2016-10033:
The mailSend function in the isMail transport in PHPMailer before
5.2.18, when the Sender property is not set,
might allow remote attackers to pass extra parameters to the mail
command and consequently execute arbi...### CVE-2016-10033:
The mailSend function in the isMail transport in PHPMailer before
5.2.18, when the Sender property is not set,
might allow remote attackers to pass extra parameters to the mail
command and consequently execute arbitrary
code via a \\" (backslash double quote) in a crafted From address.
### Fixed In Version:
phpmailer 5.2.18
### Reference:
http://seclists.org/oss-sec/2016/q4/750
### CVE-2016-10045:
The isMail transport in PHPMailer before 5.2.20, when the Sender
property is not set, might allow remote attackers to pass extra
parameters
to the mail command and consequently execute arbitrary code by
leveraging improper interaction between the escapeshellarg function
and
internal escaping performed in the mail function. NOTE: this
vulnerability exists because of an incorrect fix for CVE-2016-10033.
### Fixed in Version:
phpmailer 5.2.20
### Reference:
https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html
*(from redmine: issue id 6624, created on 2017-01-04, closed on 2017-01-23)*
* Relations:
* parent #6622
* Changesets:
* Revision 83e615d86f8b723949b2c7ba5811c6910494e680 by Sergei Lukin on 2017-01-13T09:44:21Z:
```
main/php5-phpmailer: security upgrade to 5.2.4 - fixes #6624
CVE-2016-10033
CVE-2016-10045
Issues were fixed in 5.2.18 and 5.2.20
However, there were major changes between 5.2.0 and 5.2.20
https://github.com/PHPMailer/PHPMailer/blob/master/changelog.md
5.2.0 is NOT AVAILABLE anymore for download
Next available version is 5.2.4
https://github.com/PHPMailer/PHPMailer/releases?after=v5.2.5
(not sure if there were major changes between 5.2.0 and 5.2.4)
This upgrade contains patch which is based on 2 commits
containing fix for CVE-2016-10045 and CVE-2016-10033:
https://github.com/PHPMailer/PHPMailer/commit/9743ff5c7ee16e8d49187bd2e11149afb9485eae
https://github.com/PHPMailer/PHPMailer/commit/833c35fe39715c3d01934508987e97af1fbc1ba0
These commits were adjusted to 5.2.4
```3.4.7Timo TeräsTimo Teräshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/6625[3.3] phpmailer: Remote Code Execution (CVE-2016-10033, CVE-2016-10045)2019-07-23T12:02:16ZAlicha CH[3.3] phpmailer: Remote Code Execution (CVE-2016-10033, CVE-2016-10045)### CVE-2016-10033:
The mailSend function in the isMail transport in PHPMailer before
5.2.18, when the Sender property is not set,
might allow remote attackers to pass extra parameters to the mail
command and consequently execute arbi...### CVE-2016-10033:
The mailSend function in the isMail transport in PHPMailer before
5.2.18, when the Sender property is not set,
might allow remote attackers to pass extra parameters to the mail
command and consequently execute arbitrary
code via a \\" (backslash double quote) in a crafted From address.
### Fixed In Version:
phpmailer 5.2.18
### Reference:
http://seclists.org/oss-sec/2016/q4/750
### CVE-2016-10045:
The isMail transport in PHPMailer before 5.2.20, when the Sender
property is not set, might allow remote attackers to pass extra
parameters
to the mail command and consequently execute arbitrary code by
leveraging improper interaction between the escapeshellarg function
and
internal escaping performed in the mail function. NOTE: this
vulnerability exists because of an incorrect fix for CVE-2016-10033.
