aports issues
https://gitlab.alpinelinux.org/alpine/aports/-/issues
2019-07-23T11:06:16Z
https://gitlab.alpinelinux.org/alpine/aports/-/issues/10647
[3.7] bzip2: out-of-bounds write in function BZ2_decompress (CVE-2019-12900)
2019-07-23T11:06:16Z
Alicha CH
[3.7] bzip2: out-of-bounds write in function BZ2_decompress (CVE-2019-12900)
BZ2\_decompress in decompress.c in bzip2 through 1.0.6 has an
out-of-bounds
write when there are many selectors.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-12900
https://security-tracker.debian.org/tracker/CVE-2019-1...
BZ2\_decompress in decompress.c in bzip2 through 1.0.6 has an
out-of-bounds
write when there are many selectors.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-12900
https://security-tracker.debian.org/tracker/CVE-2019-12900
### Patch:
https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc
*(from redmine: issue id 10647, created on 2019-07-02, closed on 2019-07-09)*
* Relations:
* parent #10642
* Changesets:
* Revision 263042b4f11c9dbc797bdf7eef8c0ebdda9efe4a on 2019-07-04T19:27:53Z:
```
main/bzip2: add patch for CVE-2019-12900
Adding the upstream bzip2 security patch to fix the out of bounds security
vulnerability in bzip2.
fixes #10647
```
3.7.4
Natanael Copa
Natanael Copa
https://gitlab.alpinelinux.org/alpine/aports/-/issues/10646
[3.8] bzip2: out-of-bounds write in function BZ2_decompress (CVE-2019-12900)
2019-07-23T11:06:17Z
Alicha CH
[3.8] bzip2: out-of-bounds write in function BZ2_decompress (CVE-2019-12900)
BZ2\_decompress in decompress.c in bzip2 through 1.0.6 has an
out-of-bounds
write when there are many selectors.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-12900
https://security-tracker.debian.org/tracker/CVE-2019-1...
BZ2\_decompress in decompress.c in bzip2 through 1.0.6 has an
out-of-bounds
write when there are many selectors.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-12900
https://security-tracker.debian.org/tracker/CVE-2019-12900
### Patch:
https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc
*(from redmine: issue id 10646, created on 2019-07-02, closed on 2019-07-09)*
* Relations:
* parent #10642
* Changesets:
* Revision 48ec283be13e799c70aae6c045c2c93e39d262a0 on 2019-07-04T19:26:46Z:
```
main/bzip2: add patch for CVE-2019-12900
Adding the upstream bzip2 security patch to fix the out of bounds security
vulnerability in bzip2.
fixes #10646
```
3.8.5
Natanael Copa
Natanael Copa
https://gitlab.alpinelinux.org/alpine/aports/-/issues/10645
[3.9] bzip2: out-of-bounds write in function BZ2_decompress (CVE-2019-12900)
2019-07-23T11:06:18Z
Alicha CH
[3.9] bzip2: out-of-bounds write in function BZ2_decompress (CVE-2019-12900)
BZ2\_decompress in decompress.c in bzip2 through 1.0.6 has an
out-of-bounds
write when there are many selectors.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-12900
https://security-tracker.debian.org/tracker/CVE-2019-1...
BZ2\_decompress in decompress.c in bzip2 through 1.0.6 has an
out-of-bounds
write when there are many selectors.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-12900
https://security-tracker.debian.org/tracker/CVE-2019-12900
### Patch:
https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc
*(from redmine: issue id 10645, created on 2019-07-02, closed on 2019-07-09)*
* Relations:
* parent #10642
* Changesets:
* Revision d8ead9ace841cece4ee4f90c91900ea12aecb759 on 2019-07-04T19:25:48Z:
```
main/bzip2: add patch for CVE-2019-12900
Adding the upstream bzip2 security patch to fix the out of bounds security
vulnerability in bzip2.
fixes #10645
```
3.9.5
Natanael Copa
Natanael Copa
https://gitlab.alpinelinux.org/alpine/aports/-/issues/10644
[3.10] bzip2: out-of-bounds write in function BZ2_decompress (CVE-2019-12900)
2019-07-23T11:06:19Z
Alicha CH
[3.10] bzip2: out-of-bounds write in function BZ2_decompress (CVE-2019-12900)
BZ2\_decompress in decompress.c in bzip2 through 1.0.6 has an
out-of-bounds
write when there are many selectors.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-12900
https://security-tracker.debian.org/tracker/CVE-2019-1...
