Security fixes from 2017-02-07 23:45 UTC
14 views
Skip to first unread message
Graham Christensen
Feb 7, 2017, 6:47:20 PM2/7/17
to nix-securi...@googlegroups.com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
The following issues have been resolved in NixOS in release-16.09 and
unstable. They remain potentially vulnerable on older major
releases.
These patches will be released to the unstable and
release-16.09 channels when Hydra finishes building the "tested" job
for each channel:
- https://hydra.nixos.org/job/nixos/release-16.09/tested
- https://hydra.nixos.org/job/nixos/trunk-combined/tested
Please consider helping with the next security roundup by commenting on
https://github.com/NixOS/nixpkgs/issues/22342. Special thank you to
@joachifm and @shlevy for stepping up at the end to finish it off.
The following changes were applied to release-16.09:
0ccddb4 jbig2dec: patch for CVE-2016-9601
> Upstream bug: https://bugs.ghostscript.com/show_bug.cgi?id=697457
512af01 jbig2dec: 0.11 -> 0.13, new upstream location
ff7777b ming: Mark broken.
> From the Debian-LTS advisory:
>
> Multiple security issues have been found in Ming. They may lead to the
> execution of arbitrary code or causing application crash.
>
> CVE-2016-9264: global-buffer-overflow in printMP3Headers
>
> CVE-2016-9265: divide-by-zero in printMP3Headers
>
> CVE-2016-9266: left shift in listmp3.c
>
> CVE-2016-9827: listswf: heap-based buffer overflow in _iprintf
>
> CVE-2016-9828: listswf: heap-based buffer overflow in _iprintf
>
> CVE-2016-9829: listswf: NULL pointer dereference in dumpBuffer
>
> CVE-2016-9831: listswf: heap-based buffer overflow in parseSWF_RGBA
>
> More: https://lwn.net/Alerts/712627/
36ffe58 tigervnc: patch for CVE-2017-5581
308c625 virtualbox: 5.1.10 -> 5.1.14
> From the CVE entries:
>
> Vulnerability in the Oracle VM VirtualBox component of Oracle
> Virtualization (subcomponent: GUI). Supported versions that are
> affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily
> exploitable vulnerability allows unauthenticated attacker with network
> access via HTTP to compromise Oracle VM VirtualBox. Successful attacks
> require human interaction from a person other than the attacker.
> Successful attacks of this vulnerability can result in unauthorized
> update, insert or delete access to some of Oracle VM VirtualBox
> accessible data as well as unauthorized read access to a subset of
> Oracle VM VirtualBox accessible data and unauthorized ability to cause
> a partial denial of service (partial DOS) of Oracle VM VirtualBox.
> CVSS v3.0 Base Score 6.3 (Confidentiality, Integrity and Availability
> impacts). (CVE-2016-5545)
>
> Vulnerability in the Oracle VM VirtualBox component of Oracle
> Virtualization (subcomponent: Shared Folder). Supported versions that
> are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14.
> Easily exploitable vulnerability allows high privileged attacker with
> logon to the infrastructure where Oracle VM VirtualBox executes to
> compromise Oracle VM VirtualBox. While the vulnerability is in Oracle
> VM VirtualBox, attacks may significantly impact additional products.
> Successful attacks of this vulnerability can result in unauthorized
> creation, deletion or modification access to critical data or all
> Oracle VM VirtualBox accessible data and unauthorized ability to cause
> a hang or frequently repeatable crash (complete DOS) of Oracle VM
> VirtualBox. CVSS v3.0 Base Score 7.9 (Integrity and Availability
> impacts). (CVE-2017-3290)
>
> Vulnerability in the Oracle VM VirtualBox component of Oracle
> Virtualization (subcomponent: GUI). Supported versions that are
> affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily
> exploitable vulnerability allows high privileged attacker with network
> access via multiple protocols to compromise Oracle VM VirtualBox.
> Successful attacks require human interaction from a person other than
> the attacker and while the vulnerability is in Oracle VM VirtualBox,
> attacks may significantly impact additional products. Successful
> attacks of this vulnerability can result in takeover of Oracle VM
> VirtualBox. CVSS v3.0 Base Score 8.4 (Confidentiality, Integrity and
> Availability impacts). (CVE-2017-3316)
>
> Vulnerability in the Oracle VM VirtualBox component of Oracle
> Virtualization (subcomponent: VirtualBox SVGA Emulation). Supported
> versions that are affected are VirtualBox prior to 5.0.32 and prior to
> 5.1.14. Easily exploitable vulnerability allows low privileged
> attacker with logon to the infrastructure where Oracle VM VirtualBox
> executes to compromise Oracle VM VirtualBox. While the vulnerability
> is in Oracle VM VirtualBox, attacks may significantly impact
> additional products. Successful attacks of this vulnerability can
> result in unauthorized creation, deletion or modification access to
> critical data or all Oracle VM VirtualBox accessible data and
> unauthorized ability to cause a hang or frequently repeatable crash
> (complete DOS) of Oracle VM VirtualBox. CVSS v3.0 Base Score 8.4
> (Integrity and Availability impacts). (CVE-2017-3332)
4db7ca8 linux: 3.12.69 -> 3.12.70
> All kernel patches are considered security-sensitive.
3a77643 linux: 4.9.7 -> 4.9.8
> All kernel patches are considered security-sensitive.
de47888 kernel: 4.9.6 -> 4.9.7
> All kernel patches are considered security-sensitive.
6be8d01 linux: 4.4.46 -> 4.4.47
> All kernel patches are considered security-sensitive.
05a87d2 git-hub: 0.10 -> 0.11.0
> Fixes CVE-2016-7793 and CVE-2016-7794, remote code execution via
> crafted repository names.
c7778c2 linux: 4.4.45 -> 4.4.46
> All kernel patches are considered security-sensitive.
