aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2019-07-23T14:14:50Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2537ACF-Unbound feature request2019-07-23T14:14:50ZChris SpillaneACF-Unbound feature requestAn ACF interface for unbound DNS server would be very cool. Alas, this
will be low priority, since editing the config file isn’t difficult :)
*(from redmine: issue id 2537, created on 2013-12-31, closed on 2014-06-04)*An ACF interface for unbound DNS server would be very cool. Alas, this
will be low priority, since editing the config file isn’t difficult :)
*(from redmine: issue id 2537, created on 2013-12-31, closed on 2014-06-04)*Ted TraskTed Traskhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2677pidgin: multiple vulnerabilies2019-07-23T14:12:36ZAlexander Belouspidgin: multiple vulnerabiliesNew version of pidgin has been released recently that fixes multiple
security issues. Upgrade from version 2.10.7 is necessary for all the
Alpine Linux supported branches.
References:
http://seclists.org/bugtraq/2014/Feb/4
http://pi...New version of pidgin has been released recently that fixes multiple
security issues. Upgrade from version 2.10.7 is necessary for all the
Alpine Linux supported branches.
References:
http://seclists.org/bugtraq/2014/Feb/4
http://pidgin.im/
*(from redmine: issue id 2677, created on 2014-02-06, closed on 2014-03-03)*
* Relations:
* child #2678
* child #2679
* child #2680
* child #2681https://gitlab.alpinelinux.org/alpine/aports/-/issues/2678[v2.4] pidgin: multiple vulnerabilies2019-07-23T14:12:35ZAlexander Belous[v2.4] pidgin: multiple vulnerabiliesNew version of pidgin has been released recently that fixes multiple
security issues. Upgrade from version 2.10.7 is necessary for all the
Alpine Linux supported branches.
References:
http://seclists.org/bugtraq/2014/Feb/4
http://pi...New version of pidgin has been released recently that fixes multiple
security issues. Upgrade from version 2.10.7 is necessary for all the
Alpine Linux supported branches.
References:
http://seclists.org/bugtraq/2014/Feb/4
http://pidgin.im/
*(from redmine: issue id 2678, created on 2014-02-06, closed on 2014-03-03)*
* Relations:
* parent #2677
* Changesets:
* Revision 6c587ad3a39bae5d6a3f4c0d78f0a239b253242e by Natanael Copa on 2014-03-03T11:22:54Z:
```
main/pidgin: security upgrade to 2.10.9 (various CVEs)
fixes #2678
CVE-2014-0020 Remotely triggerable crash in IRC argument parsing
CVE-2013-6490 Buffer overflow in SIMPLE header parsing
CVE-2013-6489 Buffer overflow in MXit emoticon parsing
CVE-2013-6487 Buffer overflow in Gadu-Gadu HTTP parsing
CVE-2013-6486 Pidgin uses clickable links to untrusted executables
CVE-2013-6485 Buffer overflow parsing chunked HTTP responses
CVE-2013-6484 Crash reading response from STUN server
CVE-2013-6483 XMPP doesn't verify 'from' on some iq replies
CVE-2013-6482 NULL pointer dereference parsing SOAP data in MSN
CVE-2013-6482 NULL pointer dereference parsing OIM data in MSN
CVE-2013-6482 NULL pointer dereference parsing headers in MSN
CVE-2013-6481 Remote crash reading Yahoo! P2P message
CVE-2013-6479 Remote crash parsing HTTP responses
CVE-2013-6478 Crash when hovering pointer over a long URL
CVE-2013-6477 Crash handling bad XMPP timestamp
CVE-2012-6152 Yahoo! remote crash from incorrect character encoding
```Alpine 2.4.12Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2679[v2.5] pidgin: multiple vulnerabilies2019-07-23T14:12:34ZAlexander Belous[v2.5] pidgin: multiple vulnerabiliesNew version of pidgin has been released recently that fixes multiple
security issues. Upgrade from version 2.10.7 is necessary for all the
Alpine Linux supported branches.
References:
http://seclists.org/bugtraq/2014/Feb/4
http://pi...New version of pidgin has been released recently that fixes multiple
security issues. Upgrade from version 2.10.7 is necessary for all the
Alpine Linux supported branches.
