OpenWrt v18.06.5 Changelog

This changelog lists all commits done in OpenWrt since the v18.06.4 tag, grouped by subsystem. The changes are chronologically ordered from top to bottom and cover the Git repository history until the tagging of the 18.06.5 release.

a68be42 scripts: ipkg-make-index.sh: dereference symbolic links (+1,-1)
0a4a82a config: introduce separate CONFIG_SIGNATURE_CHECK option (+6,-2)
dff0b21 kernel: netfilter: Add nf_tproxy_ipv{4,6} and nf_socket_ipv{4,6} (+4)
f024b4c scripts/ubinize-image.sh: fix buildbot breakage (+1,-1)

c99ceb7 tools/patch: apply upstream patch for CVE-2019-13636 (+109,-1)
dc2f2a1 tools/patch: apply upstream patch for cve-2019-13638 (+39,-1)
6f677d6 tools: mkimage: fix __u64 typedef conflict with new glibc (+1,-2)

5e3b21c musl: ldso/dlsym: fix mips returning undef dlsym (+141,-2)
09d63fb musl: Fix CVE-2019-14697 (+208,-1)

687977b kernel: bump 4.14 to 4.14.132 (+9,-9)
76d1e8a kernel: bump 4.9 to 4.9.186 (+41,-41)
df53824 kernel: bump 4.14 to 4.14.134 (+8,-8)
2807f84 kernel: bump 4.9 to 4.9.187 (+127,-272)
958411a kernel: bump 4.14 to 4.14.136 (+36,-75)
349714a kernel: bump 4.9 to 4.9.188 (+15,-15)
89808e2 kernel: bump 4.14 to 4.14.137 (+9,-9)
e058fb3 kernel: bump 4.9 to 4.9.189 (+30,-30)
09bdc14 kernel: bump 4.14 to 4.14.138 (+19,-19)
c948a74 kernel: bump 4.14 to 4.14.139 (+7,-3)
8bc800a kernel: bump 4.9 to 4.9.190 (+9,-9)
73bba47 kernel: bump 4.14 to 4.14.140 (+6,-6)
9d1cd9d kernel: bump 4.14 to 4.14.141 (+2,-2)
556f86b kernel: bump 4.9 to 4.9.191 (+5,-5)
c5ed9f4 kernel: bump 4.14 to 4.14.142 (+9,-35)
418cf09 kernel: bump 4.9 to 4.9.192 (+9,-9)
59e42f9 kernel: bump 4.14 to 4.14.143 (+3,-3)
e545808 ar71xx: Fix potentially missed IRQ handling during dispatch (+57)
745292b kernel: bump 4.9 to 4.9.193 (+15,-20)
d32cf52 kernel: bump 4.14 to 4.14.144 (+4,-4)
7e1db8f kernel: bump 4.14 to 4.14.145 (+22,-22)
3699327 kernel: bump 4.9 to 4.9.194 (+21,-21)
4acc0db kernel: bump 4.14 to 4.14.146 (+3,-3)
d513f28 kernel: bump 4.9 to 4.9.195 (+31,-33)
778243b kernel: bump 4.14 to 4.14.147 (+9,-9)
1737131 kernel: bump 4.9 to 4.9.196 (+6,-6)
9628612 kernel: bump 4.14 to 4.14.148 (+6,-6)
31181fa kernel: bump 4.14 to 4.14.149 (+107,-107)
a2fe698 kernel: Added required dependencies for socket match. (+2)
51431de kernel: bump 4.9 to 4.9.197 (+154,-145)
61df128 kernel: bump 4.14 to 4.14.150 (+3,-3)
c4a2e51 kernel: add missing symbol (+1)
700f66a kernel: mark kmod-usb-serial-wwan as hidden (+2,-2)
cdc2937 kernel: bump 4.9 to 4.9.198 (+7,-7)
e707723 kernel: bump 4.14 to 4.14.151 (+7,-7)

