aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2021-09-07T17:37:03Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/3107lvm creation mlock error2021-09-07T17:37:03ZAdis S.lvm creation mlock errorUsing the iso 3.0.1 x86\_64 to create the LVM setup i am facing with
following issue:
/lib/libdevmapper.so.1.02: mlock failed: Out of memory
/lib/libdevmapper-event.so.1.02: mlock failed: Out of memory
in the dmesg is following:
b...Using the iso 3.0.1 x86\_64 to create the LVM setup i am facing with
following issue:
/lib/libdevmapper.so.1.02: mlock failed: Out of memory
/lib/libdevmapper-event.so.1.02: mlock failed: Out of memory
in the dmesg is following:
bio: create slab <bio-1> at 1
here is the log from whole lvm creation process:
1. pvcreate /dev/sda3
Physical volume “/dev/sda3” successfully created
2. vgcreate vg0 /dev/sda3 Volume group “vg0” successfully created
3. lvcreate -n alpine.rootfs -L 1G vg0
667bfd424000-667bfd65e000 r-xp 00000000 00:0f 5194
/lib/libdevmapper.so.1.02: mlock failed: Out of memory
667bfd663000-667bfd868000 r-xp 00000000 00:0f 5207
/lib/libdevmapper-event.so.1.02: mlock failed: Out of memory
Logical volume “alpine.rootfs” created
4. vgchange -ay
1 logical volume(s) in volume group “vg0” now active
\#
*(from redmine: issue id 3107, created on 2014-07-01, closed on 2015-07-08)*
* Changesets:
* Revision 7cfe57d546e6a336fc5e0eb9c305bb9c3707bee2 by Natanael Copa on 2015-07-08T07:44:57Z:
```
main/lvm2: use mlockall by default
this works around issue with the "smart" memory locking
ref #3107
```
* Revision 7777c7a1bb2379fb212ae47e5ae9f82f678d5787 by Natanael Copa on 2015-07-08T07:47:43Z:
```
main/lvm2: use mlockall by default
this works around issue with the "smart" memory locking
fixes #3107
(cherry picked from commit 7cfe57d546e6a336fc5e0eb9c305bb9c3707bee2)
```3.2.1https://gitlab.alpinelinux.org/alpine/aports/-/issues/4254mesa-dri-intel: __sync_val_compare_and_swap_8: symbol not found2019-07-23T13:53:06ZNatanael Copamesa-dri-intel: __sync_val_compare_and_swap_8: symbol not foundThis happens when starting X on 32 bit
\[ 12956.121\] (EE) AIGLX error: dlopen of
/usr/lib/xorg/modules/dri/i915\_dri.so failed (Error relocating
/usr/lib/xorg/modules/dri/i915\_dri.so:
\_\_sync\_val\_compare\_and\_swap\_8: symbol not f...This happens when starting X on 32 bit
\[ 12956.121\] (EE) AIGLX error: dlopen of
/usr/lib/xorg/modules/dri/i915\_dri.so failed (Error relocating
/usr/lib/xorg/modules/dri/i915\_dri.so:
\_\_sync\_val\_compare\_and\_swap\_8: symbol not found)
*(from redmine: issue id 4254, created on 2015-05-27, closed on 2015-07-07)*
* Changesets:
* Revision f3f0096346f5123518483533d44d7d2a77518e15 by Natanael Copa on 2015-05-28T06:59:54Z:
```
main/mesa: force -march i586 for atomic compare and swap
ref #4254
This is a temp workaround til the toolchain default to 586
```
* Revision e1c5dc11c0ba05d27cadcf54abaa0241d39611e1 by Natanael Copa on 2015-05-28T11:16:12Z:
```
main/mesa: force -march i586 for atomic compare and swap
ref #4254
This is a temp workaround til the toolchain default to 586