11d120f xorg.libXpm: 3.5.11 -> 3.5.12
> From the Debian advisory:
>
> Tobias Stoeckmann discovered that the libXpm library contained two
> integer overflow flaws, leading to a heap out-of-bounds write, while
> parsing XPM extensions in a file. An attacker can provide a specially
> crafted XPM file that, when processed by an application using the
> libXpm library, would cause a denial-of-service against the
> application, or potentially, the execution of arbitrary code with the
> privileges of the user running the application.
cb448f1 shadow: 4.2.1 -> 4.4
> From the Mageia advisory:
>
> It was found that shadow-utils-4.2.1 had a potentially unsafe use of
> getlogin with the concern that the utmp entry might have a spoofed
> username associated with a correct uid (CVE-2016-6251).
>
> It was found that shadow-utils-4.2.1 had an incorrect integer handling
> problem where it looks like the int wrap is exploitable as a LPE, as
> the kernel is using 32bit uid's that are truncated from unsigned longs
> (64bit on x64) as returned by simple_strtoul() [map_write()].
> (CVE-2016-6252).
59d1d6e imagemagick: 6.9.7-0 -> 6.9.7-6 for multiple CVEs
> Fixes at least:
>
> * CVE-2016-10144
> * CVE-2016-10145
> * CVE-2016-10146
> * CVE-2017-5506
> * CVE-2017-5507
> * CVE-2017-5508
> * CVE-2017-5510
> * CVE-2017-5511
3d3b4f3 libressl_2_4: 2.4.4 -> 2.4.5
43482c3 jenkins: 2.33 -> 2.44 for multiple CVEs
> Fixes:
>
> * CVE-2017-2598
> * CVE-2017-2599
> * CVE-2017-2600
> * CVE-2011-4969
> * CVE-2017-2601
> * CVE-2015-0886
> * CVE-2017-2602
> * CVE-2017-2603
> * CVE-2017-2604
> * CVE-2017-2605
> * CVE-2017-2606
> * CVE-2017-2607
> * CVE-2017-2608
> * CVE-2017-2609
> * CVE-2017-2610
> * CVE-2017-2611
> * CVE-2017-2612
> * CVE-2017-2613
c3ec888 knot-resolver: 1.2.0 -> 1.2.1
1756a5d tcpdump: 4.8.1 -> 4.9.0 for multiple CVEs
> See https://www.debian.org/security/2017/dsa-3775.
>
> Fixes: CVE-2016-7922, CVE-2016-7923, CVE-2016-7924, CVE-2016-7925,
> CVE-2016-7926, CVE-2016-7927, CVE-2016-7928, CVE-2016-7929,
> CVE-2016-7930, CVE-2016-7931, CVE-2016-7932, CVE-2016-7933,
> CVE-2016-7934, CVE-2016-7935, CVE-2016-7936, CVE-2016-7937,
> CVE-2016-7938, CVE-2016-7939, CVE-2016-7940, CVE-2016-7973,
> CVE-2016-7974, CVE-2016-7975, CVE-2016-7983, CVE-2016-7984,
> CVE-2016-7985, CVE-2016-7986, CVE-2016-7992, CVE-2016-7993,
> CVE-2016-8574, CVE-2016-8575, CVE-2017-5202, CVE-2017-5203,
> CVE-2017-5204, CVE-2017-5205, CVE-2017-5341, CVE-2017-5342,
> CVE-2017-5482, CVE-2017-5483, CVE-2017-5484, CVE-2017-5485,
> CVE-2017-5486
b68b156 libarchive: add patch to fix CVE-2017-5601
> From the CVE entry:
>
> An error in the lha_read_file_header_1() function
> (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote
> attackers to trigger an out-of-bounds read memory access and
> subsequently cause a crash via a specially crafted archive.
a1dae25 bitlbee: 3.5 -> 3.5.1 for multiple CVEs
> Fixes:
>
> * CVE-2016-10188
> * CVE-2016-10189
> * CVE-2017-5668
91a860a linux 4.9.4 -> 4.9.5
> All kernel patches are considered security-sensitive.
15a90e3 linux: 4.9.3 -> 4.9.4
> All kernel patches are considered security-sensitive.
3a59a15 linux: 4.9.2 -> 4.9.3
> All kernel patches are considered security-sensitive.
20999c1 linux: 4.9.1 -> 4.9.2
> All kernel patches are considered security-sensitive.
8258b5c kernel: 4.9.0 -> 4.9.1
> All kernel patches are considered security-sensitive.
c9ed149 firefox, firefox-bin: 50.1.0 -> 51.0.1
> All browser patches are considered security-sensitive.
91abecb grsecurity: 4.8.15-201612301949 -> 4.8.16-201701062021
> All kernel patches are considered security-sensitive.
f3b6b85 thunderbird, thunderbird-bin: 45.6.0 -> 45.7.0
> Several HIGH and CRITICAL security issues resolved, as well as lower
> impact issues:
>
> https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/
======================================================================
The following changes were applied to unstable:
cf94e18 linux-testing: 4.10-rc4 -> 4.10-rc7
> All kernel patches are considered security-sensitive.
83f83ca jbig2dec: patch for CVE-2016-9601
> Upstream bug: https://bugs.ghostscript.com/show_bug.cgi?id=697457
12284ff jbig2dec: 0.11 -> 0.13, new upstream location
4a9efe9 chromium: 56.0.2924.76 -> 56.0.2924.87
> All browser patches are considered security-sensitive.
33c09a0 rhc: 1.36.4 -> 1.38.7
ef875a6 389-ds-base: 1.3.5.4 -> 1.3.5.15
949f9af linux: 3.12.69 -> 3.12.70
> All kernel patches are considered security-sensitive.
7f69dc4 linux: 4.9.7 -> 4.9.8
> All kernel patches are considered security-sensitive.
17b5ae4 linux: 4.4.46 -> 4.4.47
> All kernel patches are considered security-sensitive.
26e5b42 linux: 4.4.45 -> 4.4.46
> All kernel patches are considered security-sensitive.
d66fa9a tigervnc: 1.7.0 -> 1.7.1 for CVE-2017-5581
> From the openSUSE advisory:
>
> Prevent the server from overflowing a buffer in the client, causing
> DoS or potentially code execution.