BZ2\_decompress in decompress.c in bzip2 through 1.0.6 has an
out-of-bounds
write when there are many selectors.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-12900
https://security-tracker.debian.org/tracker/CVE-2019-12900
### Patch:
https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc
*(from redmine: issue id 10644, created on 2019-07-02, closed on 2019-07-09)*
* Relations:
* parent #10642
* Changesets:
* Revision f47a9e1da5b7f33cf5d46c0541deb454729eee51 on 2019-07-04T19:24:02Z:
```
main/bzip2: add patch for CVE-2019-12900
Adding the upstream bzip2 security patch to fix the out of bounds security
vulnerability in bzip2.
fixes #10644
```
3.10.1
Natanael Copa
Natanael Copa
https://gitlab.alpinelinux.org/alpine/aports/-/issues/10643
[3.11] bzip2: out-of-bounds write in function BZ2_decompress (CVE-2019-12900)
2019-07-23T11:06:20Z
Alicha CH
[3.11] bzip2: out-of-bounds write in function BZ2_decompress (CVE-2019-12900)
BZ2\_decompress in decompress.c in bzip2 through 1.0.6 has an
out-of-bounds
write when there are many selectors.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-12900
https://security-tracker.debian.org/tracker/CVE-2019-1...
BZ2\_decompress in decompress.c in bzip2 through 1.0.6 has an
out-of-bounds
write when there are many selectors.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-12900
https://security-tracker.debian.org/tracker/CVE-2019-12900
### Patch:
https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc
*(from redmine: issue id 10643, created on 2019-07-02, closed on 2019-07-09)*
* Relations:
* parent #10642
* Changesets:
* Revision 53b02f8b1597aabb4ec836bb5aa421e0d1f95189 on 2019-07-04T15:37:46Z:
```
main/bzip2: add patch for CVE-2019-12900
Adding the upstream bzip2 security patch to fix the out of bounds security
vulnerability in bzip2.
fixes #10643
```
3.11.0
Natanael Copa
Natanael Copa
https://gitlab.alpinelinux.org/alpine/aports/-/issues/10642
bzip2: out-of-bounds write in function BZ2_decompress (CVE-2019-12900)
2019-07-23T11:06:21Z
Alicha CH
bzip2: out-of-bounds write in function BZ2_decompress (CVE-2019-12900)
BZ2\_decompress in decompress.c in bzip2 through 1.0.6 has an
out-of-bounds
write when there are many selectors.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-12900
https://security-tracker.debian.org/tracker/CVE-2019-1...
BZ2\_decompress in decompress.c in bzip2 through 1.0.6 has an
out-of-bounds
write when there are many selectors.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-12900
https://security-tracker.debian.org/tracker/CVE-2019-12900
### Patch:
https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc
*(from redmine: issue id 10642, created on 2019-07-02, closed on 2019-07-09)*
* Relations:
* child #10643
* child #10644
* child #10645
* child #10646
* child #10647
Natanael Copa
Natanael Copa
https://gitlab.alpinelinux.org/alpine/aports/-/issues/10641
[3.7] postgresql: Stack-based buffer overflow via setting a password (CVE-201...
2019-07-23T11:06:22Z
Alicha CH
[3.7] postgresql: Stack-based buffer overflow via setting a password (CVE-2019-10164)
PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are
vulnerable to a stack-based buffer overflow. Any authenticated user can
overflow a stack-based buffer
by changing the user’s own password to a purpose-crafted value...
PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are
vulnerable to a stack-based buffer overflow. Any authenticated user can
overflow a stack-based buffer
by changing the user’s own password to a purpose-crafted value. This
often suffices to execute arbitrary code as the PostgreSQL operating
system account.
### References:
https://www.postgresql.org/support/security/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10164
### Patches:
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=90adc16ea13750a6b6f704c6cf65dc0f1bdb845c
https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=d72a7e4da1001b29a661a4b1a52cb5c4d708bab0
*(from redmine: issue id 10641, created on 2019-07-02, closed on 2019-07-04)*
* Relations:
* relates #10640
* Changesets:
* Revision 16dcb2a286d4881fa56bf8669a72f6bb6af651db by Milan P. Stanić on 2019-07-04T07:26:29Z:
```
main/postgresql: security upgrade to 10.9
CVE-2019-10164
other upstream bugfixes
fixes #10641
```
3.7.4
Jakub Jirutka
Jakub Jirutka
https://gitlab.alpinelinux.org/alpine/aports/-/issues/10639
Missing files for the mate-control-center package on the edge repository.
