hello rohara, thank you for your work! i assume you have mixed up CVE-2018-19047 with CVE-2018-19115 in the description at the top. CVE-2018-19047 concerns mPDF and is currently disputed:
CVE-2018-19047: DISPUTED mPDF through 7.1.6, if deployed as a web application that accepts arbitrary HTML, allows SSRF, as demonstrated by a '<img src="http://192.168' substring that triggers a call to getImage in Image/ImageProcessor.php. NOTE: the software maintainer disputes this, stating "If you allow users to pass HTML without sanitising it, you're asking for trouble."
is that right?
Hello csnyder , thank you for your work! I would like to know if CVE-2017-2663 is fixed within this release or if it already has been fixed in a previous release as the last vulnerable Version of subscription-manager was 1.19.3 and now we are at 1.21.5
Sorry my mistake, I wrote since 6.2.2 but i meant 6.2.22 (which is the last fedora package before this security update). The security fix from Version 6.2.20 you mentioned was already referenced in the 6.2.22 release (see https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-4255a1292d)
hello remi, since 6.2.2 which was the prior fedora package (see https://bodhi.fedoraproject.org/updates/?packages=php-tcpdf) there have been the fixes: Version 6.2.25: Fix support for image URLs. Version 6.2.24: Support remote urls when checking if file exists. Version 6.2.23: Simplify file_exists function.
Do you know which of these fixes is a security fix?
the vulnerability CVE-2018-1000520 is documented in issue #1561 on github: https://github.com/ARMmbed/mbedtls/issues/1561 This vulnerability is about accepting a certificate which should not be accepted and is still open.
However regarding the release notes of ARM mbedTLS https://github.com/ARMmbed/mbedtls/releases/tag/mbedtls-2.7.6 the security fix is: Fixed an issue in the X.509 module which could lead to a buffer overread during certificate extensions parsing. A read of one byte beyond the limit of the input buffer was made, when the extensions length field was zero. Found by Nathan Crandall.
This is clearly something different, so my question is which vulnerabilities have been fixed in this security update? Is it just CVE-2018-1000520 or the one from the release notes without CVE identifier or both?
hello kevin, according to the announcement you posted, there are four vulnerabilities fixed:
Four CVE security bug fixes are included in this release for PDFInfo.pm and the SA core: CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 & CVE-2018-11781
So is CVE-2016-1238 also included in this security update?
hello @clime, This is the first release marked as a security release. Right know I can only identify commit https://pagure.io/copr/copr/c/713effa6c7e3a241ad0fd78e27cf0e8af23a6629?branch=master as a security fix. I do not understand the impact of this vulnerability. What exactly could an attacker do with a new webhook secret? Would this invalidate other webhook secrets? From which position could an attacker leverage this vulnerability? Are there other security fixes in this release?
hello mschorm, CVE-2018-3081 has already been fixed in the official mariadb release 10.2.15 (https://mariadb.com/kb/en/library/mariadb-10215-release-notes/). The official Release 10.2.17 fixes only5 of the 6 cves you mentioned (https://mariadb.com/kb/en/library/mariadb-10217-release-notes/). So is CVE-2018-3081 really fixed with this security update or was it already fixed? I could not find any reference to this cve in the fedora release 10.2.15 (https://bodhi.fedoraproject.org/updates/FEDORA-2018-86026275ea).
hello jgrulich, thank you for your effort!
tldr: Which CPEs have been fixed with this release?
I am confused regarding which CVEs have been fixed in this release. The related Bugs reference 14 CVEs: CVE-2017-17669, CVE-2017-17724, CVE-2017-9953, CVE-2018-10958, CVE-2018-10998, CVE-2018-10999, CVE-2018-11037, CVE-2018-12264, CVE-2018-12265, CVE-2018-14046, CVE-2018-9144, CVE-2018-9145, CVE-2018-9146, CVE-2018-9305
However, the Chanelog (https://koji.fedoraproject.org/koji/search?terms=exiv2-0.26-12.fc28&type=build&match=glob) suggests that these CVEs have been fixed: CVE-2017-17723, CVE-2017-17725, CVE-2018-10958, CVE-2018-10998, CVE-2018-11531, CVE-2018-12264, CVE-2018-12265, CVE-2018-14046, CVE-2018-5772, CVE-2018-8976, CVE-2018-8977, CVE-2018-9144.
The 5 CVEs CVE-2018-10958, CVE-2018-10998, CVE-2018-12264, CVE-2018-12265, CVE-2018-14046 are referenced in the reladet bugs and the changelog.
The 3 CVEs CVE-2017-17723, CVE-2017-17725, CVE-2018-5772 referenced in the changelog have already been addressed in a previous exiv release (see FEDORA-2018-fc9c5969b4).
hello ajax I am confused, does this update fix CVE-2017-11333, CVE-2017-11735, CVE-2017-14160, CVE-2017-14632, CVE-2017-14633, CVE-2018-10392 and CVE-2018-10393? Or just CVE-2017-14160, CVE-2018-10392, CVE-2018-10393 as mentioned above?
hello rcritten, Thank you for your effort! Reading the release notes of version 4.6.4 (https://www.freeipa.org/page/Releases/4.6.4) I cannot see which vulnerability(ies) have been fixed in this release. However you tagged this update as security update. Do you know of any vulnerability(ies) that have been fixed?