Arch Linux 804 Published by

The following security advisories has been published for Arch Linux:

ASA-201801-12: irssi: denial of service
ASA-201801-13: transmission-cli: arbitrary command execution
ASA-201801-14: nrpe: arbitrary command execution
ASA-201801-15: perl-xml-libxml: arbitrary code execution
ASA-201801-16: bind: denial of service



ASA-201801-12: irssi: denial of service

Arch Linux Security Advisory ASA-201801-12
==========================================

Severity: Medium
Date : 2018-01-16
CVE-ID : CVE-2018-5205 CVE-2018-5206 CVE-2018-5207 CVE-2018-5208
Package : irssi
Type : denial of service
Remote : Yes
Link : https://security.archlinux.org/AVG-575

Summary
=======

The package irssi before version 1.0.6-1 is vulnerable to denial of
service.

Resolution
==========

Upgrade to 1.0.6-1.

# pacman -Syu "irssi>=1.0.6-1"

The problems have been fixed upstream in version 1.0.6.

Workaround
==========

None.

Description
===========

- CVE-2018-5205 (denial of service)

When using incomplete escape codes, irssi before 1.0.6 may access data
beyond the end of the string.

- CVE-2018-5206 (denial of service)

When the channel topic is set without specifying a sender, irssi before
1.0.6 may dereference a NULL pointer.

- CVE-2018-5207 (denial of service)

When using an incomplete variable argument, irssi before 1.0.6 may
access data beyond the end of the string.

- CVE-2018-5208 (denial of service)

In Irssi before 1.0.6 a calculation error in the completion code could
cause a heap buffer overflow when completing certain strings.

Impact
======

A remote attacker is able to crash the application via a malicious
server or by tricking a user to use malicious commands.

References
==========

http://www.openwall.com/lists/oss-security/2018/01/06/2
https://irssi.org/security/irssi_sa_2018_01.txt
https://github.com/irssi/irssi/commit/7a83c63701b7395ee6cc606905314318eef77971
https://github.com/irssi/irssi/commit/54d453623d879ea83d0818a80bd14151192953ec
https://github.com/irssi/irssi/commit/cc17837a9b326ec9100a35981348fa0f5d6316fa
https://github.com/irssi/irssi/commit/2361d4b1e5d38701f35146219ceddd318ac4e645
https://security.archlinux.org/CVE-2018-5205
https://security.archlinux.org/CVE-2018-5206
https://security.archlinux.org/CVE-2018-5207
https://security.archlinux.org/CVE-2018-5208


ASA-201801-13: transmission-cli: arbitrary command execution

Arch Linux Security Advisory ASA-201801-13
==========================================

Severity: High
Date : 2018-01-17
CVE-ID : CVE-2018-5702
Package : transmission-cli
Type : arbitrary command execution
Remote : Yes
Link : https://security.archlinux.org/AVG-588

Summary
=======

The package transmission-cli before version 2.92-8 is vulnerable to
arbitrary command execution.

Resolution
==========

Upgrade to 2.92-8.

# pacman -Syu "transmission-cli>=2.92-8"

The problem has been fixed upstream but no release is available yet.

Workaround
==========

Enable authentication in the transmission-daemon using a strong
password.

Description
===========

The transmission-daemon in Transmission before 2.93 relies on
X-Transmission-Session-Id (which is not a forbidden header for Fetch)
for access control, which allows remote attackers to execute arbitrary
RPC commands, and consequently write to arbitrary files, via POST
requests to /transmission/rpc in conjunction with a DNS rebinding
attack.

Impact
======

A remote attacker is able to execute arbitrary RPC commands and
consequently write to arbitrary files by tricking a user into visiting
a malicious website.