### Fixed in Version:
phpmailer 5.2.20
### Reference:
https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html
*(from redmine: issue id 6625, created on 2017-01-04, closed on 2017-01-23)*
* Relations:
* parent #6622
* Changesets:
* Revision 3e22216ad03d8d00799b855c6d2ebe45556eea5a by Sergei Lukin on 2017-01-19T08:03:01Z:
```
main/php-phpmailer: security upgrade to 5.2.4 - fixes #6625
CVE-2016-10033
CVE-2016-10045
Issues were fixed in 5.2.18 and 5.2.20
However, there were major changes between 5.2.0 and 5.2.20
https://github.com/PHPMailer/PHPMailer/blob/master/changelog.md
5.2.0 is NOT AVAILABLE anymore for download
Next available version is 5.2.4
https://github.com/PHPMailer/PHPMailer/releases?after=v5.2.5
(not sure if there were major changes between 5.2.0 and 5.2.4)
This upgrade contains patch which is based on 2 commits
containing fix for CVE-2016-10045 and CVE-2016-10033:
https://github.com/PHPMailer/PHPMailer/commit/9743ff5c7ee16e8d49187bd2e11149afb9485eae
https://github.com/PHPMailer/PHPMailer/commit/833c35fe39715c3d01934508987e97af1fbc1ba0
These commits were adjusted to 5.2.4
```3.3.4Timo TeräsTimo Teräshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/6626[3.2] phpmailer: Remote Code Execution (CVE-2016-10033, CVE-2016-10045)2019-07-23T12:02:15ZAlicha CH[3.2] phpmailer: Remote Code Execution (CVE-2016-10033, CVE-2016-10045)### CVE-2016-10033:
The mailSend function in the isMail transport in PHPMailer before
5.2.18, when the Sender property is not set,
might allow remote attackers to pass extra parameters to the mail
command and consequently execute arbi...### CVE-2016-10033:
The mailSend function in the isMail transport in PHPMailer before
5.2.18, when the Sender property is not set,
might allow remote attackers to pass extra parameters to the mail
command and consequently execute arbitrary
code via a \\" (backslash double quote) in a crafted From address.
### Fixed In Version:
phpmailer 5.2.18
### Reference:
http://seclists.org/oss-sec/2016/q4/750
### CVE-2016-10045:
The isMail transport in PHPMailer before 5.2.20, when the Sender
property is not set, might allow remote attackers to pass extra
parameters
to the mail command and consequently execute arbitrary code by
leveraging improper interaction between the escapeshellarg function
and
internal escaping performed in the mail function. NOTE: this
vulnerability exists because of an incorrect fix for CVE-2016-10033.
### Fixed in Version:
phpmailer 5.2.20
### Reference:
https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html
*(from redmine: issue id 6626, created on 2017-01-04, closed on 2017-01-23)*
* Relations:
* parent #6622
* Changesets:
* Revision 789397ad24a9470eebfbd293ee355fbe299f2e59 by Sergei Lukin on 2017-01-20T11:28:10Z:
```
main/php-phpmailer: security upgrade to 5.2.4 - fixes #6626
CVE-2016-10033
CVE-2016-10045
Issues were fixed in 5.2.18 and 5.2.20
However, there were major changes between 5.2.0 and 5.2.20
https://github.com/PHPMailer/PHPMailer/blob/master/changelog.md
5.2.0 is NOT AVAILABLE anymore for download
Next available version is 5.2.4
https://github.com/PHPMailer/PHPMailer/releases?after=v5.2.5
(not sure if there were major changes between 5.2.0 and 5.2.4)
This upgrade contains patch which is based on 2 commits
containing fix for CVE-2016-10045 and CVE-2016-10033:
https://github.com/PHPMailer/PHPMailer/commit/9743ff5c7ee16e8d49187bd2e11149afb9485eae
https://github.com/PHPMailer/PHPMailer/commit/833c35fe39715c3d01934508987e97af1fbc1ba0
These commits were adjusted to 5.2.4
```3.2.4Timo TeräsTimo Teräshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/6627ERROR: unsatisfiable constraints: py-pip (virtual)2019-07-23T12:02:14ZJanus MarzERROR: unsatisfiable constraints: py-pip (virtual)I got the same error like here:
https://forum.alpinelinux.org/forum/installation/v35-doesnt-have-py-pip-package
ERROR: unsatisfiable constraints:
py-pip (virtual):
provided by: py2-pip
required by: world\[py-pip\]
*(from redmin...I got the same error like here:
https://forum.alpinelinux.org/forum/installation/v35-doesnt-have-py-pip-package
ERROR: unsatisfiable constraints:
py-pip (virtual):
provided by: py2-pip
required by: world\[py-pip\]
*(from redmine: issue id 6627, created on 2017-01-04, closed on 2017-01-24)*
* Relations:
* duplicates #6702
* Changesets:
* Revision 61c4d9c80fdc5fbde79b8de8f63da763c1c16bf2 on 2017-01-24T14:25:30Z:
```
main/py2-pip: install when called py-pip - fixes #6627
```
* Revision 41f7be490b71f32c380fbd1ae26807d71f9225e6 on 2017-01-24T14:26:38Z:
```
main/py2-pip: install when called py-pip - fixes #6627
(cherry picked from commit 61c4d9c80fdc5fbde79b8de8f63da763c1c16bf2)
```3.5.1https://gitlab.alpinelinux.org/alpine/aports/-/issues/6629pcsc-lite: Use-after-free of cardsList due to SCardReleaseContext invocations...2019-07-23T12:02:13ZAlicha CHpcsc-lite: Use-after-free of cardsList due to SCardReleaseContext invocations (CVE-2016-10109)The SCardReleaseContext function normally releases resources associated
with the given handle (including “cardsList”) and clients should cease
using this handle.
A malicious client can however make the daemon invoke
SCardReleaseContext...The SCardReleaseContext function normally releases resources associated
with the given handle (including “cardsList”) and clients should cease
using this handle.
A malicious client can however make the daemon invoke
SCardReleaseContext and continue issuing other commands that use
“cardsList”, resulting in a use-after-free.
When SCardReleaseContext is invoked multiple times, it additionally
results in a double-free of “cardsList”.
### Affected Versions:
PCSC-Lite >= 1.6.0, < 1.8.20
### Fixed In Version:
pcsc-lite 1.8.20
### Reference:
http://seclists.org/oss-sec/2017/q1/18
### Patch:
https://anonscm.debian.org/cgit/pcsclite/PCSC.git/commit/?id=697fe05967af7ea215bcd5d5774be587780c9e22
*(from redmine: issue id 6629, created on 2017-01-05, closed on 2017-01-06)*
* Relations:
* child #6630
* child #6631
* child #6632
* child #6633
* Changesets:
* Revision 53e7378a3a9f45c0105f48b7f01f62f6128f0eeb by Timo Teräs on 2017-01-06T08:19:23Z:
```
main/pcsc-lite: security upgrade to 1.8.20 (CVE-2016-10109)
fixes #6629
remove unneeded patch (upstream fixed issue)
```Timo TeräsTimo Teräshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/6630[3.5] pcsc-lite: Use-after-free of cardsList due to SCardReleaseContext invoc...2019-07-23T12:02:12ZAlicha CH[3.5] pcsc-lite: Use-after-free of cardsList due to SCardReleaseContext invocations (CVE-2016-10109)The SCardReleaseContext function normally releases resources associated
with the given handle (including “cardsList”) and clients should cease
using this handle.
A malicious client can however make the daemon invoke
SCardReleaseContext...The SCardReleaseContext function normally releases resources associated
with the given handle (including “cardsList”) and clients should cease
using this handle.
A malicious client can however make the daemon invoke
SCardReleaseContext and continue issuing other commands that use
“cardsList”, resulting in a use-after-free.
When SCardReleaseContext is invoked multiple times, it additionally
results in a double-free of “cardsList”.
### Affected Versions:
PCSC-Lite >= 1.6.0, < 1.8.20
### Fixed In Version:
pcsc-lite 1.8.20
### Reference:
http://seclists.org/oss-sec/2017/q1/18
### Patch:
https://anonscm.debian.org/cgit/pcsclite/PCSC.git/commit/?id=697fe05967af7ea215bcd5d5774be587780c9e22
*(from redmine: issue id 6630, created on 2017-01-05, closed on 2017-01-06)*
* Relations:
* parent #66293.5.0Timo TeräsTimo Teräshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/6631[3.4] pcsc-lite: Use-after-free of cardsList due to SCardReleaseContext invoc...2019-07-23T12:02:11ZAlicha CH[3.4] pcsc-lite: Use-after-free of cardsList due to SCardReleaseContext invocations (CVE-2016-10109)The SCardReleaseContext function normally releases resources associated
with the given handle (including “cardsList”) and clients should cease
using this handle.