aced9de wireguard: bump to 0.0.20190601 (+2,-2)
e6af9c0 opkg: bump to version 2019-06-14 (+3,-3)
⇒ cb66403 libopkg: check for file size mismatches (+24)
⇒ d4ba162 libopkg: only perform size check when information is available (+5,-3)
⇒ 21b7bd7 alternatives: special-case busybox as alternatives provider (+46,-3)
⇒ dcbc142 alternatives: remove duplicate 'const' specifier (+1,-1)
627bb0b busybox: strip off ALTERNATIVES spec (+2,-14)
65a4053 omcproxy: fix compilation on little-endian CPUs (+36,-1)
0a4a82a config: introduce separate CONFIG_SIGNATURE_CHECK option (+6,-2)
30815d6 nftables: Fix compilation with uClibc-ng (+29,-1)
24967a6 libbsd: Fix compilation under ARC (+31,-1)
28dc34f xfsprogs: Replace valloc with posix_memalign (+32,-1)
2df2b75 wolfssl: fixes for CVE-2018-16870 & CVE-2019-13628 (+665,-4)
5e3b21c musl: ldso/dlsym: fix mips returning undef dlsym (+141,-2)
564d81e iptables: patch CVE-2019-11360 (security fix) (+14,-1)
f6de1fa bzip2: Fix CVE-2019-12900 (+66,-1)
952bafa openssl: bump to 1.0.2t, add maintainer (+4,-3)
2698157 mbedtls: Update to version 2.16.2 (+4,-4)
a63edb4 mbedtls: update to 2.16.3 (+35,-62)
e289a41 hostapd: SAE/EAP-pwd side-channel attack update (+397,-1)
45a2c0f hostapd: Fix AP mode PMF disconnection protection bypass (+72,-6)
a857fc2 libpcap: update to 1.9.0 (+50,-306)
96a87b9 libpcap: update to 1.9.1 (+18,-15)
3b8db97 tcpdump: update to 4.9.3 (+19,-19)
b2fba59 iptables: bump PKG_RELEASE (+1,-1)

6ee6c97 base-files: Really check path in get_mac_binary (+1,-1)
33e7bee base-files: Fix path check in get_mac_binary (+1,-1)

9d40101 ustream-ssl: backport fix for CVE-2019-5101, CVE-2019-5102 (+57,-1)

0bce1d0 usign: update to latest Git HEAD (+3,-3)
⇒ 939ec35 usign: main.c: describe necessary arguments for -G (+1,-1)
⇒ 86d3668 README: provide reference for ed25519 algorithm (+18)
⇒ 716c3f2 README: add reference to OpenBSD signify (+3)
⇒ 3e6648b README: replace unicode character (+1,-1)
⇒ 5a52b37 sha512: fix bad hardcoded constant in sha512_final() (+1,-1)

6f1a71c apm821xx: fix fan control on highest step (+1,-1)

76d1e8a kernel: bump 4.9 to 4.9.186 (+41,-41)
3699327 kernel: bump 4.9 to 4.9.194 (+21,-21)

76d1e8a kernel: bump 4.9 to 4.9.186 (+41,-41)
b7e7d22 ar71xx: fix HiveAP 121 PLL for 1000M (+1,-1)
7e4ce0c ar71xx: wpj531: fix SIG1/RSS1 LED GPIO (+1,-1)
8bc800a kernel: bump 4.9 to 4.9.190 (+9,-9)
7ac6044 ar71xx: WNR2200: remove redundant GPIO for WLAN LED (+1)
90f6af5 ar71xx: fix potential IRQ misses during dispatch for qca953x (+27)
745292b kernel: bump 4.9 to 4.9.193 (+15,-20)
3699327 kernel: bump 4.9 to 4.9.194 (+21,-21)
d513f28 kernel: bump 4.9 to 4.9.195 (+31,-33)

2807f84 kernel: bump 4.9 to 4.9.187 (+127,-272)
e058fb3 kernel: bump 4.9 to 4.9.189 (+30,-30)
d513f28 kernel: bump 4.9 to 4.9.195 (+31,-33)
0880275 brcm2708: Add feature flag rootfs-part (+1,-1)

76d1e8a kernel: bump 4.9 to 4.9.186 (+41,-41)
df53824 kernel: bump 4.14 to 4.14.134 (+8,-8)
491e839 brcm47xx: sysupgrade: fix device model detection (+2,-2)
cdc2937 kernel: bump 4.9 to 4.9.198 (+7,-7)
e707723 kernel: bump 4.14 to 4.14.151 (+7,-7)

76d1e8a kernel: bump 4.9 to 4.9.186 (+41,-41)

c5ed9f4 kernel: bump 4.14 to 4.14.142 (+9,-35)

41e3f12 imx6: bump sdma firmware to 3.4 ()
ef9c13f imx6: bump SDMA firmware to 3.5 ()

