aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2019-07-23T14:04:07Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3249[v3.0] ansible: input sanitization errors (CVE-2014-4966 CVE-2014-4967)2019-07-23T14:04:07ZAlexander Belous[v3.0] ansible: input sanitization errors (CVE-2014-4966 CVE-2014-4967)The Ansible project is an open source configuration management platform.
The Ansible platform suffers from input sanitization errors that allow
arbitrary code execution as well as information leak, in case an
attacker is
able to con...The Ansible project is an open source configuration management platform.
The Ansible platform suffers from input sanitization errors that allow
arbitrary code execution as well as information leak, in case an
attacker is
able to control certain playbook variables.
The first vulnerability involves the escalation of a local permission
access
level into arbitrary code execution. The code execution can be triggered
by
interpolation of file names maliciously crafted as lookup plugin
commands, in
combination with its pipe feature.
The second vulnerability concerns the unsafe parsing of action arguments
in
the face of an attacker controlling variable data (whether fact data,
with\_fileglob data, or other sources), allowing an attacker to supply
their
own options to an action. The impact of this is dependent on the
action
module the attacker targets. For example, an attacker controlling
variables
passed to the copy or template actions would be able to trigger
arbitrary
code execution (in addition to simple information leakage) via the
validate
option’s acceptance of arbitrary shell code.
Affected version:
Ansible <= 1.6.6
Fixed version:
Ansible >= 1.6.7
Credit: vulnerability report received from Brian Harring <ferringb
AT
gmail.com>.
CVE: CVE-2014-4966 (lookup function), CVE-2014-4967 (action arguments)
References:
http://www.ocert.org/advisories/ocert-2014-004.html
*(from redmine: issue id 3249, created on 2014-07-29, closed on 2014-07-30)*
* Relations:
* parent #3247
* Changesets:
* Revision 353f4d222954c599c368e9ae5acc09488b79eb6c by Natanael Copa on 2014-07-29T14:04:50Z:
```
main/ansible: security upgrade to 1.6.7 (CVE-2014-4966,CVE-2014-4967)
fixes #3249
```3.0.2Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3248[v2.7] ansible: input sanitization errors (CVE-2014-4966 CVE-2014-4967)2019-07-23T14:04:09ZAlexander Belous[v2.7] ansible: input sanitization errors (CVE-2014-4966 CVE-2014-4967)The Ansible project is an open source configuration management platform.
The Ansible platform suffers from input sanitization errors that allow
arbitrary code execution as well as information leak, in case an
attacker is
able to con...The Ansible project is an open source configuration management platform.
The Ansible platform suffers from input sanitization errors that allow
arbitrary code execution as well as information leak, in case an
attacker is
able to control certain playbook variables.
The first vulnerability involves the escalation of a local permission
access
level into arbitrary code execution. The code execution can be triggered
by
interpolation of file names maliciously crafted as lookup plugin
commands, in
combination with its pipe feature.
The second vulnerability concerns the unsafe parsing of action arguments
in
the face of an attacker controlling variable data (whether fact data,
with\_fileglob data, or other sources), allowing an attacker to supply
their
own options to an action. The impact of this is dependent on the
action
module the attacker targets. For example, an attacker controlling
variables
passed to the copy or template actions would be able to trigger
arbitrary
code execution (in addition to simple information leakage) via the
validate
option’s acceptance of arbitrary shell code.
Affected version:
Ansible <= 1.6.6
Fixed version:
Ansible >= 1.6.7
Credit: vulnerability report received from Brian Harring <ferringb
AT
gmail.com>.
CVE: CVE-2014-4966 (lookup function), CVE-2014-4967 (action arguments)
References:
http://www.ocert.org/advisories/ocert-2014-004.html
*(from redmine: issue id 3248, created on 2014-07-29, closed on 2014-07-30)*
* Relations:
* parent #3247
* Changesets:
* Revision df5d783daeabfe8bafa649868e6c5797ea66655b by Natanael Copa on 2014-07-29T14:06:24Z:
```
main/ansible: security upgrade to 1.6.7 (CVE-2014-4966,CVE-2014-4967)
fixes #3248
```Alpine 2.7.10Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3247ansible: input sanitization errors (CVE-2014-4966 CVE-2014-4967)2019-07-23T14:04:10ZAlexander Belousansible: input sanitization errors (CVE-2014-4966 CVE-2014-4967)The Ansible project is an open source configuration management platform.
