aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2021-01-30T13:23:56Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10443Raspberry Pi 3 Mod B not booting2021-01-30T13:23:56ZPeter EggenRaspberry Pi 3 Mod B not bootingHi,
following the install procedure for Mac I tried to install the new
version 3.9.4. Whithout anychanges, the Pi did not boot up at all
signaling a
missing kernel - green LED will blink 7 times.
After editing the config.txt file a...Hi,
following the install procedure for Mac I tried to install the new
version 3.9.4. Whithout anychanges, the Pi did not boot up at all
signaling a
missing kernel - green LED will blink 7 times.
After editing the config.txt file and including a section for Pi3 (see
below) I was able to at least start the boot process but ending in a
kernel panic.
Wondering if anyone has ever tested this out.
Regards Gunhawk
disable\_splash=1
boot\_delay=0
gpu\_mem=256
gpu\_mem\_256=64
\[pi3\]
kernel=boot/vmlinuz-rpi2
Initramfs boot/initramfs-rpi2
\[pi0\]
kernel=boot/vmlinuz-rpi
initramfs boot/initramfs-rpi
\[pi1\]
kernel=boot/vmlinuz-rpi
initramfs boot/initramfs-rpi
\[all\]
include usercfg.txt
*(from redmine: issue id 10443, created on 2019-05-10)*https://gitlab.alpinelinux.org/alpine/aports/-/issues/10442nextcloud-default-apps: Broken depends2019-07-23T11:10:02ZSimon Fsimon-alpine@fraho.eunextcloud-default-apps: Broken dependsCurrent edge package cannot be installed due to unmet dependencies:
# docker run --rm -it alpine:edge /bin/ash
/ # apk add nextcloud-default-apps
fetch http://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz
...Current edge package cannot be installed due to unmet dependencies:
# docker run --rm -it alpine:edge /bin/ash
/ # apk add nextcloud-default-apps
fetch http://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz
ERROR: unsatisfiable constraints:
nextcloud-files_rightclick (missing):
required by: nextcloud-default-apps-16.0.0-r0[nextcloud-files_rightclick]
nextcloud-privacy (missing):
required by: nextcloud-default-apps-16.0.0-r0[nextcloud-privacy]
nextcloud-recommendations (missing):
required by: nextcloud-default-apps-16.0.0-r0[nextcloud-recommendations]
nextcloud-viewer (missing):
required by: nextcloud-default-apps-16.0.0-r0[nextcloud-viewer]
/ #
The “missing” packages are present in 3.9
*(from redmine: issue id 10442, created on 2019-05-10, closed on 2019-06-17)*
* Changesets:
* Revision 0cb832cfb8231716ecf5419401712a61b335f887 by Simon F on 2019-05-10T06:17:46Z:
```
community/nextcloud: Fix broken dependencies for default-apps
Fixes #10442
Signed-off-by: Leonardo Arena <rnalrd@alpinelinux.org>
```3.10.0Simon Fsimon-alpine@fraho.euSimon Fsimon-alpine@fraho.euhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10440vagrant halt on the Official Vagrant box alpine/alpine64 dont work: bash: lin...2021-08-01T00:06:15ZMax Pealvagrant halt on the Official Vagrant box alpine/alpine64 dont work: bash: line 4: shutdown: command not foundThe official Vagrant box alpine/alpine64 /
https://app.vagrantup.com/alpine
vagrant halt gives an error:
————————————————————————-
$ vagrant halt
==>default: Attempting graceful shutdown of VM…
The following SSH command responde...The official Vagrant box alpine/alpine64 /
https://app.vagrantup.com/alpine
vagrant halt gives an error:
————————————————————————-
$ vagrant halt
==>default: Attempting graceful shutdown of VM…
The following SSH command responded with a non-zero exit status.
Vagrant assumes that this means the command failed!
shutdown -h now
Stdout from the command:
Stderr from the command:
bash: line 4: shutdown: command not found
------------------------------------------------------------------------
also with no link and no user information (see also
https://bugs.alpinelinux.org/issues/8902 )
its no way to conact the maintainer.