```3.2.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4261Upgrading from AL 3.1 to 3.2 causes error in lua-posixtz2019-07-23T13:53:02ZTed TraskUpgrading from AL 3.1 to 3.2 causes error in lua-posixtzNew install of AL 3.1 with lua and lua-posixtz installed. Upgrade to AL
3.2 my modifying /etc/apk/repositories and running ‘apk upgrade -U’ and
you get the following error:
test:~\# apk upgrade -U
fetch
http://nl.alpinelinux.org/alpin...New install of AL 3.1 with lua and lua-posixtz installed. Upgrade to AL
3.2 my modifying /etc/apk/repositories and running ‘apk upgrade -U’ and
you get the following error:
test:~\# apk upgrade -U
fetch
http://nl.alpinelinux.org/alpine/v3.2/main/x86\_64/APKINDEX.tar.gz
Upgrading critical system libraries and apk-tools:
(1/1) Upgrading apk-tools (2.5.0\_rc1-r1 ->2.6.0-r0)
Executing busybox-1.22.1-r15.trigger
Continuing the upgrade transaction with new apk-tools:
fetch
http://nl.alpinelinux.org/alpine/v3.2/main/x86\_64/APKINDEX.tar.gz
(1/19) Upgrading musl (1.1.5-r4 ->1.1.9-r2)
(2/19) Upgrading busybox (1.22.1-r15 ->1.23.2-r0)
Executing busybox-1.23.2-r0.post-upgrade
(3/19) Upgrading openrc (0.12.4-r8 ->0.15.1-r2)
Executing openrc-0.15.1-r2.post-upgrade
(4/19) Upgrading alpine-conf (3.1.0-r5 ->3.2.1-r1)
(5/19) Upgrading libcrypto1.0 (1.0.1m-r1 ->1.0.2a-r1)
(6/19) Upgrading libssl1.0 (1.0.1m-r1 ->1.0.2a-r1)
(7/19) Upgrading busybox-initscripts (2.2-r25 ->2.2-r27)
(8/19) Upgrading scanelf (0.8.1-r0 ->0.9.1-r0)
(9/19) Upgrading musl-utils (1.1.5-r4 ->1.1.9-r2)
(10/19) Upgrading libc-utils (0.6-r0 ->0.7-r0)
(11/19) Upgrading alpine-base (3.1.4-r0 ->3.2.0-r0)
(12/19) Upgrading logrotate (3.8.8-r0 ->3.8.9-r0)
(13/19) Upgrading chrony (1.31.1-r0 ->2.0-r0)
(14/19) Upgrading lua5.1-libs (5.1.5-r0 ->5.1.5-r1)
(15/19) Upgrading lua5.1 (5.1.5-r0 ->5.1.5-r1)
(16/19) Upgrading lua-posixtz (0.3-r0 ->0.5-r1)
(17/19) Installing lua5.1-posixtz (0.5-r1)
ERROR: Failed to create usr/lib/lua/5.1/posixtz/core.so: No such file or
directory
ERROR: Failed to create usr/share/lua/5.1/posixtz.lua: No such file or
directory
(18/19) Upgrading openssh-client (6.7\_p1-r0 ->6.8\_p1-r2)
(19/19) Upgrading openssh (6.7\_p1-r0 ->6.8\_p1-r2)
Executing busybox-1.23.2-r0.trigger
1 errors; 10 MiB in 25 packages
*(from redmine: issue id 4261, created on 2015-06-01, closed on 2015-07-08)*
* Changesets:
* Revision 68453b99e68e8bc8454956cdcbbf6d0a520d666f by Timo Teräs on 2015-06-26T13:28:22Z:
```
remove db dir entry properly, so it can be recreated properly if needed
fixes #4261
```3.2.1Timo TeräsTimo Teräshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4264mysql-dev is missing in alpine 3.2 and edge2019-07-23T13:53:00Zpaul morganmysql-dev is missing in alpine 3.2 and edgeexample for alpine:3.2 (missing)
user@devenv:~$ docker run --rm -it alpine:3.2 sh
/ # vi /etc/apk/repositories
/ # cat /etc/apk/repositories
http://dl-4.alpinelinux.org/alpine/v3.2/main
http://dl-4.alpinelinux.org/...example for alpine:3.2 (missing)
user@devenv:~$ docker run --rm -it alpine:3.2 sh
/ # vi /etc/apk/repositories