76d1e8a kernel: bump 4.9 to 4.9.186 (+41,-41)
2807f84 kernel: bump 4.9 to 4.9.187 (+127,-272)

76d1e8a kernel: bump 4.9 to 4.9.186 (+41,-41)
349714a kernel: bump 4.9 to 4.9.188 (+15,-15)
7e1db8f kernel: bump 4.14 to 4.14.145 (+22,-22)
3699327 kernel: bump 4.9 to 4.9.194 (+21,-21)

76d1e8a kernel: bump 4.9 to 4.9.186 (+41,-41)
2807f84 kernel: bump 4.9 to 4.9.187 (+127,-272)
349714a kernel: bump 4.9 to 4.9.188 (+15,-15)
3699327 kernel: bump 4.9 to 4.9.194 (+21,-21)
d513f28 kernel: bump 4.9 to 4.9.195 (+31,-33)
51431de kernel: bump 4.9 to 4.9.197 (+154,-145)

958411a kernel: bump 4.14 to 4.14.136 (+36,-75)
09bdc14 kernel: bump 4.14 to 4.14.138 (+19,-19)
7e1db8f kernel: bump 4.14 to 4.14.145 (+22,-22)

958411a kernel: bump 4.14 to 4.14.136 (+36,-75)
09bdc14 kernel: bump 4.14 to 4.14.138 (+19,-19)

3bbd16d ramips: fix mt7620 pinmux for second SPI (+4,-4)
f9dec32 ramips: remove duplicate case for MAC setup of freestation5 (-1)
2a22e41 ramips: fix D-Link DIR-615 H1 switch port mapping (+1)
2d25735 ramips: fix duplicate network setup for dlink, dir-615-h1 (-1)
778243b kernel: bump 4.14 to 4.14.147 (+9,-9)

2807f84 kernel: bump 4.9 to 4.9.187 (+127,-272)

c948a74 kernel: bump 4.14 to 4.14.139 (+7,-3)

8231f67 mac80211: brcmfmac: backport fixes from kernel 5.4 (+519,-2)
95745e2 mac80211: brcm: update brcmfmac 5.4 patches (+26,-18)
f51e2d0 mac80211: brcm: improve brcmfmac debugging of firmware crashes (+39,-1)
4b5c77c ath9k: backport dynack improvements (+300)
7393ce8 mac80211: brcmfmac: backport more kernel 5.4 changes (+283,-9)
5880dd4 mac80211: brcmfmac: backport the last 5.4 changes (+402,-1)

8a83892 packages: apply usign padding workarounds to package indexes if needed (+6,-2)

Description: Avoid conf-opkg when package config files hasn't change
Link: https://bugs.openwrt.org/index.php?do=details&task_id=1821
Commits:
700f66a kernel: mark kmod-usb-serial-wwan as hidden (+2,-2)

Description: Openwrt 18.06.2 build fails when ext4 is not chosen as output format
Link: https://bugs.openwrt.org/index.php?do=details&task_id=2166
Commits:
0880275 brcm2708: Add feature flag rootfs-part (+1,-1)

Description: DTS fo mt7620a contains reference to function that is not supported in driver
Link: https://bugs.openwrt.org/index.php?do=details&task_id=2347
Commits:
3bbd16d ramips: fix mt7620 pinmux for second SPI (+4,-4)

Description: iptables-mod-tproxy: Missing libxt_socket.so
Link: https://bugs.openwrt.org/index.php?do=details&task_id=2531
Commits:
dff0b21 kernel: netfilter: Add nf_tproxy_ipv{4,6} and nf_socket_ipv{4,6} (+4)
a2fe698 kernel: Added required dependencies for socket match. (+2)

Description: tcpdump before 4.9.3 has a heap-based buffer over-read related to aoe_print in print-aoe.c and lookup_emem in addrtoname.c.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16808
Commits:
3b8db97 tcpdump: update to 4.9.3 (+19,-19)

Description: tcpdump before 4.9.3 mishandles the printing of SMB data (issue 1 of 2).

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10103
Commits:
3b8db97 tcpdump: update to 4.9.3 (+19,-19)

Description: tcpdump before 4.9.3 mishandles the printing of SMB data (issue 2 of 2).