A malicious client can however make the daemon invoke
SCardReleaseContext...The SCardReleaseContext function normally releases resources associated
with the given handle (including “cardsList”) and clients should cease
using this handle.
A malicious client can however make the daemon invoke
SCardReleaseContext and continue issuing other commands that use
“cardsList”, resulting in a use-after-free.
When SCardReleaseContext is invoked multiple times, it additionally
results in a double-free of “cardsList”.
### Affected Versions:
PCSC-Lite >= 1.6.0, < 1.8.20
### Fixed In Version:
pcsc-lite 1.8.20
### Reference:
http://seclists.org/oss-sec/2017/q1/18
### Patch:
https://anonscm.debian.org/cgit/pcsclite/PCSC.git/commit/?id=697fe05967af7ea215bcd5d5774be587780c9e22
*(from redmine: issue id 6631, created on 2017-01-05, closed on 2017-01-06)*
* Relations:
* parent #6629
* Changesets:
* Revision 5076b2f6f50e76b903b75c82a840d4a05d30c98d by Timo Teräs on 2017-01-06T08:24:01Z:
```
main/pcsc-lite: security upgrade to 1.8.20 (CVE-2016-10109)
fixes #6631
remove unneeded patch (upstream fixed issue)
```3.4.7Timo TeräsTimo Teräshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/6632[3.3] pcsc-lite: Use-after-free of cardsList due to SCardReleaseContext invoc...2019-07-23T12:02:10ZAlicha CH[3.3] pcsc-lite: Use-after-free of cardsList due to SCardReleaseContext invocations (CVE-2016-10109)The SCardReleaseContext function normally releases resources associated
with the given handle (including “cardsList”) and clients should cease
using this handle.
A malicious client can however make the daemon invoke
SCardReleaseContext...The SCardReleaseContext function normally releases resources associated
with the given handle (including “cardsList”) and clients should cease
using this handle.
A malicious client can however make the daemon invoke
SCardReleaseContext and continue issuing other commands that use
“cardsList”, resulting in a use-after-free.
When SCardReleaseContext is invoked multiple times, it additionally
results in a double-free of “cardsList”.
### Affected Versions:
PCSC-Lite >= 1.6.0, < 1.8.20
### Fixed In Version:
pcsc-lite 1.8.20
### Reference:
http://seclists.org/oss-sec/2017/q1/18
### Patch:
https://anonscm.debian.org/cgit/pcsclite/PCSC.git/commit/?id=697fe05967af7ea215bcd5d5774be587780c9e22
*(from redmine: issue id 6632, created on 2017-01-05, closed on 2017-01-06)*
* Relations:
* parent #6629
* Changesets:
* Revision 021b293da86581334bb98c063495f30aabcd7284 by Timo Teräs on 2017-01-06T08:34:36Z:
```
main/pcsc-lite: security upgrade to 1.8.20 (CVE-2016-10109)
fixes #6632
remove unneeded patch (upstream fixed issue)
```3.3.4Timo TeräsTimo Teräshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/6633[3.2] pcsc-lite: Use-after-free of cardsList due to SCardReleaseContext invoc...2019-07-23T12:02:09ZAlicha CH[3.2] pcsc-lite: Use-after-free of cardsList due to SCardReleaseContext invocations (CVE-2016-10109)The SCardReleaseContext function normally releases resources associated
with the given handle (including “cardsList”) and clients should cease
using this handle.
A malicious client can however make the daemon invoke
SCardReleaseContext...The SCardReleaseContext function normally releases resources associated
with the given handle (including “cardsList”) and clients should cease
using this handle.
A malicious client can however make the daemon invoke
SCardReleaseContext and continue issuing other commands that use
“cardsList”, resulting in a use-after-free.