/ # cat /etc/apk/repositories
http://dl-4.alpinelinux.org/alpine/v3.2/main
http://dl-4.alpinelinux.org/alpine/edge/main
http://dl-4.alpinelinux.org/alpine/edge/testing
/ # apk add --update mysql-dev
fetch http://dl-4.alpinelinux.org/alpine/v3.2/main/x86_64/APKINDEX.tar.gz
fetch http://dl-4.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz
fetch http://dl-4.alpinelinux.org/alpine/edge/testing/x86_64/APKINDEX.tar.gz
ERROR: unsatisfiable constraints:
mysql-dev (missing):
required by: world[mysql-dev]
example for alpine:3.1 (available):
user@devenv:~$ docker run --rm -it alpine:3.1 sh
/ # apk add --update mysql-dev
fetch http://dl-4.alpinelinux.org/alpine/v3.1/main/x86_64/APKINDEX.tar.gz
(1/20) Installing mysql-common (5.5.43-r0)
(2/20) Installing libaio (0.3.110-r0)
(3/20) Installing ncurses-terminfo-base (5.9-r3)
(4/20) Installing ncurses-libs (5.9-r3)
(5/20) Installing libgcc (4.8.3-r0)
(6/20) Installing libstdc++ (4.8.3-r0)
(7/20) Installing mysql (5.5.43-r0)
(8/20) Installing openssl (1.0.1m-r1)
(9/20) Installing zlib-doc (1.2.8-r1)
(10/20) Installing pkgconf (0.9.7-r0)
(11/20) Installing pkgconfig (0.25-r1)
(12/20) Installing zlib-dev (1.2.8-r1)
(13/20) Installing openssl-doc (1.0.1m-r1)
(14/20) Installing openssl-dev (1.0.1m-r1)
(15/20) Installing mysql-doc (5.5.43-r0)
(16/20) Installing mysql-libs (5.5.43-r0)
(17/20) Installing mysql-test (5.5.43-r0)
(18/20) Installing mysql-client (5.5.43-r0)
(19/20) Installing mysql-bench (5.5.43-r0)
(20/20) Installing mysql-dev (5.5.43-r0)
Executing busybox-1.22.1-r15.trigger
OK: 272 MiB in 35 packages
*(from redmine: issue id 4264, created on 2015-06-02, closed on 2015-07-07)*
* Relations:
* relates #3843
* Changesets:
* Revision 914048c3dec75af783bf2ade6d9ec43a044f70f6 by Natanael Copa on 2015-06-03T07:33:57Z:
```
main/mariadb: make -dev package provide mysql-dev
ref #4264
```
* Revision f8a2c22328b240e8ec0e480e693aadd4e47061e2 by Natanael Copa on 2015-06-26T10:56:27Z:
```
main/mariadb: make -dev package provide mysql-dev
fixes #4264
(cherry picked from commit 914048c3dec75af783bf2ade6d9ec43a044f70f6)
```3.2.1https://gitlab.alpinelinux.org/alpine/aports/-/issues/3843Automatic upgrade from MySQL to MariaDB when upgrading to edge (3.2)2019-07-23T13:52:58ZTed TraskAutomatic upgrade from MySQL to MariaDB when upgrading to edge (3.2)Upgrading a system with MySQL from Alpine 3.1.x to edge (future 3.2) can
result in a broken system. The mysql packages have been removed and
replaced with mariadb and all packages have been rebuilt against
mariadb. However, an upgrade do...Upgrading a system with MySQL from Alpine 3.1.x to edge (future 3.2) can
result in a broken system. The mysql packages have been removed and
replaced with mariadb and all packages have been rebuilt against
mariadb. However, an upgrade does not replace the mysql packages with
mariadb. So, you end up with mysql running (even though the package
doesn’t exist), and any other packages expecting to see mariadb. Would
be good to do an automatic upgrade from MySQL to MariaDB packages during
the upgrade.
