aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2019-07-23T14:03:04Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3325[v3.0] qemu: missing field list terminator in vmstate_xhci_event (CVE-2014-5263)2019-07-23T14:03:04ZAlexander Belous[v3.0] qemu: missing field list terminator in vmstate_xhci_event (CVE-2014-5263)It was found that vmstate\_xhci\_event field list was missing
VMSTATE\_END\_OF\_LIST() terminator and traversing through this list
would result in out-of-bounds access during vm state saving and loading.
Depending on how vmstate\_xhci\_...It was found that vmstate\_xhci\_event field list was missing
VMSTATE\_END\_OF\_LIST() terminator and traversing through this list
would result in out-of-bounds access during vm state saving and loading.
Depending on how vmstate\_xhci\_event is placed in the qemu binary, this
issue can range from non-issue, infinite loop to (potentially) privilege
escalation in case the we end up with fields that have info
and/or field\_exist members initialized in a way that is useful for
exploitation (most probably unlikely).
In the worst case, attacker able to alter the migration data could use
this flaw to to corrupt QEMU process memory.
Affected: vmstate\_xhci\_event was introduced in qemu 1.6 branch. So
only Alpine Linux v2.7 and v3.0 are vulnerable. The issue is fixed in
v2.0.1.
References:
CONFIRM: http://seclists.org/oss-sec/2014/q3/382
CONFIRM: https://bugzilla.redhat.com/show\_bug.cgi?id=1126543
COMMIT:
http://git.qemu.org/?p=qemu.git;a=commit;h=3afca1d6d413592c2b78cf28f52fa24a586d8f56
*(from redmine: issue id 3325, created on 2014-08-27, closed on 2014-10-23)*
* Relations:
* parent #33233.0.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3318[v3.0] ffmpeg: buffer overflow and out of array access (CVE-2014-5271 CVE-201...2019-07-23T14:03:11ZAlexander Belous[v3.0] ffmpeg: buffer overflow and out of array access (CVE-2014-5271 CVE-2014-5272)Two upstream fixes were issued in the ffmpeg master branch. The commits
are availible in the upstream.
proresenc\_kostya: report buffer overflow:
If the allocated size, despite best efforts, is too small, exit with the
appropriate err...Two upstream fixes were issued in the ffmpeg master branch. The commits
are availible in the upstream.
proresenc\_kostya: report buffer overflow:
If the allocated size, despite best efforts, is too small, exit with the
appropriate error.
avcodec/iff: check pixfmt for rgb8 / rgbn:
Fixes out of array access.
Found-by: Piotr Bandurski <ami\_stuff@o2.pl>
References:
COMMIT:
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=52b81ff4635c077b2bc8b8d3637d933b6629d803
COMMIT:
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3539d6c63a16e1b2874bb037a86f317449c58770
COFIRM: http://seclists.org/oss-sec/2014/q3/387
*(from redmine: issue id 3318, created on 2014-08-27, closed on 2014-09-05)*
* Relations:
* parent #3314
* Changesets:
* Revision 2788d43f90cf45108b248000198cc2011524477a by Natanael Copa on 2014-09-03T15:05:24Z:
```
main/ffmpeg: security upgrade to 2.2.7 (CVE-2014-5271,CVE-2014-5272)
fixes #3318
```3.0.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3399Targetcli APKBUILD missing dependency, package is nearly empty2019-07-23T14:01:54ZJann - Ove RisvikTargetcli APKBUILD missing dependency, package is nearly emptyTargetcli needs py-setuptools to build successfully. (2.1\_p35)
&gt;&gt;>targetcli: Unpacking
/var/cache/distfiles/v2.1.fb35.tar.gz…
Traceback (most recent call last):
File “setup.py”, line 19, in <module>
from setuptools import s...Targetcli needs py-setuptools to build successfully. (2.1\_p35)
>>>targetcli: Unpacking
/var/cache/distfiles/v2.1.fb35.tar.gz…
Traceback (most recent call last):
File “setup.py”, line 19, in <module>
from setuptools import setup
ImportError: No module named setuptools
>>>targetcli: Entering fakeroot…
Traceback (most recent call last):
File “setup.py”, line 19, in <module>
from setuptools import setup
ImportError: No module named setuptools
*(from redmine: issue id 3399, created on 2014-09-26, closed on 2014-10-08)*
* Changesets:
* Revision cfbbed5577d18e977bfa3882d51de55b1a891c16 by Natanael Copa on 2014-09-30T16:20:55Z:
```
main/targetcli: upgrade to 2.1_p37
and fix build
ref #3399
```
* Revision 72a716fba2ea67a59b323af580cbcdeff1902231 by Natanael Copa on 2014-10-06T14:11:31Z:
```
main/py-rtslib: upgrade to 2.1_p50
ref #3399
```
* Revision 3d828d0cef70f04da2874e3227045ca74f6d3304 by Eivind Uggedal on 2014-10-08T10:13:03Z:
```
main/python: upgrade to 2.7.8
ref #3399
(cherry picked from commit 9620c81917d454c855b17f5e711ae08e57b4ae4f)
```
* Revision c3c29911b5d4ae1d38fa73f636b8502d0a275d1c by Natanael Copa on 2014-10-08T14:09:45Z:
```
main/py-rtslib: upgrade to 2.1_p50
ref #3399
(cherry picked from commit 72a716fba2ea67a59b323af580cbcdeff1902231)
```
* Revision b50fb977e1b4a16393af34ae034c3fb362fef6e6 by Natanael Copa on 2014-10-08T14:10:06Z:
```
main/targetcli: upgrade to 2.1_p37
and fix build
fixes #3399
```3.0.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3398QLogic Infiniband & ISER Target kernel modules2019-07-23T14:01:55ZJann - Ove RisvikQLogic Infiniband & ISER Target kernel modulesIt would be nice to have these modules again, they were active in the
later 2.7 kernel builds.