When SCardReleaseContext is invoked multiple times, it additionally
results in a double-free of “cardsList”.
### Affected Versions:
PCSC-Lite >= 1.6.0, < 1.8.20
### Fixed In Version:
pcsc-lite 1.8.20
### Reference:
http://seclists.org/oss-sec/2017/q1/18
### Patch:
https://anonscm.debian.org/cgit/pcsclite/PCSC.git/commit/?id=697fe05967af7ea215bcd5d5774be587780c9e22
*(from redmine: issue id 6633, created on 2017-01-05, closed on 2017-01-06)*
* Relations:
* parent #6629
* Changesets:
* Revision 0e08b80a058f5402b1bd594be1be52762049b882 by Timo Teräs on 2017-01-06T08:39:47Z:
```
main/pcsc-lite: security upgrade to 1.8.20 (CVE-2016-10109)
fixes #6633
remove unneeded patch (upstream fixed issue)
```3.2.4Timo TeräsTimo Teräshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/6636libvncserver: heap buffer overflows (CVE-2016-9941, CVE-2016-9942)2019-07-23T12:02:08ZAlicha CHlibvncserver: heap buffer overflows (CVE-2016-9941, CVE-2016-9942)CVE-2016-9941: Heap-based buffer overflow in rfbproto.c
-------------------------------------------------------
Heap-based buffer overflow in rfbproto.c was found in LibVNCClient in
LibVNCServer before 0.9.11 that allows remote servers ...CVE-2016-9941: Heap-based buffer overflow in rfbproto.c
-------------------------------------------------------
Heap-based buffer overflow in rfbproto.c was found in LibVNCClient in
LibVNCServer before 0.9.11 that allows remote servers to cause a denial
of service
(application crash) or possibly execute arbitrary code via a crafted
FramebufferUpdate message containing a subrectangle outside of the
client drawing area.
### Fixed In Version:
libvncserver 0.9.11
### Reference:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9941
### Patch:
https://github.com/LibVNC/libvncserver/commit/5418e8007c248bf9668d22a8c1fa9528149b69f2
CVE-2016-9942: Heap-based buffer overflow in ultra.c
----------------------------------------------------
Heap-based buffer overflow was found in ultra.c in LibVNCClient in
LibVNCServer before 0.9.11 that allows remote servers to cause a denial
of service (application crash)
or possibly execute arbitrary code via a crafted FramebufferUpdate
message with the Ultra type tile, such that the LZO payload decompressed
length exceeds what is specified by the tile dimensions.
### Fixed In Version:
libvncserver 0.9.11
### Reference:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9942
### Patch:
https://github.com/LibVNC/libvncserver/commit/5fff4353f66427b467eb29e5fdc1da4f2be028bb
*(from redmine: issue id 6636, created on 2017-01-06, closed on 2017-01-23)*
* Relations:
* child #6637
* child #6638
* child #6639
* child #6640
* child #6641https://gitlab.alpinelinux.org/alpine/aports/-/issues/6637[3.6] libvncserver: heap buffer overflows (CVE-2016-9941, CVE-2016-9942)2019-07-23T12:02:07ZAlicha CH[3.6] libvncserver: heap buffer overflows (CVE-2016-9941, CVE-2016-9942)CVE-2016-9941: Heap-based buffer overflow in rfbproto.c
-------------------------------------------------------
Heap-based buffer overflow in rfbproto.c was found in LibVNCClient in
LibVNCServer before 0.9.11 that allows remote servers ...CVE-2016-9941: Heap-based buffer overflow in rfbproto.c
-------------------------------------------------------
Heap-based buffer overflow in rfbproto.c was found in LibVNCClient in
LibVNCServer before 0.9.11 that allows remote servers to cause a denial
of service
(application crash) or possibly execute arbitrary code via a crafted
FramebufferUpdate message containing a subrectangle outside of the
client drawing area.