*(from redmine: issue id 3843, created on 2015-01-30, closed on 2015-07-07)*
* Relations:
* relates #4264
* Changesets:
* Revision a9c0910b614a4bb83cf924e9ff1364f5af6ae142 by Natanael Copa on 2015-06-26T10:03:41Z:
```
main/mariadb: fix mysql compat package
ref #3843
```
* Revision 8377e32580040724b2987d68bdd83982539727c6 by Natanael Copa on 2015-06-26T10:57:08Z:
```
main/mariadb: fix mysql compat package
fixes #3843
(cherry picked from commit a9c0910b614a4bb83cf924e9ff1364f5af6ae142)
```3.2.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4270[v3.2] wpa_supplicant, hostapd: WPS UPnP vulnerability with HTTP chunked tran...2019-07-23T13:52:53ZAlexander Belous[v3.2] wpa_supplicant, hostapd: WPS UPnP vulnerability with HTTP chunked transfer encoding (CVE-2015-4141, CVE-2015-4142)CVE-2015-4141:
A vulnerability was found in the WPS UPnP function shared by hostapd
(WPS AP) and wpa\_supplicant (WPS external registrar). The HTTP
implementation used for the UPnP operations uses a signed integer for
storing the length...CVE-2015-4141:
A vulnerability was found in the WPS UPnP function shared by hostapd
(WPS AP) and wpa\_supplicant (WPS external registrar). The HTTP
implementation used for the UPnP operations uses a signed integer for
storing the length of a HTTP chunk when the chunked transfer encoding
and may end up using a negative value when the chunk length is indicated
as 0x8000000 or longer. The length validation steps do not handle the
negative value properly and may end up accepting the length and passing
a negative value to the memcpy when copying the received data from a
stack buffer to a heap buffer allocated for the full request. This
results in stack buffer read overflow and heap buffer write overflow.
Taken into account both hostapd and wpa\_supplicant use only a single
thread, the memcpy call with a negative length value results in heap
corruption, but due to the negative parameter being interpreted as a
huge positive integer, process execution terminates in practice before
being able to run any following operations with the corrupted heap. This
may allow a possible denial of service attack through
hostapd/wpa\_supplicant process termination under certain conditions.
WPS UPnP operations are performed over a trusted IP network connection,
i.e., an attack against this vulnerability requires the attacker to have
access to the IP network. In addition, this requires the WPS UPnP
functionality to be enabled at runtime. For WPS AP (hostapd) with a
wired network connectivity, this is commonly enabled. For WPS station
(wpa\_supplicant) WPS UPnP functionality is used only when WPS ER
functionality has been enabled at runtime (WPS\_ER\_START command issued
over the control interface). The vulnerable functionality is not
reachable without that command having been issued.
Vulnerable versions/configurations
hostapd v0.7.0-v2.4 with CONFIG\_WPS\_UPNP=y in the build configuration
(hostapd/.config) and upnp\_iface parameter included in the runtime
configuration.
wpa\_supplicant v0.7.0-v2.4 with CONFIG\_WPS\_ER=y in the build
configuration (wpa\_supplicant/.config) and WPS ER functionality enabled
at runtime with WPS\_ER\_START control interface command.
Suggestion: Update to hostapd/wpa\_supplicant v2.5 or newer, once
available
References:
http://seclists.org/oss-sec/2015/q2/595
http://w1.fi/security/2015-2/wps-upnp-http-chunked-transfer-encoding.txt
CVE-2015-4142:
A vulnerability was found in WMM Action frame processing in a case where
hostapd or wpa\_supplicant is used to implement AP mode MLME/SME
functionality (i.e., Host AP driver of a mac80211-based driver on
Linux).