References
==========

https://bugs.archlinux.org/task/57086
http://www.openwall.com/lists/oss-security/2018/01/12/1
https://bugs.chromium.org/p/project-zero/issues/detail?id=1447
https://github.com/transmission/transmission/commit/eb5d1a79cbe1b9bc5b22fdcc598694ecd4d02f43
https://github.com/transmission/transmission/pull/468
https://security.archlinux.org/CVE-2018-5702


ASA-201801-14: nrpe: arbitrary command execution

Arch Linux Security Advisory ASA-201801-14
==========================================

Severity: High
Date : 2018-01-18
CVE-ID : CVE-2013-1362 CVE-2014-2913
Package : nrpe
Type : arbitrary command execution
Remote : Yes
Link : https://security.archlinux.org/AVG-587

Summary
=======

The package nrpe before version 3.2.1-3 is vulnerable to arbitrary
command execution.

Resolution
==========

Upgrade to 3.2.1-3.

# pacman -Syu "nrpe>=3.2.1-3"

The problems have been fixed upstream but no release is available yet.

Workaround
==========

Ensure the "dont_blame_nrpe" option in nrpe.conf is disabled.

Description
===========

- CVE-2013-1362 (arbitrary command execution)

Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In
Executor (NRPE) might allow remote attackers to execute arbitrary shell
commands via "$()" shell metacharacters, which are processed by bash.

- CVE-2014-2913 (arbitrary command execution)

Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin
Executor (NRPE) 2.15 and earlier allows remote attackers to execute
arbitrary commands via a newline character in the -a option to
libexec/check_nrpe.

Impact
======

A remote attacker is able to execute arbitrary commands on the affected
host by passing malicious command arguments via check_nrpe.

References
==========

https://bugs.archlinux.org/task/57120
http://seclists.org/bugtraq/2013/Feb/119
https://github.com/NagiosEnterprises/nrpe/commit/eaaebb3c2925f9aee74319b61264ee535784b859
http://seclists.org/fulldisclosure/2014/Apr/240
http://seclists.org/oss-sec/2014/q2/154
https://security.archlinux.org/CVE-2013-1362
https://security.archlinux.org/CVE-2014-2913

ASA-201801-15: perl-xml-libxml: arbitrary code execution


Arch Linux Security Advisory ASA-201801-15
==========================================

Severity: High
Date : 2018-01-18
CVE-ID : CVE-2017-10672
Package : perl-xml-libxml
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-501

Summary
=======

The package perl-xml-libxml before version 2.0130-1 is vulnerable to
arbitrary code execution.

Resolution
==========

Upgrade to 2.0130-1.

# pacman -Syu "perl-xml-libxml>=2.0130-1"

The problem has been fixed upstream in version 2.0130.

Workaround
==========

None.

Description
===========

A use-after-free vulnerability has been discovered in the perl XML-
LibXML module before 2.0130 which allows remote attackers to execute
arbitrary code by controlling the arguments to a replaceChild call.

Impact
======

A remote attacker is able to execute arbitrary code on the affected
host by controlling the arguments to a replaceChild call.

References
==========

https://bugs.archlinux.org/task/56377
https://rt.cpan.org/Public/Bug/Display.html?id=122246
https://security.archlinux.org/CVE-2017-10672

ASA-201801-16: bind: denial of service

Arch Linux Security Advisory ASA-201801-16
==========================================

Severity: High
Date : 2018-01-18
CVE-ID : CVE-2017-3145
Package : bind
Type : denial of service
Remote : Yes
Link : https://security.archlinux.org/AVG-589

Summary
=======

The package bind before version 9.11.2.P1-1 is vulnerable to denial of
service.

Resolution
==========

Upgrade to 9.11.2.P1-1.

# pacman -Syu "bind>=9.11.2.P1-1"

The problem has been fixed upstream in version 9.11.2.P1.

Workaround
==========

None.

Description
===========

A use-after-free flaw leading to denial of service was found in the way
BIND before 9.11.2.P1, 9.10.6-P1 and 9.9.11-P1 internally handled
cleanup operations on upstream recursion fetch contexts. A remote
attacker could potentially use this flaw to make named, acting as a
DNSSEC validating resolver, exit unexpectedly with an assertion failure
via a specially crafted DNS request.

Impact
======

A remote attacker is able to crash named while acting as a DNSSEC
validating resolver via a specially crafted DNS request.

References
==========

https://kb.isc.org/article/AA-01542
https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=053b51c4dbd28f6e4de71ce4268a6f606025d76d
https://security.archlinux.org/CVE-2017-3145