4675cb7 xorg.libXpm: 3.5.11 -> 3.5.12
> From the Debian advisory:
>
> Tobias Stoeckmann discovered that the libXpm library contained two
> integer overflow flaws, leading to a heap out-of-bounds write, while
> parsing XPM extensions in a file. An attacker can provide a specially
> crafted XPM file that, when processed by an application using the
> libXpm library, would cause a denial-of-service against the
> application, or potentially, the execution of arbitrary code with the
> privileges of the user running the application.
d6710e3 shadow: 4.2.1 -> 4.4
> From the Mageia advisory:
>
> It was found that shadow-utils-4.2.1 had a potentially unsafe use of
> getlogin with the concern that the utmp entry might have a spoofed
> username associated with a correct uid (CVE-2016-6251).
>
> It was found that shadow-utils-4.2.1 had an incorrect integer handling
> problem where it looks like the int wrap is exploitable as a LPE, as
> the kernel is using 32bit uid's that are truncated from unsigned longs
> (64bit on x64) as returned by simple_strtoul() [map_write()].
> (CVE-2016-6252).
55e85a1 opera: 41.0.2353.56 -> 42.0.2393.517
> All browser patches are considered security-sensitive.
599df5e virtualbox: 5.1.10 -> 5.1.14
> From the CVE entries:
>
> Vulnerability in the Oracle VM VirtualBox component of Oracle
> Virtualization (subcomponent: GUI). Supported versions that are
> affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily
> exploitable vulnerability allows unauthenticated attacker with network
> access via HTTP to compromise Oracle VM VirtualBox. Successful attacks
> require human interaction from a person other than the attacker.
> Successful attacks of this vulnerability can result in unauthorized
> update, insert or delete access to some of Oracle VM VirtualBox
> accessible data as well as unauthorized read access to a subset of
> Oracle VM VirtualBox accessible data and unauthorized ability to cause
> a partial denial of service (partial DOS) of Oracle VM VirtualBox.
> CVSS v3.0 Base Score 6.3 (Confidentiality, Integrity and Availability
> impacts). (CVE-2016-5545)
>
> Vulnerability in the Oracle VM VirtualBox component of Oracle
> Virtualization (subcomponent: Shared Folder). Supported versions that
> are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14.
> Easily exploitable vulnerability allows high privileged attacker with
> logon to the infrastructure where Oracle VM VirtualBox executes to
> compromise Oracle VM VirtualBox. While the vulnerability is in Oracle
> VM VirtualBox, attacks may significantly impact additional products.
> Successful attacks of this vulnerability can result in unauthorized
> creation, deletion or modification access to critical data or all
> Oracle VM VirtualBox accessible data and unauthorized ability to cause
> a hang or frequently repeatable crash (complete DOS) of Oracle VM
> VirtualBox. CVSS v3.0 Base Score 7.9 (Integrity and Availability
> impacts). (CVE-2017-3290)
>
> Vulnerability in the Oracle VM VirtualBox component of Oracle
> Virtualization (subcomponent: GUI). Supported versions that are
> affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily
> exploitable vulnerability allows high privileged attacker with network
> access via multiple protocols to compromise Oracle VM VirtualBox.
> Successful attacks require human interaction from a person other than
> the attacker and while the vulnerability is in Oracle VM VirtualBox,
> attacks may significantly impact additional products. Successful
> attacks of this vulnerability can result in takeover of Oracle VM
> VirtualBox. CVSS v3.0 Base Score 8.4 (Confidentiality, Integrity and
> Availability impacts). (CVE-2017-3316)
>
> Vulnerability in the Oracle VM VirtualBox component of Oracle
> Virtualization (subcomponent: VirtualBox SVGA Emulation). Supported
> versions that are affected are VirtualBox prior to 5.0.32 and prior to
> 5.1.14. Easily exploitable vulnerability allows low privileged
> attacker with logon to the infrastructure where Oracle VM VirtualBox
> executes to compromise Oracle VM VirtualBox. While the vulnerability
> is in Oracle VM VirtualBox, attacks may significantly impact
> additional products. Successful attacks of this vulnerability can
> result in unauthorized creation, deletion or modification access to
> critical data or all Oracle VM VirtualBox accessible data and
> unauthorized ability to cause a hang or frequently repeatable crash
> (complete DOS) of Oracle VM VirtualBox. CVSS v3.0 Base Score 8.4
> (Integrity and Availability impacts). (CVE-2017-3332)
d1738c1 kernel: 4.9.6 -> 4.9.7
5cc7535 wordpress: 4.7.1 -> 4.7.2
> See: https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/
4494720 fpm: fix vulnerable dependency
16f8f0d ffmpeg_3: 3.1.4 -> 3.1.6
b3e6bdb chromium: 55.0.2883.87 -> 56.0.2924.76
4dae4f8 imagemagick: 7.0.4-0 -> 7.0.4-6 for multiple CVEs
> Fixes at least:
>
> * CVE-2016-10144
> * CVE-2016-10145
> * CVE-2016-10146
> * CVE-2017-5506
> * CVE-2017-5507
> * CVE-2017-5508
> * CVE-2017-5510
> * CVE-2017-5511
5e753c1 imagemagick: 6.9.7-0 -> 6.9.7-6 for multiple CVEs
> Fixes at least:
>
> * CVE-2016-10144
> * CVE-2016-10145
> * CVE-2016-10146
> * CVE-2017-5506
> * CVE-2017-5507
> * CVE-2017-5508
> * CVE-2017-5510
> * CVE-2017-5511
47f392d mbedtls: 1.3.17 -> 1.3.18
> From the notes:
>
> (2.4, 2.1, 1.3) Removes the MBEDTLS_SSL_AEAD_RANDOM_IV
> configuration option, because it was not compliant with RFC-5116
> and could lead to session key recovery in very long TLS sessions.
> "Nonce-Disrespecting Adversaries Practical Forgery Attacks on GCM
> in TLS" - H. Bock, A. Zauner, S. Devlin, J. Somorovsky, P.
> Jovanovic. This option was not enabled by default.
>
> (2.4, 2.1, 1.3) Fixes potential stack corruption in
> mbedtls_x509write_crt_der() and mbedtls_x509write_csr_der() when
> the signature is copied to the buffer without checking whether
> there is enough space in the destination. The issue cannot be
> triggered remotely. Found by Jethro Beekman.