References:
http://seclists.org/bugtraq/2014/Feb/4
http://pidgin.im/
*(from redmine: issue id 2679, created on 2014-02-06, closed on 2014-03-03)*
* Relations:
* parent #2677
* Changesets:
* Revision 32cb9c69dda4231f5c74c8654b308d3bbf6922cf by Natanael Copa on 2014-03-03T11:22:52Z:
```
main/pidgin: security upgrade to 2.10.9 (various CVEs)
fixes #2679
CVE-2014-0020 Remotely triggerable crash in IRC argument parsing
CVE-2013-6490 Buffer overflow in SIMPLE header parsing
CVE-2013-6489 Buffer overflow in MXit emoticon parsing
CVE-2013-6487 Buffer overflow in Gadu-Gadu HTTP parsing
CVE-2013-6486 Pidgin uses clickable links to untrusted executables
CVE-2013-6485 Buffer overflow parsing chunked HTTP responses
CVE-2013-6484 Crash reading response from STUN server
CVE-2013-6483 XMPP doesn't verify 'from' on some iq replies
CVE-2013-6482 NULL pointer dereference parsing SOAP data in MSN
CVE-2013-6482 NULL pointer dereference parsing OIM data in MSN
CVE-2013-6482 NULL pointer dereference parsing headers in MSN
CVE-2013-6481 Remote crash reading Yahoo! P2P message
CVE-2013-6479 Remote crash parsing HTTP responses
CVE-2013-6478 Crash when hovering pointer over a long URL
CVE-2013-6477 Crash handling bad XMPP timestamp
CVE-2012-6152 Yahoo! remote crash from incorrect character encoding
```Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2680[v2.6] pidgin: multiple vulnerabilies2019-07-23T14:12:33ZAlexander Belous[v2.6] pidgin: multiple vulnerabiliesNew version of pidgin has been released recently that fixes multiple
security issues. Upgrade from version 2.10.7 is necessary for all the
Alpine Linux supported branches.
References:
http://seclists.org/bugtraq/2014/Feb/4
http://pi...New version of pidgin has been released recently that fixes multiple
security issues. Upgrade from version 2.10.7 is necessary for all the
Alpine Linux supported branches.
References:
http://seclists.org/bugtraq/2014/Feb/4
http://pidgin.im/
*(from redmine: issue id 2680, created on 2014-02-06, closed on 2014-03-03)*
* Relations:
* parent #2677Alpine 2.6.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2681[v2.7] pidgin: multiple vulnerabilies2019-07-23T14:12:32ZAlexander Belous[v2.7] pidgin: multiple vulnerabilies*(from redmine: issue id 2681, created on 2014-02-06, closed on 2014-03-03)*
* Relations:
* parent #2677
* Changesets:
* Revision 9fc8798bff8fb121be4a3bda0075f124967b12e7 by Natanael Copa on 2014-03-03T11:20:18Z:
```
main/pidgin: s...*(from redmine: issue id 2681, created on 2014-02-06, closed on 2014-03-03)*
* Relations:
* parent #2677
* Changesets:
* Revision 9fc8798bff8fb121be4a3bda0075f124967b12e7 by Natanael Copa on 2014-03-03T11:20:18Z:
```
main/pidgin: security upgrade to 2.10.9 (various CVEs)
fixes #2681
CVE-2014-0020 Remotely triggerable crash in IRC argument parsing
CVE-2013-6490 Buffer overflow in SIMPLE header parsing
CVE-2013-6489 Buffer overflow in MXit emoticon parsing
CVE-2013-6487 Buffer overflow in Gadu-Gadu HTTP parsing
CVE-2013-6486 Pidgin uses clickable links to untrusted executables
CVE-2013-6485 Buffer overflow parsing chunked HTTP responses
CVE-2013-6484 Crash reading response from STUN server
CVE-2013-6483 XMPP doesn't verify 'from' on some iq replies
CVE-2013-6482 NULL pointer dereference parsing SOAP data in MSN