The Ansible platform suffers from input sanitization errors that allow
arbitrary code execution as well as information leak, in case an
attacker is
able to con...The Ansible project is an open source configuration management platform.
The Ansible platform suffers from input sanitization errors that allow
arbitrary code execution as well as information leak, in case an
attacker is
able to control certain playbook variables.
The first vulnerability involves the escalation of a local permission
access
level into arbitrary code execution. The code execution can be triggered
by
interpolation of file names maliciously crafted as lookup plugin
commands, in
combination with its pipe feature.
The second vulnerability concerns the unsafe parsing of action arguments
in
the face of an attacker controlling variable data (whether fact data,
with\_fileglob data, or other sources), allowing an attacker to supply
their
own options to an action. The impact of this is dependent on the
action
module the attacker targets. For example, an attacker controlling
variables
passed to the copy or template actions would be able to trigger
arbitrary
code execution (in addition to simple information leakage) via the
validate
option’s acceptance of arbitrary shell code.
Affected version:
Ansible <= 1.6.6
Fixed version:
Ansible >= 1.6.7
Credit: vulnerability report received from Brian Harring <ferringb
AT
gmail.com>.
CVE: CVE-2014-4966 (lookup function), CVE-2014-4967 (action arguments)
References:
http://www.ocert.org/advisories/ocert-2014-004.html
*(from redmine: issue id 3247, created on 2014-07-29, closed on 2014-07-30)*
* Relations:
* child #3248
* child #3249https://gitlab.alpinelinux.org/alpine/aports/-/issues/3143[v3.0] ansible: remote data checking code fixes (CVE-2014-4678 and related)2019-07-23T14:05:38ZAlexander Belous[v3.0] ansible: remote data checking code fixes (CVE-2014-4678 and related)Ansible remote data checking code was updated to lock down some security
items related to deal with untrusted data from pre-compromised remote
hosts. It was a series of changes made. Some of the issues was assigned
CVE-2014-4678. However...Ansible remote data checking code was updated to lock down some security
items related to deal with untrusted data from pre-compromised remote
hosts. It was a series of changes made. Some of the issues was assigned
CVE-2014-4678. However the additional ones do not have CVE assigned yet.
Update to Ansible 1.6.6 is recommended.
References:
https://groups.google.com/forum/message/raw?msg=ansible-announce/ieV1vZvcTXU/5Q93ThkY9rIJ
https://groups.google.com/forum/message/raw?msg=ansible-announce/A1px5egCnGQ/jH6f5HM7kpkJ
https://groups.google.com/forum/message/raw?msg=ansible-announce/WKL7BY3qddo/JkJiNrZzy3AJ
CONFIRM: http://seclists.org/oss-sec/2014/q3/2
COMMIT:
https://github.com/ansible/ansible/commit/5429b85b9f6c2e640074176f36ff05fd5e4d1916
(not fully fix all the issues)
*(from redmine: issue id 3143, created on 2014-07-03, closed on 2014-07-17)*
* Relations:
* parent #3141
* Changesets:
* Revision 2d23babfbd5686723a226613b31ca2cd5ba2e4e9 by Natanael Copa on 2014-07-16T09:55:44Z:
```
main/ansible: security upgrade to 1.6.6 (CVE-2014-4678)
fixes #3143
```3.0.2Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3142[v2.7] ansible: remote data checking code fixes (CVE-2014-4678 and related)2019-07-23T14:05:39ZAlexander Belous[v2.7] ansible: remote data checking code fixes (CVE-2014-4678 and related)Ansible remote data checking code was updated to lock down some security
items related to deal with untrusted data from pre-compromised remote
hosts. It was a series of changes made. Some of the issues was assigned
CVE-2014-4678. However...Ansible remote data checking code was updated to lock down some security
items related to deal with untrusted data from pre-compromised remote
hosts. It was a series of changes made. Some of the issues was assigned
CVE-2014-4678. However the additional ones do not have CVE assigned yet.
Update to Ansible 1.6.6 is recommended.