>
>
> More:
> https://tls.mbed.org/tech-updates/releases/mbedtls-2.4.0-2.1.6-and-1.3.18-released
2110d59 libressl_2_5: 2.5.0 -> 2.5.1
0b19f2f libressl_2_4: 2.4.4 -> 2.4.5
1095d2c jenkins: 2.33 -> 2.44 for multiple CVEs
> Fixes:
>
> * CVE-2017-2598
> * CVE-2017-2599
> * CVE-2017-2600
> * CVE-2011-4969
> * CVE-2017-2601
> * CVE-2015-0886
> * CVE-2017-2602
> * CVE-2017-2603
> * CVE-2017-2604
> * CVE-2017-2605
> * CVE-2017-2606
> * CVE-2017-2607
> * CVE-2017-2608
> * CVE-2017-2609
> * CVE-2017-2610
> * CVE-2017-2611
> * CVE-2017-2612
> * CVE-2017-2613
c3badbb knot-resolver: 1.2.0 -> 1.2.1
44cbb0f tcpdump: 4.8.1 -> 4.9.0 for multiple CVEs
> See https://www.debian.org/security/2017/dsa-3775.
>
> Fixes: CVE-2016-7922, CVE-2016-7923, CVE-2016-7924, CVE-2016-7925,
> CVE-2016-7926, CVE-2016-7927, CVE-2016-7928, CVE-2016-7929,
> CVE-2016-7930, CVE-2016-7931, CVE-2016-7932, CVE-2016-7933,
> CVE-2016-7934, CVE-2016-7935, CVE-2016-7936, CVE-2016-7937,
> CVE-2016-7938, CVE-2016-7939, CVE-2016-7940, CVE-2016-7973,
> CVE-2016-7974, CVE-2016-7975, CVE-2016-7983, CVE-2016-7984,
> CVE-2016-7985, CVE-2016-7986, CVE-2016-7992, CVE-2016-7993,
> CVE-2016-8574, CVE-2016-8575, CVE-2017-5202, CVE-2017-5203,
> CVE-2017-5204, CVE-2017-5205, CVE-2017-5341, CVE-2017-5342,
> CVE-2017-5482, CVE-2017-5483, CVE-2017-5484, CVE-2017-5485,
> CVE-2017-5486
ca593a7 libarchive: add patch to fix CVE-2017-5601
53bfe0c bitlbee: 3.5 -> 3.5.1 for multiple CVEs
> Fixes:
>
> * CVE-2016-10188
> * CVE-2016-10189
> * CVE-2017-5668
1918095 ruby_1_9: remove package
41a0d05 git-hub: 0.10 -> 0.11.0
> Fixes CVE-2016-7793 and CVE-2016-7794, remote code execution via
> crafted repository names.
426b61a openssl_1_0_1: remove
c466e31 libressl_2_3: remove
aa686fe gnutls33: remove
8769ddc apacheHttpd_2_2: remove
403cb72 thunderbird, thunderbird-bin: 45.6.0 -> 45.7.0
> Several HIGH and CRITICAL security issues resolved, as well as lower
> impact issues:
>
> https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/
0dbe492 firefox, firefox-bin: 50.1.0 -> 51.0.1
> All browser patches are considered security-sensitive.
46b1ea2 pythonPackages.ansible2: move 2.2 to separate file, make d..
> ansible now refers to Ansible 2.2
377b05a pythonPackages.ansible: remove 1.9
> Dropped Ansible 1.9 support
35d48f3 ffmpeg-full: 3.1.3 -> 3.2.2
> From the CVE entries:
>
> The avi_read_nikon function in libavformat/avidec.c in FFmpeg before
> 3.1.4 is vulnerable to infinite loop when it decodes an AVI file that
> has a crafted 'nctg' structure. (CVE-2016-7122)
>
> The ff_log2_16bit_c function in libavutil/intmath.h in FFmpeg before
> 3.1.4 is vulnerable to reading out-of-bounds memory when it decodes a
> malformed AIFF file. (CVE-2016-7450)
b834092 libtasn1: 4.9 -> 4.10
> From the release notes:
>
> Pass the correct length to _asn1_get_indefinite_length_string in
> asn1_get_length_ber. This addresses reading 1-byte past the end
> of data. Issue found by oss-fuzz project (via gnutls):
>
> - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=330
> - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=331
>
> More: https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/
Thank you very much,
Graham Christensen
NixOS Security Team
https://github.com/nixos/security
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCAAGBQJYmlx/AAoJEAYSHTZv6UNczJ4P/102tXqwpd/BLa0t2pAVTbkP
875gRFr7rJKWhMkSVPUw0UXPMSz2h0rJdqJ53Mt2sGrr+S13I//0Bc4VFN/cBmTz
OQHP+Ku2Vrty9c4FYD40ktzjR0PzIfa1HLJVC2D7aR0ksxqD4/f6buvwvnFqsSMo
dt9xnpB2FIcn7VPXsVD+UcWWX1wmQhgGLy4BUnQfRsP6RR0F1OfnwAST2MQRoiuW
16ImKgRZwCIMpSfXNLdvWGWoqmCgV98OqJDrGDridaSmiJaXMrVUZVxtj2XVsmRh
oIlouMN7Z+ZoRGuMV04KOlUoaXr1yXbpqckKVvHVaw3hoRRipdKDHD8OycOyITv/
+/oDy96Gm63kqlcjxnolytHcjFxCuCAxvGqNC7JkA20J/cHeGX5yoXudQaH8QNK+
lCEtEBntAeaJjPmqUjMsxXnFLHmUCXOYGuGxyJNPIyXVqrFK7G9Bh+bFwOeF1epJ
8OtvY27Whlqt6aj5CG91ZrkQtlv1QlZawRnZYUvbXD9B0Umfa3gte57gnJPgciI2
g9x26ZWBBfi57pnoPpSAeqDiInQjEtqesJVnR2LiU0v99E/kvs6CGrPesjJUIdIE
OfYIswG+tyZiDnCLuRb0/c6yPjs93C7If0Gebxbawm0IpQpwM9MXXp7SaBAVUUkV
bujSUSOw2uQnV13nfRE+
=MAsp
-----END PGP SIGNATURE-----
Hash: SHA256
The following issues have been resolved in NixOS in release-16.09 and
unstable. They remain potentially vulnerable on older major
releases.