*(from redmine: issue id 10440, created on 2019-05-09)*https://gitlab.alpinelinux.org/alpine/aports/-/issues/10438[3.9] libjpeg-turbo: denial of service in get_8bit_row in rdbmp.c (CVE-2018-1...2019-07-23T10:32:29ZAlicha CH[3.9] libjpeg-turbo: denial of service in get_8bit_row in rdbmp.c (CVE-2018-14498)get\_8bit\_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG
through 3.3.1 allows attackers to cause a denial of service (heap-based
buffer over-read
and application crash) via a crafted 8-bit BMP in which one or more of
the c...get\_8bit\_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG
through 3.3.1 allows attackers to cause a denial of service (heap-based
buffer over-read
and application crash) via a crafted 8-bit BMP in which one or more of
the color indices is out of range for the number of palette entries.
### References:
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/258
https://nvd.nist.gov/vuln/detail/CVE-2018-14498
### Patch:
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55
*(from redmine: issue id 10438, created on 2019-05-09)*
* Relations:
* parent #103063.9.5LeoLeohttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10437[3.7] libjpeg-turbo: denial of service in get_8bit_row in rdbmp.c (CVE-2018-1...2019-07-23T10:32:28ZAlicha CH[3.7] libjpeg-turbo: denial of service in get_8bit_row in rdbmp.c (CVE-2018-14498)get\_8bit\_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG
through 3.3.1 allows attackers to cause a denial of service (heap-based
buffer over-read
and application crash) via a crafted 8-bit BMP in which one or more of
the c...get\_8bit\_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG
through 3.3.1 allows attackers to cause a denial of service (heap-based
buffer over-read
and application crash) via a crafted 8-bit BMP in which one or more of
the color indices is out of range for the number of palette entries.
### References:
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/258
https://nvd.nist.gov/vuln/detail/CVE-2018-14498
### Patch:
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55
*(from redmine: issue id 10437, created on 2019-05-09)*
* Relations:
* parent #103063.7.4LeoLeohttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10436[3.8] libjpeg-turbo: denial of service in get_8bit_row in rdbmp.c (CVE-2018-1...2019-07-23T10:32:30ZAlicha CH[3.8] libjpeg-turbo: denial of service in get_8bit_row in rdbmp.c (CVE-2018-14498)get\_8bit\_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG
through 3.3.1 allows attackers to cause a denial of service (heap-based
buffer over-read
and application crash) via a crafted 8-bit BMP in which one or more of
the c...get\_8bit\_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG
through 3.3.1 allows attackers to cause a denial of service (heap-based
buffer over-read
and application crash) via a crafted 8-bit BMP in which one or more of
the color indices is out of range for the number of palette entries.
### References:
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/258
https://nvd.nist.gov/vuln/detail/CVE-2018-14498
### Patch:
https://github.com/libjpeg-turbo/libjpeg-turbo/commit/9c78a04df4e44ef6487eee99c4258397f4fdca55
*(from redmine: issue id 10436, created on 2019-05-09)*
* Relations:
* parent #103063.8.5LeoLeohttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10435[3.7] perl-email-address: DOS vulnerability in perl module Email::Address (CV...2019-07-23T11:10:03ZAlicha CH[3.7] perl-email-address: DOS vulnerability in perl module Email::Address (CVE-2018-12558)The parse() method in the Email::Address module through 1.909 for Perl
is vulnerable
to Algorithmic complexity on specially prepared input, leading to Denial
of Service. Prepared
special input that caused this problem contained 30 fo...The parse() method in the Email::Address module through 1.909 for Perl
is vulnerable
to Algorithmic complexity on specially prepared input, leading to Denial
of Service. Prepared
special input that caused this problem contained 30 form-field
characters (“\\f”).
