aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2019-07-12T15:48:30Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10509[3.7] samba: S4U2Self with unkeyed checksum (CVE-2018-16860)2019-07-12T15:48:30ZAlicha CH[3.7] samba: S4U2Self with unkeyed checksum (CVE-2018-16860)S4U2Self is an extension to Kerberos used in Active Directory to allow
a service to request a kerberos ticket to itself from the Kerberos Key
Distribution Center (KDC) for a non-Kerberos authenticated user
(principal in Kerboros pa...S4U2Self is an extension to Kerberos used in Active Directory to allow
a service to request a kerberos ticket to itself from the Kerberos Key
Distribution Center (KDC) for a non-Kerberos authenticated user
(principal in Kerboros parlance). This is useful to allow internal
code paths to be standardized around Kerberos.
S4U2Proxy (constrained-delegation) is an extension of this mechanism
allowing this impersonation to a second service over the network. It
allows a privileged server that obtained a S4U2Self ticket to itself
to then assert the identity of that principal to a second service and
present itself as that principal to get services from the second
service.
There is a flaw in Samba’s AD DC in the Heimdal KDC. When the Heimdal
KDC checks the checksum that is placed on the S4U2Self packet by the
server to protect the requested principal against modification, it
does not confirm that the checksum algorithm that protects the user
name (principal) in the request is keyed. This allows a
man-in-the-middle attacker who can intercept the request to the KDC to
modify the packet by replacing the user name (principal) in the
request with any desired user name (principal) that exists in the KDC
and replace the checksum protecting that name with a CRC32 checksum
(which requires no prior knowledge to compute).
This would allow a S4U2Self ticket requested on behalf of user name
(principal) user@EXAMPLE.COM to any service to be changed to a
S4U2Self ticket with a user name (principal) of
Administrator@EXAMPLE.COM. This ticket would then contain the PAC of
the modified user name (principal).
### Fixed In Version:
samba 4.8.12, samba 4.9.8 and samba 4.10.3
### References:
https://www.samba.org/samba/security/CVE-2018-16860.html
https://www.samba.org/samba/history/security.html
*(from redmine: issue id 10509, created on 2019-05-30, closed on 2019-06-04)*
* Relations:
* parent #105063.7.4Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10499[3.7] curl: Multiple vulnerabilities (CVE-2019-5435, CVE-2019-5436)2019-07-12T15:48:25ZAlicha CH[3.7] curl: Multiple vulnerabilities (CVE-2019-5435, CVE-2019-5436)CVE-2019-5435: Integer overflows in curl\_url\_set()
----------------------------------------------------
libcurl contains two integer overflows in the curl\_url\_set() function
that if triggered, can lead to
a too small buffer alloca...CVE-2019-5435: Integer overflows in curl\_url\_set()
----------------------------------------------------
libcurl contains two integer overflows in the curl\_url\_set() function
that if triggered, can lead to
a too small buffer allocation and a subsequent heap buffer overflow.
Affected versions: libcurl 7.62.0 to and including 7.64.1
Not affected versions: libcurl < 7.62.0 and >= libcurl 7.65.0
### Reference:
https://curl.haxx.se/docs/CVE-2019-5435.html
### Patch:
https://github.com/curl/curl/commit/5fc28510a4664f4
CVE-2019-5436: TFTP receive buffer overflow
-------------------------------------------
libcurl contains a heap buffer overflow in the function
(tftp\_receive\_packet()) that recevives data from
a TFTP server. It calls recvfrom() with the default size for the buffer
rather than with the size that was
used to allocate it. Thus, the content that might overwrite the heap
memory is entirely controlled by the server.
The flaw exists if the user selects to use a “blksize” of 504 or smaller
(default is 512). The smaller size that is used,
the larger the possible overflow becomes. Users chosing a smaller size
than default should be rare as the primary
use case for changing the size is to make it larger.
Affected versions: libcurl 7.19.4 to and including 7.64.1
Not affected versions: libcurl < 7.19.4 and >= libcurl 7.65.0
### Reference:
https://curl.haxx.se/docs/CVE-2019-5436.html
### Patch:
https://github.com/curl/curl/commit/2576003415625d7b5f0e390902f8097830b82275
*(from redmine: issue id 10499, created on 2019-05-28, closed on 2019-06-05)*
* Relations:
* parent #104963.7.4Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10498[3.8] curl: Multiple vulnerabilities (CVE-2019-5435, CVE-2019-5436)2019-07-12T15:48:25ZAlicha CH[3.8] curl: Multiple vulnerabilities (CVE-2019-5435, CVE-2019-5436)CVE-2019-5435: Integer overflows in curl\_url\_set()
----------------------------------------------------
libcurl contains two integer overflows in the curl\_url\_set() function
that if triggered, can lead to
a too small buffer alloca...CVE-2019-5435: Integer overflows in curl\_url\_set()
----------------------------------------------------
libcurl contains two integer overflows in the curl\_url\_set() function
that if triggered, can lead to
a too small buffer allocation and a subsequent heap buffer overflow.
Affected versions: libcurl 7.62.0 to and including 7.64.1
Not affected versions: libcurl < 7.62.0 and >= libcurl 7.65.0
### Reference:
https://curl.haxx.se/docs/CVE-2019-5435.html
### Patch:
https://github.com/curl/curl/commit/5fc28510a4664f4
CVE-2019-5436: TFTP receive buffer overflow
-------------------------------------------
libcurl contains a heap buffer overflow in the function
(tftp\_receive\_packet()) that recevives data from
a TFTP server. It calls recvfrom() with the default size for the buffer
rather than with the size that was
used to allocate it. Thus, the content that might overwrite the heap
memory is entirely controlled by the server.
The flaw exists if the user selects to use a “blksize” of 504 or smaller
(default is 512). The smaller size that is used,
the larger the possible overflow becomes. Users chosing a smaller size
than default should be rare as the primary
use case for changing the size is to make it larger.
Affected versions: libcurl 7.19.4 to and including 7.64.1
Not affected versions: libcurl < 7.19.4 and >= libcurl 7.65.0
### Reference:
https://curl.haxx.se/docs/CVE-2019-5436.html
### Patch:
https://github.com/curl/curl/commit/2576003415625d7b5f0e390902f8097830b82275
*(from redmine: issue id 10498, created on 2019-05-28, closed on 2019-06-05)*
* Relations:
* parent #104963.8.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10424[3.7] libvirt: A NULL pointer dereference flaw (CVE-2019-3840)2019-07-12T15:47:57ZAlicha CH[3.7] libvirt: A NULL pointer dereference flaw (CVE-2019-3840)A NULL pointer dereference flaw was discovered in libvirt before version
5.0.0 in the
way it gets interface information through the QEMU agent. An attacker in
a guest VM
can use this flaw to crash libvirtd and cause a denial of servi...A NULL pointer dereference flaw was discovered in libvirt before version
5.0.0 in the
way it gets interface information through the QEMU agent. An attacker in
a guest VM
can use this flaw to crash libvirtd and cause a denial of service.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-3840
### Patch:
https://libvirt.org/git/?p=libvirt.git;a=commit;h=7cfd1fbb1332ae5df678b9f41a62156cb2e88c73
*(from redmine: issue id 10424, created on 2019-05-08, closed on 2019-06-05)*
* Relations:
* parent #104213.7.4Francesco ColistaFrancesco Colistahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/10423[3.8] libvirt: A NULL pointer dereference flaw (CVE-2019-3840)2019-07-12T15:47:56ZAlicha CH[3.8] libvirt: A NULL pointer dereference flaw (CVE-2019-3840)A NULL pointer dereference flaw was discovered in libvirt before version
5.0.0 in the
way it gets interface information through the QEMU agent. An attacker in
a guest VM
can use this flaw to crash libvirtd and cause a denial of servi...A NULL pointer dereference flaw was discovered in libvirt before version
5.0.0 in the
way it gets interface information through the QEMU agent. An attacker in
a guest VM
can use this flaw to crash libvirtd and cause a denial of service.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2019-3840
### Patch:
https://libvirt.org/git/?p=libvirt.git;a=commit;h=7cfd1fbb1332ae5df678b9f41a62156cb2e88c73
*(from redmine: issue id 10423, created on 2019-05-08, closed on 2019-06-05)*
* Relations:
* parent #104213.8.5Francesco ColistaFrancesco Colistahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9897[3.8] libraw: Multiple vulnerabilities (CVE-2018-20363, CVE-2018-20364, CVE-2...2019-07-12T15:43:50ZAlicha CH[3.8] libraw: Multiple vulnerabilities (CVE-2018-20363, CVE-2018-20364, CVE-2018-20365, CVE-2018-5817 CVE-2018-5818, CVE-2018-5819)**CVE-2018-20363**: LibRaw::raw2image in libraw\_cxx.cpp in LibRaw
0.19.1
has a NULL pointer dereference.
### References:
https://github.com/LibRaw/LibRaw/issues/193
### Patches:
Fixed by:
https://github.com/LibRaw/LibRaw/commit/7e...**CVE-2018-20363**: LibRaw::raw2image in libraw\_cxx.cpp in LibRaw
0.19.1
has a NULL pointer dereference.
### References:
https://github.com/LibRaw/LibRaw/issues/193
### Patches:
Fixed by:
https://github.com/LibRaw/LibRaw/commit/7e29b9f29449fde30cc878fbb137d61c14bba3a4
Additionally needed:
https://github.com/LibRaw/LibRaw/commit/a7c17cb6bbec1e79f058d84511f9c3b142cbdfa7
**CVE-2018-20364**: LibRaw::copy\_bayer in libraw\_cxx.cpp in LibRaw
0.19.1 has
a NULL pointer dereference.
### References:
https://github.com/LibRaw/LibRaw/issues/194
https://nvd.nist.gov/vuln/detail/CVE-2018-20364
### Patches:
Fixed by:
https://github.com/LibRaw/LibRaw/commit/7e29b9f29449fde30cc878fbb137d61c14bba3a4
Additionally needed:
https://github.com/LibRaw/LibRaw/commit/a7c17cb6bbec1e79f058d84511f9c3b142cbdfa7
**CVE-2018-20365**: LibRaw::raw2image() in libraw\_cxx.cpp has a
heap-based buffer overflow.
### References:
https://github.com/LibRaw/LibRaw/issues/195
https://nvd.nist.gov/vuln/detail/CVE-2018-20365
### Patches:
Fixed by:
https://github.com/LibRaw/LibRaw/commit/7e29b9f29449fde30cc878fbb137d61c14bba3a4
Additionally needed:
https://github.com/LibRaw/LibRaw/commit/a7c17cb6bbec1e79f058d84511f9c3b142cbdfa7
**CVE-2018-5817**: DoS in unpacked\_load\_raw function in
internal/dcraw\_common.cpp
### Fixed In Version:
LibRaw 0.19.1
### References:
https://www.flexera.com/company/secunia-research/advisories/SR-2018-27.html
### Patch:
https://github.com/LibRaw/LibRaw/commit/e67a9862d10ebaa97712f532eca1eb5e2e410a22
**CVE-2018-5818**:DoS in parse\_rollei function in
internal/dcraw\_common.cpp
### Fixed In Version:
0.19.1
### References:
https://www.flexera.com/company/secunia-research/advisories/SR-2018-27.html
### Patch:
https://github.com/LibRaw/LibRaw/commit/e67a9862d10ebaa97712f532eca1eb5e2e410a22
**CVE-2018-5819**: DoS in parse\_sinar\_ia function in
internal/dcraw\_common.cpp
### Fixed In Version:
0.19.1
### References:
https://www.flexera.com/company/secunia-research/advisories/SR-2018-27.html
### Patch:
https://github.com/LibRaw/LibRaw/commit/e67a9862d10ebaa97712f532eca1eb5e2e410a22
*(from redmine: issue id 9897, created on 2019-01-23, closed on 2019-01-31)*
* Relations:
* parent #98953.8.2Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9709[3.6] samba: Multiple vulnerabilities (CVE-2018-14629, CVE-2018-16841, CVE-20...2019-07-12T15:42:20ZAlicha CH[3.6] samba: Multiple vulnerabilities (CVE-2018-14629, CVE-2018-16841, CVE-2018-16851)CVE-2018-14629: Unprivileged adding of CNAME record causing loop in AD Internal DNS server
------------------------------------------------------------------------------------------
All versions of Samba from 4.0.0 onwards are vulnerabl...CVE-2018-14629: Unprivileged adding of CNAME record causing loop in AD Internal DNS server
------------------------------------------------------------------------------------------
All versions of Samba from 4.0.0 onwards are vulnerable to infinite
query recursion caused by CNAME loops. Any dns record can be added via
ldap by an unprivileged user using the ldbadd tool, so this is a
security issue.
### Fixed In Version:
Samba 4.7.12, 4.8.7, and 4.9.3
### References:
https://www.samba.org/samba/security/CVE-2018-14629.html
https://www.samba.org/samba/history/security.html
CVE-2018-16841 : Double-free in Samba AD DC KDC with PKINIT
-----------------------------------------------------------
A flaw was found in Samba from 4.3.0 versions. When configured to accept
smart-card authentication, Samba’s KDC
will call talloc\_free() twice on the same memory if the principal in a
validly signed certificate does not match the principal in the AS-REQ.
This is only possible after authentication with a trusted certificate.
This could result in a Denial of Service attack.
### Fixed In Version:
Samba 4.7.12, 4.8.7 and 4.9.3
### References:
https://www.samba.org/samba/security/CVE-2018-16841.html
https://www.samba.org/samba/history/security.html
CVE-2018-16851: NULL pointer de-reference in Samba AD DC LDAP server
--------------------------------------------------------------------
A flaw was found in Samba versions from 4.0.0. During the processing of
an LDAP search before Samba’s AD DC returns the LDAP
entries to the client, the entries are cached in a single memory object
with a maximum size of 256MB. When this size is reached, the
Samba process providing the LDAP service will follow the NULL pointer,
terminating the process. This can lead to a denial of service attack.
### Fixed In Version:
Samba 4.7.12, 4.8.7 and 4.9.3
### References:
https://www.samba.org/samba/security/CVE-2018-16851.html
https://www.samba.org/samba/history/security.html
*(from redmine: issue id 9709, created on 2018-11-28, closed on 2019-02-04)*
* Relations:
* parent #97053.6.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9447[3.5] lcms2: heap-based buffer overflow in SetData function in cmsIT8LoadFrom...2019-07-12T15:40:15ZAlicha CH[3.5] lcms2: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile (CVE-2018-16435)A flaw was found in Little CMS (aka Little Color Management System) 2.9.
An integer overflow
in the AllocateDataSet function in cmscgats.c, leading to a heap-based
buffer overflow in the
SetData function via a crafted file in the sec...A flaw was found in Little CMS (aka Little Color Management System) 2.9.
An integer overflow
in the AllocateDataSet function in cmscgats.c, leading to a heap-based
buffer overflow in the
SetData function via a crafted file in the second argument to
cmsIT8LoadFromFile.
### References:
https://github.com/mm2/Little-CMS/issues/171
https://nvd.nist.gov/vuln/detail/CVE-2018-16435
### Patch:
https://github.com/mm2/Little-CMS/commit/768f70ca405cd3159d990e962d54456773bb8cf8
*(from redmine: issue id 9447, created on 2018-09-21, closed on 2018-11-07)*
* Relations:
* parent #94423.5.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9446[3.6] lcms2: heap-based buffer overflow in SetData function in cmsIT8LoadFrom...2019-07-12T15:40:15ZAlicha CH[3.6] lcms2: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile (CVE-2018-16435)A flaw was found in Little CMS (aka Little Color Management System) 2.9.
An integer overflow
in the AllocateDataSet function in cmscgats.c, leading to a heap-based
buffer overflow in the
SetData function via a crafted file in the sec...A flaw was found in Little CMS (aka Little Color Management System) 2.9.
An integer overflow
in the AllocateDataSet function in cmscgats.c, leading to a heap-based
buffer overflow in the
SetData function via a crafted file in the second argument to
cmsIT8LoadFromFile.
### References:
https://github.com/mm2/Little-CMS/issues/171
https://nvd.nist.gov/vuln/detail/CVE-2018-16435
### Patch:
https://github.com/mm2/Little-CMS/commit/768f70ca405cd3159d990e962d54456773bb8cf8
*(from redmine: issue id 9446, created on 2018-09-21, closed on 2018-11-07)*
* Relations:
* parent #94423.6.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9445[3.7] lcms2: heap-based buffer overflow in SetData function in cmsIT8LoadFrom...2019-07-12T15:40:14ZAlicha CH[3.7] lcms2: heap-based buffer overflow in SetData function in cmsIT8LoadFromFile (CVE-2018-16435)A flaw was found in Little CMS (aka Little Color Management System) 2.9.
An integer overflow
in the AllocateDataSet function in cmscgats.c, leading to a heap-based
buffer overflow in the
SetData function via a crafted file in the sec...A flaw was found in Little CMS (aka Little Color Management System) 2.9.
An integer overflow
in the AllocateDataSet function in cmscgats.c, leading to a heap-based
buffer overflow in the
SetData function via a crafted file in the second argument to
cmsIT8LoadFromFile.
### References:
https://github.com/mm2/Little-CMS/issues/171
https://nvd.nist.gov/vuln/detail/CVE-2018-16435
### Patch:
https://github.com/mm2/Little-CMS/commit/768f70ca405cd3159d990e962d54456773bb8cf8
*(from redmine: issue id 9445, created on 2018-09-21, closed on 2018-11-07)*
* Relations:
* parent #94423.7.2Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9440packaged gem executable in ruby apk doesn't set "x86_64-linux" platform2019-07-12T15:40:12Zjef spaletapackaged gem executable in ruby apk doesn't set "x86_64-linux" platformUsing the alpine linux container
after installing
“gem env platform” returns “ruby”
I was expecting to see “ruby:x86\_64-linux”
This impacts the install of some gems for example gem install
linux-kstat won’t work as expect if the ...Using the alpine linux container
after installing
“gem env platform” returns “ruby”
I was expecting to see “ruby:x86\_64-linux”
This impacts the install of some gems for example gem install
linux-kstat won’t work as expect if the platform isn’t set as expect.
You’ll get an older version of the gem (linux-kstat-0.1.0) instead of
the expected (linux-kstat-0.2.0-universal-linux.gem).
If I use gem install with the —platform option the correct version gets
installed. But this presents a problem later as part of normal ruby
operation because the default platform setting is such that the linux
specific gem isn’t found unless you do some pretty invasive changes in
the ruby environment to get the non-default platform to be used.
Installing ruby 2.5.1 via ruby-install project into the container gem
platform is set as expected.
No idea why ruby-install is getting the platform correct, but the apk
packaged ruby is failing. Is the build environment for the package
missing something?
*(from redmine: issue id 9440, created on 2018-09-21, closed on 2018-10-07)*https://gitlab.alpinelinux.org/alpine/aports/-/issues/9278musl-utils: add support for the -s switch to getent2019-07-12T15:38:54Zwknapik wknapikmusl-utils: add support for the -s switch to getentglibc getent supports a \`-s’ switch for choosing services - this
feature is missing in the getent implementation from musl-utils.
I use getent to resolve host names in a script and use \`-s’ to query
either the /etc/hosts file (\`geten...glibc getent supports a \`-s’ switch for choosing services - this
feature is missing in the getent implementation from musl-utils.
I use getent to resolve host names in a script and use \`-s’ to query
either the /etc/hosts file (\`getent -s files hosts <hosts>‘), or actual
DNS (\`getent -s dns hosts <hosts>’).
The former could be worked around by parsing the hosts file (at the cost
of additional code), but there’s no way to skip the hosts file lookup to
cover the latter case.
Of course, I could use a tool like host/dig, but I intentionally chose
getent, to avoid the additional dependency on bind-tools.
Any chance of this feature being added ?
*(from redmine: issue id 9278, created on 2018-08-18, closed on 2018-08-21)*Timo TeräsTimo Teräshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9259[3.5] ldb: Denial of Service Attack on DNS and LDAP server (CVE-2018-1140)2019-07-12T15:38:44ZAlicha CH[3.5] ldb: Denial of Service Attack on DNS and LDAP server (CVE-2018-1140)Missing input sanitization checks on some of the input parameters to
LDB database layer cause the LDAP server and DNS server to crash when
following a NULL pointer.
### Fixed In Version:
ldb 1.4.1, ldb 1.3.5
### References:
https...Missing input sanitization checks on some of the input parameters to
LDB database layer cause the LDAP server and DNS server to crash when
following a NULL pointer.
### Fixed In Version:
ldb 1.4.1, ldb 1.3.5
### References:
https://www.samba.org/samba/security/CVE-2018-1140.html
https://www.samba.org/samba/history/security.html
*(from redmine: issue id 9259, created on 2018-08-16, closed on 2018-08-22)*
* Relations:
* copied_to #9254
* parent #92543.5.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9258[3.6] ldb: Denial of Service Attack on DNS and LDAP server (CVE-2018-1140)2019-07-12T15:38:44ZAlicha CH[3.6] ldb: Denial of Service Attack on DNS and LDAP server (CVE-2018-1140)Missing input sanitization checks on some of the input parameters to
LDB database layer cause the LDAP server and DNS server to crash when
following a NULL pointer.
### Fixed In Version:
ldb 1.4.1, ldb 1.3.5
### References:
https...Missing input sanitization checks on some of the input parameters to
LDB database layer cause the LDAP server and DNS server to crash when
following a NULL pointer.
### Fixed In Version:
ldb 1.4.1, ldb 1.3.5
### References:
https://www.samba.org/samba/security/CVE-2018-1140.html
https://www.samba.org/samba/history/security.html
*(from redmine: issue id 9258, created on 2018-08-16, closed on 2018-08-22)*
* Relations:
* copied_to #9254
* parent #92543.6.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9178[3.5] py-django: Open redirect possibility in CommonMiddleware (CVE-2018-14574)2019-07-12T15:38:04ZAlicha CH[3.5] py-django: Open redirect possibility in CommonMiddleware (CVE-2018-14574)If the django.middleware.common.CommonMiddleware and the APPEND\_SLASH
setting are both enabled, and if the project
has a URL pattern that accepts any path ending in a slash (many content
management systems have such a pattern), then a...If the django.middleware.common.CommonMiddleware and the APPEND\_SLASH
setting are both enabled, and if the project
has a URL pattern that accepts any path ending in a slash (many content
management systems have such a pattern), then a request to
a maliciously crafted URL of that site could lead to a redirect to
another site, enabling phishing and other attacks.
### Fixed In Version:
Django 1.11.15 and Django 2.0.8
### References:
https://www.djangoproject.com/weblog/2018/aug/01/security-releases/
http://openwall.com/lists/oss-security/2018/08/01/2
### Patch:
https://github.com/django/django/commit/d6eaee092709aad477a9894598496c6deec532ff
*(from redmine: issue id 9178, created on 2018-08-02, closed on 2018-08-07)*
* Relations:
* copied_to #9173
* parent #91733.5.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9067Package name error in alpine-secdb2019-07-12T15:37:08ZalgitbotPackage name error in alpine-secdbHi,
https://git.alpinelinux.org/cgit/alpine-secdb/tree/v3.7/main.yaml\#n397
says there are two CVEs open on package libressl prior to 2.6.5-r0 in
Alpine 3.7 (and certainly earlier, I haven’t checked). However, Alpine
3.7 does not have a...Hi,
https://git.alpinelinux.org/cgit/alpine-secdb/tree/v3.7/main.yaml\#n397
says there are two CVEs open on package libressl prior to 2.6.5-r0 in
Alpine 3.7 (and certainly earlier, I haven’t checked). However, Alpine
3.7 does not have a package named exactly libressl; it has two packages,
named libressl2.6-libcrypto and libressl2.6-libssl. The version of those
packages in the instances I see is 2.6.3-r0, thus concerned by the CVE.
This difference in naming means that the Clair security scanner does not
detect that there is a concern on these images and that they should be
updated.
*(from redmine: issue id 9067, created on 2018-07-09, closed on 2018-07-13)*3.7.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8957[3.5] strongswan: integer underflow leads to buffer overflow and denial of se...2019-07-12T15:36:20ZAlicha CH[3.5] strongswan: integer underflow leads to buffer overflow and denial of service in stroke_socket.c (CVE-2018-5388)A flaw was found in strongSwan VPN’s charon server prior to version
5.6.3. In stroke\_socket.c, a missing packet length check could allow
a integer underflow, which may lead to resource exhaustion and denial of
service while reading fr...A flaw was found in strongSwan VPN’s charon server prior to version
5.6.3. In stroke\_socket.c, a missing packet length check could allow
a integer underflow, which may lead to resource exhaustion and denial of
service while reading from the socket. A remote attacker with
local user credentials (possibly a normal user in the vpn group, or
root) may be able to overflow the buffer and cause a denial of service.
### Fixed In Version:
strongswan 5.6.3
### References:
https://www.strongswan.org/blog/2018/05/28/strongswan-vulnerability-(cve-2018-5388).html
https://www.kb.cert.org/vuls/id/338343
### Patch:
https://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=0acd1ab4
*(from redmine: issue id 8957, created on 2018-05-31, closed on 2018-06-11)*
* Relations:
* copied_to #8953
* parent #89533.5.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8956[3.6] strongswan: integer underflow leads to buffer overflow and denial of se...2019-07-12T15:36:20ZAlicha CH[3.6] strongswan: integer underflow leads to buffer overflow and denial of service in stroke_socket.c (CVE-2018-5388)A flaw was found in strongSwan VPN’s charon server prior to version
5.6.3. In stroke\_socket.c, a missing packet length check could allow
a integer underflow, which may lead to resource exhaustion and denial of
service while reading fr...A flaw was found in strongSwan VPN’s charon server prior to version
5.6.3. In stroke\_socket.c, a missing packet length check could allow
a integer underflow, which may lead to resource exhaustion and denial of
service while reading from the socket. A remote attacker with
local user credentials (possibly a normal user in the vpn group, or
root) may be able to overflow the buffer and cause a denial of service.
### Fixed In Version:
strongswan 5.6.3
### References:
https://www.strongswan.org/blog/2018/05/28/strongswan-vulnerability-(cve-2018-5388).html
https://www.kb.cert.org/vuls/id/338343
### Patch:
https://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=0acd1ab4
*(from redmine: issue id 8956, created on 2018-05-31, closed on 2018-06-11)*
* Relations:
* copied_to #8953
* parent #89533.6.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/8878Docker daemon won't start after upgrade to 18.03.1, cgroups dependency2019-07-12T15:35:39ZalgitbotDocker daemon won't start after upgrade to 18.03.1, cgroups dependencyAfter upgrade of docker from 18.03.0-r0 to 18.03.1-r0 the docker daemon
can’t start.
Probably the problem is with:
https://github.com/alpinelinux/aports/commit/535f4ab75c98c546c112b9b8fd8ef98c2efe018d
<code class="text">
cur...After upgrade of docker from 18.03.0-r0 to 18.03.1-r0 the docker daemon
can’t start.
Probably the problem is with:
https://github.com/alpinelinux/aports/commit/535f4ab75c98c546c112b9b8fd8ef98c2efe018d
<code class="text">
curry:~# service docker start
* Caching service dependencies ...
Service `docker' needs non existent service `cgroups' [ ok ]
* ERROR: docker needs service(s) cgroups
</code>
*(from redmine: issue id 8878, created on 2018-05-12, closed on 2018-05-13)*https://gitlab.alpinelinux.org/alpine/aports/-/issues/8867Installing php5 via docker deletes files2019-07-12T15:35:34ZMoshe BrevdaInstalling php5 via docker deletes filesI’m having a hard time pinning down the exact cause, but it seems that
if I install php5 via docker the <code>php5</code> binary gets removed.
Here is an example Dockerfile:
FROM alpine:edge
RUN apk --update add php5-cli \
...I’m having a hard time pinning down the exact cause, but it seems that
if I install php5 via docker the <code>php5</code> binary gets removed.
Here is an example Dockerfile:
FROM alpine:edge
RUN apk --update add php5-cli \
php5-cgi \
php5-ctype \
php5-curl \
php5-dom \
php5-gd \
php5-gettext \
php5-iconv \
php5-json \
php5-pdo \
php5-pdo_mysql \
php5-pear \
php5-posix \
php5-xml \
php5-xmlrpc
RUN ls -la /usr/bin/php* && php5 -v
Which returns
-rwxr-xr-x 1 root root 8784608 Apr 28 15:52 /usr/bin/php-cgi5
/bin/sh: php5: not found
The command '/bin/sh -c ls -la /usr/bin/php* && php5 -v' returned a non-zero code: 127
If I install the same packages from the cli (<code>docker run —rm -it
alpine sh</code>), php5 seems to install fine. Is there something
specific to docker that needs to be taken in to account?
*(from redmine: issue id 8867, created on 2018-05-09, closed on 2018-05-14)*