References:
https://groups.google.com/forum/message/raw?msg=ansible-announce/ieV1vZvcTXU/5Q93ThkY9rIJ
https://groups.google.com/forum/message/raw?msg=ansible-announce/A1px5egCnGQ/jH6f5HM7kpkJ
https://groups.google.com/forum/message/raw?msg=ansible-announce/WKL7BY3qddo/JkJiNrZzy3AJ
CONFIRM: http://seclists.org/oss-sec/2014/q3/2
COMMIT:
https://github.com/ansible/ansible/commit/5429b85b9f6c2e640074176f36ff05fd5e4d1916
(not fully fix all the issues)
*(from redmine: issue id 3142, created on 2014-07-03, closed on 2014-07-17)*
* Relations:
* parent #3141
* Changesets:
* Revision 87ec1c872a344b27d101746eb221bf32a8208cf4 by Natanael Copa on 2014-07-16T09:59:52Z:
```
main/ansible: security upgrade to 1.6.6 (CVE-2014-4678)
fixes #3142
```Alpine 2.7.10Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3141ansible: remote data checking code fixes (CVE-2014-4678 and related)2019-07-23T14:05:40ZAlexander Belousansible: remote data checking code fixes (CVE-2014-4678 and related)Ansible remote data checking code was updated to lock down some security
items related to deal with untrusted data from pre-compromised remote
hosts. It was a series of changes made. Some of the issues was assigned
CVE-2014-4678. However...Ansible remote data checking code was updated to lock down some security
items related to deal with untrusted data from pre-compromised remote
hosts. It was a series of changes made. Some of the issues was assigned
CVE-2014-4678. However the additional ones do not have CVE assigned yet.
Update to Ansible 1.6.6 is recommended.
References:
https://groups.google.com/forum/message/raw?msg=ansible-announce/ieV1vZvcTXU/5Q93ThkY9rIJ
https://groups.google.com/forum/message/raw?msg=ansible-announce/A1px5egCnGQ/jH6f5HM7kpkJ
https://groups.google.com/forum/message/raw?msg=ansible-announce/WKL7BY3qddo/JkJiNrZzy3AJ
CONFIRM: http://seclists.org/oss-sec/2014/q3/2
COMMIT:
https://github.com/ansible/ansible/commit/5429b85b9f6c2e640074176f36ff05fd5e4d1916
(not fully fix all the issues)
*(from redmine: issue id 3141, created on 2014-07-03, closed on 2014-07-17)*
* Relations:
* child #3142
* child #3143https://gitlab.alpinelinux.org/alpine/aports/-/issues/3031[v3.0] libcap-ng: capng_lock sets securebits in a scary manner (CVE-2014-3215)2019-07-23T14:07:17ZAlexander Belous[v3.0] libcap-ng: capng_lock sets securebits in a scary manner (CVE-2014-3215)capng\_lock sets securebits in an attempt to prevent regaining
capabilities using setuid-root programs. This works, but it has little
effect on setcap’d programs, and it allows a user to run setuid programs
as uid 0 but without capabilit...capng\_lock sets securebits in an attempt to prevent regaining
capabilities using setuid-root programs. This works, but it has little
effect on setcap’d programs, and it allows a user to run setuid programs
as uid 0 but without capabilities, which is potentially dangerous.
seunshare in policycoreutils 2.2.5 is owned by root with 4755
permissions, and executes programs in a way that changes the
relationship between the setuid system call and the getresuid saved
set-user-ID value, which makes it easier for local users to gain
privileges by leveraging a program that mistakenly expected that it
could permanently drop privileges.
•MLIST:\[oss-security\] 20140429 local privilege escalation due to
capng\_lock as used in seunshare
•URL: http://openwall.com/lists/oss-security/2014/04/29/7
•MLIST:\[oss-security\] 20140430 Re: local privilege escalation due to
capng\_lock as used in seunshare
•URL: http://openwall.com/lists/oss-security/2014/04/30/4
•MLIST:\[oss-security\] 20140507 Re: local privilege escalation due to
capng\_lock as used in seunshare
•URL: http://openwall.com/lists/oss-security/2014/05/08/1
•BID:67341
•URL: http://www.securityfocus.com/bid/67341
•SECUNIA:59007
•URL: http://secunia.com/advisories/59007
*(from redmine: issue id 3031, created on 2014-06-12, closed on 2014-06-24)*
* Relations:
* parent #3026
* Changesets:
* Revision f202c41cce97650c6c9077d80fc60590a22350de by Leonardo Arena on 2014-06-18T10:26:13Z:
```
Security fix (CVE-2013-3215). Fixes #3031
```3.0.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3030[v2.7] libcap-ng: capng_lock sets securebits in a scary manner (CVE-2014-3215)2019-07-23T14:07:18ZAlexander Belous[v2.7] libcap-ng: capng_lock sets securebits in a scary manner (CVE-2014-3215)capng\_lock sets securebits in an attempt to prevent regaining
capabilities using setuid-root programs. This works, but it has little
effect on setcap’d programs, and it allows a user to run setuid programs
as uid 0 but without capabilit...capng\_lock sets securebits in an attempt to prevent regaining
capabilities using setuid-root programs. This works, but it has little
effect on setcap’d programs, and it allows a user to run setuid programs
as uid 0 but without capabilities, which is potentially dangerous.