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-12558
https://www.openwall.com/lists/oss-security/2018/06/19/3
### Patch:
https://github.com/Perl-Email-Project/Email-Address/commit/aeaf0d7f1b0897b54cb246b8ac15d3ef177e5cae
*(from redmine: issue id 10435, created on 2019-05-09, closed on 2019-06-06)*
* Relations:
* parent #10430
* Changesets:
* Revision 18070a9ba09af91c141de190a77de4d154f310e4 on 2019-06-05T12:38:19Z:
```
main/perl-email-address: security upgrade to 1.912 (CVE-2018-12558)
Fixes #10435
```3.7.4Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10434proj4 is missing datum grids2019-07-14T22:46:52ZAlexander Njemzproj4 is missing datum gridsAs of version 5.0.0 PROJ expects certain datum grids to be present in
the proj directory. Otherwise, PROJ performs coordinate
transformations
in certain cases without applying the correct grid shift. This leads
to incorrect coordin...As of version 5.0.0 PROJ expects certain datum grids to be present in
the proj directory. Otherwise, PROJ performs coordinate
transformations
in certain cases without applying the correct grid shift. This leads
to incorrect coordinates after transformation.
The datum grids can be obtained from
https://github.com/OSGeo/proj-datumgrid
and should probably be added to the proj package.
*(from redmine: issue id 10434, created on 2019-05-09)*
* Changesets:
* Revision 78fab2034506bac4356c3d25d2eb18179f11f2ed by Holger Jaekel on 2019-06-16T08:40:25Z:
```
testing/proj4: add datumgrid subpackage
add subpackage for datum grids
closes #10434
```https://gitlab.alpinelinux.org/alpine/aports/-/issues/10433[3.8] perl-email-address: DOS vulnerability in perl module Email::Address (CV...2019-07-23T11:10:04ZAlicha CH[3.8] perl-email-address: DOS vulnerability in perl module Email::Address (CVE-2018-12558)The parse() method in the Email::Address module through 1.909 for Perl
is vulnerable
to Algorithmic complexity on specially prepared input, leading to Denial
of Service. Prepared
special input that caused this problem contained 30 fo...The parse() method in the Email::Address module through 1.909 for Perl
is vulnerable
to Algorithmic complexity on specially prepared input, leading to Denial
of Service. Prepared
special input that caused this problem contained 30 form-field
characters (“\\f”).
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-12558
https://www.openwall.com/lists/oss-security/2018/06/19/3
### Patch:
https://github.com/Perl-Email-Project/Email-Address/commit/aeaf0d7f1b0897b54cb246b8ac15d3ef177e5cae
*(from redmine: issue id 10433, created on 2019-05-09, closed on 2019-06-06)*
* Relations:
* parent #10430
* Changesets:
* Revision 7def72e88762d07dcb50382ca5266d0f83b38cce on 2019-06-05T12:33:34Z:
```
main/perl-email-address: security upgrade to 1.912 (CVE-2018-12558)
Fixes #10433
```3.8.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10432[3.9] perl-email-address: DOS vulnerability in perl module Email::Address (CV...2019-07-23T11:10:05ZAlicha CH[3.9] perl-email-address: DOS vulnerability in perl module Email::Address (CVE-2018-12558)The parse() method in the Email::Address module through 1.909 for Perl
is vulnerable
to Algorithmic complexity on specially prepared input, leading to Denial
of Service. Prepared
special input that caused this problem contained 30 fo...The parse() method in the Email::Address module through 1.909 for Perl
is vulnerable
to Algorithmic complexity on specially prepared input, leading to Denial
of Service. Prepared
special input that caused this problem contained 30 form-field
characters (“\\f”).