2019-07-14T21:26:13Z
Kacper Grobelny
Missing files for the mate-control-center package on the edge repository.
![](https://i.imgur.com/E4ColrT.png)
*(from redmine: issue id 10639, created on 2019-07-01)*
![](https://i.imgur.com/E4ColrT.png)
*(from redmine: issue id 10639, created on 2019-07-01)*
https://gitlab.alpinelinux.org/alpine/aports/-/issues/10638
Exim package with SPF support
2019-12-05T07:44:14Z
Daniel DeLacrua
Exim package with SPF support
Current Exim package on Alpine 3.9 without SPF support:
exim-4.92-r0 x86\_64 {exim} (GPL-2.0-or-later) \[installed\]
1. exim —version
Exim version 4.92 \#4 built 10-Jun-2019 15:40:40
Copyright © University of Cambridge, 19...
Current Exim package on Alpine 3.9 without SPF support:
exim-4.92-r0 x86\_64 {exim} (GPL-2.0-or-later) \[installed\]
1. exim —version
Exim version 4.92 \#4 built 10-Jun-2019 15:40:40
Copyright © University of Cambridge, 1995 - 2018
© The Exim Maintainers and contributors in ACKNOWLEDGMENTS file,
2007 - 2018
Berkeley DB: Berkeley DB 5.3.28: (September 9, 2013)
Support for: crypteq IPv6 Expand\_dlfunc OpenSSL
move\_frozen\_messages Content\_Scanning DKIM DNSSEC Event OCSP PRDR
PROXY TCP\_Fast\_Open
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch
dsearch passwd
Authenticators: cram\_md5 dovecot plaintext spa tls
Routers: accept dnslookup ipliteral iplookup manualroute
queryprogram redirect
Transports: appendfile/maildir autoreply lmtp pipe smtp
Malware: f-protd f-prot6d drweb aveserver fsecure kavdaemon sophie
clamd mksd avast sock cmdline
Fixed never\_users: 0
Configure owner: 0:0
Size of off\_t: 8
2019-07-01 17:48:24 Warning: purging the environment.
Suggested action: use keep\_environment.
2019-07-01 17:48:24 cwd=/home/dd 2 args: exim —version
2019-07-01 17:48:24 Exim configuration error in line 453 of
/etc/exim/exim.conf:
error in ACL: unknown ACL condition/modifier in “spf = fail”
*(from redmine: issue id 10638, created on 2019-07-01)*
https://gitlab.alpinelinux.org/alpine/aports/-/issues/10637
error sourcing scripts in /etc/profile
2019-07-23T11:06:26Z
Raini Hixon
error sourcing scripts in /etc/profile
In /etc/profile, scripts ending in .sh are sourced from directory
/etc/profile.d. In version 3.10 there is a file called color\_prompt in
that directory, which I assume should have .sh on its filename or the
/etc/profile script needs to ...
In /etc/profile, scripts ending in .sh are sourced from directory
/etc/profile.d. In version 3.10 there is a file called color\_prompt in
that directory, which I assume should have .sh on its filename or the
/etc/profile script needs to be changed to source everything in the
folder. In the latter case, here is a patch for /etc/profile:
—- /etc/profile.orig
<span class="underline"></span>+ /etc/profile
@@ –5,7 +5,7 @@
export PS1=‘\\h:\\w\\$ ’
umask 022
-for script in /etc/profile.d/\*.sh ; do
+for script in /etc/profile.d/\* ; do
if \[ -r $script \] ; then
. $script
fi
*(from redmine: issue id 10637, created on 2019-06-30, closed on 2019-06-30)*
https://gitlab.alpinelinux.org/alpine/aports/-/issues/10636
linux-vanilla should not depend on linux-firmware
2019-07-23T11:06:26Z
Drew DeVault
linux-vanilla should not depend on linux-firmware
It’s not possible to cherry-pick your firmware packages because
linux-vanilla depends on all of linux-firmware. Instead, setup-disks
should add linux-firmware to the list of packages to install by default.
