Arch Linux 805 Published by

The following security updates has been released for Arch Linux:

ASA-201807-1: gitlab: multiple issues
ASA-201807-2: git-annex: multiple issues



ASA-201807-1: gitlab: multiple issues

Arch Linux Security Advisory ASA-201807-1
=========================================

Severity: Medium
Date : 2018-07-04
CVE-ID : CVE-2018-3740 CVE-2018-12606 CVE-2018-12607
Package : gitlab
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-726

Summary
=======

The package gitlab before version 11.0.1-1 is vulnerable to multiple
issues including cross-site scripting and insufficient validation.

Resolution
==========

Upgrade to 11.0.1-1.

# pacman -Syu "gitlab>=11.0.1-1"

The problems have been fixed upstream in version 11.0.1.

Workaround
==========

None.

Description
===========

- CVE-2018-3740 (insufficient validation)

A specially crafted HTML fragment can cause Sanitize gem for Ruby to
allow non-whitelisted attributes to be used on a whitelisted HTML
element.

- CVE-2018-12606 (cross-site scripting)

The wiki contains a persistent XSS issue due to a lack of output
encoding affecting a specific markdown feature.

- CVE-2018-12607 (cross-site scripting)

The charts feature contained a persistent XSS issue due to a lack of
output encoding.

Impact
======

An attacker is able to use a GitLab server to execute malicious
Javascript code on its users via a crafted HTML chart or specific
markdown features.

References
==========

https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/
https://security.archlinux.org/CVE-2018-3740
https://security.archlinux.org/CVE-2018-12606
https://security.archlinux.org/CVE-2018-12607


ASA-201807-2: git-annex: multiple issues

Arch Linux Security Advisory ASA-201807-2
=========================================

Severity: High
Date : 2018-07-04
CVE-ID : CVE-2018-10857 CVE-2018-10859
Package : git-annex
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-725

Summary
=======

The package git-annex before version 6.20180626-1 is vulnerable to
multiple issues including arbitrary filesystem access and information
disclosure.

Resolution
==========

Upgrade to 6.20180626-1.

# pacman -Syu "git-annex>=6.20180626-1"

The problems have been fixed upstream in version 6.20180626.

Workaround
==========

None.

Description
===========

- CVE-2018-10857 (arbitrary filesystem access)

Some uses of git-annex were vulnerable to a private data exposure and
exfiltration attack. It could expose the content of files located
outside the git-annex repository, or content from a private web server
on localhost or the LAN.

- CVE-2018-10859 (information disclosure)

A malicious server for a special remote could trick git-annex into
decrypting a file that was encrypted to the user's gpg key. This attack
could be used to expose encrypted data that was never stored in git-
annex

Impact
======

A remote attacker is able to read arbitrary files on the filesystem or
decrypt encrypted files by modifying the git-annex repository.

References
==========

https://git-annex.branchable.com/security/CVE-2018-10857_and_CVE-2018-10859/
https://git.joeyh.name/index.cgi/git-annex.git/commit/?id=b54b2cdc0ef1373fc200c0d28fded3c04fd57212
https://security.archlinux.org/CVE-2018-10857
https://security.archlinux.org/CVE-2018-10859