[Midnightbsd-cvs] mports [23174] trunk/security/vuxml/vuln.xml: update the list
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Sun Apr 8 15:57:40 EDT 2018
Revision: 23174
http://svnweb.midnightbsd.org/mports/?rev=23174
Author: laffer1
Date: 2018-04-08 15:57:38 -0400 (Sun, 08 Apr 2018)
Log Message:
-----------
update the list
Modified Paths:
--------------
trunk/security/vuxml/vuln.xml
Modified: trunk/security/vuxml/vuln.xml
===================================================================
--- trunk/security/vuxml/vuln.xml 2018-04-08 19:00:53 UTC (rev 23173)
+++ trunk/security/vuxml/vuln.xml 2018-04-08 19:57:38 UTC (rev 23174)
@@ -28,7 +28,7 @@
OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- $FreeBSD: head/security/vuxml/vuln.xml 463418 2018-03-02 17:01:14Z zi $
+ $FreeBSD: head/security/vuxml/vuln.xml 466712 2018-04-07 09:17:53Z mfechner $
QUICK GUIDE TO ADDING A NEW ENTRY
@@ -58,6 +58,1417 @@
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="085a087b-3897-11e8-ac53-d8cb8abf62dd">
+ <topic>Gitlab -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>gitlab</name>
+ <range><ge>10.6.0</ge><lt>10.6.3</lt></range>
+ <range><ge>10.5.0</ge><lt>10.5.7</lt></range>
+ <range><ge>8.6</ge><lt>10.4.7</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>GitLab reports:</p>
+ <blockquote cite="https://about.gitlab.com/2018/04/04/security-release-gitlab-10-dot-6-dot-3-released/">
+ <p>Confidential issue comments in Slack, Mattermost, and webhook integrations.</p>
+ <p>Persistent XSS in milestones data-milestone-id.</p>
+ <p>Persistent XSS in filename of merge request.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://about.gitlab.com/2018/04/04/security-release-gitlab-10-dot-6-dot-3-released/</url>
+ </references>
+ <dates>
+ <discovery>2018-04-04</discovery>
+ <entry>2018-04-05</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="c0c5afef-38db-11e8-8b7f-a4badb2f469b">
+ <topic>FreeBSD -- ipsec crash or denial of service</topic>
+ <affects>
+ <package>
+ <name>FreeBSD-kernel</name>
+ <range><ge>11.1</ge><lt>11.1_9</lt></range>
+ <range><ge>10.4</ge><lt>10.4_8</lt></range>
+ <range><ge>10.3</ge><lt>10.3_29</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>The length field of the option header does not count the
+ size of the option header itself. This causes a problem
+ when the length is zero, the count is then incremented by
+ zero, which causes an infinite loop.</p>
+ <p>In addition there are pointer/offset mistakes in the
+ handling of IPv4 options.</p>
+ <h1>Impact:</h1>
+ <p>A remote attacker who is able to send an arbitrary packet,
+ could cause the remote target machine to crash.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2018-6918</cvename>
+ <freebsdsa>SA-18:05.ipsec</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2018-04-04</discovery>
+ <entry>2018-04-05</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="a5cf3ecd-38db-11e8-8b7f-a4badb2f469b">
+ <topic>FreeBSD -- vt console memory disclosure</topic>
+ <affects>
+ <package>
+ <name>FreeBSD-kernel</name>
+ <range><ge>11.1</ge><lt>11.1_9</lt></range>
+ <range><ge>10.4</ge><lt>10.4_8</lt></range>
+ <range><ge>10.3</ge><lt>10.3_29</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>Insufficient validation of user-provided font parameters
+ can result in an integer overflow, leading to the use of
+ arbitrary kernel memory as glyph data. Characters that
+ reference this data can be displayed on the screen, effectively
+ disclosing kernel memory.</p>
+ <h1>Impact:</h1>
+ <p>Unprivileged users may be able to access privileged
+ kernel data.</p>
+ <p>Such memory might contain sensitive information, such
+ as portions of the file cache or terminal buffers. This
+ information might be directly useful, or it might be leveraged
+ to obtain elevated privileges in some way; for example, a
+ terminal buffer might include a user-entered password.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2018-6917</cvename>
+ <freebsdsa>SA-18:04.vt</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2018-04-04</discovery>
+ <entry>2018-04-05</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="cdb4d962-34f9-11e8-92db-080027907385">
+ <topic>moodle -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>moodle31</name>
+ <range><lt>3.1.11</lt></range>
+ </package>
+ <package>
+ <name>moodle32</name>
+ <range><lt>3.2.8</lt></range>
+ </package>
+ <package>
+ <name>moodle33</name>
+ <range><lt>3.3.5</lt></range>
+ </package>
+ <package>
+ <name>moodle34</name>
+ <range><lt>3.4.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>moodle reports:</p>
+ <blockquote cite="https://moodle.org/mod/forum/discuss.php?d=367938">
+ <p>Unauthenticated users can trigger custom messages to admin via
+ paypal enrol script.</p>
+ <p>Suspended users with OAuth 2 authentication method can still log in to
+ the site.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2018-1081</cvename>
+ <cvename>CVE-2018-1082</cvename>
+ <url>https://moodle.org/mod/forum/discuss.php?d=367938</url>
+ </references>
+ <dates>
+ <discovery>2018-03-14</discovery>
+ <entry>2018-03-31</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="eb69bcf2-18ef-4aa2-bb0c-83b263364089">
+ <topic>ruby -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>ruby</name>
+ <range><ge>2.3.0,1</ge><lt>2.3.7,1</lt></range>
+ <range><ge>2.4.0,1</ge><lt>2.4.4,1</lt></range>
+ <range><ge>2.5.0,1</ge><lt>2.5.1,1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Ruby news:</p>
+ <blockquote cite="https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/">
+ <p>CVE-2017-17742: HTTP response splitting in WEBrick</p>
+ <p>If a script accepts an external input and outputs it without
+ modification as a part of HTTP responses, an attacker can use newline
+ characters to deceive the clients that the HTTP response header is
+ stopped at there, and can inject fake HTTP responses after the newline
+ characters to show malicious contents to the clients.</p>
+ <p>CVE-2018-6914: Unintentional file and directory creation with
+ directory traversal in tempfile and tmpdir</p>
+ <p>Dir.mktmpdir method introduced by tmpdir library accepts the prefix
+ and the suffix of the directory which is created as the first parameter.
+ The prefix can contain relative directory specifiers "../", so this
+ method can be used to target any directory. So, if a script accepts an
+ external input as the prefix, and the targeted directory has
+ inappropriate permissions or the ruby process has inappropriate
+ privileges, the attacker can create a directory or a file at any
+ directory.</p>
+ <p>CVE-2018-8777: DoS by large request in WEBrick</p>
+ <p>If an attacker sends a large request which contains huge HTTP headers,
+ WEBrick try to process it on memory, so the request causes the
+ out-of-memory DoS attack.</p>
+ <p>CVE-2018-8778: Buffer under-read in String#unpack</p>
+ <p>String#unpack receives format specifiers as its parameter, and can
+ be specified the position of parsing the data by the specifier @. If a
+ big number is passed with @, the number is treated as the negative
+ value, and out-of-buffer read is occurred. So, if a script accepts an
+ external input as the argument of String#unpack, the attacker can read
+ data on heaps.</p>
+ <p>CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in
+ UNIXServer and UNIXSocket</p>
+ <p>UNIXServer.open accepts the path of the socket to be created at the
+ first parameter. If the path contains NUL (\0) bytes, this method
+ recognize that the path is completed before the NUL bytes. So, if a
+ script accepts an external input as the argument of this method, the
+ attacker can make the socket file in the unintentional path. And,
+ UNIXSocket.open also accepts the path of the socket to be created at
+ the first parameter without checking NUL bytes like UNIXServer.open.