*(from redmine: issue id 1063...
It’s not possible to cherry-pick your firmware packages because
linux-vanilla depends on all of linux-firmware. Instead, setup-disks
should add linux-firmware to the list of packages to install by default.
*(from redmine: issue id 10636, created on 2019-06-30, closed on 2019-06-30)*
https://gitlab.alpinelinux.org/alpine/aports/-/issues/10633
[3.7] expat: large number of colons in input makes parser consume high amount...
2019-07-23T11:06:27Z
Alicha CH
[3.7] expat: large number of colons in input makes parser consume high amount of resources, leading to DoS (CVE-2018-20843)
In libexpat in Expat before 2.2.7, XML input including XML names that
contain a large number of colons could make the XML
parser consume a high amount of RAM and CPU resources while processing
(enough to be usable for denial-of-service...
In libexpat in Expat before 2.2.7, XML input including XML names that
contain a large number of colons could make the XML
parser consume a high amount of RAM and CPU resources while processing
(enough to be usable for denial-of-service attacks).
### Fixed In Version:
expat 2.2.7
### References:
https://github.com/libexpat/libexpat/issues/186
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931031
*(from redmine: issue id 10633, created on 2019-06-28, closed on 2019-07-02)*
* Relations:
* parent #10629
* Changesets:
* Revision 300e04f0a6e629e4ff15327ae3ecbfe34be7b7ca by Natanael Copa on 2019-06-30T12:24:25Z:
```
main/expat: security upgrade to 2.2.7 (CVE-2018-20843)
fixes #10633
```
3.7.4
Carlo Landmeter
Carlo Landmeter
https://gitlab.alpinelinux.org/alpine/aports/-/issues/10632
[3.8] expat: large number of colons in input makes parser consume high amount...
2019-07-23T11:06:28Z
Alicha CH
[3.8] expat: large number of colons in input makes parser consume high amount of resources, leading to DoS (CVE-2018-20843)
In libexpat in Expat before 2.2.7, XML input including XML names that
contain a large number of colons could make the XML
parser consume a high amount of RAM and CPU resources while processing
(enough to be usable for denial-of-service...
In libexpat in Expat before 2.2.7, XML input including XML names that
contain a large number of colons could make the XML
parser consume a high amount of RAM and CPU resources while processing
(enough to be usable for denial-of-service attacks).
### Fixed In Version:
expat 2.2.7
### References:
https://github.com/libexpat/libexpat/issues/186
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931031
*(from redmine: issue id 10632, created on 2019-06-28, closed on 2019-07-02)*
* Relations:
* parent #10629
* Changesets:
* Revision abd03a5937dcef5fe1be86ae1f9efa05beb2d3c6 by Natanael Copa on 2019-06-30T12:23:19Z:
```
main/expat: security upgrade to 2.2.7 (CVE-2018-20843)
fixes #10632
```
3.8.5
Carlo Landmeter
Carlo Landmeter
https://gitlab.alpinelinux.org/alpine/aports/-/issues/10631
[3.9] expat: large number of colons in input makes parser consume high amount...
2019-07-23T11:06:29Z
Alicha CH
[3.9] expat: large number of colons in input makes parser consume high amount of resources, leading to DoS (CVE-2018-20843)
In libexpat in Expat before 2.2.7, XML input including XML names that
contain a large number of colons could make the XML
parser consume a high amount of RAM and CPU resources while processing
(enough to be usable for denial-of-service...
In libexpat in Expat before 2.2.7, XML input including XML names that
contain a large number of colons could make the XML
parser consume a high amount of RAM and CPU resources while processing
(enough to be usable for denial-of-service attacks).
### Fixed In Version:
expat 2.2.7
### References:
https://github.com/libexpat/libexpat/issues/186
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931031
*(from redmine: issue id 10631, created on 2019-06-28, closed on 2019-07-02)*
* Relations:
* parent #10629
* Changesets:
* Revision 9b9ed53cc550d0aacdafa85a40ef29dc9229bfaa by Natanael Copa on 2019-06-30T12:21:30Z:
```
main/expat: security upgrade to 2.2.7 (CVE-2018-20843)
fixes #10631
```
3.9.5
Carlo Landmeter
Carlo Landmeter
https://gitlab.alpinelinux.org/alpine/aports/-/issues/10630
[3.10] expat: large number of colons in input makes parser consume high amoun...