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10105
Commits:
3b8db97 tcpdump: update to 4.9.3 (+19,-19)

Description: The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14461
Commits:
3b8db97 tcpdump: update to 4.9.3 (+19,-19)

Description: The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14462
Commits:
3b8db97 tcpdump: update to 4.9.3 (+19,-19)

Description: The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14463
Commits:
3b8db97 tcpdump: update to 4.9.3 (+19,-19)

Description: The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14464
Commits:
3b8db97 tcpdump: update to 4.9.3 (+19,-19)

Description: The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14465
Commits:
3b8db97 tcpdump: update to 4.9.3 (+19,-19)

Description: The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14466
Commits:
3b8db97 tcpdump: update to 4.9.3 (+19,-19)

Description: The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP).

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14467
Commits:
3b8db97 tcpdump: update to 4.9.3 (+19,-19)

Description: The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14468
Commits:
3b8db97 tcpdump: update to 4.9.3 (+19,-19)

Description: The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14469
Commits:
3b8db97 tcpdump: update to 4.9.3 (+19,-19)

Description: The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14470
Commits:
3b8db97 tcpdump: update to 4.9.3 (+19,-19)

Description: The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14879
Commits:
3b8db97 tcpdump: update to 4.9.3 (+19,-19)

Description: The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14880
Commits:
3b8db97 tcpdump: update to 4.9.3 (+19,-19)

Description: The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14881
Commits:
3b8db97 tcpdump: update to 4.9.3 (+19,-19)

Description: The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14882
Commits:
3b8db97 tcpdump: update to 4.9.3 (+19,-19)

Description: The IEEE 802.11 parser in tcpdump before 4.9.3 has a buffer over-read in print-802_11.c for the Mesh Flags subfield.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16227
Commits:
3b8db97 tcpdump: update to 4.9.3 (+19,-19)

Description: The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16228
Commits:
3b8db97 tcpdump: update to 4.9.3 (+19,-19)

Description: The DCCP parser in tcpdump before 4.9.3 has a buffer over-read in print-dccp.c:dccp_print_option().

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16229
Commits:
3b8db97 tcpdump: update to 4.9.3 (+19,-19)

Description: The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16230
Commits:
3b8db97 tcpdump: update to 4.9.3 (+19,-19)

Description: The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16300
Commits:
3b8db97 tcpdump: update to 4.9.3 (+19,-19)

Description: libpcap before 1.9.1, as used in tcpdump before 4.9.3, has a buffer overflow and/or over-read because of errors in pcapng reading.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16301
Commits:
96a87b9 libpcap: update to 1.9.1 (+18,-15)
3b8db97 tcpdump: update to 4.9.3 (+19,-19)

Description: The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16451
Commits:
3b8db97 tcpdump: update to 4.9.3 (+19,-19)

Description: The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16452
Commits:
3b8db97 tcpdump: update to 4.9.3 (+19,-19)

Description: It was found that wolfssl before 3.15.7 is vulnerable to a new variant of the Bleichenbacher attack to perform downgrade attacks against TLS. This may lead to leakage of sensible data.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16870
Commits:
2df2b75 wolfssl: fixes for CVE-2018-16870 & CVE-2019-13628 (+665,-4)

Description: GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000156
Commits:
dc2f2a1 tools/patch: apply upstream patch for cve-2019-13638 (+39,-1)

Description: Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1547
Commits:
952bafa openssl: bump to 1.0.2t, add maintainer (+4,-3)

Description: OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1549
Commits:
952bafa openssl: bump to 1.0.2t, add maintainer (+4,-3)

Description: In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected 1.0.2-1.0.2s).

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1563
Commits:
952bafa openssl: bump to 1.0.2t, add maintainer (+4,-3)

Description: A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3846
Commits:
76d1e8a kernel: bump 4.9 to 4.9.186 (+41,-41)
df53824 kernel: bump 4.14 to 4.14.134 (+8,-8)

Description: An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3900
Commits:
df53824 kernel: bump 4.14 to 4.14.134 (+8,-8)
8bc800a kernel: bump 4.9 to 4.9.190 (+9,-9)

Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5101
Commits:
9d40101 ustream-ssl: backport fix for CVE-2019-5101, CVE-2019-5102 (+57,-1)

Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5102
Commits:
9d40101 ustream-ssl: backport fix for CVE-2019-5101, CVE-2019-5102 (+57,-1)

Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10207
Commits:
2807f84 kernel: bump 4.9 to 4.9.187 (+127,-272)
958411a kernel: bump 4.14 to 4.14.136 (+36,-75)