CVE-2013-6482 NULL pointer dereference parsing OIM data in MSN
CVE-2013-6482 NULL pointer dereference parsing headers in MSN
CVE-2013-6481 Remote crash reading Yahoo! P2P message
CVE-2013-6479 Remote crash parsing HTTP responses
CVE-2013-6478 Crash when hovering pointer over a long URL
CVE-2013-6477 Crash handling bad XMPP timestamp
CVE-2012-6152 Yahoo! remote crash from incorrect character encoding
```
* Revision 3f7dfec3a08a89eb71c26eb2bb6852fa45e069fb by Natanael Copa on 2014-03-03T13:50:06Z:
```
main/pidgin: security upgrade to 2.10.9 (various CVEs)
fixes #2681
CVE-2014-0020 Remotely triggerable crash in IRC argument parsing
CVE-2013-6490 Buffer overflow in SIMPLE header parsing
CVE-2013-6489 Buffer overflow in MXit emoticon parsing
CVE-2013-6487 Buffer overflow in Gadu-Gadu HTTP parsing
CVE-2013-6486 Pidgin uses clickable links to untrusted executables
CVE-2013-6485 Buffer overflow parsing chunked HTTP responses
CVE-2013-6484 Crash reading response from STUN server
CVE-2013-6483 XMPP doesn't verify 'from' on some iq replies
CVE-2013-6482 NULL pointer dereference parsing SOAP data in MSN
CVE-2013-6482 NULL pointer dereference parsing OIM data in MSN
CVE-2013-6482 NULL pointer dereference parsing headers in MSN
CVE-2013-6481 Remote crash reading Yahoo! P2P message
CVE-2013-6479 Remote crash parsing HTTP responses
CVE-2013-6478 Crash when hovering pointer over a long URL
CVE-2013-6477 Crash handling bad XMPP timestamp
CVE-2012-6152 Yahoo! remote crash from incorrect character encoding
```Alpine 2.7.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2685php-fpm shows as crashed2019-07-23T14:12:30Zalgitbotphp-fpm shows as crashedFor some reason, php-fpm-5.5.9-r0 always shows as crashed in rc-status
even if it’s working properly.
*(from redmine: issue id 2685, created on 2014-02-13, closed on 2014-06-25)*
* Changesets:
* Revision 0449861a8f541e2091c0e4b04968...For some reason, php-fpm-5.5.9-r0 always shows as crashed in rc-status
even if it’s working properly.
*(from redmine: issue id 2685, created on 2014-02-13, closed on 2014-06-25)*
* Changesets:
* Revision 0449861a8f541e2091c0e4b049682f8deee67333 by Natanael Copa on 2014-06-19T09:16:29Z:
```
main/php: fix php-fpm script
ref #2685
The problem was that it usesd start-stop-daemon --exec but the argv[0]
name didnt correpond so start-stop-daemon could not know that it was up
and running.
The fix is to use pidfile.
Script is based on update from gentoo.
```
* Revision 903608c37a934b946dab8b5ee3af925422e95dc1 by Natanael Copa on 2014-06-19T09:24:02Z:
```
main/php: fix php-fpm script
fixes #2685
The problem was that it usesd start-stop-daemon --exec but the argv[0]
name didnt correpond so start-stop-daemon could not know that it was up
and running.
The fix is to use pidfile.
Script is based on update from gentoo.
(cherry picked from commit 0449861a8f541e2091c0e4b049682f8deee67333)
```
* Revision 0b27b4f563b0ade438f24589d0bc413a25f8e77e by Natanael Copa on 2014-06-19T09:27:46Z:
```
main/php: fix php-fpm script
ref #2685
The problem was that it usesd start-stop-daemon --exec but the argv[0]
name didnt correpond so start-stop-daemon could not know that it was up
and running.
The fix is to use pidfile.
Script is based on update from gentoo.