2019-07-23T11:06:30Z
Alicha CH
[3.10] expat: large number of colons in input makes parser consume high amount of resources, leading to DoS (CVE-2018-20843)
In libexpat in Expat before 2.2.7, XML input including XML names that
contain a large number of colons could make the XML
parser consume a high amount of RAM and CPU resources while processing
(enough to be usable for denial-of-service...
In libexpat in Expat before 2.2.7, XML input including XML names that
contain a large number of colons could make the XML
parser consume a high amount of RAM and CPU resources while processing
(enough to be usable for denial-of-service attacks).
### Fixed In Version:
expat 2.2.7
### References:
https://github.com/libexpat/libexpat/issues/186
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931031
*(from redmine: issue id 10630, created on 2019-06-28, closed on 2019-07-02)*
* Relations:
* parent #10629
* Changesets:
* Revision 8ac1f86999bc295c903af1be590a9e898605e2cc by Natanael Copa on 2019-06-30T12:20:14Z:
```
main/expat: security upgrade to 2.2.7 (CVE-2018-20843)
fixes #10630
```
3.10.1
Carlo Landmeter
Carlo Landmeter
https://gitlab.alpinelinux.org/alpine/aports/-/issues/10629
expat: large number of colons in input makes parser consume high amount of re...
2019-07-23T11:06:31Z
Alicha CH
expat: large number of colons in input makes parser consume high amount of resources, leading to DoS (CVE-2018-20843)
In libexpat in Expat before 2.2.7, XML input including XML names that
contain a large number of colons could make the XML
parser consume a high amount of RAM and CPU resources while processing
(enough to be usable for denial-of-service...
In libexpat in Expat before 2.2.7, XML input including XML names that
contain a large number of colons could make the XML
parser consume a high amount of RAM and CPU resources while processing
(enough to be usable for denial-of-service attacks).
### Fixed In Version:
expat 2.2.7
### References:
https://github.com/libexpat/libexpat/issues/186
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931031
*(from redmine: issue id 10629, created on 2019-06-28, closed on 2019-07-02)*
* Relations:
* child #10630
* child #10631
* child #10632
* child #10633
Carlo Landmeter
Carlo Landmeter
https://gitlab.alpinelinux.org/alpine/aports/-/issues/10627
clang requires a few gcc libraries, which supposed to be privided by compiler-rt
2021-01-29T01:16:23Z
Trevis Schiffer
clang requires a few gcc libraries, which supposed to be privided by compiler-rt
Hello, I noticed something strange.
Some of the crt files should come from compiler-crt, but these ones come
with gcc:
crtprec32.o
crtendS.o
crtbeginS.o
crtfastmath.o
crtprec64.o
crtbeginT.o
crtprec80.o
...
Hello, I noticed something strange.
Some of the crt files should come from compiler-crt, but these ones come
with gcc:
crtprec32.o
crtendS.o
crtbeginS.o
crtfastmath.o
crtprec64.o
crtbeginT.o
crtprec80.o
crtbegin.o
crtend.o
Above libs are not usable without gcc libs (Thus I guess GPL is still
enforced?).