seunshare in policycoreutils 2.2.5 is owned by root with 4755
permissions, and executes programs in a way that changes the
relationship between the setuid system call and the getresuid saved
set-user-ID value, which makes it easier for local users to gain
privileges by leveraging a program that mistakenly expected that it
could permanently drop privileges.
•MLIST:\[oss-security\] 20140429 local privilege escalation due to
capng\_lock as used in seunshare
•URL: http://openwall.com/lists/oss-security/2014/04/29/7
•MLIST:\[oss-security\] 20140430 Re: local privilege escalation due to
capng\_lock as used in seunshare
•URL: http://openwall.com/lists/oss-security/2014/04/30/4
•MLIST:\[oss-security\] 20140507 Re: local privilege escalation due to
capng\_lock as used in seunshare
•URL: http://openwall.com/lists/oss-security/2014/05/08/1
•BID:67341
•URL: http://www.securityfocus.com/bid/67341
•SECUNIA:59007
•URL: http://secunia.com/advisories/59007
*(from redmine: issue id 3030, created on 2014-06-12, closed on 2014-06-24)*
* Relations:
* parent #3026
* Changesets:
* Revision 88a25f5aabc145f8e2063a3200ef0a8f4194eee3 by Leonardo Arena on 2014-06-18T10:28:29Z:
```
Security fix (CVE-2013-3215). Fixes #3030
```Alpine 2.7.9Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3029[v2.6] libcap-ng: capng_lock sets securebits in a scary manner (CVE-2014-3215)2019-07-23T14:07:19ZAlexander Belous[v2.6] libcap-ng: capng_lock sets securebits in a scary manner (CVE-2014-3215)capng\_lock sets securebits in an attempt to prevent regaining
capabilities using setuid-root programs. This works, but it has little
effect on setcap’d programs, and it allows a user to run setuid programs
as uid 0 but without capabilit...capng\_lock sets securebits in an attempt to prevent regaining
capabilities using setuid-root programs. This works, but it has little
effect on setcap’d programs, and it allows a user to run setuid programs
as uid 0 but without capabilities, which is potentially dangerous.
seunshare in policycoreutils 2.2.5 is owned by root with 4755
permissions, and executes programs in a way that changes the
relationship between the setuid system call and the getresuid saved
set-user-ID value, which makes it easier for local users to gain
privileges by leveraging a program that mistakenly expected that it
could permanently drop privileges.
•MLIST:\[oss-security\] 20140429 local privilege escalation due to
capng\_lock as used in seunshare
•URL: http://openwall.com/lists/oss-security/2014/04/29/7
•MLIST:\[oss-security\] 20140430 Re: local privilege escalation due to
capng\_lock as used in seunshare
•URL: http://openwall.com/lists/oss-security/2014/04/30/4
•MLIST:\[oss-security\] 20140507 Re: local privilege escalation due to
capng\_lock as used in seunshare
•URL: http://openwall.com/lists/oss-security/2014/05/08/1
•BID:67341
•URL: http://www.securityfocus.com/bid/67341
•SECUNIA:59007
•URL: http://secunia.com/advisories/59007
*(from redmine: issue id 3029, created on 2014-06-12, closed on 2014-06-24)*
* Relations:
* parent #3026
* Changesets:
* Revision 09667d2fb33c78602017b0cb73c895e27459f76b on 2014-06-18T10:49:51Z:
```
Security fix (CVE-2013-3215). Fixes #3029
```Alpine 2.6.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3028[v2.5] libcap-ng: capng_lock sets securebits in a scary manner (CVE-2014-3215)2019-07-23T14:07:20ZAlexander Belous[v2.5] libcap-ng: capng_lock sets securebits in a scary manner (CVE-2014-3215)capng\_lock sets securebits in an attempt to prevent regaining
capabilities using setuid-root programs. This works, but it has little
effect on setcap’d programs, and it allows a user to run setuid programs
as uid 0 but without capabilit...capng\_lock sets securebits in an attempt to prevent regaining
capabilities using setuid-root programs. This works, but it has little
effect on setcap’d programs, and it allows a user to run setuid programs
as uid 0 but without capabilities, which is potentially dangerous.
seunshare in policycoreutils 2.2.5 is owned by root with 4755
permissions, and executes programs in a way that changes the
relationship between the setuid system call and the getresuid saved
set-user-ID value, which makes it easier for local users to gain
privileges by leveraging a program that mistakenly expected that it
could permanently drop privileges.