### Fixed In Version:
libvncserver 0.9.11
### Reference:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9941
### Patch:
https://github.com/LibVNC/libvncserver/commit/5418e8007c248bf9668d22a8c1fa9528149b69f2
CVE-2016-9942: Heap-based buffer overflow in ultra.c
----------------------------------------------------
Heap-based buffer overflow was found in ultra.c in LibVNCClient in
LibVNCServer before 0.9.11 that allows remote servers to cause a denial
of service (application crash)
or possibly execute arbitrary code via a crafted FramebufferUpdate
message with the Ultra type tile, such that the LZO payload decompressed
length exceeds what is specified by the tile dimensions.
### Fixed In Version:
libvncserver 0.9.11
### Reference:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9942
### Patch:
https://github.com/LibVNC/libvncserver/commit/5fff4353f66427b467eb29e5fdc1da4f2be028bb
*(from redmine: issue id 6637, created on 2017-01-06, closed on 2017-01-23)*
* Relations:
* parent #6636
* Changesets:
* Revision f7fc7fd109145de79a4568d1b3f615ba4013b72a by Sergei Lukin on 2017-01-12T07:36:21Z:
```
main/libvncserver: security upgrade to 0.9.11 - fixes #6637
CVE-2016-9941: Heap-based buffer overflow in rfbproto.c
CVE-2016-9942: Heap-based buffer overflow in ultra.c
```3.6.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/6638[3.5] libvncserver: heap buffer overflows (CVE-2016-9941, CVE-2016-9942)2019-07-23T12:02:06ZAlicha CH[3.5] libvncserver: heap buffer overflows (CVE-2016-9941, CVE-2016-9942)CVE-2016-9941: Heap-based buffer overflow in rfbproto.c
-------------------------------------------------------
Heap-based buffer overflow in rfbproto.c was found in LibVNCClient in
LibVNCServer before 0.9.11 that allows remote servers ...CVE-2016-9941: Heap-based buffer overflow in rfbproto.c
-------------------------------------------------------
Heap-based buffer overflow in rfbproto.c was found in LibVNCClient in
LibVNCServer before 0.9.11 that allows remote servers to cause a denial
of service
(application crash) or possibly execute arbitrary code via a crafted
FramebufferUpdate message containing a subrectangle outside of the
client drawing area.
### Fixed In Version:
libvncserver 0.9.11
### Reference:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9941
### Patch:
https://github.com/LibVNC/libvncserver/commit/5418e8007c248bf9668d22a8c1fa9528149b69f2
CVE-2016-9942: Heap-based buffer overflow in ultra.c
----------------------------------------------------
Heap-based buffer overflow was found in ultra.c in LibVNCClient in
LibVNCServer before 0.9.11 that allows remote servers to cause a denial
of service (application crash)
or possibly execute arbitrary code via a crafted FramebufferUpdate
message with the Ultra type tile, such that the LZO payload decompressed
length exceeds what is specified by the tile dimensions.
### Fixed In Version:
libvncserver 0.9.11
### Reference:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9942
### Patch:
https://github.com/LibVNC/libvncserver/commit/5fff4353f66427b467eb29e5fdc1da4f2be028bb
*(from redmine: issue id 6638, created on 2017-01-06, closed on 2017-01-23)*
* Relations:
* parent #6636
* Changesets:
* Revision 09e180651f0e822f8487bf871bcac7b44a2e383a by Sergei Lukin on 2017-01-12T07:55:54Z:
```
main/libvncserver: security fixes #6638
CVE-2016-9941: Heap-based buffer overflow in rfbproto.c
CVE-2016-9942: Heap-based buffer overflow in ultra.c
```3.5.1https://gitlab.alpinelinux.org/alpine/aports/-/issues/6639[3.4] libvncserver: heap buffer overflows (CVE-2016-9941, CVE-2016-9942)2019-07-23T12:02:05ZAlicha CH[3.4] libvncserver: heap buffer overflows (CVE-2016-9941, CVE-2016-9942)CVE-2016-9941: Heap-based buffer overflow in rfbproto.c
-------------------------------------------------------
Heap-based buffer overflow in rfbproto.c was found in LibVNCClient in
LibVNCServer before 0.9.11 that allows remote servers ...CVE-2016-9941: Heap-based buffer overflow in rfbproto.c
-------------------------------------------------------
Heap-based buffer overflow in rfbproto.c was found in LibVNCClient in
LibVNCServer before 0.9.11 that allows remote servers to cause a denial
of service
(application crash) or possibly execute arbitrary code via a crafted
FramebufferUpdate message containing a subrectangle outside of the
client drawing area.