+ So, if a script accepts an external input as the argument of this
+ method, the attacker can accepts the socket file in the unintentional
+ path.</p>
+ <p>CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte
+ in Dir</p>
+ <p>Dir.open, Dir.new, Dir.entries and Dir.empty? accept the path of the
+ target directory as their parameter. If the parameter contains NUL (\0)
+ bytes, these methods recognize that the path is completed before the
+ NUL bytes. So, if a script accepts an external input as the argument of
+ these methods, the attacker can make the unintentional directory
+ traversal.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/</url>
+ <url>https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/</url>
+ <url>https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/</url>
+ <url>https://www.ruby-lang.org/en/news/2018/03/28/http-response-splitting-in-webrick-cve-2017-17742/</url>
+ <url>https://www.ruby-lang.org/en/news/2018/03/28/unintentional-file-and-directory-creation-with-directory-traversal-cve-2018-6914/</url>
+ <url>https://www.ruby-lang.org/en/news/2018/03/28/large-request-dos-in-webrick-cve-2018-8777/</url>
+ <url>https://www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/</url>
+ <url>https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-unixsocket-cve-2018-8779/</url>
+ <url>https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/</url>
+ <cvename>CVE-2017-17742</cvename>
+ <cvename>CVE-2018-6914</cvename>
+ <cvename>CVE-2018-8777</cvename>
+ <cvename>CVE-2018-8778</cvename>
+ <cvename>CVE-2018-8779</cvename>
+ <cvename>CVE-2018-8780</cvename>
+ </references>
+ <dates>
+ <discovery>2018-03-28</discovery>
+ <entry>2018-03-29</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="5a9bbb6e-32d3-11e8-a769-6daaba161086">
+ <topic>node.js -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>node4</name>
+ <range><lt>4.9.0</lt></range>
+ </package>
+ <package>
+ <name>node6</name>
+ <range><lt>6.14.0</lt></range>
+ </package>
+ <package>
+ <name>node8</name>
+ <range><lt>8.11.0</lt></range>
+ </package>
+ <package>
+ <name>node</name>
+ <range><lt>9.10.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Node.js reports:</p>
+ <blockquote cite="https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/">
+ <h1>Node.js Inspector DNS rebinding vulnerability (CVE-2018-7160)</h1>
+ <p>Node.js 6.x and later include a debugger protocol (also known as "inspector") that can be activated by the --inspect and related command line flags. This debugger service was vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution.</p>
+ <h1>'path' module regular expression denial of service (CVE-2018-7158)</h1>
+ <p>The 'path' module in the Node.js 4.x release line contains a potential regular expression denial of service (ReDoS) vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x.</p>
+ <h1>Spaces in HTTP Content-Length header values are ignored (CVE-2018-7159)</h1>
+ <p>The HTTP parser in all current versions of Node.js ignores spaces in the Content-Length header, allowing input such as Content-Length: 1 2 to be interpreted as having a value of 12. The HTTP specification does not allow for spaces in the Content-Length value and the Node.js HTTP parser has been brought into line on this particular difference.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/</url>
+ <cvename>CVE-2018-7158</cvename>
+ <cvename>CVE-2018-7159</cvename>
+ <cvename>CVE-2018-7160</cvename>
+ </references>
+ <dates>
+ <discovery>2018-03-21</discovery>
+ <entry>2018-03-28</entry>
+ <modified>2018-03-28</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="1ce95bc7-3278-11e8-b527-00012e582166">
+ <topic>webkit2-gtk3 -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>webkit2-gtk3</name>
+ <range><ge>2.16.6</ge><lt>2.20.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The WebKit team reports many vulnerabilities.</p>
+ <p>Please reference the CVE/URL list for details.</p>
+ </body>
+ </description>
+ <references>
+ <url>https://webkitgtk.org/security/WSA-2017-0008.html</url>
+ <url>https://webkitgtk.org/security/WSA-2017-0009.html</url>
+ <url>https://webkitgtk.org/security/WSA-2017-0010.html</url>
+ <url>https://webkitgtk.org/security/WSA-2018-0001.html</url>
+ <url>https://webkitgtk.org/security/WSA-2018-0002.html</url>
+ <cvename>CVE-2017-7087</cvename>
+ <cvename>CVE-2017-7089</cvename>
+ <cvename>CVE-2017-7090</cvename>
+ <cvename>CVE-2017-7091</cvename>
+ <cvename>CVE-2017-7092</cvename>
+ <cvename>CVE-2017-7092</cvename>
+ <cvename>CVE-2017-7093</cvename>
+ <cvename>CVE-2017-7095</cvename>
+ <cvename>CVE-2017-7096</cvename>
+ <cvename>CVE-2017-7098</cvename>
+ <cvename>CVE-2017-7100</cvename>
+ <cvename>CVE-2017-7102</cvename>
+ <cvename>CVE-2017-7104</cvename>
+ <cvename>CVE-2017-7107</cvename>
+ <cvename>CVE-2017-7109</cvename>
+ <cvename>CVE-2017-7111</cvename>
+ <cvename>CVE-2017-7117</cvename>
+ <cvename>CVE-2017-7120</cvename>
+ <cvename>CVE-2017-13783</cvename>
+ <cvename>CVE-2017-13784</cvename>
+ <cvename>CVE-2017-13785</cvename>
+ <cvename>CVE-2017-13788</cvename>
+ <cvename>CVE-2017-13791</cvename>
+ <cvename>CVE-2017-13792</cvename>
+ <cvename>CVE-2017-13794</cvename>
+ <cvename>CVE-2017-13795</cvename>
+ <cvename>CVE-2017-13796</cvename>
+ <cvename>CVE-2017-13798</cvename>
+ <cvename>CVE-2017-13802</cvename>
+ <cvename>CVE-2017-13803</cvename>
+ <cvename>CVE-2017-7156</cvename>
+ <cvename>CVE-2017-7157</cvename>
+ <cvename>CVE-2017-13856</cvename>
+ <cvename>CVE-2017-13866</cvename>
+ <cvename>CVE-2017-13870</cvename>
+ <cvename>CVE-2017-5753</cvename>
+ <cvename>CVE-2017-5715</cvename>
+ <cvename>CVE-2018-4088</cvename>
+ <cvename>CVE-2018-4089</cvename>
+ <cvename>CVE-2018-4096</cvename>
+ <cvename>CVE-2017-7153</cvename>
+ <cvename>CVE-2017-7160</cvename>
+ <cvename>CVE-2017-7161</cvename>
+ <cvename>CVE-2017-7165</cvename>
+ <cvename>CVE-2017-13884</cvename>
+ <cvename>CVE-2017-13885</cvename>
+ </references>
+ <dates>
+ <discovery>2017-10-18</discovery>
+ <entry>2018-03-28</entry>
+ <modified>2018-03-28</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="3ae21918-31e3-11e8-927b-e8e0b747a45a">
+ <topic>chromium -- vulnerability</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <range><lt>65.0.3325.181</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Google Chrome Releases reports:</p>
+ <blockquote cite="https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop_20.html">
+ <p>1 security fix in this release, including:</p>
+ <ul>
+ <li>[823553] Various fixes from internal audits, fuzzing and other initiatives</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop_20.html</url>
+ </references>
+ <dates>
+ <discovery>2018-03-20</discovery>