*(from redmine: issue id 3398, created on 2014-09-25, closed on 2014-10-08)*
* Changesets:
* Revision cda54d631e3f222133363155f9a3f43bc14...It would be nice to have these modules again, they were active in the
later 2.7 kernel builds.
*(from redmine: issue id 3398, created on 2014-09-25, closed on 2014-10-08)*
* Changesets:
* Revision cda54d631e3f222133363155f9a3f43bc141a829 by Natanael Copa on 2014-09-30T14:22:58Z:
```
main/linux-grsec: enable QLogic Infiniband & ISER Target kernel modules
ref #3398
```
* Revision 399785c4724eda9124c4a561f9035403e7cab493 by Natanael Copa on 2014-10-02T14:38:07Z:
```
main/linux-grsec: enable QLogic Infiniband & ISER Target kernel modules
fixes #3398
```
* Uploads:
* [qib-module.txt](/uploads/d9744fec8d67e006d04345ffc4e71688/qib-module.txt) Patch file, can be applied to both vanilla and grsec kernel3.0.5https://gitlab.alpinelinux.org/alpine/aports/-/issues/3374Cherry keyboards hang2019-07-23T14:02:17Z7heo .tkCherry keyboards hangCherry keyboards aren’t compatible with Alpine Linux, they hang, one
cannot change the LEDs state, or input any character. Model of the
tested keyboard is: Cherry G230. It is a standard keyboard in Germany.
*(from redmine: issue id 337...Cherry keyboards aren’t compatible with Alpine Linux, they hang, one
cannot change the LEDs state, or input any character. Model of the
tested keyboard is: Cherry G230. It is a standard keyboard in Germany.
*(from redmine: issue id 3374, created on 2014-09-19, closed on 2014-10-08)*
* Relations:
* relates #3469
* Changesets:
* Revision c3004a98bdc0a48f889525d7e5f186ad0dd6197f by Natanael Copa on 2014-10-02T14:38:07Z:
```
main/linux-grsec: disable USB_KBD and USB_MOUSE
they cause problems in some situations and hid-generic is to prefer
fixes #3374
```3.0.57heo .tk7heo .tkhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3367fetchmail crashes because of missing folder2019-07-23T14:02:23ZPanthera Tigrisfetchmail crashes because of missing folderOn systems with a tmpfs mounted into /var/run, fetchmail will crash
right after the start-up due to the default folder /var/run/fetchmail
being absent. I suggest the following patch in order to ensure the
folder is created during start-u...On systems with a tmpfs mounted into /var/run, fetchmail will crash
right after the start-up due to the default folder /var/run/fetchmail
being absent. I suggest the following patch in order to ensure the
folder is created during start-up.
--- /etc/init.d/fetchmail
+++ /etc/init.d/fetchmail
@@ -19,0 +20 @@
+ checkpath -d ${pidfile%/*} -o fetchmail
*(from redmine: issue id 3367, created on 2014-09-16, closed on 2014-10-08)*
* Changesets:
* Revision 47ccffb4c0eb924b04584f5523224b8ffe77e91a by Natanael Copa on 2014-09-16T08:53:35Z:
```
main/fetchmail: create dir for pidfile on startup
ref #3367
```
* Revision 86f180335d08c79a7a70df0297dd3ed1fd64550b by Natanael Copa on 2014-09-16T09:35:07Z:
```
main/fetchmail: create dir for pidfile on startup
fixes #3367
```3.0.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3349linux-pam: /sbin/unix_chkpwd not installed setuid root2019-07-23T14:02:42ZJohannes Matheislinux-pam: /sbin/unix_chkpwd not installed setuid rootExcerpts from UNIX\_CHKPWD(8):
“unix\_chkpwd is a helper program for the pam\_unix module that verifies
the password of the current user. \[…\] It is typically installed setuid
root or setgid shadow.”
/sbin/unix\_chkpwd should be inst...Excerpts from UNIX\_CHKPWD(8):
“unix\_chkpwd is a helper program for the pam\_unix module that verifies
the password of the current user. \[…\] It is typically installed setuid
root or setgid shadow.”
/sbin/unix\_chkpwd should be installed setuid root, otherwise programs
using pam and pam\_unix.so (i. e. screen lockers) are unable to verify
passwords to authenticate users.
*(from redmine: issue id 3349, created on 2014-08-28, closed on 2014-10-08)*
* Changesets:
* Revision 28dd552bd190b6c109fe1a82dd6e25d9159e37aa by Natanael Copa on 2014-09-16T17:00:54Z:
```
main/linux-pam: make unix_chkpwd utility suid shadow
ref #3349
```
* Revision 243947d1d4917dbaca6a4891f84765c667e5d653 by Natanael Copa on 2014-09-16T17:02:32Z:
```
main/linux-pam: make unix_chkpwd utility suid shadow
fixes #3349
```3.0.5https://gitlab.alpinelinux.org/alpine/aports/-/issues/3348[v3.0] kenel: unbound recursion in ISOFS (CVE-2014-5471 CVE-2014-5472)2019-07-23T14:02:43ZAlexander Belous[v3.0] kenel: unbound recursion in ISOFS (CVE-2014-5471 CVE-2014-5472)Some issues fixed in linux kernel upstream.
The upstream commit is also found in linux-3.14.y, 3.10.y and 3.6.y
branches at
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git.
References:
CONFIRM: http://seclists...Some issues fixed in linux kernel upstream.
The upstream commit is also found in linux-3.14.y, 3.10.y and 3.6.y
branches at
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git.