(cherry picked from commit 0449861a8f541e2091c0e4b049682f8deee67333)
```Alpine 2.7.9https://gitlab.alpinelinux.org/alpine/aports/-/issues/2686dbus should create a "system" user/group2019-07-23T14:12:29ZIgor Falcomatadbus should create a "system" user/groupAt the moment the dbus installer creates a messagebus user with uid/gid
1000 (or the first “normale user” uid/gid free)
Something like:
addgroup -S messagebus
adduser -H -h /dev/null -s /bin/false -D -S -G messagebus messagebus
*(...At the moment the dbus installer creates a messagebus user with uid/gid
1000 (or the first “normale user” uid/gid free)
Something like:
addgroup -S messagebus
adduser -H -h /dev/null -s /bin/false -D -S -G messagebus messagebus
*(from redmine: issue id 2686, created on 2014-02-19, closed on 2014-03-07)*
* Changesets:
* Revision 267b0b0452c421add1ce9b7aa9efd3953898118c by Natanael Copa on 2014-03-04T15:49:25Z:
```
main/dbus: create use as system user
fixes #2686
(cherry picked from commit cd6e2e857e4f9a7fc60d8c141a53575e76bdf70f)
Conflicts:
main/dbus/APKBUILD
```Alpine 2.7.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2907libmms: heap-based buffer overflow in the get_answer function (CVE-2014-2892)2019-07-23T14:09:17ZAlexander Belouslibmms: heap-based buffer overflow in the get_answer function (CVE-2014-2892)Heap-based buffer overflow in the get\_answer function in mmsh.c in
libmms before 0.6.4 allows remote attackers to execute arbitrary code
via a long line in an MMS over HTTP (MMSH) server response.
•MLIST:\[oss-security\] 20140418 Re: l...Heap-based buffer overflow in the get\_answer function in mmsh.c in
libmms before 0.6.4 allows remote attackers to execute arbitrary code
via a long line in an MMS over HTTP (MMSH) server response.
•MLIST:\[oss-security\] 20140418 Re: libmms heap-based buffer overflow
fix
•URL: http://www.openwall.com/lists/oss-security/2014/04/18/14
•CONFIRM:
http://sourceforge.net/p/libmms/code/ci/03bcfccc22919c72742b7338d02859962861e0e8
•CONFIRM:
http://sourceforge.net/p/libmms/code/ci/master/tree/ChangeLog
•BID:66933
•URL: http://www.securityfocus.com/bid/66933
•SECUNIA:57875
•URL: http://secunia.com/advisories/57875
•XF:libmms-getanswer-bo(92640)
•URL: http://xforce.iss.net/xforce/xfdb/92640
*(from redmine: issue id 2907, created on 2014-05-20, closed on 2014-05-23)*
* Relations:
* child #2908
* child #2909
* child #2910
* Changesets:
* Revision dbaf2189273d3ff04b4d1ac7682a6845d06c0adf by Natanael Copa on 2014-05-21T13:39:30Z:
```
main/libmms: security upgrade to 0.6.4 (CVE-2014-2892)
ref #2907
```https://gitlab.alpinelinux.org/alpine/aports/-/issues/2908[v2.5] libmms: heap-based buffer overflow in the get_answer function (CVE-201...2019-07-23T14:09:15ZAlexander Belous[v2.5] libmms: heap-based buffer overflow in the get_answer function (CVE-2014-2892)Heap-based buffer overflow in the get\_answer function in mmsh.c in
libmms before 0.6.4 allows remote attackers to execute arbitrary code
via a long line in an MMS over HTTP (MMSH) server response.
•MLIST:\[oss-security\] 20140418 Re: l...Heap-based buffer overflow in the get\_answer function in mmsh.c in
libmms before 0.6.4 allows remote attackers to execute arbitrary code
via a long line in an MMS over HTTP (MMSH) server response.