+ <entry>2018-03-27</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="b7cff5a9-31cc-11e8-8f07-b499baebfeaf">
+ <topic>OpenSSL -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>openssl</name>
+ <range><lt>1.0.2o,1</lt></range>
+ </package>
+ <package>
+ <name>openssl-devel</name>
+ <range><lt>1.1.0h</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The OpenSSL project reports:</p>
+ <blockquote cite="https://www.openssl.org/news/secadv/20180327.txt">
+ <ul><li>Constructed ASN.1 types with a recursive definition could
+ exceed the stack (CVE-2018-0739)<br/>
+ Constructed ASN.1 types with a recursive definition (such as can be
+ found in PKCS7) could eventually exceed the stack given malicious input
+ with excessive recursion. This could result in a Denial Of Service
+ attack. There are no such structures used within SSL/TLS that come from
+ untrusted sources so this is considered safe.</li>
+ <li>rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)<br/>
+ There is an overflow bug in the AVX2 Montgomery multiplication
+ procedure used in exponentiation with 1024-bit moduli. This only
+ affects processors that support the AVX2 but not ADX extensions
+ like Intel Haswell (4th generation).</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.openssl.org/news/secadv/20180327.txt</url>
+ <cvename>CVE-2018-0739</cvename>
+ <cvename>CVE-2017-3738</cvename>
+ </references>
+ <dates>
+ <discovery>2018-03-27</discovery>
+ <entry>2018-03-27</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="dc0c201c-31da-11e8-ac53-d8cb8abf62dd">
+ <topic>Gitlab -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>gitlab</name>
+ <range><ge>8.3</ge><lt>10.5.6</lt></range>
+ <range><ge>8.3</ge><lt>10.4.6</lt></range>
+ <range><ge>8.3</ge><lt>10.3.9</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>GitLab reports:</p>
+ <blockquote cite="https://about.gitlab.com/2018/03/20/critical-security-release-gitlab-10-dot-5-dot-6-released/">
+ <h1>SSRF in services and web hooks</h1>
+ <p>There were multiple server-side request forgery issues in the Services feature.
+ An attacker could make requests to servers within the same network of the GitLab
+ instance. This could lead to information disclosure, authentication bypass, or
+ potentially code execution. This issue has been assigned
+ <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8801">CVE-2018-8801</a>.</p>
+ <h1>Gitlab Auth0 integration issue</h1>
+ <p>There was an issue with the GitLab <code>omniauth-auth0</code> configuration
+ which resulted in the Auth0 integration signing in the wrong users.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2018-8801</cvename>
+ <url>https://about.gitlab.com/2018/03/20/critical-security-release-gitlab-10-dot-5-dot-6-released/</url>
+ </references>
+ <dates>
+ <discovery>2018-03-20</discovery>
+ <entry>2018-03-27</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="23f59689-0152-42d3-9ade-1658d6380567">
+ <topic>mozilla -- use-after-free in compositor</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>59.0.2,1</lt></range>
+ </package>
+ <package>
+ <name>waterfox</name>
+ <range><lt>56.0.4.36_3</lt></range>
+ </package>
+ <package>
+ <name>seamonkey</name>
+ <name>linux-seamonkey</name>
+ <range><lt>2.49.3</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>52.7.3,1</lt></range>
+ </package>
+ <package>
+ <name>linux-firefox</name>
+ <range><lt>52.7.3,2</lt></range>
+ </package>
+ <package>
+ <name>libxul</name>
+ <range><lt>52.7.3</lt></range>
+ </package>
+ <package>
+ <name>linux-thunderbird</name>
+ <range><lt>52.7.1</lt></range>
+ </package>
+ <package>
+ <name>thunderbird</name>
+ <range><lt>52.7.0_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Mozilla Foundation reports:</p>
+ <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-10/">
+ <h1>CVE-2018-5148: Use-after-free in compositor</h1>
+ <p>A use-after-free vulnerability can occur in the
+ compositor during certain graphics operations when a raw
+ pointer is used instead of a reference counted one. This
+ results in a potentially exploitable crash.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2018-5148</cvename>
+ <url>https://www.mozilla.org/security/advisories/mfsa2018-10/</url>
+ </references>
+ <dates>
+ <discovery>2018-03-26</discovery>
+ <entry>2018-03-27</entry>
+ <modified>2018-03-31</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="81946ace-6961-4488-a164-22d58ebc8d66">
+ <topic>rails-html-sanitizer -- possible XSS vulnerability</topic>
+ <affects>
+ <package>
+ <name>rubygem-rails-html-sanitizer</name>
+ <range><lt>1.0.4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>OSS-Security list:</p>
+ <blockquote cite="http://www.openwall.com/lists/oss-security/2018/03/22/4">
+ <p>There is a possible XSS vulnerability in rails-html-sanitizer. The gem
+ allows non-whitelisted attributes to be present in sanitized output
+ when input with specially-crafted HTML fragments, and these attributes
+ can lead to an XSS attack on target applications.</p>
+ <p>This issue is similar to CVE-2018-8048 in Loofah.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.openwall.com/lists/oss-security/2018/03/22/4</url>
+ <cvename>CVE-2018-3741</cvename>
+ </references>
+ <dates>
+ <discovery>2018-03-22</discovery>
+ <entry>2018-03-24</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="f38187e7-2f6e-11e8-8f07-b499baebfeaf">
+ <topic>apache -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>apache24</name>
+ <range><lt>2.4.30</lt></range>
+ </package>
+ <package>
+ <name>apache22</name>
+ <range><lt>2.2.34_5</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Apache httpd reports:</p>
+ <blockquote cite="https://www.apache.org/dist/httpd/CHANGES_2.4.33">
+ <p>Out of bound write in mod_authnz_ldap with AuthLDAPCharsetConfig
+ enabled (CVE-2017-15710)</p>
+ <p>mod_session: CGI-like applications that intend to read from
+ mod_session's 'SessionEnv ON' could be fooled into reading
+ user-supplied data instead. (CVE-2018-1283)</p>
+ <p>mod_cache_socache: Fix request headers parsing to avoid a possible
+ crash with specially crafted input data. (CVE-2018-1303)</p>
+ <p>core: Possible crash with excessively long HTTP request headers.
+ Impractical to exploit with a production build and production
+ LogLevel. (CVE-2018-1301)</p>
+ <p>core: Configure the regular expression engine to match '$' to the
+ end of the input string only, excluding matching the end of any
+ embedded newline characters. Behavior can be changed with new
+ directive 'RegexDefaultOptions'. (CVE-2017-15715)</p>
+ <p>mod_auth_digest: Fix generation of nonce values to prevent replay
+ attacks across servers using a common Digest domain. This change
+ may cause problems if used with round robin load balancers.