These patches will be released to the unstable and
release-16.09 channels when Hydra finishes building the "tested" job
for each channel:
- https://hydra.nixos.org/job/nixos/release-16.09/tested
- https://hydra.nixos.org/job/nixos/trunk-combined/tested
Please consider helping with the next security roundup by commenting on
https://github.com/NixOS/nixpkgs/issues/22342. Special thank you to
@joachifm and @shlevy for stepping up at the end to finish it off.
The following changes were applied to release-16.09:
0ccddb4 jbig2dec: patch for CVE-2016-9601
> Upstream bug: https://bugs.ghostscript.com/show_bug.cgi?id=697457
512af01 jbig2dec: 0.11 -> 0.13, new upstream location
ff7777b ming: Mark broken.
> From the Debian-LTS advisory:
>
> Multiple security issues have been found in Ming. They may lead to the
> execution of arbitrary code or causing application crash.
>
> CVE-2016-9264: global-buffer-overflow in printMP3Headers
>
> CVE-2016-9265: divide-by-zero in printMP3Headers
>
> CVE-2016-9266: left shift in listmp3.c
>
> CVE-2016-9827: listswf: heap-based buffer overflow in _iprintf
>
> CVE-2016-9828: listswf: heap-based buffer overflow in _iprintf
>
> CVE-2016-9829: listswf: NULL pointer dereference in dumpBuffer
>
> CVE-2016-9831: listswf: heap-based buffer overflow in parseSWF_RGBA
>
> More: https://lwn.net/Alerts/712627/
36ffe58 tigervnc: patch for CVE-2017-5581
308c625 virtualbox: 5.1.10 -> 5.1.14
> From the CVE entries:
>
> Vulnerability in the Oracle VM VirtualBox component of Oracle
> Virtualization (subcomponent: GUI). Supported versions that are
> affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily
> exploitable vulnerability allows unauthenticated attacker with network
> access via HTTP to compromise Oracle VM VirtualBox. Successful attacks
> require human interaction from a person other than the attacker.
> Successful attacks of this vulnerability can result in unauthorized
> update, insert or delete access to some of Oracle VM VirtualBox
> accessible data as well as unauthorized read access to a subset of
> Oracle VM VirtualBox accessible data and unauthorized ability to cause
> a partial denial of service (partial DOS) of Oracle VM VirtualBox.
> CVSS v3.0 Base Score 6.3 (Confidentiality, Integrity and Availability
> impacts). (CVE-2016-5545)
>
> Vulnerability in the Oracle VM VirtualBox component of Oracle
> Virtualization (subcomponent: Shared Folder). Supported versions that
> are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14.
> Easily exploitable vulnerability allows high privileged attacker with
> logon to the infrastructure where Oracle VM VirtualBox executes to
> compromise Oracle VM VirtualBox. While the vulnerability is in Oracle
> VM VirtualBox, attacks may significantly impact additional products.
> Successful attacks of this vulnerability can result in unauthorized
> creation, deletion or modification access to critical data or all
> Oracle VM VirtualBox accessible data and unauthorized ability to cause
> a hang or frequently repeatable crash (complete DOS) of Oracle VM
> VirtualBox. CVSS v3.0 Base Score 7.9 (Integrity and Availability
> impacts). (CVE-2017-3290)
>
> Vulnerability in the Oracle VM VirtualBox component of Oracle
> Virtualization (subcomponent: GUI). Supported versions that are
> affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily
> exploitable vulnerability allows high privileged attacker with network
> access via multiple protocols to compromise Oracle VM VirtualBox.
> Successful attacks require human interaction from a person other than
> the attacker and while the vulnerability is in Oracle VM VirtualBox,
> attacks may significantly impact additional products. Successful
> attacks of this vulnerability can result in takeover of Oracle VM
> VirtualBox. CVSS v3.0 Base Score 8.4 (Confidentiality, Integrity and
> Availability impacts). (CVE-2017-3316)
>
> Vulnerability in the Oracle VM VirtualBox component of Oracle
> Virtualization (subcomponent: VirtualBox SVGA Emulation). Supported
> versions that are affected are VirtualBox prior to 5.0.32 and prior to
> 5.1.14. Easily exploitable vulnerability allows low privileged
> attacker with logon to the infrastructure where Oracle VM VirtualBox
> executes to compromise Oracle VM VirtualBox. While the vulnerability
> is in Oracle VM VirtualBox, attacks may significantly impact
> additional products. Successful attacks of this vulnerability can
> result in unauthorized creation, deletion or modification access to
> critical data or all Oracle VM VirtualBox accessible data and
> unauthorized ability to cause a hang or frequently repeatable crash
> (complete DOS) of Oracle VM VirtualBox. CVSS v3.0 Base Score 8.4
> (Integrity and Availability impacts). (CVE-2017-3332)
4db7ca8 linux: 3.12.69 -> 3.12.70
> All kernel patches are considered security-sensitive.
3a77643 linux: 4.9.7 -> 4.9.8
> All kernel patches are considered security-sensitive.
de47888 kernel: 4.9.6 -> 4.9.7
> All kernel patches are considered security-sensitive.
6be8d01 linux: 4.4.46 -> 4.4.47
> All kernel patches are considered security-sensitive.
05a87d2 git-hub: 0.10 -> 0.11.0
> Fixes CVE-2016-7793 and CVE-2016-7794, remote code execution via
> crafted repository names.
c7778c2 linux: 4.4.45 -> 4.4.46
> All kernel patches are considered security-sensitive.
11d120f xorg.libXpm: 3.5.11 -> 3.5.12
> From the Debian advisory:
>
> Tobias Stoeckmann discovered that the libXpm library contained two
> integer overflow flaws, leading to a heap out-of-bounds write, while
> parsing XPM extensions in a file. An attacker can provide a specially
> crafted XPM file that, when processed by an application using the
> libXpm library, would cause a denial-of-service against the
> application, or potentially, the execution of arbitrary code with the
> privileges of the user running the application.
cb448f1 shadow: 4.2.1 -> 4.4
> From the Mageia advisory:
>
> It was found that shadow-utils-4.2.1 had a potentially unsafe use of
> getlogin with the concern that the utmp entry might have a spoofed
> username associated with a correct uid (CVE-2016-6251).