•MLIST:\[oss-security\] 20140418 Re: libmms heap-based buffer overflow
fix
•URL: http://www.openwall.com/lists/oss-security/2014/04/18/14
•CONFIRM:
http://sourceforge.net/p/libmms/code/ci/03bcfccc22919c72742b7338d02859962861e0e8
•CONFIRM:
http://sourceforge.net/p/libmms/code/ci/master/tree/ChangeLog
•BID:66933
•URL: http://www.securityfocus.com/bid/66933
•SECUNIA:57875
•URL: http://secunia.com/advisories/57875
•XF:libmms-getanswer-bo(92640)
•URL: http://xforce.iss.net/xforce/xfdb/92640
*(from redmine: issue id 2908, created on 2014-05-20, closed on 2014-05-23)*
* Relations:
* parent #2907
* Changesets:
* Revision cef8b69227bdb1c0039f8ae6833e72d70b275ad1 by Natanael Copa on 2014-05-22T14:49:07Z:
```
main/libmms: security upgrade to 0.6.4 (CVE-2014-2892)
fixes #2908
```Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2909[v2.6] libmms: heap-based buffer overflow in the get_answer function (CVE-201...2019-07-23T14:09:15ZAlexander Belous[v2.6] libmms: heap-based buffer overflow in the get_answer function (CVE-2014-2892)Heap-based buffer overflow in the get\_answer function in mmsh.c in
libmms before 0.6.4 allows remote attackers to execute arbitrary code
via a long line in an MMS over HTTP (MMSH) server response.
•MLIST:\[oss-security\] 20140418 Re: l...Heap-based buffer overflow in the get\_answer function in mmsh.c in
libmms before 0.6.4 allows remote attackers to execute arbitrary code
via a long line in an MMS over HTTP (MMSH) server response.
•MLIST:\[oss-security\] 20140418 Re: libmms heap-based buffer overflow
fix
•URL: http://www.openwall.com/lists/oss-security/2014/04/18/14
•CONFIRM:
http://sourceforge.net/p/libmms/code/ci/03bcfccc22919c72742b7338d02859962861e0e8
•CONFIRM:
http://sourceforge.net/p/libmms/code/ci/master/tree/ChangeLog
•BID:66933
•URL: http://www.securityfocus.com/bid/66933
•SECUNIA:57875
•URL: http://secunia.com/advisories/57875
•XF:libmms-getanswer-bo(92640)
•URL: http://xforce.iss.net/xforce/xfdb/92640
*(from redmine: issue id 2909, created on 2014-05-20, closed on 2014-05-23)*
* Relations:
* parent #2907
* Changesets:
* Revision c543e6951cd74145741b0b300a9c730d7b261d26 by Natanael Copa on 2014-05-22T14:49:40Z:
```
main/libmms: security upgrade to 0.6.4 (CVE-2014-2892)
fixes #2909
```Alpine 2.6.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2910[v2.7] libmms: heap-based buffer overflow in the get_answer function (CVE-201...2019-07-23T14:09:13ZAlexander Belous[v2.7] libmms: heap-based buffer overflow in the get_answer function (CVE-2014-2892)Heap-based buffer overflow in the get\_answer function in mmsh.c in
libmms before 0.6.4 allows remote attackers to execute arbitrary code
via a long line in an MMS over HTTP (MMSH) server response.
•MLIST:\[oss-security\] 20140418 Re: l...Heap-based buffer overflow in the get\_answer function in mmsh.c in
libmms before 0.6.4 allows remote attackers to execute arbitrary code
via a long line in an MMS over HTTP (MMSH) server response.
•MLIST:\[oss-security\] 20140418 Re: libmms heap-based buffer overflow
fix
•URL: http://www.openwall.com/lists/oss-security/2014/04/18/14
•CONFIRM:
http://sourceforge.net/p/libmms/code/ci/03bcfccc22919c72742b7338d02859962861e0e8
•CONFIRM:
http://sourceforge.net/p/libmms/code/ci/master/tree/ChangeLog
•BID:66933
•URL: http://www.securityfocus.com/bid/66933
•SECUNIA:57875
•URL: http://secunia.com/advisories/57875
•XF:libmms-getanswer-bo(92640)
•URL: http://xforce.iss.net/xforce/xfdb/92640
*(from redmine: issue id 2910, created on 2014-05-20, closed on 2014-05-23)*
* Relations:
* parent #2907
* Changesets:
* Revision fb608dbe599624f5f4345feaa292ad2c84c165c9 by Natanael Copa on 2014-05-21T13:37:40Z:
```
main/libmms: security upgrade to 0.6.4 (CVE-2014-2892)
fixes #2910
```Alpine 2.7.8Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2969Package Request: mod-sflow2019-07-23T14:08:16ZFlorian HeiglPackage Request: mod-sflowI stumbled over
https://code.google.com/p/mod-sflow/
which is a sFlow plugin for apache.