+ (CVE-2018-1312)</p>
+ <p>mod_http2: Potential crash w/ mod_http2. (CVE-2018-1302)</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.apache.org/dist/httpd/CHANGES_2.4.33</url>
+ <cvename>CVE-2017-15710</cvename>
+ <cvename>CVE-2018-1283</cvename>
+ <cvename>CVE-2018-1303</cvename>
+ <cvename>CVE-2018-1301</cvename>
+ <cvename>CVE-2017-15715</cvename>
+ <cvename>CVE-2018-1312</cvename>
+ <cvename>CVE-2018-1302</cvename>
+ </references>
+ <dates>
+ <discovery>2018-03-23</discovery>
+ <entry>2018-03-24</entry>
+ <modified>2018-03-27</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="d50a50a2-2f3e-11e8-86f8-00e04c1ea73d">
+ <topic>mybb -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>mybb</name>
+ <range><lt>1.8.15</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>mybb Team reports:</p>
+ <blockquote cite="https://blog.mybb.com/2018/03/15/mybb-1-8-15-released-security-maintenance-release/">
+ <p>Medium risk: Tasks Local File Inclusion</p>
+ <p>Medium risk: Forum Password Check Bypass</p>
+ <p>Low risk: Admin Permissions Group Title XSS</p>
+ <p>Low risk: Attachment types file extension XSS</p>
+ <p>Low risk: Moderator Tools XSS</p>
+ <p>Low risk: Security Questions XSS</p>
+ <p>Low risk: Settings Management XSS</p>
+ <p>Low risk: Templates Set Name XSS</p>
+ <p>Low risk: Usergroup Promotions XSS</p>
+ <p>Low risk: Warning Types XSS</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://blog.mybb.com/2018/03/15/mybb-1-8-15-released-security-maintenance-release/</url>
+ </references>
+ <dates>
+ <discovery>2018-03-15</discovery>
+ <entry>2018-03-24</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="6d52bda1-2e54-11e8-a68f-485b3931c969">
+ <topic>SQLite -- Corrupt DB can cause a NULL pointer dereference</topic>
+ <affects>
+ <package>
+ <name>sqlite3</name>
+ <range><lt>3.22.0_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>MITRE reports:</p>
+ <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2018-8740">
+ <p>SQLite databases whose schema is corrupted using a CREATE TABLE AS
+ statement could cause a NULL pointer dereference, related to build.c
+ and prepare.c.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2018-8740</cvename>
+ <url>http://openwall.com/lists/oss-security/2018/03/17/1</url>
+ </references>
+ <dates>
+ <discovery>2018-03-16</discovery>
+ <entry>2018-03-22</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="39a30e0a-0c34-431b-9dce-b87cab02412a">
+ <topic>Sanitize -- XSS vulnerability</topic>
+ <affects>
+ <package>
+ <name>rubygem-sanitize</name>
+ <range><lt>2.6.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Sanitize release:</p>
+ <blockquote cite="https://github.com/rgrove/sanitize/releases">
+ <p>Fixed an HTML injection vulnerability that could allow XSS.</p>
+ <p>When Sanitize <= 4.6.2 is used in combination with libxml2 >= 2.9.2,
+ a specially crafted HTML fragment can cause libxml2 to generate
+ improperly escaped output, allowing non-whitelisted attributes to be
+ used on whitelisted elements.</p>
+ <p>Sanitize now performs additional escaping on affected attributes to
+ prevent this.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://github.com/rgrove/sanitize/releases</url>
+ <url>https://github.com/rgrove/sanitize/issues/176</url>
+ <cvename>CVE-2018-3740</cvename>
+ </references>
+ <dates>
+ <discovery>2018-03-19</discovery>
+ <entry>2018-03-21</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="ba6d0c9b-f5f6-4b9b-a6de-3cce93c83220">
+ <topic>Loofah -- XSS vulnerability</topic>
+ <affects>
+ <package>
+ <name>rubygem-loofah</name>
+ <range><lt>2.2.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>GitHub issue:</p>
+ <blockquote cite="https://github.com/flavorjones/loofah/issues/144">
+ <p>This issue has been created for public disclosure of an XSS / code
+ injection vulnerability that was responsibly reported by the Shopify
+ Application Security Team.</p>
+ <p>Loofah allows non-whitelisted attributes to be present in sanitized
+ output when input with specially-crafted HTML fragments.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://github.com/flavorjones/loofah/releases</url>
+ <url>https://github.com/flavorjones/loofah/issues/144</url>
+ <cvename>CVE-2018-8048</cvename>
+ </references>
+ <dates>
+ <discovery>2018-03-15</discovery>
+ <entry>2018-03-20</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="b3edc7d9-9af5-4daf-88f1-61f68f4308c2">
+ <topic>Jupyter Notebook -- vulnerability</topic>
+ <affects>
+ <package>
+ <name>py27-notebook</name>
+ <name>py34-notebook</name>
+ <name>py35-notebook</name>
+ <name>py36-notebook</name>
+ <range><lt>5.4.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>MITRE reports:</p>
+ <blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8768">
+ <p>In Jupyter Notebook before 5.4.1, a maliciously forged notebook file
+ can bypass sanitization to execute JavaScript in the notebook context.
+ Specifically, invalid HTML is 'fixed' by jQuery after sanitization,
+ making it dangerous.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8768</url>
+ <cvename>CVE-2018-8768</cvename>
+ </references>
+ <dates>
+ <discovery>2018-03-18</discovery>
+ <entry>2018-03-19</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="928d5c59-2a5a-11e8-a712-0025908740c2">
+ <topic>SquirrelMail -- post-authentication access privileges</topic>
+ <affects>
+ <package>
+ <name>squirrelmail</name>
+ <range><le>20170705</le></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Florian Grunow reports:</p>
+ <blockquote cite="https://insinuator.net/2018/03/squirrelmail-full-disclosure-troopers18/">
+ <p> An attacker able to exploit this vulnerability can extract files
+ of the server the application is running on. This may include
+ configuration files, log files and additionally all files that are
+ readable for all users on the system. This issue is
+ post-authentication. That means an attacker would need valid
+ credentials for the application to log in or needs to exploit an
+ additional vulnerability of which we are not aware of at this point
+ of time.</p>
+ <p>An attacker would also be able to delete files on the system, if
+ the user running the application has the rights to do so.</p>
+ <p>Does this issue affect me?</p>
+ <p>Likely yes, if you are using Squirrelmail. We checked the latest
+ development version, which is 1.5.2-svn and the latest version
+ available for download at this point of time, 1.4.22. Both contain
+ the vulnerable code.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.openwall.com/lists/oss-security/2018/03/17/2</url>