Description: A buffer overflow in iptables-restore in netfilter iptables 1.8.2 allows an attacker to (at least) crash the program or potentially gain code execution via a specially crafted iptables-save file. This is related to add_param_to_argv in xshared.c.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11360
Commits:
564d81e iptables: patch CVE-2019-11360 (security fix) (+14,-1)

Description: BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12900
Commits:
f6de1fa bzip2: Fix CVE-2019-12900 (+66,-1)

Description: wolfSSL and wolfCrypt 4.0.0 and earlier (when configured without --enable-fpecc, --enable-sp, or --enable-sp-math) contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to precisely measure the duration of signature operations, to infer information about the nonces used and potentially mount a lattice attack to recover the private key used. The issue occurs because ecc.c scalar multiplication might leak the bit length.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13628
Commits:
2df2b75 wolfssl: fixes for CVE-2018-16870 & CVE-2019-13628 (+665,-4)

Description: In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13636
Commits:
c99ceb7 tools/patch: apply upstream patch for CVE-2019-13636 (+109,-1)

Description: GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13638
Commits:
dc2f2a1 tools/patch: apply upstream patch for cve-2019-13638 (+39,-1)

Description: In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a sigreturn() system call that sends a crafted signal frame. This affects arch/powerpc/kernel/signal_32.c and arch/powerpc/kernel/signal_64.c.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13648
Commits:
2807f84 kernel: bump 4.9 to 4.9.187 (+127,-272)
958411a kernel: bump 4.14 to 4.14.136 (+36,-75)

Description: musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14697
Commits:
09d63fb musl: Fix CVE-2019-14697 (+208,-1)

Description: There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14814
Commits:
3699327 kernel: bump 4.9 to 4.9.194 (+21,-21)
4acc0db kernel: bump 4.14 to 4.14.146 (+3,-3)

Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14815
Commits:
3699327 kernel: bump 4.9 to 4.9.194 (+21,-21)
4acc0db kernel: bump 4.14 to 4.14.146 (+3,-3)

Description: There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14816
Commits:
3699327 kernel: bump 4.9 to 4.9.194 (+21,-21)
4acc0db kernel: bump 4.14 to 4.14.146 (+3,-3)

Description: An out-of-bounds access issue was found in the Linux kernel, all versions through 5.3, in the way Linux kernel's KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer 'struct kvm_coalesced_mmio' object, wherein write indices 'ring->first' and 'ring->last' value could be supplied by a host user-space process. An unprivileged host user or process with access to '/dev/kvm' device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14821
Commits:
3699327 kernel: bump 4.9 to 4.9.194 (+21,-21)
4acc0db kernel: bump 4.14 to 4.14.146 (+3,-3)

Description: In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users' processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15030
Commits:
745292b kernel: bump 4.9 to 4.9.193 (+15,-20)
d32cf52 kernel: bump 4.14 to 4.14.144 (+4,-4)

Description: rpcapd/daemon.c in libpcap before 1.9.1 mishandles certain length values because of reuse of a variable. This may open up an attack vector involving extra data at the end of a request.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15161
Commits:
96a87b9 libpcap: update to 1.9.1 (+18,-15)

Description: rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides details about why authentication failed, which might make it easier for attackers to enumerate valid usernames.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15162
Commits:
96a87b9 libpcap: update to 1.9.1 (+18,-15)

Description: rpcapd/daemon.c in libpcap before 1.9.1 allows attackers to cause a denial of service (NULL pointer dereference and daemon crash) if a crypt() call fails.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15163
Commits:
96a87b9 libpcap: update to 1.9.1 (+18,-15)

Description: rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may be provided as a capture source.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15164
Commits:
96a87b9 libpcap: update to 1.9.1 (+18,-15)

Description: sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15165
Commits:
96a87b9 libpcap: update to 1.9.1 (+18,-15)

Description: lmp_print_data_link_subobjs() in print-lmp.c in tcpdump before 4.9.3 lacks certain bounds checks.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15166
Commits:
3b8db97 tcpdump: update to 4.9.3 (+19,-19)

Description: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15167
Commits:
3b8db97 tcpdump: update to 4.9.3 (+19,-19)

Description: hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range.

Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16275
Commits:
45a2c0f hostapd: Fix AP mode PMF disconnection protection bypass (+72,-6)