b17wise@eula47 /tmp % clang Hello.c -o hello -fuse-ld=/usr/bin/ld.lld
ld.lld: error: cannot open crtbeginS.o: No such file or directory
ld.lld: error: unable to find library -lgcc
ld.lld: error: unable to find library -lgcc_s
ld.lld: error: unable to find library -lgcc
ld.lld: error: unable to find library -lgcc_s
ld.lld: error: cannot open crtendS.o: No such file or directory
clang-8: error: linker command failed with exit code 1 (use -v to see invocation)
b17wise@eula47 /tmp % sudo apk add gcc
[sudo] password for b17wise:
(1/8) Installing binutils (2.32-r0)
(2/8) Installing isl (0.18-r0)
(3/8) Installing libgomp (8.3.0-r0)
(4/8) Installing libatomic (8.3.0-r0)
(5/8) Installing mpfr3 (3.1.5-r1)
(6/8) Installing mpc1 (1.1.0-r0)
(7/8) Installing gcc (8.3.0-r0)
(8/8) Installing gcc-zsh-completion (5.7.1-r0)
Executing busybox-1.30.1-r2.trigger
OK: 2012 MiB in 482 packages
b17wise@eula47 /tmp % clang Hello.c -o hello -fuse-ld=/usr/bin/ld.lld
b17wise@eula47 /tmp % ./hello
Hello, Alpine
b17wise@eula47 /tmp % apk info -L gcc | grep -e *crtendS*
b17wise@eula47 /tmp % apk info -L gcc | grep crt
usr/lib/gcc/x86_64-alpine-linux-musl/8.3.0/crtbegin.o
usr/lib/gcc/x86_64-alpine-linux-musl/8.3.0/crtend.o
usr/lib/gcc/x86_64-alpine-linux-musl/8.3.0/crtbeginT.o
usr/lib/gcc/x86_64-alpine-linux-musl/8.3.0/crtbeginS.o
usr/lib/gcc/x86_64-alpine-linux-musl/8.3.0/crtprec32.o
usr/lib/gcc/x86_64-alpine-linux-musl/8.3.0/crtprec80.o
usr/lib/gcc/x86_64-alpine-linux-musl/8.3.0/crtprec64.o
usr/lib/gcc/x86_64-alpine-linux-musl/8.3.0/crtendS.o
usr/lib/gcc/x86_64-alpine-linux-musl/8.3.0/crtfastmath.o
Full log can be found here: http://0x0.st/z2k6.txt
Also there was an issue raised in 2017: https://reviews.llvm.org/D28791
*(from redmine: issue id 10627, created on 2019-06-27)*
3.10.6
https://gitlab.alpinelinux.org/alpine/aports/-/issues/10626
[3.11] bind: Race condition when discarding malformed packets can cause bind ...
2019-08-08T10:00:24Z
Alicha CH
[3.11] bind: Race condition when discarding malformed packets can cause bind to exit with assertion failure (CVE-2019-6471)
A race condition which may occur when discarding malformed packets can
result in BIND exiting due to a REQUIRE assertion failure in
dispatch.c.
An attacker who can cause a resolver to perform queries which will be
answered by a server ...
A race condition which may occur when discarding malformed packets can
result in BIND exiting due to a REQUIRE assertion failure in
dispatch.c.
An attacker who can cause a resolver to perform queries which will be
answered by a server which responds with deliberately malformed
answers
can cause named to exit, denying service to clients.
### Versions affected:
BIND 9.11.0 ->9.11.7, 9.12.0 ->9.12.4-P1, 9.14.0 ->9.14.2.
Also all releases of the BIND 9.13 development branch and
version 9.15.0 of the BIND 9.15 development branch. BIND Supported
Preview Edition versions 9.11.3-S1 ->9.11.7-S1.
### Fixed In Version:
bind 9.11.8, bind 9.12.4-P2, bind 9.14.3, bind 9.15.1
### References:
https://kb.isc.org/docs/cve-2019-6471
*(from redmine: issue id 10626, created on 2019-06-27)*
3.11.0
https://gitlab.alpinelinux.org/alpine/aports/-/issues/10625
Failed to update readline
2020-03-16T01:19:29Z
Roi Greenberg
Failed to update readline
Hi.
I have a container with many APKs install on it. I’m to update readline,
but I’m getting the following error:
`bash-4.4# apk add readline -l
ERROR: unsatisfiable constraints:
Huh? Error reporter did not find the broken constrai...
Hi.
I have a container with many APKs install on it. I’m to update readline,
but I’m getting the following error:
`bash-4.4# apk add readline -l
ERROR: unsatisfiable constraints:
Huh? Error reporter did not find the broken constraints.
`
I tried to manually update any previous dependencies but nothing helps.
I will appreciate any help!
*(from redmine: issue id 10625, created on 2019-06-26)*
https://gitlab.alpinelinux.org/alpine/aports/-/issues/10624
borgbackup and missing FUSE support
2019-12-05T07:44:28Z
Lubos Dolezal
borgbackup and missing FUSE support
@\# borg -V
borg 1.1.10
1. borg mount $BORG\_REPO /mnt/backup/
borg mount not available: loading FUSE support failed \[ImportError:
No module named ‘llfuse’\]
@
*(from redmine: issue id 10624, created on 2019-06-26)*
@\# borg -V
borg 1.1.10
1. borg mount $BORG\_REPO /mnt/backup/
borg mount not available: loading FUSE support failed \[ImportError:
No module named ‘llfuse’\]
@
*(from redmine: issue id 10624, created on 2019-06-26)*