+ <url>https://nvd.nist.gov/vuln/detail/CVE-2018-8741</url>
+ <cvename>CVE-2018-8741</cvename>
+ </references>
+ <dates>
+ <discovery>2017-05-21</discovery>
+ <entry>2018-03-17</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="b3e04661-2a0a-11e8-9e63-3085a9a47796">
+ <topic>slurm-wlm -- SQL Injection attacks against SlurmDBD</topic>
+ <affects>
+ <package>
+ <name>slurm-wlm</name>
+ <range><lt>17.02.10</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>SchedMD reports:</p>
+ <blockquote cite="https://lists.schedmd.com/pipermail/slurm-announce/2018/000006.html">
+ <p>Several issues were discovered with incomplete sanitization of
+ user-provided text strings, which could potentially lead to SQL
+ injection attacks against SlurmDBD itself. Such exploits could lead to a
+ loss of accounting data, or escalation of user privileges on the cluster.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2018-7033</cvename>
+ <url>https://nvd.nist.gov/vuln/detail/CVE-2018-7033</url>
+ </references>
+ <dates>
+ <discovery>2018-03-15</discovery>
+ <entry>2018-03-17</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="64ee858e-e035-4bb4-9c77-2468963dddb8">
+ <topic>libvorbis -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>libvorbis</name>
+ <range><lt>1.3.6,3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>NVD reports:</p>
+ <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-14632">
+ <p>Xiph.Org libvorbis 1.3.5 allows Remote Code Execution
+ upon freeing uninitialized memory in the function
+ vorbis_analysis_headerout() in info.c when
+ vi->channels<=0, a similar issue to Mozilla bug
+ 550184.</p>
+ </blockquote>
+ <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-14633">
+ <p>In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read
+ vulnerability exists in the function mapping0_forward() in
+ mapping0.c, which may lead to DoS when operating on a
+ crafted audio file with vorbis_analysis().</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-14632</cvename>
+ <cvename>CVE-2017-14633</cvename>
+ </references>
+ <dates>
+ <discovery>2018-03-16</discovery>
+ <entry>2018-03-16</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="7943794f-707f-4e31-9fea-3bbf1ddcedc1">
+ <topic>mozilla -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>libvorbis</name>
+ <range><lt>1.3.6,3</lt></range>
+ </package>
+ <package>
+ <name>libtremor</name>
+ <range><lt>1.2.1.s20180316</lt></range>
+ </package>
+ <package>
+ <name>firefox</name>
+ <range><lt>59.0.1,1</lt></range>
+ </package>
+ <package>
+ <name>waterfox</name>
+ <range><lt>56.0.4.36_3</lt></range>
+ </package>
+ <package>
+ <name>seamonkey</name>
+ <name>linux-seamonkey</name>
+ <range><lt>2.49.3</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>52.7.2,1</lt></range>
+ </package>
+ <package>
+ <name>linux-firefox</name>
+ <range><lt>52.7.2,2</lt></range>
+ </package>
+ <package>
+ <name>libxul</name>
+ <range><lt>52.7.3</lt></range>
+ </package>
+ <package>
+ <name>thunderbird</name>
+ <name>linux-thunderbird</name>
+ <range><lt>52.7.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Mozilla Foundation reports:</p>
+ <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/">
+ <h1>CVE-2018-5146: Out of bounds memory write in libvorbis</h1>
+ <p>An out of bounds memory write while processing Vorbis
+ audio data was reported through the Pwn2Own contest.</p>
+ <h1>CVE-2018-5147: Out of bounds memory write in libtremor</h1>
+ <p>The libtremor library has the same flaw as
+ CVE-2018-5146. This library is used by Firefox in place of
+ libvorbis on Android and ARM platforms.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2018-5146</cvename>
+ <cvename>CVE-2018-5147</cvename>
+ <url>https://www.mozilla.org/security/advisories/mfsa2018-08/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2018-09/</url>
+ </references>
+ <dates>
+ <discovery>2018-03-16</discovery>
+ <entry>2018-03-16</entry>
+ <modified>2018-03-31</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="2aa9967c-27e0-11e8-9ae1-080027ac955c">
+ <topic>e2fsprogs -- potential buffer overrun bugs in the blkid library and in the fsck program</topic>
+ <affects>
+ <package>
+ <name>e2fsprogs</name>
+ <range><lt>1.44.0</lt></range>
+ </package>
+ <package>
+ <name>e2fsprogs-libblkid</name>
+ <range><lt>1.44.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Theodore Y. Ts'o reports:</p>
+ <blockquote cite="http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.44.0">
+ <p>Fixed some potential buffer overrun bugs in the blkid library and in the fsck program.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://e2fsprogs.sourceforge.net/e2fsprogs-release.html#1.44.0</url>
+ </references>
+ <dates>
+ <discovery>2018-03-07</discovery>
+ <entry>2018-03-14</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="74daa370-2797-11e8-95ec-a4badb2f4699">
+ <topic>FreeBSD -- Speculative Execution Vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>FreeBSD-kernel</name>
+ <range><ge>11.1</ge><lt>11.1_8</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>A number of issues relating to speculative execution
+ were found last year and publicly announced January 3rd.
+ Two of these, known as Meltdown and Spectre V2, are addressed
+ here.</p>
+ <p>CVE-2017-5754 (Meltdown) - ------------------------</p>
+ <p>This issue relies on an affected CPU speculatively
+ executing instructions beyond a faulting instruction. When
+ this happens, changes to architectural state are not
+ committed, but observable changes may be left in micro-
+ architectural state (for example, cache). This may be used
+ to infer privileged data.</p>
+ <p>CVE-2017-5715 (Spectre V2) - --------------------------</p>
+ <p>Spectre V2 uses branch target injection to speculatively
+ execute kernel code at an address under the control of an
+ attacker.</p>
+ <h1>Impact:</h1>
+ <p>An attacker may be able to read secret data from the
+ kernel or from a process when executing untrusted code (for
+ example, in a web browser).</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-5715</cvename>
+ <cvename>CVE-2017-5754</cvename>
+ <freebsdsa>SA-18:03.speculative_execution</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2018-03-14</discovery>
+ <entry>2018-03-14</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="dca7ced0-2796-11e8-95ec-a4badb2f4699">
+ <topic>FreeBSD -- ipsec validation and use-after-free</topic>
+ <affects>
+ <package>
+ <name>FreeBSD-kernel</name>
+ <range><ge>11.1</ge><lt>11.1_7</lt></range>