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-12558
https://www.openwall.com/lists/oss-security/2018/06/19/3
### Patch:
https://github.com/Perl-Email-Project/Email-Address/commit/aeaf0d7f1b0897b54cb246b8ac15d3ef177e5cae
*(from redmine: issue id 10432, created on 2019-05-09, closed on 2019-06-13)*
* Relations:
* parent #10430
* Changesets:
* Revision 587d0f6837182b94b1c14fb78949b85ac188c60c on 2019-06-05T09:48:52Z:
```
main/perl-email-address: security upgrade to 1.912 (CVE-2018-12558)
Fixes #10432
```3.9.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10431[3.10] perl-email-address: DOS vulnerability in perl module Email::Address (C...2019-07-23T11:10:06ZAlicha CH[3.10] perl-email-address: DOS vulnerability in perl module Email::Address (CVE-2018-12558)The parse() method in the Email::Address module through 1.909 for Perl
is vulnerable
to Algorithmic complexity on specially prepared input, leading to Denial
of Service. Prepared
special input that caused this problem contained 30 fo...The parse() method in the Email::Address module through 1.909 for Perl
is vulnerable
to Algorithmic complexity on specially prepared input, leading to Denial
of Service. Prepared
special input that caused this problem contained 30 form-field
characters (“\\f”).
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-12558
https://www.openwall.com/lists/oss-security/2018/06/19/3
### Patch:
https://github.com/Perl-Email-Project/Email-Address/commit/aeaf0d7f1b0897b54cb246b8ac15d3ef177e5cae
*(from redmine: issue id 10431, created on 2019-05-09, closed on 2019-06-13)*
* Relations:
* parent #104303.10.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10430perl-email-address: DOS vulnerability in perl module Email::Address (CVE-2018...2020-07-17T23:13:39ZAlicha CHperl-email-address: DOS vulnerability in perl module Email::Address (CVE-2018-12558)The parse() method in the Email::Address module through 1.909 for Perl
is vulnerable
to Algorithmic complexity on specially prepared input, leading to Denial
of Service. Prepared
special input that caused this problem contained 30 fo...The parse() method in the Email::Address module through 1.909 for Perl
is vulnerable
to Algorithmic complexity on specially prepared input, leading to Denial
of Service. Prepared
special input that caused this problem contained 30 form-field
characters (“\\f”).
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-12558
https://www.openwall.com/lists/oss-security/2018/06/19/3
### Patch:
https://github.com/Perl-Email-Project/Email-Address/commit/aeaf0d7f1b0897b54cb246b8ac15d3ef177e5cae
*(from redmine: issue id 10430, created on 2019-05-09)*
* Relations:
* child #10431
* child #10432
* child #10433
* child #10435Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10429[3.7] tcpflow: stack-based buffer over-read exists in setbit() at iptree.h (C...2019-07-16T11:48:51ZAlicha CH[3.7] tcpflow: stack-based buffer over-read exists in setbit() at iptree.h (CVE-2018-18409)A stack-based buffer over-read exists in setbit() at iptree.h of TCPFLOW
1.5.0, due to received incorrect values causing incorrect computation,
leading to denial of service during an address\_histogram call or a
get\_histogram call.
#...A stack-based buffer over-read exists in setbit() at iptree.h of TCPFLOW
1.5.0, due to received incorrect values causing incorrect computation,
leading to denial of service during an address\_histogram call or a
get\_histogram call.
### References:
https://github.com/simsong/tcpflow/issues/195
https://nvd.nist.gov/vuln/detail/CVE-2018-18409
### Patch:
https://github.com/simsong/tcpflow/commit/89c04b4fb0e46b3c4f1388686e83966e531cbea9
*(from redmine: issue id 10429, created on 2019-05-08)*
* Relations:
* parent #10425
* Changesets:
* Revision f9f4e0e8b1cc5aeab558b091c9a9d003303d1d6e by Natanael Copa on 2019-07-08T14:27:05Z:
```
main/tcpflow: backport fix for CVE-2018-18409
and remove unused patch
ref #10429
```3.7.4Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10428[3.8] tcpflow: stack-based buffer over-read exists in setbit() at iptree.h (C...2019-07-16T11:49:42ZAlicha CH[3.8] tcpflow: stack-based buffer over-read exists in setbit() at iptree.h (CVE-2018-18409)A stack-based buffer over-read exists in setbit() at iptree.h of TCPFLOW
1.5.0, due to received incorrect values causing incorrect computation,
leading to denial of service during an address\_histogram call or a
get\_histogram call.