### Fixed In Version:
libvncserver 0.9.11
### Reference:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9941
### Patch:
https://github.com/LibVNC/libvncserver/commit/5418e8007c248bf9668d22a8c1fa9528149b69f2
CVE-2016-9942: Heap-based buffer overflow in ultra.c
----------------------------------------------------
Heap-based buffer overflow was found in ultra.c in LibVNCClient in
LibVNCServer before 0.9.11 that allows remote servers to cause a denial
of service (application crash)
or possibly execute arbitrary code via a crafted FramebufferUpdate
message with the Ultra type tile, such that the LZO payload decompressed
length exceeds what is specified by the tile dimensions.
### Fixed In Version:
libvncserver 0.9.11
### Reference:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9942
### Patch:
https://github.com/LibVNC/libvncserver/commit/5fff4353f66427b467eb29e5fdc1da4f2be028bb
*(from redmine: issue id 6639, created on 2017-01-06, closed on 2017-01-23)*
* Relations:
* parent #6636
* Changesets:
* Revision 14594bb55cbbf5113e844d4c8e550fc247ee550a by Sergei Lukin on 2017-01-18T14:10:39Z:
```
main/libvncserver: security fixes #6639
CVE-2016-9941: Heap-based buffer overflow in rfbproto.c
CVE-2016-9942: Heap-based buffer overflow in ultra.c
```https://gitlab.alpinelinux.org/alpine/aports/-/issues/6640[3.3] libvncserver: heap buffer overflows (CVE-2016-9941, CVE-2016-9942)2019-07-23T12:02:04ZAlicha CH[3.3] libvncserver: heap buffer overflows (CVE-2016-9941, CVE-2016-9942)CVE-2016-9941: Heap-based buffer overflow in rfbproto.c
-------------------------------------------------------
Heap-based buffer overflow in rfbproto.c was found in LibVNCClient in
LibVNCServer before 0.9.11 that allows remote servers ...CVE-2016-9941: Heap-based buffer overflow in rfbproto.c
-------------------------------------------------------
Heap-based buffer overflow in rfbproto.c was found in LibVNCClient in
LibVNCServer before 0.9.11 that allows remote servers to cause a denial
of service
(application crash) or possibly execute arbitrary code via a crafted
FramebufferUpdate message containing a subrectangle outside of the
client drawing area.
### Fixed In Version:
libvncserver 0.9.11
### Reference:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9941
### Patch:
https://github.com/LibVNC/libvncserver/commit/5418e8007c248bf9668d22a8c1fa9528149b69f2
CVE-2016-9942: Heap-based buffer overflow in ultra.c
----------------------------------------------------
Heap-based buffer overflow was found in ultra.c in LibVNCClient in
LibVNCServer before 0.9.11 that allows remote servers to cause a denial
of service (application crash)
or possibly execute arbitrary code via a crafted FramebufferUpdate
message with the Ultra type tile, such that the LZO payload decompressed
length exceeds what is specified by the tile dimensions.
### Fixed In Version:
libvncserver 0.9.11
### Reference:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9942
### Patch:
https://github.com/LibVNC/libvncserver/commit/5fff4353f66427b467eb29e5fdc1da4f2be028bb
*(from redmine: issue id 6640, created on 2017-01-06, closed on 2017-01-23)*
* Relations:
* parent #6636
* Changesets:
* Revision 5b2a32c3074c1e9abc0f0490c264335336ffc172 by Sergei Lukin on 2017-01-19T07:46:56Z:
```
main/libvncserver: security fixes #6640
CVE-2016-9941: Heap-based buffer overflow in rfbproto.c
CVE-2016-9942: Heap-based buffer overflow in ultra.c
```3.3.4