+ <range><ge>10.4</ge><lt>10.4_7</lt></range>
+ <range><ge>10.3</ge><lt>10.3_28</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>Due to a lack of strict checking, an attacker from a
+ trusted host can send a specially constructed IP packet
+ that may lead to a system crash.</p>
+ <p>Additionally, a use-after-free vulnerability in the AH
+ handling code could cause unpredictable results.</p>
+ <h1>Impact:</h1>
+ <p>Access to out of bounds or freed mbuf data can lead to
+ a kernel panic or other unpredictable results.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2018-6916</cvename>
+ <freebsdsa>SA-18:01.ipsec</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2018-03-07</discovery>
+ <entry>2018-03-14</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="313078e3-26e2-11e8-9920-6451062f0f7a">
+ <topic>Flash Player -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>linux-flashplayer</name>
+ <range><lt>29.0.0.113</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Adobe reports:</p>
+ <blockquote cite="https://helpx.adobe.com/security/products/flash-player/apsb18-05.html">
+ <ul>
+ <li>This update resolves a use-after-free vulnerability that
+ could lead to remote code execution (CVE-2018-4919).</li>
+ <li>This update resolves a type confusion vulnerability that
+ could lead to remote code execution (CVE-2018-4920).</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2018-4919</cvename>
+ <cvename>CVE-2018-4920</cvename>
+ <url>https://helpx.adobe.com/security/products/flash-player/apsb18-05.html</url>
+ </references>
+ <dates>
+ <discovery>2018-03-13</discovery>
+ <entry>2018-03-13</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="c71cdc95-3c18-45b7-866a-af28b59aabb5">
+ <topic>mozilla -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>firefox</name>
+ <range><lt>59.0_1,1</lt></range>
+ </package>
+ <package>
+ <name>waterfox</name>
+ <range><lt>56.0.4.36_3</lt></range>
+ </package>
+ <package>
+ <name>seamonkey</name>
+ <name>linux-seamonkey</name>
+ <range><lt>2.49.3</lt></range>
+ </package>
+ <package>
+ <name>firefox-esr</name>
+ <range><lt>52.7.0,1</lt></range>
+ </package>
+ <package>
+ <name>linux-firefox</name>
+ <range><lt>52.7.0,2</lt></range>
+ </package>
+ <package>
+ <name>libxul</name>
+ <name>thunderbird</name>
+ <name>linux-thunderbird</name>
+ <range><lt>52.7.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mozilla Foundation reports:</p>
+ <blockquote cite="https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/">
+ <p>CVE-2018-5127: Buffer overflow manipulating SVG animatedPathSegList</p>
+ <p>CVE-2018-5128: Use-after-free manipulating editor selection ranges</p>
+ <p>CVE-2018-5129: Out-of-bounds write with malformed IPC messages</p>
+ <p>CVE-2018-5130: Mismatched RTP payload type can trigger memory corruption</p>
+ <p>CVE-2018-5131: Fetch API improperly returns cached copies of no-store/no-cache resources</p>
+ <p>CVE-2018-5132: WebExtension Find API can search privileged pages</p>
+ <p>CVE-2018-5133: Value of the app.support.baseURL preference is not properly sanitized</p>
+ <p>CVE-2018-5134: WebExtensions may use view-source: URLs to bypass content restrictions</p>
+ <p>CVE-2018-5135: WebExtension browserAction can inject scripts into unintended contexts</p>
+ <p>CVE-2018-5136: Same-origin policy violation with data: URL shared workers</p>
+ <p>CVE-2018-5137: Script content can access legacy extension non-contentaccessible resources</p>
+ <p>CVE-2018-5138: Android Custom Tab address spoofing through long domain names</p>
+ <p>CVE-2018-5140: Moz-icon images accessible to web content through moz-icon: protocol</p>
+ <p>CVE-2018-5141: DOS attack through notifications Push API</p>
+ <p>CVE-2018-5142: Media Capture and Streams API permissions display incorrect origin with data: and blob: URLs</p>
+ <p>CVE-2018-5143: Self-XSS pasting javascript: URL with embedded tab into addressbar</p>
+ <p>CVE-2018-5126: Memory safety bugs fixed in Firefox 59</p>
+ <p>CVE-2018-5125: Memory safety bugs fixed in Firefox 59 and Firefox ESR 52.7</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2018-5125</cvename>
+ <cvename>CVE-2018-5126</cvename>
+ <cvename>CVE-2018-5127</cvename>
+ <cvename>CVE-2018-5128</cvename>
+ <cvename>CVE-2018-5129</cvename>
+ <cvename>CVE-2018-5130</cvename>
+ <cvename>CVE-2018-5131</cvename>
+ <cvename>CVE-2018-5132</cvename>
+ <cvename>CVE-2018-5133</cvename>
+ <cvename>CVE-2018-5134</cvename>
+ <cvename>CVE-2018-5135</cvename>
+ <cvename>CVE-2018-5136</cvename>
+ <cvename>CVE-2018-5137</cvename>
+ <cvename>CVE-2018-5138</cvename>
+ <cvename>CVE-2018-5140</cvename>
+ <cvename>CVE-2018-5141</cvename>
+ <cvename>CVE-2018-5142</cvename>
+ <cvename>CVE-2018-5143</cvename>
+ <url>https://www.mozilla.org/security/advisories/mfsa2018-06/</url>
+ <url>https://www.mozilla.org/security/advisories/mfsa2018-07/</url>
+ </references>
+ <dates>
+ <discovery>2018-03-13</discovery>
+ <entry>2018-03-13</entry>
+ <modified>2018-03-16</modified>
+ </dates>
+ </vuln>
+
+ <vuln vid="fb26f78a-26a9-11e8-a1c2-00505689d4ae">
+ <topic>samba -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>samba44</name>
+ <range><lt>4.4.17</lt></range>
+ </package>
+ <package>
+ <name>samba45</name>
+ <range><lt>4.5.16</lt></range>
+ </package>
+ <package>
+ <name>samba46</name>
+ <range><lt>4.6.14</lt></range>
+ </package>
+ <package>
+ <name>samba47</name>
+ <range><lt>4.7.6</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The samba project reports:</p>
+ <blockquote cite="https://www.samba.org/samba/security/CVE-2018-1050.html">
+ <p>Missing null pointer checks may crash the external
+ print server process.</p>
+ </blockquote>
+ <blockquote cite="https://www.samba.org/samba/security/CVE-2018-1057.html">
+ <p>On a Samba 4 AD DC any authenticated user can change
+ other user's passwords over LDAP, including the
+ passwords of administrative users and service accounts.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.samba.org/samba/security/CVE-2018-1050.html</url>
+ <cvename>CVE-2018-1050</cvename>
+ <url>https://www.samba.org/samba/security/CVE-2018-1057.html</url>
+ <cvename>CVE-2018-1057</cvename>
+ </references>
+ <dates>
+ <discovery>2018-01-03</discovery>
+ <entry>2018-03-13</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="c2f107e1-2493-11e8-b3e8-001cc0382b2f">
+ <topic>mbed TLS (PolarSSL) -- remote code execution</topic>
+ <affects>
+ <package>
+ <name>mbedtls</name>
+ <range><lt>2.7.0</lt></range>
+ </package>
+ <package>
+ <name>polarssl13</name>