>
> It was found that shadow-utils-4.2.1 had an incorrect integer handling
> problem where it looks like the int wrap is exploitable as a LPE, as
> the kernel is using 32bit uid's that are truncated from unsigned longs
> (64bit on x64) as returned by simple_strtoul() [map_write()].
> (CVE-2016-6252).
59d1d6e imagemagick: 6.9.7-0 -> 6.9.7-6 for multiple CVEs
> Fixes at least:
>
> * CVE-2016-10144
> * CVE-2016-10145
> * CVE-2016-10146
> * CVE-2017-5506
> * CVE-2017-5507
> * CVE-2017-5508
> * CVE-2017-5510
> * CVE-2017-5511
3d3b4f3 libressl_2_4: 2.4.4 -> 2.4.5
43482c3 jenkins: 2.33 -> 2.44 for multiple CVEs
> Fixes:
>
> * CVE-2017-2598
> * CVE-2017-2599
> * CVE-2017-2600
> * CVE-2011-4969
> * CVE-2017-2601
> * CVE-2015-0886
> * CVE-2017-2602
> * CVE-2017-2603
> * CVE-2017-2604
> * CVE-2017-2605
> * CVE-2017-2606
> * CVE-2017-2607
> * CVE-2017-2608
> * CVE-2017-2609
> * CVE-2017-2610
> * CVE-2017-2611
> * CVE-2017-2612
> * CVE-2017-2613
c3ec888 knot-resolver: 1.2.0 -> 1.2.1
1756a5d tcpdump: 4.8.1 -> 4.9.0 for multiple CVEs
> See https://www.debian.org/security/2017/dsa-3775.
>
> Fixes: CVE-2016-7922, CVE-2016-7923, CVE-2016-7924, CVE-2016-7925,
> CVE-2016-7926, CVE-2016-7927, CVE-2016-7928, CVE-2016-7929,
> CVE-2016-7930, CVE-2016-7931, CVE-2016-7932, CVE-2016-7933,
> CVE-2016-7934, CVE-2016-7935, CVE-2016-7936, CVE-2016-7937,
> CVE-2016-7938, CVE-2016-7939, CVE-2016-7940, CVE-2016-7973,
> CVE-2016-7974, CVE-2016-7975, CVE-2016-7983, CVE-2016-7984,
> CVE-2016-7985, CVE-2016-7986, CVE-2016-7992, CVE-2016-7993,
> CVE-2016-8574, CVE-2016-8575, CVE-2017-5202, CVE-2017-5203,
> CVE-2017-5204, CVE-2017-5205, CVE-2017-5341, CVE-2017-5342,
> CVE-2017-5482, CVE-2017-5483, CVE-2017-5484, CVE-2017-5485,
> CVE-2017-5486
b68b156 libarchive: add patch to fix CVE-2017-5601
> From the CVE entry:
>
> An error in the lha_read_file_header_1() function
> (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote
> attackers to trigger an out-of-bounds read memory access and
> subsequently cause a crash via a specially crafted archive.
a1dae25 bitlbee: 3.5 -> 3.5.1 for multiple CVEs
> Fixes:
>
> * CVE-2016-10188
> * CVE-2016-10189
> * CVE-2017-5668
91a860a linux 4.9.4 -> 4.9.5
> All kernel patches are considered security-sensitive.
15a90e3 linux: 4.9.3 -> 4.9.4
> All kernel patches are considered security-sensitive.
3a59a15 linux: 4.9.2 -> 4.9.3
> All kernel patches are considered security-sensitive.
20999c1 linux: 4.9.1 -> 4.9.2
> All kernel patches are considered security-sensitive.
8258b5c kernel: 4.9.0 -> 4.9.1
> All kernel patches are considered security-sensitive.
c9ed149 firefox, firefox-bin: 50.1.0 -> 51.0.1
> All browser patches are considered security-sensitive.
91abecb grsecurity: 4.8.15-201612301949 -> 4.8.16-201701062021
> All kernel patches are considered security-sensitive.
f3b6b85 thunderbird, thunderbird-bin: 45.6.0 -> 45.7.0
> Several HIGH and CRITICAL security issues resolved, as well as lower
> impact issues:
>
> https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/
======================================================================
The following changes were applied to unstable:
cf94e18 linux-testing: 4.10-rc4 -> 4.10-rc7
> All kernel patches are considered security-sensitive.
83f83ca jbig2dec: patch for CVE-2016-9601
> Upstream bug: https://bugs.ghostscript.com/show_bug.cgi?id=697457
12284ff jbig2dec: 0.11 -> 0.13, new upstream location
4a9efe9 chromium: 56.0.2924.76 -> 56.0.2924.87
> All browser patches are considered security-sensitive.
33c09a0 rhc: 1.36.4 -> 1.38.7
ef875a6 389-ds-base: 1.3.5.4 -> 1.3.5.15
949f9af linux: 3.12.69 -> 3.12.70
> All kernel patches are considered security-sensitive.
7f69dc4 linux: 4.9.7 -> 4.9.8
> All kernel patches are considered security-sensitive.
17b5ae4 linux: 4.4.46 -> 4.4.47
> All kernel patches are considered security-sensitive.
26e5b42 linux: 4.4.45 -> 4.4.46
> All kernel patches are considered security-sensitive.
d66fa9a tigervnc: 1.7.0 -> 1.7.1 for CVE-2017-5581
> From the openSUSE advisory:
>
> Prevent the server from overflowing a buffer in the client, causing
> DoS or potentially code execution.