•MLIST:\[oss-security\] 20140429 local privilege escalation due to
capng\_lock as used in seunshare
•URL: http://openwall.com/lists/oss-security/2014/04/29/7
•MLIST:\[oss-security\] 20140430 Re: local privilege escalation due to
capng\_lock as used in seunshare
•URL: http://openwall.com/lists/oss-security/2014/04/30/4
•MLIST:\[oss-security\] 20140507 Re: local privilege escalation due to
capng\_lock as used in seunshare
•URL: http://openwall.com/lists/oss-security/2014/05/08/1
•BID:67341
•URL: http://www.securityfocus.com/bid/67341
•SECUNIA:59007
•URL: http://secunia.com/advisories/59007
*(from redmine: issue id 3028, created on 2014-06-12, closed on 2014-06-24)*
* Relations:
* parent #3026
* Changesets:
* Revision ca45f4a87ee9f6f19c839d69474332bc8888e24c on 2014-06-18T11:09:08Z:
```
Security fix (CVE-2013-3215). Fixes #3028
```Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3026libcap-ng: capng_lock sets securebits in a scary manner (CVE-2014-3215)2019-07-23T14:07:21ZAlexander Belouslibcap-ng: capng_lock sets securebits in a scary manner (CVE-2014-3215)capng\_lock sets securebits in an attempt to prevent regaining
capabilities using setuid-root programs. This works, but it has little
effect on setcap’d programs, and it allows a user to run setuid programs
as uid 0 but without capabilit...capng\_lock sets securebits in an attempt to prevent regaining
capabilities using setuid-root programs. This works, but it has little
effect on setcap’d programs, and it allows a user to run setuid programs
as uid 0 but without capabilities, which is potentially dangerous.
seunshare in policycoreutils 2.2.5 is owned by root with 4755
permissions, and executes programs in a way that changes the
relationship between the setuid system call and the getresuid saved
set-user-ID value, which makes it easier for local users to gain
privileges by leveraging a program that mistakenly expected that it
could permanently drop privileges.
•MLIST:\[oss-security\] 20140429 local privilege escalation due to
capng\_lock as used in seunshare
•URL: http://openwall.com/lists/oss-security/2014/04/29/7
•MLIST:\[oss-security\] 20140430 Re: local privilege escalation due to
capng\_lock as used in seunshare
•URL: http://openwall.com/lists/oss-security/2014/04/30/4
•MLIST:\[oss-security\] 20140507 Re: local privilege escalation due to
capng\_lock as used in seunshare
•URL: http://openwall.com/lists/oss-security/2014/05/08/1
•BID:67341
•URL: http://www.securityfocus.com/bid/67341
•SECUNIA:59007
•URL: http://secunia.com/advisories/59007
*(from redmine: issue id 3026, created on 2014-06-12, closed on 2014-06-24)*
* Relations:
* child #3028
* child #3029
* child #3030
* child #3031https://gitlab.alpinelinux.org/alpine/aports/-/issues/2994[v3.0] bash: security feature bypassed2019-07-23T14:07:53ZAlexander Belous[v3.0] bash: security feature bypassedA bug was reported in bash up to 4.3. In some circumstances the bash
security feature could be bypassed allowing the bash to be a valid
target shell in an attack.
The bug has not been fixed by developers. However a patch exists.
http:...A bug was reported in bash up to 4.3. In some circumstances the bash
security feature could be bypassed allowing the bash to be a valid
target shell in an attack.
The bug has not been fixed by developers. However a patch exists.
http://seclists.org/bugtraq/2014/Jun/28
COMMIT: http://hmarco.org/bugs/bash\_4.3-setuid-bug.html
*(from redmine: issue id 2994, created on 2014-06-05, closed on 2014-06-19)*
* Relations:
* parent #2990
* Changesets:
* Revision 47505bf144ffd2f83881a719f85fcc0ec3cf9ba6 by Natanael Copa on 2014-06-17T11:55:37Z:
```
main/bash: fix setuid bug
ref #2990
fixes #2994
(cherry picked from commit 15eb98780f3c051d2835df3860b5bcba16bf1aae)
```3.0.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2993[v2.7] bash: security feature bypassed2019-07-23T14:07:54ZAlexander Belous[v2.7] bash: security feature bypassedA bug was reported in bash up to 4.3. In some circumstances the bash
security feature could be bypassed allowing the bash to be a valid
target shell in an attack.