I think this is a cool feature for busy Apache webserver farms.
Requests are sampled, there’s a http reporting url and more interesting
featu...I stumbled over
https://code.google.com/p/mod-sflow/
which is a sFlow plugin for apache.
I think this is a cool feature for busy Apache webserver farms.
Requests are sampled, there’s a http reporting url and more interesting
features.
I’ll try packaging it.
*(from redmine: issue id 2969, created on 2014-05-28, closed on 2014-12-09)*
* Changesets:
* Revision 5eac8562d04c578359a31869ab1b6860d85a6fde by Natanael Copa on 2014-10-15T16:13:42Z:
```
testing/mod-sflow: new aport
Apache module to implement logging using sFlow for monitoring of large web clusters.
https://code.google.com/p/mod-sflow/
fixes #2969
```3.1.0Florian HeiglFlorian Heigl2014-07-31https://gitlab.alpinelinux.org/alpine/aports/-/issues/2990bash: security feature bypassed2019-07-23T14:07:57ZAlexander Belousbash: security feature bypassedA bug was reported in bash up to 4.3. In some circumstances the bash
security feature could be bypassed allowing the bash to be a valid
target shell in an attack.
The bug has not been fixed by developers. However a patch exists.
http:...A bug was reported in bash up to 4.3. In some circumstances the bash
security feature could be bypassed allowing the bash to be a valid
target shell in an attack.
The bug has not been fixed by developers. However a patch exists.
http://seclists.org/bugtraq/2014/Jun/28
COMMIT: http://hmarco.org/bugs/bash\_4.3-setuid-bug.html
*(from redmine: issue id 2990, created on 2014-06-05, closed on 2014-06-19)*
* Relations:
* child #2991
* child #2992
* child #2993
* child #2994
* Changesets:
* Revision 15eb98780f3c051d2835df3860b5bcba16bf1aae by Natanael Copa on 2014-06-05T10:55:05Z:
```
main/bash: fix setuid bug
ref #2990
```
* Revision 3e589033a44832ab8b4f5a8e9a68aac077beae59 by Natanael Copa on 2014-06-17T11:55:11Z:
```
main/bash: fix setuid bug
ref #2990
fixes #2993
(cherry picked from commit 15eb98780f3c051d2835df3860b5bcba16bf1aae)
Conflicts:
main/bash/APKBUILD
```
* Revision 47505bf144ffd2f83881a719f85fcc0ec3cf9ba6 by Natanael Copa on 2014-06-17T11:55:37Z:
```
main/bash: fix setuid bug
ref #2990
fixes #2994
(cherry picked from commit 15eb98780f3c051d2835df3860b5bcba16bf1aae)
```
* Revision 883b411c85593d30f2296a157a733aa799c32828 by Natanael Copa on 2014-06-17T11:57:19Z:
```
main/bash: fix setuid bug
ref #2990
fixes #2992
(cherry picked from commit 15eb98780f3c051d2835df3860b5bcba16bf1aae)
Conflicts:
main/bash/APKBUILD
```
* Revision 53d049ee391dde7c74d37262eb0c027c61c8562f by Natanael Copa on 2014-06-17T12:01:39Z:
```
main/bash: fix setuid bug
ref #2990
fixes #2991
(cherry picked from commit 883b411c85593d30f2296a157a733aa799c32828)
Conflicts:
main/bash/APKBUILD
```https://gitlab.alpinelinux.org/alpine/aports/-/issues/2991[v2.5] bash: security feature bypassed2019-07-23T14:07:56ZAlexander Belous[v2.5] bash: security feature bypassedA bug was reported in bash up to 4.3. In some circumstances the bash
security feature could be bypassed allowing the bash to be a valid
target shell in an attack.
The bug has not been fixed by developers. However a patch exists.
http:...A bug was reported in bash up to 4.3. In some circumstances the bash
security feature could be bypassed allowing the bash to be a valid
target shell in an attack.