+ <range><lt>1.3.22</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Simon Butcher reports:</p>
+ <blockquote cite="https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01">
+ <ul>
+ <li>When the truncated HMAC extension is enabled and CBC is used,
+ sending a malicious application packet can be used to selectively
+ corrupt 6 bytes on the peer's heap, potentially leading to a
+ crash or remote code execution. This can be triggered remotely
+ from either side in both TLS and DTLS.</li>
+ <li>When RSASSA-PSS signature verification is enabled, sending a
+ maliciously constructed certificate chain can be used to cause a
+ buffer overflow on the peer's stack, potentially leading to crash
+ or remote code execution. This can be triggered remotely from
+ either side in both TLS and DTLS.</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01</url>
+ <cvename>CVE-2018-0487</cvename>
+ <cvename>CVE-2018-0488</cvename>
+ </references>
+ <dates>
+ <discovery>2018-02-05</discovery>
+ <entry>2018-03-10</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="555af074-22b9-11e8-9799-54ee754af08e">
+<topic>chromium -- vulnerability</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <range><lt>65.0.3325.146</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Google Chrome Releases reports:</p>
+ <blockquote cite="https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html">
+ <p>45 security fixes in this release:</p>
+ <ul>
+ <li>[758848] High CVE-2017-11215: Use after free in Flash. Reported by JieZeng of Tencent Zhanlu Lab on 2017-08-25</li>
+ <li>[758863] High CVE-2017-11225: Use after free in Flash. Reported by JieZeng of Tencent Zhanlu Lab on 2017-08-25</li>
+ <li>[780919] High CVE-2018-6060: Use after free in Blink. Reported by Omair on 2017-11-02</li>
+ <li>[794091] High CVE-2018-6061: Race condition in V8. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2017-12-12</li>
+ <li>[780104] High CVE-2018-6062: Heap buffer overflow in Skia. Reported by Anonymous on 2017-10-31</li>
+ <li>[789959] High CVE-2018-6057: Incorrect permissions on shared memory. Reported by Gal Beniamini of Google Project Zero on 2017-11-30</li>
+ <li>[792900] High CVE-2018-6063: Incorrect permissions on shared memory. Reported by Gal Beniamini of Google Project Zero on 2017-12-07</li>
+ <li>[798644] High CVE-2018-6064: Type confusion in V8. Reported by lokihardt of Google Project Zero on 2018-01-03</li>
+ <li>[808192] High CVE-2018-6065: Integer overflow in V8. Reported by Mark Brand of Google Project Zero on 2018-02-01</li>
+ <li>[799477] Medium CVE-2018-6066: Same Origin Bypass via canvas. Reported by Masato Kinugawa on 2018-01-05</li>
+ <li>[779428] Medium CVE-2018-6067: Buffer overflow in Skia. Reported by Ned Williamson on 2017-10-30</li>
+ <li>[779428] Medium CVE-2018-6067: Buffer overflow in Skia. Reported by Ned Williamson on 2017-10-30</li>
+ <li>[799918] Medium CVE-2018-6069: Stack buffer overflow in Skia. Reported by Wanglu and Yangkang(@dnpushme) of Qihoo360 Qex Team on 2018-01-08</li>
+ <li>[668645] Medium CVE-2018-6070: CSP bypass through extensions. Reported by Rob Wu on 2016-11-25</li>
+ <li>[777318] Medium CVE-2018-6071: Heap bufffer overflow in Skia. Reported by Anonymous on 2017-10-23</li>
+ <li>[791048] Medium CVE-2018-6072: Integer overflow in PDFium. Reported by Atte Kettunen of OUSPG on 2017-12-01</li>
+ <li>[804118] Medium CVE-2018-6073: Heap bufffer overflow in WebGL. Reported by Omair on 2018-01-20</li>
+ <li>[809759] Medium CVE-2018-6074: Mark-of-the-Web bypass. Reported by Abdulrahman Alqabandi (@qab) on 2018-02-06</li>
+ <li>[608669] Medium CVE-2018-6075: Overly permissive cross origin downloads. Reported by Inti De Ceukelaire (intigriti.com) on 2016-05-03</li>
+ <li>[758523] Medium CVE-2018-6076: Incorrect handling of URL fragment identifiers in Blink. Reported by Mateusz Krzeszowiec on 2017-08-24</li>
+ <li>[778506] Medium CVE-2018-6077: Timing attack using SVG filters. Reported by Khalil Zhani on 2017-10-26</li>
+ <li>[793628] Medium CVE-2018-6078: URL Spoof in OmniBox. Reported by Khalil Zhani on 2017-12-10</li>
+ <li>[788448] Medium CVE-2018-6079: Information disclosure via texture data in WebGL. Reported by Ivars Atteka on 2017-11-24</li>
+ <li>[792028] Medium CVE-2018-6080: Information disclosure in IPC call. Reported by Gal Beniamini of Google Project Zero on 2017-12-05</li>
+ <li>[797525] Low CVE-2018-6081: XSS in interstitials. Reported by Rob Wu on 2017-12-24</li>
+ <li>[767354] Low CVE-2018-6082: Circumvention of port blocking. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-09-21</li>
+ <li>[771709] Low CVE-2018-6083: Incorrect processing of AppManifests. Reported by Jun Kokatsu (@shhnjk) on 2017-10-04</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-11215</cvename>
+ <cvename>CVE-2017-11225</cvename>
+ <cvename>CVE-2018-6060</cvename>
+ <cvename>CVE-2018-6061</cvename>
+ <cvename>CVE-2018-6060</cvename>
+ <cvename>CVE-2018-6061</cvename>
+ <cvename>CVE-2018-6062</cvename>
+ <cvename>CVE-2018-6057</cvename>
+ <cvename>CVE-2018-6063</cvename>
+ <cvename>CVE-2018-6064</cvename>
+ <cvename>CVE-2018-6065</cvename>
+ <cvename>CVE-2018-6066</cvename>
+ <cvename>CVE-2018-6067</cvename>
+ <cvename>CVE-2018-6069</cvename>
+ <cvename>CVE-2018-6070</cvename>
+ <cvename>CVE-2018-6071</cvename>
+ <cvename>CVE-2018-6072</cvename>
+ <cvename>CVE-2018-6073</cvename>
+ <cvename>CVE-2018-6074</cvename>
+ <cvename>CVE-2018-6075</cvename>
+ <cvename>CVE-2018-6076</cvename>
+ <cvename>CVE-2018-6077</cvename>
+ <cvename>CVE-2018-6078</cvename>
+ <cvename>CVE-2018-6079</cvename>
+ <cvename>CVE-2018-6080</cvename>
+ <cvename>CVE-2018-6081</cvename>
+ <cvename>CVE-2018-6082</cvename>
+ <cvename>CVE-2018-6083</cvename>
+ <url>https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html</url>
+ </references>
+ <dates>
+ <discovery>2016-05-03</discovery>
+ <entry>2018-03-08</entry>
+ </dates>
+</vuln>
+
+ <vuln vid="c5ab620f-4576-4ad5-b51f-93e4fec9cd0e">
+ <topic>wireshark -- multiple security issues</topic>
+ <affects>
+ <package>
+ <name>wireshark</name>
+ <range><ge>2.2.0</ge><lt>2.2.13</lt></range>
+ <range><ge>2.4.0</ge><lt>2.4.5</lt></range>
+ </package>
+ <package>
+ <name>wireshark-lite</name>
+ <range><ge>2.2.0</ge><lt>2.2.13</lt></range>
+ <range><ge>2.4.0</ge><lt>2.4.5</lt></range>
+ </package>
+ <package>
+ <name>wireshark-qt5</name>
+ <range><ge>2.2.0</ge><lt>2.2.13</lt></range>
+ <range><ge>2.4.0</ge><lt>2.4.5</lt></range>
+ </package>
+ <package>
+ <name>tshark</name>
