Arch Linux 805 Published by

The following security updates are available for Arch Linux:

ASA-201904-1: evolution: content spoofing
ASA-201904-2: gnutls: multiple issues
ASA-201904-3: apache: multiple issues
ASA-201904-4: thunderbird: arbitrary code execution



ASA-201904-1: evolution: content spoofing

Arch Linux Security Advisory ASA-201904-1
=========================================

Severity: High
Date : 2019-04-02
CVE-ID : CVE-2018-15587
Package : evolution
Type : content spoofing
Remote : Yes
Link : https://security.archlinux.org/AVG-889

Summary
=======

The package evolution before version 3.32.0-1 is vulnerable to content
spoofing.

Resolution
==========

Upgrade to 3.32.0-1.

# pacman -Syu "evolution>=3.32.0-1"

The problem has been fixed upstream in version 3.32.0.

Workaround
==========

None.

Description
===========

GNOME Evolution through 3.28.2 is prone to OpenPGP signatures being
spoofed for arbitrary messages using a specially crafted email that
contains a valid signature from the entity to be impersonated as an
attachment.

Impact
======

A remote attacker can spoof a valid signature for a specially crafted
e-mail.

References
==========

https://bugzilla.gnome.org/show_bug.cgi?id=796424
https://gitlab.gnome.org/GNOME/evolution/issues/120
https://security.archlinux.org/CVE-2018-15587

ASA-201904-2: gnutls: multiple issues

Arch Linux Security Advisory ASA-201904-2
=========================================

Severity: Critical
Date : 2019-04-05
CVE-ID : CVE-2019-3829 CVE-2019-3836
Package : gnutls
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-945

Summary
=======

The package gnutls before version 3.6.7-1 is vulnerable to multiple
issues including arbitrary code execution and denial of service.

Resolution
==========

Upgrade to 3.6.7-1.

# pacman -Syu "gnutls>=3.6.7-1"

The problems have been fixed upstream in version 3.6.7.

Workaround
==========

None.

Description
===========

- CVE-2019-3829 (arbitrary code execution)

A critical memory corruption vulnerability has been found in GnuTLS
versions prior to 3.6.7, in any API backed by verify_crt(), including
gnutls_x509_trust_list_verify_crt() and related routines. Any client or
server that verifies X.509 certificates with GnuTLS is likely affected
and can be compromised by a malicious server or active network
attacker.

- CVE-2019-3836 (denial of service)

An invalid pointer access via malformed TLS1.3 async messages has been
found in GnuTLS versions prior to 3.6.7.

Impact
======

A remote attacker can execute arbitrary code on a client or server
validating certificates.

References
==========

https://lists.gnupg.org/pipermail/gnutls-help/2019-March/004497.html
https://gitlab.com/gnutls/gnutls/issues/694
https://gitlab.com/gnutls/gnutls/issues/704
https://security.archlinux.org/CVE-2019-3829
https://security.archlinux.org/CVE-2019-3836

ASA-201904-3: apache: multiple issues


Arch Linux Security Advisory ASA-201904-3
=========================================

Severity: Critical
Date : 2019-04-05
CVE-ID : CVE-2019-0196 CVE-2019-0197 CVE-2019-0211 CVE-2019-0215
CVE-2019-0217 CVE-2019-0220
Package : apache
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-946

Summary
=======

The package apache before version 2.4.39-1 is vulnerable to multiple
issues including privilege escalation, access restriction bypass and
denial of service.

Resolution
==========

Upgrade to 2.4.39-1.

# pacman -Syu "apache>=2.4.39-1"

The problems have been fixed upstream in version 2.4.39.

Workaround
==========

None.

Description
===========

- CVE-2019-0196 (denial of service)

A use-after-free issue has been found in the http/2 request handling
code of Apache HTTPd

ASA-201904-4: thunderbird: arbitrary code execution


Arch Linux Security Advisory ASA-201904-4
=========================================

Severity: Critical
Date : 2019-04-06
CVE-ID : CVE-2019-9810 CVE-2019-9813
Package : thunderbird
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-947

Summary
=======

The package thunderbird before version 60.6.1-1 is vulnerable to
arbitrary code execution.

Resolution
==========

Upgrade to 60.6.1-1.

# pacman -Syu "thunderbird>=60.6.1-1"

The problems have been fixed upstream in version 60.6.1.

Workaround
==========

None.

Description
===========

- CVE-2019-9810 (arbitrary code execution)

An incorrect alias information in the IonMonkey JIT compiler of Firefox
before 66.0.1 and Thunderbird before 60.6.1 for the
Array.prototype.slice method may lead to missing bounds check and a
buffer overflow.

- CVE-2019-9813 (arbitrary code execution)

An incorrect handling of __proto__ mutations may lead to type confusion
in the IonMonkey JIT code of Firefox before 66.0.1 and Thunderbird
before 60.6.1, and can be leveraged for arbitrary memory read and
write.

Impact
======

A remote attacker can execute arbitrary code on the affected host.

References
==========

https://www.mozilla.org/en-US/security/advisories/mfsa2019-12/
https://www.mozilla.org/en-US/security/advisories/mfsa2019-09/#CVE-2019-9810
https://www.mozilla.org/en-US/security/advisories/mfsa2019-12/#CVE-2019-9810
https://bugzilla.mozilla.org/show_bug.cgi?id=1537924
https://www.mozilla.org/en-US/security/advisories/mfsa2019-09/#CVE-2019-9813
https://www.mozilla.org/en-US/security/advisories/mfsa2019-12/#CVE-2019-9813
https://bugzilla.mozilla.org/show_bug.cgi?id=1538006
https://security.archlinux.org/CVE-2019-9810
https://security.archlinux.org/CVE-2019-9813