4675cb7 xorg.libXpm: 3.5.11 -> 3.5.12
> From the Debian advisory:
>
> Tobias Stoeckmann discovered that the libXpm library contained two
> integer overflow flaws, leading to a heap out-of-bounds write, while
> parsing XPM extensions in a file. An attacker can provide a specially
> crafted XPM file that, when processed by an application using the
> libXpm library, would cause a denial-of-service against the
> application, or potentially, the execution of arbitrary code with the
> privileges of the user running the application.
d6710e3 shadow: 4.2.1 -> 4.4
> From the Mageia advisory:
>
> It was found that shadow-utils-4.2.1 had a potentially unsafe use of
> getlogin with the concern that the utmp entry might have a spoofed
> username associated with a correct uid (CVE-2016-6251).
>
> It was found that shadow-utils-4.2.1 had an incorrect integer handling
> problem where it looks like the int wrap is exploitable as a LPE, as
> the kernel is using 32bit uid's that are truncated from unsigned longs
> (64bit on x64) as returned by simple_strtoul() [map_write()].
> (CVE-2016-6252).
55e85a1 opera: 41.0.2353.56 -> 42.0.2393.517
> All browser patches are considered security-sensitive.
599df5e virtualbox: 5.1.10 -> 5.1.14
> From the CVE entries:
>
> Vulnerability in the Oracle VM VirtualBox component of Oracle
> Virtualization (subcomponent: GUI). Supported versions that are
> affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily
> exploitable vulnerability allows unauthenticated attacker with network
> access via HTTP to compromise Oracle VM VirtualBox. Successful attacks
> require human interaction from a person other than the attacker.
> Successful attacks of this vulnerability can result in unauthorized
> update, insert or delete access to some of Oracle VM VirtualBox
> accessible data as well as unauthorized read access to a subset of
> Oracle VM VirtualBox accessible data and unauthorized ability to cause
> a partial denial of service (partial DOS) of Oracle VM VirtualBox.
> CVSS v3.0 Base Score 6.3 (Confidentiality, Integrity and Availability
> impacts). (CVE-2016-5545)
>
> Vulnerability in the Oracle VM VirtualBox component of Oracle
> Virtualization (subcomponent: Shared Folder). Supported versions that
> are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14.
> Easily exploitable vulnerability allows high privileged attacker with
> logon to the infrastructure where Oracle VM VirtualBox executes to
> compromise Oracle VM VirtualBox. While the vulnerability is in Oracle
> VM VirtualBox, attacks may significantly impact additional products.
> Successful attacks of this vulnerability can result in unauthorized
> creation, deletion or modification access to critical data or all
> Oracle VM VirtualBox accessible data and unauthorized ability to cause
> a hang or frequently repeatable crash (complete DOS) of Oracle VM
> VirtualBox. CVSS v3.0 Base Score 7.9 (Integrity and Availability
> impacts). (CVE-2017-3290)
>
> Vulnerability in the Oracle VM VirtualBox component of Oracle
> Virtualization (subcomponent: GUI). Supported versions that are
> affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily
> exploitable vulnerability allows high privileged attacker with network
> access via multiple protocols to compromise Oracle VM VirtualBox.
> Successful attacks require human interaction from a person other than
> the attacker and while the vulnerability is in Oracle VM VirtualBox,
> attacks may significantly impact additional products. Successful
> attacks of this vulnerability can result in takeover of Oracle VM
> VirtualBox. CVSS v3.0 Base Score 8.4 (Confidentiality, Integrity and
> Availability impacts). (CVE-2017-3316)
>
> Vulnerability in the Oracle VM VirtualBox component of Oracle
> Virtualization (subcomponent: VirtualBox SVGA Emulation). Supported
> versions that are affected are VirtualBox prior to 5.0.32 and prior to
> 5.1.14. Easily exploitable vulnerability allows low privileged
> attacker with logon to the infrastructure where Oracle VM VirtualBox
> executes to compromise Oracle VM VirtualBox. While the vulnerability
> is in Oracle VM VirtualBox, attacks may significantly impact
> additional products. Successful attacks of this vulnerability can
> result in unauthorized creation, deletion or modification access to
> critical data or all Oracle VM VirtualBox accessible data and
> unauthorized ability to cause a hang or frequently repeatable crash
> (complete DOS) of Oracle VM VirtualBox. CVSS v3.0 Base Score 8.4
> (Integrity and Availability impacts). (CVE-2017-3332)
d1738c1 kernel: 4.9.6 -> 4.9.7
5cc7535 wordpress: 4.7.1 -> 4.7.2
> See: https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/
4494720 fpm: fix vulnerable dependency
16f8f0d ffmpeg_3: 3.1.4 -> 3.1.6
b3e6bdb chromium: 55.0.2883.87 -> 56.0.2924.76
4dae4f8 imagemagick: 7.0.4-0 -> 7.0.4-6 for multiple CVEs
> Fixes at least:
>
> * CVE-2016-10144
> * CVE-2016-10145
> * CVE-2016-10146
> * CVE-2017-5506
> * CVE-2017-5507
> * CVE-2017-5508
> * CVE-2017-5510
> * CVE-2017-5511
5e753c1 imagemagick: 6.9.7-0 -> 6.9.7-6 for multiple CVEs
> Fixes at least:
>
> * CVE-2016-10144
> * CVE-2016-10145
> * CVE-2016-10146
> * CVE-2017-5506
> * CVE-2017-5507
> * CVE-2017-5508
> * CVE-2017-5510
> * CVE-2017-5511
47f392d mbedtls: 1.3.17 -> 1.3.18
> From the notes:
>
> (2.4, 2.1, 1.3) Removes the MBEDTLS_SSL_AEAD_RANDOM_IV
> configuration option, because it was not compliant with RFC-5116
> and could lead to session key recovery in very long TLS sessions.
> "Nonce-Disrespecting Adversaries Practical Forgery Attacks on GCM
> in TLS" - H. Bock, A. Zauner, S. Devlin, J. Somorovsky, P.
> Jovanovic. This option was not enabled by default.
>
> (2.4, 2.1, 1.3) Fixes potential stack corruption in
> mbedtls_x509write_crt_der() and mbedtls_x509write_csr_der() when
> the signature is copied to the buffer without checking whether
> there is enough space in the destination. The issue cannot be
> triggered remotely. Found by Jethro Beekman.