+ <range><ge>2.2.0</ge><lt>2.2.13</lt></range>
+ <range><ge>2.4.0</ge><lt>2.4.5</lt></range>
+ </package>
+ <package>
+ <name>tshark-lite</name>
+ <range><ge>2.2.0</ge><lt>2.2.13</lt></range>
+ <range><ge>2.4.0</ge><lt>2.4.5</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>wireshark developers reports:</p>
+ <blockquote cite="https://www.wireshark.org/security/">
+ <p>wnpa-sec-2018-05. IEEE 802.11 dissector crash. (CVE-2018-7335)</p>
+ <p>wnpa-sec-2018-06. Large or infinite loops in multiple dissectors. (CVE-2018-7321 through CVE-2018-7333)</p>
+ <p>wnpa-sec-2018-07. UMTS MAC dissector crash. (CVE-2018-7334)</p>
+ <p>wnpa-sec-2018-08. DOCSIS dissector crash. (CVE-2018-7337)</p>
+ <p>wnpa-sec-2018-09. FCP dissector crash. (CVE-2018-7336)</p>
+ <p>wnpa-sec-2018-10. SIGCOMP dissector crash. (CVE-2018-7320)</p>
+ <p>wnpa-sec-2018-11. Pcapng file parser crash.</p>
+ <p>wnpa-sec-2018-12. IPMI dissector crash.</p>
+ <p>wnpa-sec-2018-13. SIGCOMP dissector crash.</p>
+ <p>wnpa-sec-2018-14. NBAP dissector crash.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.wireshark.org/security/</url>
+ <url>https://www.wireshark.org/security/wnpa-sec-2018-05.html</url>
+ <url>https://www.wireshark.org/security/wnpa-sec-2018-06.html</url>
+ <url>https://www.wireshark.org/security/wnpa-sec-2018-07.html</url>
+ <url>https://www.wireshark.org/security/wnpa-sec-2018-08.html</url>
+ <url>https://www.wireshark.org/security/wnpa-sec-2018-09.html</url>
+ <url>https://www.wireshark.org/security/wnpa-sec-2018-10.html</url>
+ <url>https://www.wireshark.org/security/wnpa-sec-2018-11.html</url>
+ <url>https://www.wireshark.org/security/wnpa-sec-2018-12.html</url>
+ <url>https://www.wireshark.org/security/wnpa-sec-2018-13.html</url>
+ <url>https://www.wireshark.org/security/wnpa-sec-2018-14.html</url>
+ <cvename>CVE-2018-7320</cvename>
+ <cvename>CVE-2018-7321</cvename>
+ <cvename>CVE-2018-7322</cvename>
+ <cvename>CVE-2018-7323</cvename>
+ <cvename>CVE-2018-7324</cvename>
+ <cvename>CVE-2018-7325</cvename>
+ <cvename>CVE-2018-7326</cvename>
+ <cvename>CVE-2018-7327</cvename>
+ <cvename>CVE-2018-7328</cvename>
+ <cvename>CVE-2018-7329</cvename>
+ <cvename>CVE-2018-7330</cvename>
+ <cvename>CVE-2018-7331</cvename>
+ <cvename>CVE-2018-7332</cvename>
+ <cvename>CVE-2018-7333</cvename>
+ <cvename>CVE-2018-7334</cvename>
+ <cvename>CVE-2018-7335</cvename>
+ <cvename>CVE-2018-7336</cvename>
+ <cvename>CVE-2018-7337</cvename>
+ <cvename>CVE-2018-7417</cvename>
+ </references>
+ <dates>
+ <discovery>2018-02-23</discovery>
+ <entry>2018-03-04</entry>
+ </dates>
+ </vuln>
+
<vuln vid="2040c7f5-1e3a-11e8-8ae9-0050569f0b83">
<topic>isc-dhcp -- Multiple vulnerabilities</topic>
<affects>
@@ -403,11 +1814,13 @@
<cvename>CVE-2018-7184</cvename>
<cvename>CVE-2018-7185</cvename>
<cvename>CVE-2018-7183</cvename>
+ <freebsdsa>SA-18:02.ntp</freebsdsa>
<url>http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S</url>
</references>
<dates>
<discovery>2018-02-27</discovery>
<entry>2018-02-28</entry>
+ <modified>2018-03-14</modified>
</dates>
</vuln>
@@ -6003,6 +7416,12 @@
<name>ffmpeg</name>
<range><lt>3.3.4</lt></range>
</package>
+ <package>
+ <name>mythtv</name>
+ <name>mythtv-frontend</name>
+ <!-- mythtv-29.x has ffmpeg-3.2 -->
+ <range><lt>29.1,1</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -6031,6 +7450,7 @@
<dates>
<discovery>2017-09-11</discovery>
<entry>2017-10-12</entry>
+ <modified>2018-03-25</modified>
</dates>
</vuln>
@@ -9064,7 +10484,7 @@
</vuln>
<vuln vid="0f66b901-715c-11e7-ad1f-bcaec565249c">
- <topic>webkit2-gtk3 -- multiple vulnabilities</topic>
+ <topic>webkit2-gtk3 -- multiple vulnerabilities</topic>
<affects>
<package>
<name>webkit2-gtk3</name>
@@ -9109,6 +10529,7 @@
<dates>
<discovery>2017-07-24</discovery>
<entry>2017-07-25</entry>
+ <modified>2018-03-28</modified>
</dates>
</vuln>
@@ -13721,6 +15142,12 @@
<name>ffmpeg</name>
<range><lt>3.2.4,1</lt></range>
</package>
+ <package>
+ <name>mythtv</name>
+ <name>mythtv-frontend</name>
+ <!-- mythtv-29.x has ffmpeg-3.2 -->
+ <range><lt>29.1,1</lt></range>
+ </package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
@@ -13742,6 +15169,7 @@
<dates>
<discovery>2017-01-25</discovery>
<entry>2017-02-12</entry>
+ <modified>2018-03-25</modified>
</dates>
</vuln>
@@ -36454,8 +37882,7 @@
<name>mythtv</name>
<name>mythtv-frontend</name>
<!-- mythtv-0.27.0.20140121 has ffmpeg-1.2.2+ (snapshot, f9c8726) -->
- <!-- no known fixed version -->
- <range><ge>0</ge></range>
+ <range><le>0.27.5,1</le></range>
</package>
<package>
<name>plexhometheater</name>
@@ -36495,6 +37922,7 @@
<dates>
<discovery>2015-12-20</discovery>
<entry>2015-12-28</entry>
+ <modified>2018-03-25</modified>
</dates>
</vuln>
@@ -38325,8 +39753,7 @@
<name>mythtv</name>
<name>mythtv-frontend</name>
<!-- mythtv-0.27.0.20140121 has ffmpeg-1.2.2+ (snapshot, f9c8726) -->
- <!-- no known fixed version -->
- <range><ge>0</ge></range>
+ <range><le>0.27.5,1</le></range>
</package>
<package>
<name>plexhometheater</name>
@@ -38429,7 +39856,7 @@
<dates>
<discovery>2015-11-27</discovery>
<entry>2015-12-02</entry>
- <modified>2015-12-28</modified>
+ <modified>2018-03-25</modified>
</dates>
</vuln>
@@ -41929,8 +43356,7 @@
<name>mythtv</name>
<name>mythtv-frontend</name>
<!-- mythtv-0.27.0.20140121 has ffmpeg-1.2.2+ (snapshot, f9c8726) -->
- <!-- no known fixed version -->
- <range><ge>0</ge></range>
+ <range><le>0.27.5,1</le></range>
</package>
<package>
<name>plexhometheater</name>
@@ -42039,7 +43465,7 @@
<dates>
<discovery>2015-09-05</discovery>
<entry>2015-09-20</entry>
- <modified>2015-09-20</modified>
+ <modified>2018-03-25</modified>
</dates>
</vuln>
@@ -43140,8 +44566,7 @@
<name>mythtv</name>
<name>mythtv-frontend</name>
<!-- mythtv-0.27.0.20140121 has ffmpeg-1.2.2+ (snapshot, f9c8726) -->
- <!-- no known fixed version -->
- <range><ge>0</ge></range>
+ <range><le>0.27.5,1</le></range>
</package>
</affects>
<description>
@@ -43167,7 +44592,7 @@
<dates>
<discovery>2015-04-12</discovery>
<entry>2015-09-01</entry>
- <modified>2015-09-20</modified>
+ <modified>2018-03-25</modified>
</dates>
</vuln>
@@ -43216,8 +44641,7 @@
<name>mythtv</name>
<name>mythtv-frontend</name>
<!-- mythtv-0.27.0.20140121 has ffmpeg-1.2.2+ (snapshot, f9c8726) -->
- <!-- no known fixed version -->
- <range><ge>0</ge></range>
+ <range><le>0.27.5,1</le></range>
</package>
</affects>
<description>
@@ -43244,6 +44668,7 @@
<dates>
<discovery>2014-12-19</discovery>
<entry>2015-09-01</entry>
+ <modified>2018-03-25</modified>
</dates>
</vuln>
More information about the Midnightbsd-cvs
mailing list