The bug has not been fixed by developers. However a patch exists.
http:...A bug was reported in bash up to 4.3. In some circumstances the bash
security feature could be bypassed allowing the bash to be a valid
target shell in an attack.
The bug has not been fixed by developers. However a patch exists.
http://seclists.org/bugtraq/2014/Jun/28
COMMIT: http://hmarco.org/bugs/bash\_4.3-setuid-bug.html
*(from redmine: issue id 2993, created on 2014-06-05, closed on 2014-06-19)*
* Relations:
* parent #2990
* Changesets:
* Revision 3e589033a44832ab8b4f5a8e9a68aac077beae59 by Natanael Copa on 2014-06-17T11:55:11Z:
```
main/bash: fix setuid bug
ref #2990
fixes #2993
(cherry picked from commit 15eb98780f3c051d2835df3860b5bcba16bf1aae)
Conflicts:
main/bash/APKBUILD
```Alpine 2.7.9Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2992[v2.6] bash: security feature bypassed2019-07-23T14:07:55ZAlexander Belous[v2.6] bash: security feature bypassedA bug was reported in bash up to 4.3. In some circumstances the bash
security feature could be bypassed allowing the bash to be a valid
target shell in an attack.
The bug has not been fixed by developers. However a patch exists.
http:...A bug was reported in bash up to 4.3. In some circumstances the bash
security feature could be bypassed allowing the bash to be a valid
target shell in an attack.
The bug has not been fixed by developers. However a patch exists.
http://seclists.org/bugtraq/2014/Jun/28
COMMIT: http://hmarco.org/bugs/bash\_4.3-setuid-bug.html
*(from redmine: issue id 2992, created on 2014-06-05, closed on 2014-06-19)*
* Relations:
* parent #2990
* Changesets:
* Revision 883b411c85593d30f2296a157a733aa799c32828 by Natanael Copa on 2014-06-17T11:57:19Z:
```
main/bash: fix setuid bug
ref #2990
fixes #2992
(cherry picked from commit 15eb98780f3c051d2835df3860b5bcba16bf1aae)
Conflicts:
main/bash/APKBUILD
```Alpine 2.6.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2991[v2.5] bash: security feature bypassed2019-07-23T14:07:56ZAlexander Belous[v2.5] bash: security feature bypassedA bug was reported in bash up to 4.3. In some circumstances the bash
security feature could be bypassed allowing the bash to be a valid
target shell in an attack.
The bug has not been fixed by developers. However a patch exists.
http:...A bug was reported in bash up to 4.3. In some circumstances the bash
security feature could be bypassed allowing the bash to be a valid
target shell in an attack.
The bug has not been fixed by developers. However a patch exists.
http://seclists.org/bugtraq/2014/Jun/28
COMMIT: http://hmarco.org/bugs/bash\_4.3-setuid-bug.html
*(from redmine: issue id 2991, created on 2014-06-05, closed on 2014-06-19)*
* Relations:
* parent #2990
* Changesets:
* Revision 53d049ee391dde7c74d37262eb0c027c61c8562f by Natanael Copa on 2014-06-17T12:01:39Z:
```
main/bash: fix setuid bug
ref #2990
fixes #2991
(cherry picked from commit 883b411c85593d30f2296a157a733aa799c32828)
Conflicts:
main/bash/APKBUILD
```Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2990bash: security feature bypassed2019-07-23T14:07:57ZAlexander Belousbash: security feature bypassedA bug was reported in bash up to 4.3. In some circumstances the bash
security feature could be bypassed allowing the bash to be a valid
target shell in an attack.
The bug has not been fixed by developers. However a patch exists.
http:...A bug was reported in bash up to 4.3. In some circumstances the bash
security feature could be bypassed allowing the bash to be a valid
target shell in an attack.