#...A stack-based buffer over-read exists in setbit() at iptree.h of TCPFLOW
1.5.0, due to received incorrect values causing incorrect computation,
leading to denial of service during an address\_histogram call or a
get\_histogram call.
### References:
https://github.com/simsong/tcpflow/issues/195
https://nvd.nist.gov/vuln/detail/CVE-2018-18409
### Patch:
https://github.com/simsong/tcpflow/commit/89c04b4fb0e46b3c4f1388686e83966e531cbea9
*(from redmine: issue id 10428, created on 2019-05-08)*
* Relations:
* parent #10425
* Changesets:
* Revision 5d1740c1d6657b8588cf9055efbe7fd47ef5aab2 by Natanael Copa on 2019-07-08T14:24:41Z:
```
main/tcpflow: backport fix for CVE-2018-18409
and remove unused patch
ref #10428
```3.8.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10427[3.9] tcpflow: stack-based buffer over-read exists in setbit() at iptree.h (C...2019-07-16T11:49:59ZAlicha CH[3.9] tcpflow: stack-based buffer over-read exists in setbit() at iptree.h (CVE-2018-18409)A stack-based buffer over-read exists in setbit() at iptree.h of TCPFLOW
1.5.0, due to received incorrect values causing incorrect computation,
leading to denial of service during an address\_histogram call or a
get\_histogram call.
#...A stack-based buffer over-read exists in setbit() at iptree.h of TCPFLOW
1.5.0, due to received incorrect values causing incorrect computation,
leading to denial of service during an address\_histogram call or a
get\_histogram call.
### References:
https://github.com/simsong/tcpflow/issues/195
https://nvd.nist.gov/vuln/detail/CVE-2018-18409
### Patch:
https://github.com/simsong/tcpflow/commit/89c04b4fb0e46b3c4f1388686e83966e531cbea9
*(from redmine: issue id 10427, created on 2019-05-08)*
* Relations:
* parent #10425
* Changesets:
* Revision 22a1991b6aefae41eafb2721f112e2d353c4e224 by Natanael Copa on 2019-07-08T14:21:13Z:
```
main/tcpflow: backport fix for CVE-2018-18409
and remove unused patch
ref #10427
```3.9.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10426[3.10] tcpflow: stack-based buffer over-read exists in setbit() at iptree.h (...2019-07-16T11:50:29ZAlicha CH[3.10] tcpflow: stack-based buffer over-read exists in setbit() at iptree.h (CVE-2018-18409)A stack-based buffer over-read exists in setbit() at iptree.h of TCPFLOW
1.5.0, due to received incorrect values causing incorrect computation,
leading to denial of service during an address\_histogram call or a
get\_histogram call.
#...A stack-based buffer over-read exists in setbit() at iptree.h of TCPFLOW
1.5.0, due to received incorrect values causing incorrect computation,
leading to denial of service during an address\_histogram call or a
get\_histogram call.