References:
CONFIRM: http://seclists.org/oss-sec/2014/q3/450
CONFIRM:
https://code.google.com/p/google-security-research/issues/detail?id=88
COMMIT:
https://github.com/torvalds/linux/commit/410dd3cf4c9b36f27ed4542ee18b1af5e68645a4
*(from redmine: issue id 3348, created on 2014-08-27, closed on 2014-11-18)*
* Relations:
* parent #33443.0.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3305[v3.0] kernel: mnt: ro bind mount bypass using user namespaces (CVE-2014-5206...2019-07-23T14:03:21ZAlexander Belous[v3.0] kernel: mnt: ro bind mount bypass using user namespaces (CVE-2014-5206 CVE-2014-5207)Two issues have been fixed in upstream:
mnt: Add tests for unprivileged remount cases that have found to be
faulty
mnt: Correct permission checks in do\_remount
References:
CONFIRM: http://seclists.org/oss-sec/2014/q3/357
COMMIT...Two issues have been fixed in upstream:
mnt: Add tests for unprivileged remount cases that have found to be
faulty
mnt: Correct permission checks in do\_remount
References:
CONFIRM: http://seclists.org/oss-sec/2014/q3/357
COMMIT:
https://git.kernel.org/cgit/linux/kernel/git/ebiederm/user-namespace.git/commit/?h=for-linus&id=db181ce011e3c033328608299cd6fac06ea50130
COMMIT:
https://git.kernel.org/cgit/linux/kernel/git/ebiederm/user-namespace.git/commit/?h=for-linus&id=9566d6742852c527bf5af38af5cbb878dad75705
*(from redmine: issue id 3305, created on 2014-08-15, closed on 2017-05-17)*
* Relations:
* parent #33003.0.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2981shorewall-core: fails to build with musl2019-07-23T14:08:06ZNatanael Copashorewall-core: fails to build with musl*(from redmine: issue id 2981, created on 2014-05-30, closed on 2014-10-08)*
* Changesets:
* Revision da9bfd2fc7b9da1e46aaa37a8c8785aa10ad2c70 by Natanael Copa on 2014-09-03T08:49:46Z:
```
main/shorewall6: upgrade to 4.6.3.1
ref #29...*(from redmine: issue id 2981, created on 2014-05-30, closed on 2014-10-08)*
* Changesets:
* Revision da9bfd2fc7b9da1e46aaa37a8c8785aa10ad2c70 by Natanael Copa on 2014-09-03T08:49:46Z:
```
main/shorewall6: upgrade to 4.6.3.1
ref #2981
```
* Revision 95fd5ba09058e5c33aab89fd674f4a262751981d by Natanael Copa on 2014-09-04T15:20:18Z:
```
main/shorewall-core: upgrade to 4.6.3.1
fixes #2981
```3.0.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2965Warning "ehci_hcd should always be loaded before uhci_hcd and ohci_hcd, not a...2019-07-23T14:08:19ZPanthera TigrisWarning "ehci_hcd should always be loaded before uhci_hcd and ohci_hcd, not after" during boot**THIS IS AN UPDATED COPY OF BUG \#2836**
It seems, during boot the UHCI driver is being loaded before the EHCI
driver, which generates a warning in dmsg (see below @ 5.140022). This
is related to
http://git.kernel.org/cgit/linux/kernel...**THIS IS AN UPDATED COPY OF BUG \#2836**
It seems, during boot the UHCI driver is being loaded before the EHCI
driver, which generates a warning in dmsg (see below @ 5.140022). This
is related to
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9beeee6584b9aa4f9192055512411484a2a624df&id2=2b70f07343389cb474235def00b021a645ede916
Please, ignore the device descriptor errors shown in the log @ 6.500953
and later, that are caused by a wacky USB device and have nothing to do
with the issue reported.
[ 5.102694] uhci_hcd: USB Universal Host Controller Interface driver
[ 5.102868] xen: registering gsi 23 triggering 0 polarity 1
[ 5.102880] Already setup the GSI :23
[ 5.102920] uhci_hcd 0000:00:1d.0: setting latency timer to 64
[ 5.102931] uhci_hcd 0000:00:1d.0: UHCI Host Controller
[ 5.102946] uhci_hcd 0000:00:1d.0: new USB bus registered, assigned bus number 1
[ 5.103066] uhci_hcd 0000:00:1d.0: irq 23, io base 0x000040a0
[ 5.103245] usb usb1: New USB device found, idVendor=1d6b, idProduct=0001
[ 5.103252] usb usb1: New USB device strings: Mfr=3, Product=2, SerialNumber=1
[ 5.103258] usb usb1: Product: UHCI Host Controller
[ 5.103263] usb usb1: Manufacturer: Linux 3.10.36-0-grsec uhci_hcd
[ 5.103268] usb usb1: SerialNumber: 0000:00:1d.0
[ 5.104624] hub 1-0:1.0: USB hub found
[ 5.104651] hub 1-0:1.0: 2 ports detected
[ 5.105167] xen: registering gsi 19 triggering 0 polarity 1
[ 5.105180] Already setup the GSI :19
[ 5.105230] uhci_hcd 0000:00:1d.1: setting latency timer to 64
[ 5.105246] uhci_hcd 0000:00:1d.1: UHCI Host Controller
[ 5.105268] uhci_hcd 0000:00:1d.1: new USB bus registered, assigned bus number 2
[ 5.105431] uhci_hcd 0000:00:1d.1: irq 19, io base 0x00004080
[ 5.105672] usb usb2: New USB device found, idVendor=1d6b, idProduct=0001
[ 5.105682] usb usb2: New USB device strings: Mfr=3, Product=2, SerialNumber=1
[ 5.105691] usb usb2: Product: UHCI Host Controller
[ 5.105699] usb usb2: Manufacturer: Linux 3.10.36-0-grsec uhci_hcd
[ 5.105707] usb usb2: SerialNumber: 0000:00:1d.1
[ 5.114001] hub 2-0:1.0: USB hub found
[ 5.114026] hub 2-0:1.0: 2 ports detected
[ 5.114619] xen: registering gsi 18 triggering 0 polarity 1
[ 5.114634] Already setup the GSI :18