The bug has not been fixed by developers. However a patch exists.
http://seclists.org/bugtraq/2014/Jun/28
COMMIT: http://hmarco.org/bugs/bash\_4.3-setuid-bug.html
*(from redmine: issue id 2990, created on 2014-06-05, closed on 2014-06-19)*
* Relations:
* child #2991
* child #2992
* child #2993
* child #2994
* Changesets:
* Revision 15eb98780f3c051d2835df3860b5bcba16bf1aae by Natanael Copa on 2014-06-05T10:55:05Z:
```
main/bash: fix setuid bug
ref #2990
```
* Revision 3e589033a44832ab8b4f5a8e9a68aac077beae59 by Natanael Copa on 2014-06-17T11:55:11Z:
```
main/bash: fix setuid bug
ref #2990
fixes #2993
(cherry picked from commit 15eb98780f3c051d2835df3860b5bcba16bf1aae)
Conflicts:
main/bash/APKBUILD
```
* Revision 47505bf144ffd2f83881a719f85fcc0ec3cf9ba6 by Natanael Copa on 2014-06-17T11:55:37Z:
```
main/bash: fix setuid bug
ref #2990
fixes #2994
(cherry picked from commit 15eb98780f3c051d2835df3860b5bcba16bf1aae)
```
* Revision 883b411c85593d30f2296a157a733aa799c32828 by Natanael Copa on 2014-06-17T11:57:19Z:
```
main/bash: fix setuid bug
ref #2990
fixes #2992
(cherry picked from commit 15eb98780f3c051d2835df3860b5bcba16bf1aae)
Conflicts:
main/bash/APKBUILD
```
* Revision 53d049ee391dde7c74d37262eb0c027c61c8562f by Natanael Copa on 2014-06-17T12:01:39Z:
```
main/bash: fix setuid bug
ref #2990
fixes #2991
(cherry picked from commit 883b411c85593d30f2296a157a733aa799c32828)
Conflicts:
main/bash/APKBUILD
```https://gitlab.alpinelinux.org/alpine/aports/-/issues/2910[v2.7] libmms: heap-based buffer overflow in the get_answer function (CVE-201...2019-07-23T14:09:13ZAlexander Belous[v2.7] libmms: heap-based buffer overflow in the get_answer function (CVE-2014-2892)Heap-based buffer overflow in the get\_answer function in mmsh.c in
libmms before 0.6.4 allows remote attackers to execute arbitrary code
via a long line in an MMS over HTTP (MMSH) server response.
•MLIST:\[oss-security\] 20140418 Re: l...Heap-based buffer overflow in the get\_answer function in mmsh.c in
libmms before 0.6.4 allows remote attackers to execute arbitrary code
via a long line in an MMS over HTTP (MMSH) server response.
•MLIST:\[oss-security\] 20140418 Re: libmms heap-based buffer overflow
fix
•URL: http://www.openwall.com/lists/oss-security/2014/04/18/14
•CONFIRM:
http://sourceforge.net/p/libmms/code/ci/03bcfccc22919c72742b7338d02859962861e0e8
•CONFIRM:
http://sourceforge.net/p/libmms/code/ci/master/tree/ChangeLog
•BID:66933
•URL: http://www.securityfocus.com/bid/66933
•SECUNIA:57875
•URL: http://secunia.com/advisories/57875
•XF:libmms-getanswer-bo(92640)
•URL: http://xforce.iss.net/xforce/xfdb/92640
*(from redmine: issue id 2910, created on 2014-05-20, closed on 2014-05-23)*
* Relations:
* parent #2907
* Changesets:
* Revision fb608dbe599624f5f4345feaa292ad2c84c165c9 by Natanael Copa on 2014-05-21T13:37:40Z:
```
main/libmms: security upgrade to 0.6.4 (CVE-2014-2892)
fixes #2910
```Alpine 2.7.8Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2909[v2.6] libmms: heap-based buffer overflow in the get_answer function (CVE-201...2019-07-23T14:09:15ZAlexander Belous[v2.6] libmms: heap-based buffer overflow in the get_answer function (CVE-2014-2892)Heap-based buffer overflow in the get\_answer function in mmsh.c in
libmms before 0.6.4 allows remote attackers to execute arbitrary code
via a long line in an MMS over HTTP (MMSH) server response.
•MLIST:\[oss-security\] 20140418 Re: l...Heap-based buffer overflow in the get\_answer function in mmsh.c in
libmms before 0.6.4 allows remote attackers to execute arbitrary code
via a long line in an MMS over HTTP (MMSH) server response.