The bug has not been fixed by developers. However a patch exists.
http://seclists.org/bugtraq/2014/Jun/28
COMMIT: http://hmarco.org/bugs/bash\_4.3-setuid-bug.html
*(from redmine: issue id 2991, created on 2014-06-05, closed on 2014-06-19)*
* Relations:
* parent #2990
* Changesets:
* Revision 53d049ee391dde7c74d37262eb0c027c61c8562f by Natanael Copa on 2014-06-17T12:01:39Z:
```
main/bash: fix setuid bug
ref #2990
fixes #2991
(cherry picked from commit 883b411c85593d30f2296a157a733aa799c32828)
Conflicts:
main/bash/APKBUILD
```Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2992[v2.6] bash: security feature bypassed2019-07-23T14:07:55ZAlexander Belous[v2.6] bash: security feature bypassedA bug was reported in bash up to 4.3. In some circumstances the bash
security feature could be bypassed allowing the bash to be a valid
target shell in an attack.
The bug has not been fixed by developers. However a patch exists.
http:...A bug was reported in bash up to 4.3. In some circumstances the bash
security feature could be bypassed allowing the bash to be a valid
target shell in an attack.
The bug has not been fixed by developers. However a patch exists.
http://seclists.org/bugtraq/2014/Jun/28
COMMIT: http://hmarco.org/bugs/bash\_4.3-setuid-bug.html
*(from redmine: issue id 2992, created on 2014-06-05, closed on 2014-06-19)*
* Relations:
* parent #2990
* Changesets:
* Revision 883b411c85593d30f2296a157a733aa799c32828 by Natanael Copa on 2014-06-17T11:57:19Z:
```
main/bash: fix setuid bug
ref #2990
fixes #2992
(cherry picked from commit 15eb98780f3c051d2835df3860b5bcba16bf1aae)
Conflicts:
main/bash/APKBUILD
```Alpine 2.6.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2993[v2.7] bash: security feature bypassed2019-07-23T14:07:54ZAlexander Belous[v2.7] bash: security feature bypassedA bug was reported in bash up to 4.3. In some circumstances the bash
security feature could be bypassed allowing the bash to be a valid
target shell in an attack.
The bug has not been fixed by developers. However a patch exists.
http:...A bug was reported in bash up to 4.3. In some circumstances the bash
security feature could be bypassed allowing the bash to be a valid
target shell in an attack.
The bug has not been fixed by developers. However a patch exists.
http://seclists.org/bugtraq/2014/Jun/28
COMMIT: http://hmarco.org/bugs/bash\_4.3-setuid-bug.html
*(from redmine: issue id 2993, created on 2014-06-05, closed on 2014-06-19)*
* Relations:
* parent #2990
* Changesets:
* Revision 3e589033a44832ab8b4f5a8e9a68aac077beae59 by Natanael Copa on 2014-06-17T11:55:11Z:
```
main/bash: fix setuid bug
ref #2990
fixes #2993
(cherry picked from commit 15eb98780f3c051d2835df3860b5bcba16bf1aae)
Conflicts:
main/bash/APKBUILD
```Alpine 2.7.9Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2994[v3.0] bash: security feature bypassed2019-07-23T14:07:53ZAlexander Belous[v3.0] bash: security feature bypassedA bug was reported in bash up to 4.3. In some circumstances the bash
security feature could be bypassed allowing the bash to be a valid
target shell in an attack.
The bug has not been fixed by developers. However a patch exists.
http:...A bug was reported in bash up to 4.3. In some circumstances the bash
security feature could be bypassed allowing the bash to be a valid
target shell in an attack.
