Arch Linux 804 Published by

The following security advisories has been published for Arch Linux:

ASA-201802-11: phpmyadmin: cross-site scripting
ASA-201802-12: wavpack: arbitrary code execution
ASA-201802-13: lib32-wavpack: arbitrary code execution
ASA-201802-14: unixodbc: arbitrary code execution



ASA-201802-11: phpmyadmin: cross-site scripting


Arch Linux Security Advisory ASA-201802-11
==========================================

Severity: Medium
Date : 2018-02-23
CVE-ID : CVE-2018-7260
Package : phpmyadmin
Type : cross-site scripting
Remote : Yes
Link : https://security.archlinux.org/AVG-630

Summary
=======

The package phpmyadmin before version 4.7.8-1 is vulnerable to cross-
site scripting.

Resolution
==========

Upgrade to 4.7.8-1.

# pacman -Syu "phpmyadmin>=4.7.8-1"

The problem has been fixed upstream in version 4.7.8.

Workaround
==========

None.

Description
===========

Cross-site scripting (XSS) vulnerability in db_central_columns.php in
phpMyAdmin before 4.7.8 allows remote authenticated users to inject
arbitrary web script or HTML via a crafted URL.

Impact
======

A remote authenticated attacker is able to inject arbitrary javascript
via a crafted URL.

References
==========

https://udiniya.wordpress.com/2018/02/21/a-tale-of-stealing-session-cookie-in-phpmyadmin/
https://www.phpmyadmin.net/security/PMASA-2018-1/
https://github.com/phpmyadmin/phpmyadmin/commit/d2886a3e8745e8845633ae8a0054b5ee4d8babd5
https://security.archlinux.org/CVE-2018-7260

ASA-201802-12: wavpack: arbitrary code execution


Arch Linux Security Advisory ASA-201802-12
==========================================

Severity: High
Date : 2018-02-23
CVE-ID : CVE-2018-6767 CVE-2018-7253 CVE-2018-7254
Package : wavpack
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-631

Summary
=======

The package wavpack before version 5.1.0-2 is vulnerable to arbitrary
code execution.

Resolution
==========

Upgrade to 5.1.0-2.

# pacman -Syu "wavpack>=5.1.0-2"

The problems have been fixed upstream in version 5.1.0.

Workaround
==========

None.

Description
===========

- CVE-2018-6767 (arbitrary code execution)

A stack-based buffer over-read in the ParseRiffHeaderConfig function of
cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a
denial-of-service attack or possibly have unspecified other impact via
a maliciously crafted RF64 file.

- CVE-2018-7253 (arbitrary code execution)

The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of
WavPack 5.1.0 allows a remote attacker to cause a denial-of-service
(heap-based buffer over-read) or possibly overwrite the heap via a
maliciously crafted DSDIFF file.

- CVE-2018-7254 (arbitrary code execution)

The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack
5.1.0 allows a remote attacker to cause a denial-of-service (global
buffer over-read), or possibly trigger a buffer overflow or incorrect
memory allocation, via a maliciously crafted CAF file.

Impact
======

A remote attacker is able to execute arbitrary code on the affected
host via maliciously crafted files.

References
==========

https://bugs.archlinux.org/task/57609
https://github.com/dbry/WavPack/commit/d5bf76b5a88d044a1be1d5656698e3ba737167e5
https://github.com/dbry/WavPack/issues/27
https://github.com/dbry/WavPack/commit/36a24c7881427d2e1e4dc1cef58f19eee0d13aec
https://github.com/dbry/WavPack/issues/28
https://github.com/dbry/WavPack/commit/8e3fe45a7bac31d9a3b558ae0079e2d92a04799e
https://github.com/dbry/WavPack/issues/26
https://security.archlinux.org/CVE-2018-6767
https://security.archlinux.org/CVE-2018-7253
https://security.archlinux.org/CVE-2018-7254

ASA-201802-13: lib32-wavpack: arbitrary code execution


Arch Linux Security Advisory ASA-201802-13
==========================================

Severity: High
Date : 2018-02-23
CVE-ID : CVE-2018-6767 CVE-2018-7253 CVE-2018-7254
Package : lib32-wavpack
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-634

Summary
=======

The package lib32-wavpack before version 5.1.0-2 is vulnerable to
arbitrary code execution.

Resolution
==========

Upgrade to 5.1.0-2.

# pacman -Syu "lib32-wavpack>=5.1.0-2"

The problems have been fixed upstream in version 5.1.0.

Workaround
==========

None.

Description
===========

- CVE-2018-6767 (arbitrary code execution)

A stack-based buffer over-read in the ParseRiffHeaderConfig function of
cli/riff.c file of WavPack 5.1.0 allows a remote attacker to cause a
denial-of-service attack or possibly have unspecified other impact via
a maliciously crafted RF64 file.

- CVE-2018-7253 (arbitrary code execution)

The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of
WavPack 5.1.0 allows a remote attacker to cause a denial-of-service
(heap-based buffer over-read) or possibly overwrite the heap via a
maliciously crafted DSDIFF file.

- CVE-2018-7254 (arbitrary code execution)

The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack
5.1.0 allows a remote attacker to cause a denial-of-service (global
buffer over-read), or possibly trigger a buffer overflow or incorrect
memory allocation, via a maliciously crafted CAF file.

Impact
======

A remote attacker is able to execute arbitrary code on the affected
host via maliciously crafted files.

References
==========

https://bugs.archlinux.org/task/57609
https://github.com/dbry/WavPack/commit/d5bf76b5a88d044a1be1d5656698e3ba737167e5
https://github.com/dbry/WavPack/issues/27
https://github.com/dbry/WavPack/commit/36a24c7881427d2e1e4dc1cef58f19eee0d13aec
https://github.com/dbry/WavPack/issues/28
https://github.com/dbry/WavPack/commit/8e3fe45a7bac31d9a3b558ae0079e2d92a04799e
https://github.com/dbry/WavPack/issues/26
https://security.archlinux.org/CVE-2018-6767
https://security.archlinux.org/CVE-2018-7253
https://security.archlinux.org/CVE-2018-7254

ASA-201802-14: unixodbc: arbitrary code execution


Arch Linux Security Advisory ASA-201802-14
==========================================

Severity: High
Date : 2018-02-23
CVE-ID : CVE-2018-7409
Package : unixodbc
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-627

Summary
=======

The package unixodbc before version 2.3.5-1 is vulnerable to arbitrary
code execution.

Resolution
==========

Upgrade to 2.3.5-1.

# pacman -Syu "unixodbc>=2.3.5-1"

The problem has been fixed upstream in version 2.3.5.

Workaround
==========

None.

Description
===========

In unixODBC before 2.3.5, there is a buffer overflow in the
unicode_to_ansi_copy() function in DriverManager/__info.c possibly
leading to arbitrary code execution.

Impact
======

A remote attacker is able to execute arbitrary code on the affected
host.

References
==========

https://security.archlinux.org/CVE-2018-7409