[ 5.114688] uhci_hcd 0000:00:1d.2: setting latency timer to 64
[ 5.114707] uhci_hcd 0000:00:1d.2: UHCI Host Controller
[ 5.114727] uhci_hcd 0000:00:1d.2: new USB bus registered, assigned bus number 3
[ 5.114891] uhci_hcd 0000:00:1d.2: irq 18, io base 0x00004060
[ 5.115150] usb usb3: New USB device found, idVendor=1d6b, idProduct=0001
[ 5.115161] usb usb3: New USB device strings: Mfr=3, Product=2, SerialNumber=1
[ 5.115169] usb usb3: Product: UHCI Host Controller
[ 5.115176] usb usb3: Manufacturer: Linux 3.10.36-0-grsec uhci_hcd
[ 5.115184] usb usb3: SerialNumber: 0000:00:1d.2
[ 5.119577] hub 3-0:1.0: USB hub found
[ 5.119610] hub 3-0:1.0: 2 ports detected
[ 5.120175] xen: registering gsi 16 triggering 0 polarity 1
[ 5.120188] Already setup the GSI :16
[ 5.120240] uhci_hcd 0000:00:1d.3: setting latency timer to 64
[ 5.120257] uhci_hcd 0000:00:1d.3: UHCI Host Controller
[ 5.120280] uhci_hcd 0000:00:1d.3: new USB bus registered, assigned bus number 4
[ 5.120444] uhci_hcd 0000:00:1d.3: irq 16, io base 0x00004040
[ 5.120702] usb usb4: New USB device found, idVendor=1d6b, idProduct=0001
[ 5.120713] usb usb4: New USB device strings: Mfr=3, Product=2, SerialNumber=1
[ 5.120721] usb usb4: Product: UHCI Host Controller
[ 5.120730] usb usb4: Manufacturer: Linux 3.10.36-0-grsec uhci_hcd
[ 5.120738] usb usb4: SerialNumber: 0000:00:1d.3
[ 5.134539] hub 4-0:1.0: USB hub found
[ 5.134567] hub 4-0:1.0: 2 ports detected
[ 5.140013] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
[ 5.140022] Warning! ehci_hcd should always be loaded before uhci_hcd and ohci_hcd, not after
[ 5.143366] ehci-pci: EHCI PCI platform driver
[ 5.143592] xen: registering gsi 23 triggering 0 polarity 1
[ 5.143606] Already setup the GSI :23
[ 5.143694] ehci-pci 0000:00:1d.7: setting latency timer to 64
[ 5.163483] ehci-pci 0000:00:1d.7: EHCI Host Controller
[ 5.163514] ehci-pci 0000:00:1d.7: new USB bus registered, assigned bus number 5
[ 5.163571] ehci-pci 0000:00:1d.7: debug port 1
[ 5.167664] ehci-pci 0000:00:1d.7: cache line size of 64 is not supported
[ 5.167697] ehci-pci 0000:00:1d.7: irq 23, io mem 0xd0804400
[ 5.177695] ehci-pci 0000:00:1d.7: USB 2.0 started, EHCI 1.00
[ 5.177745] usb usb5: New USB device found, idVendor=1d6b, idProduct=0002
[ 5.177752] usb usb5: New USB device strings: Mfr=3, Product=2, SerialNumber=1
[ 5.177757] usb usb5: Product: EHCI Host Controller
[ 5.177763] usb usb5: Manufacturer: Linux 3.10.36-0-grsec ehci_hcd
[ 5.177768] usb usb5: SerialNumber: 0000:00:1d.7
[ 5.178899] hub 5-0:1.0: USB hub found
[ 5.178916] hub 5-0:1.0: 8 ports detected
[ 5.180247] hub 1-0:1.0: USB hub found
[ 5.180269] hub 1-0:1.0: 2 ports detected
[ 5.180956] hub 2-0:1.0: USB hub found
[ 5.180985] hub 2-0:1.0: 2 ports detected
[ 5.184613] hub 3-0:1.0: USB hub found
[ 5.184644] hub 3-0:1.0: 2 ports detected
[ 5.186959] hub 4-0:1.0: USB hub found
[ 5.186982] hub 4-0:1.0: 2 ports detected
[ 5.204972] xen: registering gsi 19 triggering 0 polarity 1
[ 5.204986] Already setup the GSI :19
[ 5.205059] i801_smbus 0000:00:1f.3: SMBus using PCI Interrupt
[ 5.545786] EXT4-fs (sda2): mounted filesystem with ordered data mode. Opts: (null)
[ 5.794304] usb 5-8: new high-speed USB device number 4 using ehci-pci
[ 5.918009] usb 5-8: New USB device found, idVendor=058f, idProduct=6254
[ 5.918018] usb 5-8: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 5.919235] hub 5-8:1.0: USB hub found
[ 5.919416] hub 5-8:1.0: 4 ports detected
[ 6.384292] usb 2-2: new low-speed USB device number 2 using uhci_hcd
[ 6.500953] usb 2-2: device descriptor read/64, error -71
[ 6.720998] usb 2-2: device descriptor read/64, error -71
[ 6.930962] usb 2-2: new low-speed USB device number 3 using uhci_hcd
[ 6.991598] udevd[896]: starting version 175
[ 7.047637] usb 2-2: device descriptor read/64, error -71
[ 7.267663] usb 2-2: device descriptor read/64, error -71
*(from redmine: issue id 2965, created on 2014-05-23, closed on 2014-10-08)*
* Relations:
* copied_to #2836
* Changesets:
* Revision b9346f220a7dc879c64940eea88621bc0cb2bd34 by Natanael Copa on 2014-05-28T15:59:23Z:
```
main/linux-grsec: build ehci-hcd into kernel
fixes #2965
```
* Revision 4c19aaa1ed494226a50f7ed524f61ab9e9372e64 by Natanael Copa on 2014-10-03T15:37:41Z:
```
main/linux-grsec: build ehci-hcd into kernel
ref #2965
```
* Revision 192ea6d2d66ae5fb27c6c018e01a631d314d3632 by Natanael Copa on 2014-10-03T15:49:19Z:
```
main/linux-grsec: build ehci-hcd into kernel
fixes #2965
```3.0.5https://gitlab.alpinelinux.org/alpine/aports/-/issues/3519[v2.5] wpa_supplicant, hostapd: wpa_cli and hostapd_cli action script executi...2019-07-23T14:00:32ZAlexander Belous[v2.5] wpa_supplicant, hostapd: wpa_cli and hostapd_cli action script execution vulnerability (CVE-2014-3686)wpa\_supplicant and hostapd 0.7.2 through 2.2, when running with certain
configurations and using wpa\_cli or hostapd\_cli with action scripts,
allows remote attackers to execute arbitrary commands via a crafted
frame.
References:
htt...wpa\_supplicant and hostapd 0.7.2 through 2.2, when running with certain
configurations and using wpa\_cli or hostapd\_cli with action scripts,
allows remote attackers to execute arbitrary commands via a crafted
frame.
References:
http://seclists.org/oss-sec/2014/q4/267
•MLIST:\[oss-security\] 20141009 wpa\_cli and hostapd\_cli action script
execution vulnerability
•URL: http://www.openwall.com/lists/oss-security/2014/10/09/28
•CONFIRM: http://w1.fi/security/2014-1/
•CONFIRM: https://bugzilla.redhat.com/show\_bug.cgi?id=1151259
•DEBIAN:DSA-3052
•URL: http://www.debian.org/security/2014/dsa-3052
•SUSE:openSUSE-SU-2014:1313
•URL: http://lists.opensuse.org/opensuse-updates/2014-10/msg00027.html
•SUSE:openSUSE-SU-2014:1314
•URL: http://lists.opensuse.org/opensuse-updates/2014-10/msg00028.html
•UBUNTU:USN-2383-1
•URL: http://www.ubuntu.com/usn/USN-2383-1
•BID:70396
•URL: http://www.securityfocus.com/bid/70396
•SECUNIA:60366
•URL: http://secunia.com/advisories/60366
•SECUNIA:60428
•URL: http://secunia.com/advisories/60428
•SECUNIA:61271
•URL: http://secunia.com/advisories/61271
*(from redmine: issue id 3519, created on 2014-11-12, closed on 2015-05-07)*
* Relations:
* parent #3518Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3473[v2.5] ruby-bundler: installation from rogue source vulnerability (CVE-2013-0...2019-07-23T14:01:00ZAlexander Belous[v2.5] ruby-bundler: installation from rogue source vulnerability (CVE-2013-0334)Bundler 1.7 is a security-only release to address CVE-2013-0334, a
vulnerability where a gem might be installed from an
unintended source server, particularly while using both rubygems.org and
gems.github.com.
Versions Affected: All v...Bundler 1.7 is a security-only release to address CVE-2013-0334, a
vulnerability where a gem might be installed from an
unintended source server, particularly while using both rubygems.org and
gems.github.com.
Versions Affected: All versions < 1.7.0
Not Affected: Any Gemfile with one or zero sources
Fixed Versions: 1.7.0
Releases: 1.7.0 (2014-09-14)
Impact:
Any Gemfile with multiple top-level \`source\` lines cannot reliably
control the gem server that a particular gem is
fetched from. As a result, Bundler might install the wrong gem if more
than one source provides a gem with the same
name.
This is especially possible in the case of Github’s legacy gem server,
hosted at gems.github.com. An attacker might
create a malicious gem on Rubygems.org with the same name as a
commonly-used Github gem. From that point forward,
running \`bundle install\` might result in the malicious gem being used
instead of the expected gem.
To mitigate this, the Bundler and Rubygems.org teams worked together to
copy almost every gem hosted on gems.github.com
to rubygems.org, reducing the number of gems that can be used for such
an attack.
Resolution:
To resolve this issue, upgrade to Bundler 1.7 by running \`gem install
bundler\`. The next time you run \`bundle install\`
for any Gemfile that contains multiple sources, each gem available from
multiple sources will print a warning.
For every warning printed, edit the Gemfile to either specify a
\`:source\` option for that gem, or move the \`gem\` line
into a block that is passed to a \`source\` method call.
Workarounds:
If you are unable to upgrade to Bundler 1.7, it is possible to work
around the issue by removing all but one \`source\`
line from your Gemfile. Gems from other sources must be installed via
the \`:git\` option, which is not susceptible to
this issue, or unpacked into the application repository and used via the
\`:path\`option.
Unfortunately, backporting a fix for this issue proved impractical, as
previous versions of Bundler lacked the ability
to distinguish between gem servers.
Credits:
Thanks to Andreas Loupasakis and Fotos Georgiadis for reporting this
issue, James Tucker, Tony Arcieri, Eric Hodel,
Michael Koziarski, and Kurt Seifried for assistance with the eventual
solution, and David Radcliffe for importing
legacy Github gems into Rubygems.org.
André Arko (`indirect), Tim Moore (`tmoore), and the Bundler team
(@bundlerio)
team () bundler io
References:
http://seclists.org/oss-sec/2014/q3/648
http://bundler.io/v1.7/whats\_new.html
http://bundler.io/blog/2014/08/14/bundler-may-install-gems-from-a-different-source-than-expected-cve-2013-0334.html
*(from redmine: issue id 3473, created on 2014-10-27, closed on 2015-05-07)*
* Relations:
* parent #3472Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3462[v2.5] python: overflow with large buffer sizes and/or offsets (CVE-2014-7185)2019-07-23T14:01:08ZAlexander Belous[v2.5] python: overflow with large buffer sizes and/or offsets (CVE-2014-7185)Python 2.7.8 fixes a potential wraparound in buffer() with possible
CWE-200 implications.
Note: Though the request is for Python 2.7, vulnerable code appears to
exist in EOL’d versions 1.6.1 through 2.6.9 as well.
References:
http://...Python 2.7.8 fixes a potential wraparound in buffer() with possible
CWE-200 implications.
Note: Though the request is for Python 2.7, vulnerable code appears to
exist in EOL’d versions 1.6.1 through 2.6.9 as well.
References:
http://seclists.org/oss-sec/2014/q3/638
http://bugs.python.org/issue21831
*(from redmine: issue id 3462, created on 2014-10-17, closed on 2014-10-23)*
* Relations:
* parent #3461
* Changesets:
* Revision 66f1812a4fac22fbe75c90d049b88186b593f0e2 by Natanael Copa on 2014-10-22T14:45:52Z:
```
main/python: security upgrade to 2.7.8 (CVE-2014-7185)
fixes #3462
```Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3457[v2.5] xen: one more issue pack (CVE-2014-7154, CVE-2014-7155, CVE-2014-7156,...2019-07-23T14:01:14ZAlexander Belous[v2.5] xen: one more issue pack (CVE-2014-7154, CVE-2014-7155, CVE-2014-7156, CVE-2014-7188)CVE-2014-7154 / XSA-104: Race condition in HVMOP\_track\_dirty\_vram
VULNERABLE SYSTEMS: Xen versions from 4.0.0 onwards are vulnerable. This
vulnerability is only applicable to Xen systems using stub domains or
other forms of disaggreg...CVE-2014-7154 / XSA-104: Race condition in HVMOP\_track\_dirty\_vram
VULNERABLE SYSTEMS: Xen versions from 4.0.0 onwards are vulnerable. This
vulnerability is only applicable to Xen systems using stub domains or
other forms of disaggregation of control domains for HVM guests.
RESOLUTION: Applying patch xsa104.patch (xen-unstable, Xen 4.4.x, Xen
4.3.x, Xen 4.2.x) resolves this issue. You can find the patch by the
link below.
http://seclists.org/oss-sec/2014/q3/att-635/xsa104.patch
CVE-2014-7155 / XSA-105: Missing privilege level checks in x86 HLT,
LGDT, LIDT, and LMSW emulation
VULNERABLE SYSTEMS: Xen versions from at least 3.2.x onwards are
vulnerable. Older versions have not been inspected. Only user processes
in HVM guests can take advantage of this vulnerability.
RESOLUTION: Applying patch xsa105.patch resolves this issue
(xen-unstable, Xen 4.4.x, Xen 4.3.x, Xen 4.2.x). You can find the patch
by the link below.
http://seclists.org/oss-sec/2014/q3/att-637/xsa105.patch
CVE-2014-7156 / XSA-106: Missing privilege level checks in x86 emulation
of software interrupts
VULNERABLE SYSTEMS: Xen versions from 3.3 onwards are vulnerable. Only
user processes in HVM guests can take advantage of this vulnerability.
RESOLUTION: Applying patch xsa106.patch resolves this issue
(xen-unstable, Xen 4.4.x, Xen 4.3.x, Xen 4.2.x). You can find the patch
by the link below.
http://seclists.org/oss-sec/2014/q3/att-636/xsa106.patch
CVE-2014-7188 / XSA-108: Improper MSR range used for x2APIC emulation
VULNERABLE SYSTEMS: Xen 4.1 and onward are vulnerable. Only x86 systems
are vulnerable. ARM systems are not vulnerable.
RESOLUTION: Applying patch xsa108.patch (xen-unstable, Xen 4.4.x, Xen
4.3.x, Xen 4.2.x) resolves this issue. You can find the patch by the
link below.
http://seclists.org/oss-sec/2014/q4/att-7/xsa108.patch
References:
http://seclists.org/oss-sec/2014/q3/635
http://seclists.org/oss-sec/2014/q3/637
http://seclists.org/oss-sec/2014/q3/636
http://seclists.org/oss-sec/2014/q4/7
*(from redmine: issue id 3457, created on 2014-10-17, closed on 2014-10-23)*
* Relations:
* parent #3456
* Changesets:
* Revision 9cba7900153b15f9070445e546fd8244cb2da8f1 by Natanael Copa on 2014-10-23T11:48:32Z:
```
main/xen: security upgrade to 4.2.5 and patches
The 4.2.5 release fixes:
CVE-2014-2599 / XSA-89 HVMOP_set_mem_access is not preemptible
CVE-2014-3124 / XSA-92 HVMOP_set_mem_type allows invalid P2M entries to be
created
CVE-2014-3967,CVE-2014-3968 / XSA-96 Vulnerabilities in HVM MSI injection
CVE-2014-4021 / XSA-100 Hypervisor heap contents leaked to guests
In addition we add patches for:
CVE-2014-7154 / XSA-104 Race condition in HVMOP_track_dirty_vram
CVE-2014-7155 / XSA-105 Missing privilege level checks in x86 HLT, LGDT,
LIDT, and LMSW emulation
CVE-2014-7156 / XSA-106 Missing privilege level checks in x86 emulation of
software interrupts
CVE-2014-7188 / XSA-108 Improper MSR range used for x2APIC emulation
fixes #3412
fixes #3457
```Alpine 2.5.5Ariadne Conillariadne@ariadne.spaceAriadne Conillariadne@ariadne.spacehttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3449[v2.5] dbus: security issues (CVE-2014-3635, CVE-2014-3636, CVE-2014-3637, CV...2019-07-23T14:01:20ZAlexander Belous[v2.5] dbus: security issues (CVE-2014-3635, CVE-2014-3636, CVE-2014-3637, CVE-2014-3638, CVE-2014-3639)Alban Crequy and Simon McVittie at Collabora Ltd. discovered and fixed
several security flaws in the reference implementation of dbus-daemon,
the D-Bus message bus daemon. fd.o \#83622 is a heap overflow and could
potentially be exploite...Alban Crequy and Simon McVittie at Collabora Ltd. discovered and fixed
several security flaws in the reference implementation of dbus-daemon,
the D-Bus message bus daemon. fd.o \#83622 is a heap overflow and could
potentially be exploited to alter data or executable code; the rest are
denial-of-service issues.
For the stable branch these are fixed in dbus 1.8.8.
For the old stable branch, these are fixed in dbus 1.6.24.
References:
http://seclists.org/oss-sec/2014/q3/616
https://bugs.freedesktop.org/show\_bug.cgi?id=83622
https://bugs.freedesktop.org/show\_bug.cgi?id=82820
https://bugs.freedesktop.org/show\_bug.cgi?id=80559
https://bugs.freedesktop.org/show\_bug.cgi?id=81053
https://bugs.freedesktop.org/show\_bug.cgi?id=80919
*(from redmine: issue id 3449, created on 2014-10-17, closed on 2014-10-23)*
* Relations:
* parent #3448
* Changesets:
* Revision 256f4e7e9f920e61c9a0f213d108851dd6eee97c by Natanael Copa on 2014-10-22T14:56:04Z:
```
main/dbus: security upgrade to 1.6.24 (CVE-2014-3635,CVE-2014-3636,CVE-2014-3637,CVE-2014-3638,CVE-2014-3639)
fixes #3449
```Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3434[v2.5] openssl: Security Advisory [15 Oct 2014] (CVE-2014-3513,CVE-2014-3567...2019-07-23T14:01:27ZNatanael Copa[v2.5] openssl: Security Advisory [15 Oct 2014] (CVE-2014-3513,CVE-2014-3567,CVE-2014-3568)OpenSSL Security Advisory \[15 Oct 2014\]
===
SRTP Memory Leak (CVE-2014-3513)
Severity: High
A flaw in the DTLS SRTP extension parsing code allows an attacker, who
sends a carefully crafted handshake message, to cause OpenSSL t...OpenSSL Security Advisory \[15 Oct 2014\]
===
SRTP Memory Leak (CVE-2014-3513)
Severity: High
A flaw in the DTLS SRTP extension parsing code allows an attacker, who
sends a carefully crafted handshake message, to cause OpenSSL to fail
to free up to 64k of memory causing a memory leak. This could be
exploited in a Denial Of Service attack. This issue affects OpenSSL
1.0.1 server implementations for both SSL/TLS and DTLS regardless of
whether SRTP is used or configured. Implementations of OpenSSL that
have been compiled with OPENSSL\_NO\_SRTP defined are not affected.
OpenSSL 1.0.1 users should upgrade to 1.0.1j.
This issue was reported to OpenSSL on 26th September 2014, based on an
original
issue and patch developed by the LibreSSL project. Further analysis of
the issue
was performed by the OpenSSL team.
The fix was developed by the OpenSSL team.
Session Ticket Memory Leak (CVE-2014-3567)
==
Severity: Medium
When an OpenSSL SSL/TLS/DTLS server receives a session ticket the
integrity of that ticket is first verified. In the event of a session
ticket integrity check failing, OpenSSL will fail to free memory
causing a memory leak. By sending a large number of invalid session
tickets an attacker could exploit this issue in a Denial Of Service
attack.
OpenSSL 1.0.1 users should upgrade to 1.0.1j.
OpenSSL 1.0.0 users should upgrade to 1.0.0o.
OpenSSL 0.9.8 users should upgrade to 0.9.8zc.
This issue was reported to OpenSSL on 8th October 2014.
The fix was developed by Stephen Henson of the OpenSSL core team.
SSL 3.0 Fallback protection
===
Severity: Medium
OpenSSL has added support for TLS\_FALLBACK\_SCSV to allow
applications
to block the ability for a MITM attacker to force a protocol
downgrade.
Some client applications (such as browsers) will reconnect using a
downgraded protocol to work around interoperability bugs in older
servers. This could be exploited by an active man-in-the-middle to
downgrade connections to SSL 3.0 even if both sides of the connection
support higher protocols. SSL 3.0 contains a number of weaknesses
including POODLE (CVE-2014-3566).
OpenSSL 1.0.1 users should upgrade to 1.0.1j.
OpenSSL 1.0.0 users should upgrade to 1.0.0o.
OpenSSL 0.9.8 users should upgrade to 0.9.8zc.
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00
https://www.openssl.org/~bodo/ssl-poodle.pdf
Support for TLS\_FALLBACK\_SCSV was developed by Adam Langley and Bodo
Moeller.
Build option no-ssl3 is incomplete (CVE-2014-3568)
==
Severity: Low
When OpenSSL is configured with “no-ssl3” as a build option, servers
could accept and complete a SSL 3.0 handshake, and clients could be
configured to send them.
OpenSSL 1.0.1 users should upgrade to 1.0.1j.
OpenSSL 1.0.0 users should upgrade to 1.0.0o.
OpenSSL 0.9.8 users should upgrade to 0.9.8zc.
This issue was reported to OpenSSL by Akamai Technologies on 14th
October 2014.
The fix was developed by Akamai and the OpenSSL team.
References
==
URL for this Security Advisory:
https://www.openssl.org/news/secadv\_20141015.txt
Note: the online version of the advisory may be updated with
additional
details over time.
For details of OpenSSL severity classifications please see:
https://www.openssl.org/about/secpolicy.html
*(from redmine: issue id 3434, created on 2014-10-16, closed on 2014-10-17)*
* Relations:
* copied_to #3435
* parent #3433
* Changesets:
* Revision f09cdaa244ef0d0d6f7357ab368810ceaa7a1083 by Natanael Copa on 2014-10-16T09:21:12Z:
```
main/openssl: security upgrade to 1.0.1j (CVE-2014-3513,CVE-2014-3567,CVE-2014-3568)
fixes #3434
```Alpine 2.5.5https://gitlab.alpinelinux.org/alpine/aports/-/issues/3413[v2.5] xen: multiple issues (CVE-2014-2599, CVE-2014-3124, CVE-2014-3967, CVE...2019-07-23T14:01:42ZAlexander Belous[v2.5] xen: multiple issues (CVE-2014-2599, CVE-2014-3124, CVE-2014-3967, CVE-2014-3968, CVE-2014-4021, CVE-2014-7188)The following critical vulnerabilities have been fixed in new version of
xen (4.2.5 and 4.3.3):
•CVE-2014-2599 / XSA-89 HVMOP\_set\_mem\_access is not preemptible
•CVE-2014-3124 / XSA-92 HVMOP\_set\_mem\_type allows invalid P2M entri...The following critical vulnerabilities have been fixed in new version of
xen (4.2.5 and 4.3.3):
•CVE-2014-2599 / XSA-89 HVMOP\_set\_mem\_access is not preemptible
•CVE-2014-3124 / XSA-92 HVMOP\_set\_mem\_type allows invalid P2M entries
to be created
•CVE-2014-3967,CVE-2014-3968 / XSA-96 Vulnerabilities in HVM MSI
injection
•CVE-2014-4021 / XSA-100 Hypervisor heap contents leaked to guests
Also a new vulnerability CVE-2014-7188 have not been fixed in an
official release, however a patch is already enabled:
•CVE-2014-7188: Improper MSR range used for x2APIC emulation.
The patch could be found by the link below.
References:
FIXES in 4.2.5:
http://xenproject.org/downloads/xen-archives/supported-xen-42-series/xen-425.html
FIXES in 4.3.3:
http://xenproject.org/downloads/xen-archives/supported-xen-43-series/xen-433.html
PATCH: http://xenbits.xen.org/xsa/advisory-108.html
*(from redmine: issue id 3413, created on 2014-10-02, closed on 2014-10-23)*
* Relations:
* parent #3412Alpine 2.5.5Ariadne Conillariadne@ariadne.spaceAriadne Conillariadne@ariadne.spacehttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3403[v2.5] bash: Shellshock vulnerabilities allowing remote code execution (CVE-2...2019-07-23T14:01:52ZAlexander Belous[v2.5] bash: Shellshock vulnerabilities allowing remote code execution (CVE-2014-6271 CVE-2014-7169)GNU Bash through 4.3 processes trailing strings after function
definitions in the values of environment variables, which allows remote
attackers to execute arbitrary code via a crafted environment, as
demonstrated by vectors involving th...GNU Bash through 4.3 processes trailing strings after function
definitions in the values of environment variables, which allows remote
attackers to execute arbitrary code via a crafted environment, as
demonstrated by vectors involving the ForceCommand feature in OpenSSH
sshd, the mod\_cgi and mod\_cgid modules in the Apache HTTP Server,
scripts executed by unspecified DHCP clients, and other situations in
which setting the environment occurs across a privilege boundary from
Bash execution, aka “ShellShock.” NOTE: the original fix for this issue
was incorrect; CVE-2014-7169 has been assigned to cover the
vulnerability that is still present after the incorrect fix.
•MISC:
http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html
•CONFIRM: https://bugzilla.redhat.com/show\_bug.cgi?id=1141597
•CONFIRM:
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
•URL:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
•URL: http://www.debian.org/security/2014/dsa-3032
•URL: http://rhn.redhat.com/errata/RHSA-2014-1293.html
•URL: http://rhn.redhat.com/errata/RHSA-2014-1294.html
•URL: http://rhn.redhat.com/errata/RHSA-2014-1295.html
•URL: http://www.ubuntu.com/usn/USN-2362-1
•URL: http://www.us-cert.gov/ncas/alerts/TA14-268A
•URL: http://www.kb.cert.org/vuls/id/252743
*(from redmine: issue id 3403, created on 2014-09-30, closed on 2014-10-02)*
* Relations:
* parent #3402
* Changesets:
* Revision 8e27e51f9a2030178c74ca4e47825c8e3514b6ec by Natanael Copa on 2014-09-30T09:08:54Z:
```
main/bash: security upgrade to 4.2.50 (CVE-2014-7169)
fixes #3403
```Alpine 2.5.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3393[v2.5] mysql: new version 5.5.40 available with many bugfixes2019-07-23T14:02:01ZAlexander Belous[v2.5] mysql: new version 5.5.40 available with many bugfixesAlpine Linux v2.5 up to v3.0 have mysql-5.5.38. At the moment a new
mysql-5.5.40 released recently (2014-09-22) with multiple fixes.
References:
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html
http://dev.mysql.com/do...Alpine Linux v2.5 up to v3.0 have mysql-5.5.38. At the moment a new
mysql-5.5.40 released recently (2014-09-22) with multiple fixes.
References:
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-39.html
*(from redmine: issue id 3393, created on 2014-09-25, closed on 2014-10-01)*
* Relations:
* parent #3392
* Changesets:
* Revision 1b31bef8dc54514cafddc82886e0755a47cde630 by Natanael Copa on 2014-09-30T08:08:04Z:
```
main/mysql: upgrade to 5.5.40
fixes #3393
```Alpine 2.5.5Natanael CopaNatanael Copa