The bug has not been fixed by developers. However a patch exists.
http://seclists.org/bugtraq/2014/Jun/28
COMMIT: http://hmarco.org/bugs/bash\_4.3-setuid-bug.html
*(from redmine: issue id 2994, created on 2014-06-05, closed on 2014-06-19)*
* Relations:
* parent #2990
* Changesets:
* Revision 47505bf144ffd2f83881a719f85fcc0ec3cf9ba6 by Natanael Copa on 2014-06-17T11:55:37Z:
```
main/bash: fix setuid bug
ref #2990
fixes #2994
(cherry picked from commit 15eb98780f3c051d2835df3860b5bcba16bf1aae)
```3.0.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3026libcap-ng: capng_lock sets securebits in a scary manner (CVE-2014-3215)2019-07-23T14:07:21ZAlexander Belouslibcap-ng: capng_lock sets securebits in a scary manner (CVE-2014-3215)capng\_lock sets securebits in an attempt to prevent regaining
capabilities using setuid-root programs. This works, but it has little
effect on setcap’d programs, and it allows a user to run setuid programs
as uid 0 but without capabilit...capng\_lock sets securebits in an attempt to prevent regaining
capabilities using setuid-root programs. This works, but it has little
effect on setcap’d programs, and it allows a user to run setuid programs
as uid 0 but without capabilities, which is potentially dangerous.
seunshare in policycoreutils 2.2.5 is owned by root with 4755
permissions, and executes programs in a way that changes the
relationship between the setuid system call and the getresuid saved
set-user-ID value, which makes it easier for local users to gain
privileges by leveraging a program that mistakenly expected that it
could permanently drop privileges.
•MLIST:\[oss-security\] 20140429 local privilege escalation due to
capng\_lock as used in seunshare
•URL: http://openwall.com/lists/oss-security/2014/04/29/7
•MLIST:\[oss-security\] 20140430 Re: local privilege escalation due to
capng\_lock as used in seunshare
•URL: http://openwall.com/lists/oss-security/2014/04/30/4
•MLIST:\[oss-security\] 20140507 Re: local privilege escalation due to
capng\_lock as used in seunshare
•URL: http://openwall.com/lists/oss-security/2014/05/08/1
•BID:67341
•URL: http://www.securityfocus.com/bid/67341
•SECUNIA:59007
•URL: http://secunia.com/advisories/59007
*(from redmine: issue id 3026, created on 2014-06-12, closed on 2014-06-24)*
* Relations:
* child #3028
* child #3029
* child #3030
* child #3031https://gitlab.alpinelinux.org/alpine/aports/-/issues/3028[v2.5] libcap-ng: capng_lock sets securebits in a scary manner (CVE-2014-3215)2019-07-23T14:07:20ZAlexander Belous[v2.5] libcap-ng: capng_lock sets securebits in a scary manner (CVE-2014-3215)capng\_lock sets securebits in an attempt to prevent regaining
capabilities using setuid-root programs. This works, but it has little
effect on setcap’d programs, and it allows a user to run setuid programs
as uid 0 but without capabilit...capng\_lock sets securebits in an attempt to prevent regaining
capabilities using setuid-root programs. This works, but it has little
effect on setcap’d programs, and it allows a user to run setuid programs
as uid 0 but without capabilities, which is potentially dangerous.
seunshare in policycoreutils 2.2.5 is owned by root with 4755
permissions, and executes programs in a way that changes the
relationship between the setuid system call and the getresuid saved
set-user-ID value, which makes it easier for local users to gain
privileges by leveraging a program that mistakenly expected that it
could permanently drop privileges.
•MLIST:\[oss-security\] 20140429 local privilege escalation due to
capng\_lock as used in seunshare
•URL: http://openwall.com/lists/oss-security/2014/04/29/7
•MLIST:\[oss-security\] 20140430 Re: local privilege escalation due to
capng\_lock as used in seunshare
•URL: http://openwall.com/lists/oss-security/2014/04/30/4
•MLIST:\[oss-security\] 20140507 Re: local privilege escalation due to
capng\_lock as used in seunshare
•URL: http://openwall.com/lists/oss-security/2014/05/08/1
•BID:67341
•URL: http://www.securityfocus.com/bid/67341
•SECUNIA:59007
•URL: http://secunia.com/advisories/59007
*(from redmine: issue id 3028, created on 2014-06-12, closed on 2014-06-24)*
* Relations:
* parent #3026
* Changesets:
* Revision ca45f4a87ee9f6f19c839d69474332bc8888e24c on 2014-06-18T11:09:08Z:
```
Security fix (CVE-2013-3215). Fixes #3028
```Alpine 2.5.5Natanael CopaNatanael Copa