•MLIST:\[oss-security\] 20140418 Re: libmms heap-based buffer overflow
fix
•URL: http://www.openwall.com/lists/oss-security/2014/04/18/14
•CONFIRM:
http://sourceforge.net/p/libmms/code/ci/03bcfccc22919c72742b7338d02859962861e0e8
•CONFIRM:
http://sourceforge.net/p/libmms/code/ci/master/tree/ChangeLog
•BID:66933
•URL: http://www.securityfocus.com/bid/66933
•SECUNIA:57875
•URL: http://secunia.com/advisories/57875
•XF:libmms-getanswer-bo(92640)
•URL: http://xforce.iss.net/xforce/xfdb/92640
*(from redmine: issue id 2909, created on 2014-05-20, closed on 2014-05-23)*
* Relations:
* parent #2907
* Changesets:
* Revision c543e6951cd74145741b0b300a9c730d7b261d26 by Natanael Copa on 2014-05-22T14:49:40Z:
```
main/libmms: security upgrade to 0.6.4 (CVE-2014-2892)
fixes #2909
```Alpine 2.6.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2908[v2.5] libmms: heap-based buffer overflow in the get_answer function (CVE-201...2019-07-23T14:09:15ZAlexander Belous[v2.5] libmms: heap-based buffer overflow in the get_answer function (CVE-2014-2892)Heap-based buffer overflow in the get\_answer function in mmsh.c in
libmms before 0.6.4 allows remote attackers to execute arbitrary code
via a long line in an MMS over HTTP (MMSH) server response.
•MLIST:\[oss-security\] 20140418 Re: l...Heap-based buffer overflow in the get\_answer function in mmsh.c in
libmms before 0.6.4 allows remote attackers to execute arbitrary code
via a long line in an MMS over HTTP (MMSH) server response.
•MLIST:\[oss-security\] 20140418 Re: libmms heap-based buffer overflow
fix
•URL: http://www.openwall.com/lists/oss-security/2014/04/18/14
•CONFIRM:
http://sourceforge.net/p/libmms/code/ci/03bcfccc22919c72742b7338d02859962861e0e8
•CONFIRM:
http://sourceforge.net/p/libmms/code/ci/master/tree/ChangeLog
•BID:66933
•URL: http://www.securityfocus.com/bid/66933
•SECUNIA:57875
•URL: http://secunia.com/advisories/57875
•XF:libmms-getanswer-bo(92640)
•URL: http://xforce.iss.net/xforce/xfdb/92640
*(from redmine: issue id 2908, created on 2014-05-20, closed on 2014-05-23)*
* Relations:
* parent #2907
* Changesets:
* Revision cef8b69227bdb1c0039f8ae6833e72d70b275ad1 by Natanael Copa on 2014-05-22T14:49:07Z:
```
main/libmms: security upgrade to 0.6.4 (CVE-2014-2892)
fixes #2908
```Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2907libmms: heap-based buffer overflow in the get_answer function (CVE-2014-2892)2019-07-23T14:09:17ZAlexander Belouslibmms: heap-based buffer overflow in the get_answer function (CVE-2014-2892)Heap-based buffer overflow in the get\_answer function in mmsh.c in
libmms before 0.6.4 allows remote attackers to execute arbitrary code
via a long line in an MMS over HTTP (MMSH) server response.
•MLIST:\[oss-security\] 20140418 Re: l...Heap-based buffer overflow in the get\_answer function in mmsh.c in
libmms before 0.6.4 allows remote attackers to execute arbitrary code
via a long line in an MMS over HTTP (MMSH) server response.
•MLIST:\[oss-security\] 20140418 Re: libmms heap-based buffer overflow
fix
•URL: http://www.openwall.com/lists/oss-security/2014/04/18/14
•CONFIRM:
http://sourceforge.net/p/libmms/code/ci/03bcfccc22919c72742b7338d02859962861e0e8
•CONFIRM:
http://sourceforge.net/p/libmms/code/ci/master/tree/ChangeLog
•BID:66933
•URL: http://www.securityfocus.com/bid/66933
•SECUNIA:57875
•URL: http://secunia.com/advisories/57875
•XF:libmms-getanswer-bo(92640)
•URL: http://xforce.iss.net/xforce/xfdb/92640
*(from redmine: issue id 2907, created on 2014-05-20, closed on 2014-05-23)*
* Relations:
* child #2908
* child #2909
* child #2910
* Changesets:
* Revision dbaf2189273d3ff04b4d1ac7682a6845d06c0adf by Natanael Copa on 2014-05-21T13:39:30Z:
```
main/libmms: security upgrade to 0.6.4 (CVE-2014-2892)
ref #2907
```