>
>
> More:
> https://tls.mbed.org/tech-updates/releases/mbedtls-2.4.0-2.1.6-and-1.3.18-released
2110d59 libressl_2_5: 2.5.0 -> 2.5.1
0b19f2f libressl_2_4: 2.4.4 -> 2.4.5
1095d2c jenkins: 2.33 -> 2.44 for multiple CVEs
> Fixes:
>
> * CVE-2017-2598
> * CVE-2017-2599
> * CVE-2017-2600
> * CVE-2011-4969
> * CVE-2017-2601
> * CVE-2015-0886
> * CVE-2017-2602
> * CVE-2017-2603
> * CVE-2017-2604
> * CVE-2017-2605
> * CVE-2017-2606
> * CVE-2017-2607
> * CVE-2017-2608
> * CVE-2017-2609
> * CVE-2017-2610
> * CVE-2017-2611
> * CVE-2017-2612
> * CVE-2017-2613
c3badbb knot-resolver: 1.2.0 -> 1.2.1
44cbb0f tcpdump: 4.8.1 -> 4.9.0 for multiple CVEs
> See https://www.debian.org/security/2017/dsa-3775.
>
> Fixes: CVE-2016-7922, CVE-2016-7923, CVE-2016-7924, CVE-2016-7925,
> CVE-2016-7926, CVE-2016-7927, CVE-2016-7928, CVE-2016-7929,
> CVE-2016-7930, CVE-2016-7931, CVE-2016-7932, CVE-2016-7933,
> CVE-2016-7934, CVE-2016-7935, CVE-2016-7936, CVE-2016-7937,
> CVE-2016-7938, CVE-2016-7939, CVE-2016-7940, CVE-2016-7973,
> CVE-2016-7974, CVE-2016-7975, CVE-2016-7983, CVE-2016-7984,
> CVE-2016-7985, CVE-2016-7986, CVE-2016-7992, CVE-2016-7993,
> CVE-2016-8574, CVE-2016-8575, CVE-2017-5202, CVE-2017-5203,
> CVE-2017-5204, CVE-2017-5205, CVE-2017-5341, CVE-2017-5342,
> CVE-2017-5482, CVE-2017-5483, CVE-2017-5484, CVE-2017-5485,
> CVE-2017-5486
ca593a7 libarchive: add patch to fix CVE-2017-5601
53bfe0c bitlbee: 3.5 -> 3.5.1 for multiple CVEs
> Fixes:
>
> * CVE-2016-10188
> * CVE-2016-10189
> * CVE-2017-5668
1918095 ruby_1_9: remove package
41a0d05 git-hub: 0.10 -> 0.11.0
> Fixes CVE-2016-7793 and CVE-2016-7794, remote code execution via
> crafted repository names.
426b61a openssl_1_0_1: remove
c466e31 libressl_2_3: remove
aa686fe gnutls33: remove
8769ddc apacheHttpd_2_2: remove
403cb72 thunderbird, thunderbird-bin: 45.6.0 -> 45.7.0
> Several HIGH and CRITICAL security issues resolved, as well as lower
> impact issues:
>
> https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/
0dbe492 firefox, firefox-bin: 50.1.0 -> 51.0.1
> All browser patches are considered security-sensitive.
46b1ea2 pythonPackages.ansible2: move 2.2 to separate file, make d..
> ansible now refers to Ansible 2.2
377b05a pythonPackages.ansible: remove 1.9
> Dropped Ansible 1.9 support
35d48f3 ffmpeg-full: 3.1.3 -> 3.2.2
> From the CVE entries:
>
> The avi_read_nikon function in libavformat/avidec.c in FFmpeg before
> 3.1.4 is vulnerable to infinite loop when it decodes an AVI file that
> has a crafted 'nctg' structure. (CVE-2016-7122)
>
> The ff_log2_16bit_c function in libavutil/intmath.h in FFmpeg before
> 3.1.4 is vulnerable to reading out-of-bounds memory when it decodes a
> malformed AIFF file. (CVE-2016-7450)
b834092 libtasn1: 4.9 -> 4.10
> From the release notes:
>
> Pass the correct length to _asn1_get_indefinite_length_string in
> asn1_get_length_ber. This addresses reading 1-byte past the end
> of data. Issue found by oss-fuzz project (via gnutls):
>
> - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=330
> - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=331
>
> More: https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/
Thank you very much,
Graham Christensen
NixOS Security Team
https://github.com/nixos/security
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCAAGBQJYmlx/AAoJEAYSHTZv6UNczJ4P/102tXqwpd/BLa0t2pAVTbkP
875gRFr7rJKWhMkSVPUw0UXPMSz2h0rJdqJ53Mt2sGrr+S13I//0Bc4VFN/cBmTz
OQHP+Ku2Vrty9c4FYD40ktzjR0PzIfa1HLJVC2D7aR0ksxqD4/f6buvwvnFqsSMo
dt9xnpB2FIcn7VPXsVD+UcWWX1wmQhgGLy4BUnQfRsP6RR0F1OfnwAST2MQRoiuW
16ImKgRZwCIMpSfXNLdvWGWoqmCgV98OqJDrGDridaSmiJaXMrVUZVxtj2XVsmRh
oIlouMN7Z+ZoRGuMV04KOlUoaXr1yXbpqckKVvHVaw3hoRRipdKDHD8OycOyITv/
+/oDy96Gm63kqlcjxnolytHcjFxCuCAxvGqNC7JkA20J/cHeGX5yoXudQaH8QNK+
lCEtEBntAeaJjPmqUjMsxXnFLHmUCXOYGuGxyJNPIyXVqrFK7G9Bh+bFwOeF1epJ
8OtvY27Whlqt6aj5CG91ZrkQtlv1QlZawRnZYUvbXD9B0Umfa3gte57gnJPgciI2
g9x26ZWBBfi57pnoPpSAeqDiInQjEtqesJVnR2LiU0v99E/kvs6CGrPesjJUIdIE
OfYIswG+tyZiDnCLuRb0/c6yPjs93C7If0Gebxbawm0IpQpwM9MXXp7SaBAVUUkV
bujSUSOw2uQnV13nfRE+
=MAsp
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages