aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2022-04-04T16:02:55Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/13661netstat is vulnerable to escape sequence injection (busybox)2022-04-04T16:02:55ZMartin Kaesbergernetstat is vulnerable to escape sequence injection (busybox)Hey there,
Alpine ships BusyBox with the `netstat` applet enabled. This is vulnerable to escape sequence injection when used from an VT compatible terminal. To exploit this vulnerability the PTR for a remote host must contain a escape s...Hey there,
Alpine ships BusyBox with the `netstat` applet enabled. This is vulnerable to escape sequence injection when used from an VT compatible terminal. To exploit this vulnerability the PTR for a remote host must contain a escape sequence and the victim has to execute `netstat`. I've set up an example at `[elided]` with the PTR resolving to `\027[33\;46mlocalhost.`
```
$ dig -x [elided] @8.8.8.8
; <<>> DiG 9.16.25 <<>> -x [elided] @8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59625
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;[elided]. IN PTR
;; ANSWER SECTION:
[elided]. 1 IN PTR \027[33\;46mlocalhost.
;; Query time: 55 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sun Apr 03 00:11:16 DST 2022
;; MSG SIZE rcvd: 132
```
If you try to `ssh [elided]` and run `netstat -t` while trying to establish the connection from a different terminal, the second terminal will change the background and font color. Other escape sequences may lead to code execution.3.15.4https://gitlab.alpinelinux.org/alpine/aports/-/issues/13523apk-tools "ERROR: FDB format error" in 3.122022-03-04T11:37:43ZHenrik Riomarapk-tools "ERROR: FDB format error" in 3.12Since a few days having this in `/etc/apk/repositories`
```
@edge http://nl.alpinelinux.org/alpine/edge/testing
```
on 3.12 and older causes this
```
fetch http://nl.alpinelinux.org/alpine/edge/testing/x86_64/APKINDEX.tar.gz
ERROR: FDB f...Since a few days having this in `/etc/apk/repositories`
```
@edge http://nl.alpinelinux.org/alpine/edge/testing
```
on 3.12 and older causes this
```
fetch http://nl.alpinelinux.org/alpine/edge/testing/x86_64/APKINDEX.tar.gz
ERROR: FDB format error (line 34296)
```
git bisect points at this commit as the first one that can not handle the testing `APKINDEX.tar.gz` file
https://gitlab.alpinelinux.org/alpine/apk-tools/-/commit/7f9757ddc0e2f723c54e954a8dd1e97c8cb0d15cTimo TeräsTimo Teräshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/13475Bump linux-lts for stable releases to mitigate CVE-2022-01852022-01-27T10:54:06Zomniomni+alpine@hack.orgBump linux-lts for stable releases to mitigate CVE-2022-0185I saw this on the devel-list https://lists.alpinelinux.org/~alpine/devel/%3C70b44bb5-6f9d-bbda-0678-36c01fa39a4b%40gmail.com%3E
https://ubuntu.com/security/CVE-2022-0185
- [x] For 3.15-stable https://cdn.kernel.org/pub/linux/kernel/v5....I saw this on the devel-list https://lists.alpinelinux.org/~alpine/devel/%3C70b44bb5-6f9d-bbda-0678-36c01fa39a4b%40gmail.com%3E
https://ubuntu.com/security/CVE-2022-0185
- [x] For 3.15-stable https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.16 (97c7942c97aad38853c6b42edbe3b640d2dbea86)
- [x] For 3.13-stable https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.93 (287c0307619ec3ed2fd001a513538ed0e470b573)
- [x] For 3.14-stable https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.93 (5171c90a78f6a696cfa6de95387eeeb5af00e9a4)
- [x] For 3.12-stable https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.173 (1ad9afeaf376a260120fa1d94c24e42e69c5a9aa)Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/13409cairo CVE-2019-64612022-05-21T23:28:50ZMiroslav Machuracairo CVE-2019-6461Hello, cairo library is [possibly vulnerable](https://security.alpinelinux.org/vuln/CVE-2019-6461) to CVE-2019-6461, the fix already exists in upstream (not yet in official release though). Would it be possible to apply patch to alpine p...Hello, cairo library is [possibly vulnerable](https://security.alpinelinux.org/vuln/CVE-2019-6461) to CVE-2019-6461, the fix already exists in upstream (not yet in official release though). Would it be possible to apply patch to alpine package?
Fix in upstream: https://gitlab.freedesktop.org/cairo/cairo/-/merge_requests/155Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/13051py3-pillow: CVE-2021-234372022-01-31T06:00:07ZRich Braunpy3-pillow: CVE-2021-23437CVE-2021-23437 was reported 7-Sep-2021, a day-0 high-sev:
> The package pillow from 0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.
Edge repo has 8.1.x at this time. 3.14 repo ...CVE-2021-23437 was reported 7-Sep-2021, a day-0 high-sev:
> The package pillow from 0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function.
Edge repo has 8.1.x at this time. 3.14 repo has 8.2.0-r0.Fabian AffolterFabian Affolterhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/13013nettle CVE-2021-35802022-05-21T17:44:48ZMiroslav Machuranettle CVE-2021-3580Hi, according to NVD nettle library up to version 3.7.3 (excluding) is vulnerable to CVE-2021-3580. Affects at least alpine-3.13. Please upgrade the library or apply a fix.
- https://nvd.nist.gov/vuln/detail/CVE-2021-3580Hi, according to NVD nettle library up to version 3.7.3 (excluding) is vulnerable to CVE-2021-3580. Affects at least alpine-3.13. Please upgrade the library or apply a fix.
- https://nvd.nist.gov/vuln/detail/CVE-2021-3580Fabian AffolterFabian Affolterhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/12866main/redis-5.0.13-r0: test failure on 3.12-armhf2021-11-16T05:35:06ZKevin Daudtmain/redis-5.0.13-r0: test failure on 3.12-armhfredis has a test failure on 3.12 armhf:
```
!!! WARNING The following tests failed:
*** [err]: replica buffer don't induce eviction in tests/unit/maxmemory.tcl
Expected condition '[$master dbsize] == 100' to be true ([::redis::redisHan...redis has a test failure on 3.12 armhf:
```
!!! WARNING The following tests failed:
*** [err]: replica buffer don't induce eviction in tests/unit/maxmemory.tcl
Expected condition '[$master dbsize] == 100' to be true ([::redis::redisHandle15 dbsize] == 100)
```
See:
* https://build.alpinelinux.org/buildlogs/build-3-12-armhf/main/redis/redis-5.0.13-r0.log3.12.10J0WIJ0WIhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/12768open-iscsi does not honor exec_prefix at build time2021-06-18T14:46:29ZFrancesco Colistaopen-iscsi does not honor exec_prefix at build time```APKBUILD``` of open-iscsi has as ```exec_prefix=/usr```.
The Makefile has ```exec_prefix = /```
At build time, ```exec_prefix=/usr``` is not honored, this ends up in having binary files in ```/sbin``` rather than ```/usr/sbin```.
So...```APKBUILD``` of open-iscsi has as ```exec_prefix=/usr```.
The Makefile has ```exec_prefix = /```
At build time, ```exec_prefix=/usr``` is not honored, this ends up in having binary files in ```/sbin``` rather than ```/usr/sbin```.
So far, commit:28e8f052e8d863d85ff95ed5a4ffe6844d3ba522 has modified the path to ```/sbin``` to make it work, but this actually was incomplete, since the init has also ```iscsi-iname``` in the wrong, not existing, path.
In order to fix it, we can:
1. remove ```exec_prefix``` in Makefile and adjust the initd to have the all binaries called pointing to ```/sbin```
2. patch the Makefile in order to correct exec_prefix, still fix the initd which basically reverts commit:28e8f052e8d863d85ff95ed5a4ffe6844d3ba522
I will leave the choice to @larena since he's the maintainer.
If we go to option .2 (which I prefer) this is a possible patch (which I've tested and it's working):
```
diff --git a/Makefile b/Makefile
index 7f52cc8..32a86d3 100644
--- a/Makefile
+++ b/Makefile
@@ -7,7 +7,7 @@
DESTDIR ?=
prefix = /usr
-exec_prefix = /
+exec_prefix = $(prefix)
sbindir = $(exec_prefix)/sbin
bindir = $(exec_prefix)/bin
mandir = $(prefix)/share/man
```
.: Francesco ColistaLeonardo ArenaLeonardo Arenahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/12682Graphviz CVE-2020-180322022-01-10T20:55:15ZMiroslav MachuraGraphviz CVE-2020-18032JFrog XRay detects [CVE-2020-18032](https://nvd.nist.gov/vuln/detail/CVE-2020-18032) for graphviz library in alpine 3.13, which has a critical severity.
Please apply a patch to the vulnerability or upgrade the library.
Fix was introduc...JFrog XRay detects [CVE-2020-18032](https://nvd.nist.gov/vuln/detail/CVE-2020-18032) for graphviz library in alpine 3.13, which has a critical severity.
Please apply a patch to the vulnerability or upgrade the library.
Fix was introduced in [this MR](https://gitlab.com/graphviz/graphviz/-/merge_requests/1480/commits) and when I run `git tag --contains 784411c` (commit with fix) in graphviz lib, it returns:
```
2.46.0
2.46.1
2.47.0
2.47.1
```
So upgrading the library to version >= 2.46.0 in alpine 3.13 should also resolve the issue.
## Branches
* [x] master (06464b7)
* [x] 3.13-stable (5b55a7e)
* [x] 3.12-stable (4518bb2)
* [x] 3.11-stable (e6ce8b0)
* [ ] ~~3.10-stable~~Kevin DaudtKevin Daudthttps://gitlab.alpinelinux.org/alpine/aports/-/issues/12612nettle: Out of bounds memory access in signature verification (CVE-2021-20305)2022-12-20T13:50:45ZAlicha CHnettle: Out of bounds memory access in signature verification (CVE-2021-20305)A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range s...A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions (GOST DSA, EDDSA & ECDSA) result in the Elliptic Curve Cryptography point (ECC) multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allows an attacker to force an invalid signature, causing an assertion failure or possible validation. The highest threat to this vulnerability is to confidentiality, integrity, as well as system availability.
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2021-20305
* https://lists.lysator.liu.se/pipermail/nettle-bugs/2021/009457.html
### Affected branches:
* [x] master (c7ed8155ce515d594f4bb0ac20a418061976b393)
* [x] 3.13-stable
* [ ] 3.12-stable
* [ ] 3.11-stable
* [ ] 3.10-stableFabian AffolterFabian Affolterhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/12581tar: Memory leak in read_header() in list.c (CVE-2021-20193)2021-04-07T03:37:28ZAlicha CHtar: Memory leak in read_header() in list.c (CVE-2021-20193)A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system avai...A flaw was found in the src/list.c of tar 1.33 and earlier. This flaw allows an attacker who can submit a crafted input file to tar to cause uncontrolled consumption of memory. The highest threat from this vulnerability is to system availability.
#### References:
* https://savannah.gnu.org/bugs/?59897
* https://nvd.nist.gov/vuln/detail/CVE-2021-20193
#### Patch:
https://git.savannah.gnu.org/cgit/tar.git/commit/?id=d9d4435692150fa8ff68e1b1a473d187cc3fd777
### Affected branches:
* [x] master (eda7fb6bd07c8cf2d48aa6aae3c2f051571132fa)
* [x] 3.13-stable
* [x] 3.12-stable
* [x] 3.11-stable
* [x] 3.10-stableCarlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/12569nodejs, nodejs-current: security release on April 6th, 20212021-04-13T17:20:06ZMichał Polańskinodejs, nodejs-current: security release on April 6th, 2021### Source
https://nodejs.org/en/blog/vulnerability/april-2021-security-releases/
### Summary
The Node.js project will release new versions of all supported release lines on or shortly after Tuesday, April 6th, 2021.
### Impact
* The ...### Source
https://nodejs.org/en/blog/vulnerability/april-2021-security-releases/
### Summary
The Node.js project will release new versions of all supported release lines on or shortly after Tuesday, April 6th, 2021.
### Impact
* The 15.x release line of Node.js is vulnerable to two high severity issues.
* The 14.x release line of Node.js is vulnerable to three high severity issues.
* The 12.x release line of Node.js is vulnerable to three high severity issues.
* The 10.x release line of Node.js is vulnerable to three high severity issues.
### Affected aports with active support
* [x] ~~master: nodejs-current 15.13.0-r0 (community)~~ not affected
* [x] master: nodejs 14.16.0-r0 (main)
* [x] ~~3.13-stable: nodejs-current 15.10.0-r0 (community)~~ not affected
* [x] 3.13-stable: nodejs 14.16.0-r0 (main)
* [x] 3.12-stable: nodejs 12.21.0-r0 (main)
* [x] 3.11-stable: nodejs 12.21.0-r0 (main)
* [x] 3.10-stable: nodejs 10.24.0-r0 (main)Jakub JirutkaJakub Jirutka2021-04-06https://gitlab.alpinelinux.org/alpine/aports/-/issues/12566busybox: invalid free or segmentation fault via malformed gzip data (CVE-2021...2021-03-31T04:59:32ZAlicha CHbusybox: invalid free or segmentation fault via malformed gzip data (CVE-2021-28831)decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.
#### References:
* https://nvd.nist.gov/vuln/detail/...decompress_gunzip.c in BusyBox through 1.32.1 mishandles the error bit on the huft_build result pointer, with a resultant invalid free or segmentation fault, via malformed gzip data.
#### References:
* https://nvd.nist.gov/vuln/detail/CVE-2021-28831
* https://security-tracker.debian.org/tracker/CVE-2021-28831
#### Patch:
https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd
### Affected branches:
* [x] master: 1.33.0-r5 (8457a320f13d202a1c65be2652f0d030880f17f0)
* [x] 3.13-stable: 1.32.1-r4 (7acc3190c16c19db5767c094d5ea6de75bbc2ae8)
* [x] 3.12-stable: 1.31.1-r20 (0d639f13e315e43a11821d963031ed5b49b15a15)
* [x] 3.11-stable: 1.31.1-r10 (7332e004b92f2a688a28eee7628a1e6e16d76147)
* [x] 3.10-stable: 1.30.1-r5 (26527b0535f65a4ac0ae7f3c9afb2294885b21cc)Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/12558spamassassin: Malicious rule configuration files can be configured to run sys...2021-04-13T06:39:42ZAlicha CHspamassassin: Malicious rule configuration files can be configured to run system commands (CVE-2020-1946)In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading t...In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf) files can be configured to run system commands without any output or errors. With this, exploits can be injected in a number of scenarios. In addition to upgrading to SA version 3.4.5, users should only use update channels or 3rd party .cf files from trusted places.
#### References:
* https://www.openwall.com/lists/oss-security/2021/03/24/3
* https://s.apache.org/3r1wh
### Affected branches:
* [x] master (959e525e7a66fb2347f9e9109784d47cd4b8c4c4)
* [x] 3.13-stable
* [x] 3.12-stable
* [x] 3.11-stable
* [x] 3.10-stableLeonardo ArenaLeonardo Arenahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/12551py3-pygments: ReDos via crafted malicious input (CVE-2021-27291)2021-04-01T18:03:41ZAlicha CHpy3-pygments: ReDos via crafted malicious input (CVE-2021-27291)In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By craftin...In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service.
#### Reference:
https://nvd.nist.gov/vuln/detail/CVE-2021-27291
#### Patch:
https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14
### Affected branches:
* [x] master (5a7b755050736b28b503dfa74d6e519e8234273c)
* [x] 3.13-stable (5a7b755050736b28b503dfa74d6e519e8234273c)
* [x] 3.12-stable
* [x] 3.11-stablehttps://gitlab.alpinelinux.org/alpine/aports/-/issues/12549squid: HTTP Request Smuggling (CVE-2020-25097)2021-04-02T02:27:10ZAlicha CHsquid: HTTP Request Smuggling (CVE-2020-25097)An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This oc...An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings.
#### Fixed In Version:
squid 4.14 and 5.0.5.
#### References:
* https://github.com/squid-cache/squid/security/advisories/GHSA-jvf6-h9gj-pmj6
* https://nvd.nist.gov/vuln/detail/CVE-2020-25097
#### Patch:
Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_11.patch
### Affected branches:
* [x] master (6d446c6e6d358a7ebbfa3b88cc7e8f60709b9c70)
* [x] 3.13-stable
* [x] 3.12-stable
* [x] 3.11-stable
* [x] 3.10-stableNatanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/12546openssl: Multiple vulnerabilities (CVE-2021-3449, CVE-2021-3450)2021-03-29T08:51:59ZNatanael Copaopenssl: Multiple vulnerabilities (CVE-2021-3449, CVE-2021-3450)### CVE-2021-3449: NULL pointer deref in signature_algorithms processing
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the sig...### CVE-2021-3449: NULL pointer deref in signature_algorithms processing
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue.
#### Reference:
https://www.openssl.org/news/vulnerabilities.html
### CVE-2021-3450: CA certificate check bypass with X509_V_FLAG_X509_STRICT
The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue.
#### Reference:
https://www.openssl.org/news/vulnerabilities.html
### Affected branches:
* [x] master (92ff3f34184c589fa4d811f96fa7f607b803975a)
* [x] 3.13-stable (36515dd3bda2fc9f66fb4c16e0f97689be0a192f)
* [x] 3.12-stable (762b65ec5a84fff28c614cc527a56eb0d12d35eb)
* [x] 3.11-stable (69ad9d9b8dbc23884600181b0f0a07c3428705ee)
* [x] 3.10-stable (b5417b32170f2c945de1735ea728199291ff97b6)https://gitlab.alpinelinux.org/alpine/aports/-/issues/12543gnutls: Multiple vulnerabilities (CVE-2021-20231, CVE-2021-20232)2021-03-24T15:10:55ZAlicha CHgnutls: Multiple vulnerabilities (CVE-2021-20231, CVE-2021-20232)### CVE-2021-20231: Use after free in client key_share extension
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.
#### Fixed In Version:
gn...### CVE-2021-20231: Use after free in client key_share extension
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.
#### Fixed In Version:
gnutls 3.7.1
#### References:
* https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10
* https://nvd.nist.gov/vuln/detail/CVE-2021-20231
### CVE-2021-20232: Use after free in client_send_params in lib/ext/pre_shared_key.c
A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.
#### Fixed In Version:
gnutls 3.7.1
#### References:
* https://www.gnutls.org/security-new.html#GNUTLS-SA-2021-03-10
* https://nvd.nist.gov/vuln/detail/CVE-2021-20232
### Affected branches:
* [x] master (a6a29b59574fe2eb241231ab5604780f0b4ee240)
* [x] 3.13-stable (c1538cc832955947054f76d3cc9e28460291c3f9)
* [x] 3.12-stable (4fe3ca4189cf75baafae0266f3c900cbedc10c2f)
* [x] 3.11-stable (696ea45aea1f48e8a177df39dfc174b609bea9a7)
* [x] 3.10-stable (f15d1c4a97433880b929b06b8604e19d76f7cb36)Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/12539haserl: information disclosure due to setuid binaries (CVE-2021-29133)2021-03-30T10:40:55ZKevin Daudthaserl: information disclosure due to setuid binaries (CVE-2021-29133)Lack of verification in haserl, a component of Alpine Linux Configuration Framework, in version 0.9.35 an below, allows local users to read the contents of any file on the filesystem.
## Affected versions
* v0.9.35 and below
## Fixed ...Lack of verification in haserl, a component of Alpine Linux Configuration Framework, in version 0.9.35 an below, allows local users to read the contents of any file on the filesystem.
## Affected versions
* v0.9.35 and below
## Fixed in version
* v0.9.36
## References
* https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29133
* https://nvd.nist.gov/vuln/detail/CVE-2021-29133
* https://twitter.com/steaIth/status/1364940271054712842
* https://github.com/rapid7/metasploit-framework/pull/14833
* #12491
## Branches
* [x] master haserl-0.9.36-r0 (9ed42b3)
* [x] 3.13-stable haserl-0.9.36-r0 (c82aabb012ba)
* [x] 3.12-stable haserl-0.9.36-r0 (88cf7914f395)
* [x] 3.11-stable haserl-0.9.36-r0 (4f43aacac6e0)
* [x] 3.10-stable haserl-0.9.36-r0 (691d020dbd55)https://gitlab.alpinelinux.org/alpine/aports/-/issues/12514openssh: double-free memory corruption may lead to arbitrary code execution (...2021-03-24T08:56:53ZAlicha CHopenssh: double-free memory corruption may lead to arbitrary code execution (CVE-2021-28041)A double-free memory corruption, introduced in OpenSSH 8.2, that could be reached by an attacker with access to the agent socket. Exploitable by a user forwarding an agent either to an account shared with a malicious user or to a host wi...A double-free memory corruption, introduced in OpenSSH 8.2, that could be reached by an attacker with access to the agent socket. Exploitable by a user forwarding an agent either to an account shared with a malicious user or to a host with an attacker holding root access.
#### Fixed In Version:
openssh 8.5
#### References:
* https://www.openssh.com/txt/release-8.5
* https://nvd.nist.gov/vuln/detail/CVE-2021-28041
#### Patch:
https://github.com/openssh/openssh-portable/commit/e04fd6dde16de1cdc5a4d9946397ff60d96568db
### Affected branches:
* [x] master
* [x] 3.13-stable (5627e6e88d0ed5f43c7f1c4d8130c22e6289dccb)
* [x] 3.12-stable (548780934cd17a38c845008479f636f02458b43a)Natanael CopaNatanael Copa