### References:
https://github.com/simsong/tcpflow/issues/195
https://nvd.nist.gov/vuln/detail/CVE-2018-18409
### Patch:
https://github.com/simsong/tcpflow/commit/89c04b4fb0e46b3c4f1388686e83966e531cbea9
*(from redmine: issue id 10426, created on 2019-05-08)*
* Relations:
* parent #10425
* Changesets:
* Revision 4018db3cdac1d0eef1ad039d1a9120fa79e04b58 by Natanael Copa on 2019-07-08T14:18:59Z:
```
main/tcpflow: backport fix for CVE-2018-18409
and remove unused patch
ref #10426
```3.10.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10424[3.7] libvirt: A NULL pointer dereference flaw (CVE-2019-3840)2019-07-12T15:47:57ZAlicha CH[3.7] libvirt: A NULL pointer dereference flaw (CVE-2019-3840)A NULL pointer dereference flaw was discovered in libvirt before version
5.0.0 in the
way it gets interface information through the QEMU agent. An attacker in
a guest VM
can use this flaw to crash libvirtd and cause a denial of servi...A NULL pointer dereference flaw was discovered in libvirt before version
5.0.0 in the
way it gets interface information through the QEMU agent. An attacker in
a guest VM
can use this flaw to crash libvirtd and cause a denial of service.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-3840
### Patch:
https://libvirt.org/git/?p=libvirt.git;a=commit;h=7cfd1fbb1332ae5df678b9f41a62156cb2e88c73
*(from redmine: issue id 10424, created on 2019-05-08, closed on 2019-06-05)*
* Relations:
* parent #104213.7.4Francesco ColistaFrancesco Colistahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10423[3.8] libvirt: A NULL pointer dereference flaw (CVE-2019-3840)2019-07-12T15:47:56ZAlicha CH[3.8] libvirt: A NULL pointer dereference flaw (CVE-2019-3840)A NULL pointer dereference flaw was discovered in libvirt before version
5.0.0 in the
way it gets interface information through the QEMU agent. An attacker in
a guest VM
can use this flaw to crash libvirtd and cause a denial of servi...A NULL pointer dereference flaw was discovered in libvirt before version
5.0.0 in the
way it gets interface information through the QEMU agent. An attacker in
a guest VM
can use this flaw to crash libvirtd and cause a denial of service.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-3840
### Patch:
https://libvirt.org/git/?p=libvirt.git;a=commit;h=7cfd1fbb1332ae5df678b9f41a62156cb2e88c73
*(from redmine: issue id 10423, created on 2019-05-08, closed on 2019-06-05)*
* Relations:
* parent #104213.8.5Francesco ColistaFrancesco Colistahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10422[3.9] libvirt: A NULL pointer dereference flaw (CVE-2019-3840)2019-07-23T11:10:07ZAlicha CH[3.9] libvirt: A NULL pointer dereference flaw (CVE-2019-3840)A NULL pointer dereference flaw was discovered in libvirt before version
5.0.0 in the
way it gets interface information through the QEMU agent. An attacker in
a guest VM
can use this flaw to crash libvirtd and cause a denial of servi...A NULL pointer dereference flaw was discovered in libvirt before version
5.0.0 in the
way it gets interface information through the QEMU agent. An attacker in
a guest VM
can use this flaw to crash libvirtd and cause a denial of service.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-3840
### Patch:
https://libvirt.org/git/?p=libvirt.git;a=commit;h=7cfd1fbb1332ae5df678b9f41a62156cb2e88c73
*(from redmine: issue id 10422, created on 2019-05-08, closed on 2019-06-20)*
* Relations:
* parent #10421
* Changesets:
* Revision 9da537d1b323376225597712b61c1f965a531c2d on 2019-06-05T08:36:38Z:
```
main/libvirt: security fix (CVE-2019-3840)
Fixes #10422
```3.9.5Francesco ColistaFrancesco Colistahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10421libvirt: A NULL pointer dereference flaw (CVE-2019-3840)2019-07-23T11:10:09ZAlicha CHlibvirt: A NULL pointer dereference flaw (CVE-2019-3840)A NULL pointer dereference flaw was discovered in libvirt before version
5.0.0 in the
way it gets interface information through the QEMU agent. An attacker in
a guest VM
can use this flaw to crash libvirtd and cause a denial of servi...A NULL pointer dereference flaw was discovered in libvirt before version
5.0.0 in the
way it gets interface information through the QEMU agent. An attacker in
a guest VM
can use this flaw to crash libvirtd and cause a denial of service.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-3840
### Patch:
https://libvirt.org/git/?p=libvirt.git;a=commit;h=7cfd1fbb1332ae5df678b9f41a62156cb2e88c73
*(from redmine: issue id 10421, created on 2019-05-08, closed on 2019-06-20)*
* Relations:
* child #10422
* child #10423
* child #10424Francesco ColistaFrancesco Colista