The AP mode WMM Action frame parser in hostapd/wpa\_supplicant goes
through the variable length information element part with the length of
this area calculated by removing the header length from the total length
of the frame. The frame length is previously verified to be large enough
to include the IEEE 802.11 header, but the couple of additional bytes
after this header are not explicitly verified and as a result of this,
there may be an integer underflow that results in the signed integer
variable storing the length becoming negative. This negative value is
then interpreted as a very large unsigned integer length when parsing
the information elements. This results in a buffer read overflow and
process termination.
This vulnerability can be used to perform denial of service attacks by
an attacker that is within radio range of the AP that uses hostapd of
wpa\_supplicant for MLME/SME operations.
Vulnerable versions/configurations
hostapd v0.5.5-v2.4 with CONFIG\_DRIVER\_HOSTAP=y or
CONFIG\_DRIVER\_NL80211=y in the build configuration (hostapd/.config).
wpa\_supplicant v0.7.0-v2.4 with CONFIG\_AP=y or CONFIG\_P2P=y and
CONFIG\_DRIVER\_HOSTAP=y or CONFIG\_DRIVER\_NL80211=y in the build
configuration (wpa\_supplicant/.config) and AP (including P2P GO) mode
used at runtime.
Suggestion: Update to hostapd/wpa\_supplicant v2.5 or newer, once
available
References:
http://w1.fi/security/2015-3/integer-underflow-in-ap-mode-wmm-action-frame.txt
*(from redmine: issue id 4270, created on 2015-06-04, closed on 2015-06-16)*
* Relations:
* parent #4266
* Changesets:
* Revision 62ecb530d43d5bdf1a68d3509993e48bddfdb5de by Natanael Copa on 2015-06-15T11:28:06Z:
```
main/wpa_supplicant: various security fixes
CVE-2015-4141
CVE-2015-4142
CVE-2015-4143
CVE-2015-4144
CVE-2015-4145
CVE-2015-4146
fixes #4340
fixes #4270
```
* Revision d8639f35f2edbddd0d541d199154f7c5bd5230ee by Natanael Copa on 2015-06-15T11:32:40Z:
```
main/hostapd: various security fixes
CVE-2015-4141
CVE-2015-4142
CVE-2015-4143
CVE-2015-4144
CVE-2015-4145
CVE-2015-4146
fixes #4335
fixes #4270
```3.2.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4272pmacct package on alpine 3.22019-07-23T13:52:51Zalgitbotpmacct package on alpine 3.2Hi,
we have used pmacct package with alpine linux for the last year. During
the upgrade to alpine 3.2 this package will not work anymore. Further it
seems to be disappearing from package mangement totally, isn’t it?
Is there a chance t...Hi,
we have used pmacct package with alpine linux for the last year. During
the upgrade to alpine 3.2 this package will not work anymore. Further it
seems to be disappearing from package mangement totally, isn’t it?
Is there a chance to get pmacct back to alpine in the future?
If there is no big deal it would be nice if —enable-mysql switch is
activated ;-)
Today I have tried to compile it for myself, but unfortunately without
any success.
configure and make / make install runs fine; but starting nfacctd will
end in segfault during starup :(
On Alpine 3.2 nfacctd / pmacctd will segfault if it is copiled with
options from alpine linux 2.7.
Is there a way to compile this software on alpine linux 3.2?
thanks a lot
Florian
*(from redmine: issue id 4272, created on 2015-06-05, closed on 2015-07-08)*
* Changesets:
* Revision d0c62ef3877dacb14a390de19739e529a342ca37 by Natanael Copa on 2015-06-23T09:39:34Z:
```
main/pmacct: fix segfault due to stack size
ref #4272
```
* Revision cf641aa78ed7f855a563f653c3ae8b4f5e74312c by Natanael Copa on 2015-06-23T14:46:06Z:
```
main/pmacct: fix segfault due to stack size
fixes #4272
(cherry picked from commit d0c62ef3877dacb14a390de19739e529a342ca37)
```
* Revision aab85659435d01fcd8b3860f2b98a16fecd6c0f2 by Natanael Copa on 2015-07-07T11:52:11Z:
```
main/pmacct: fix trivial typo in stacksize
ref #4272
```
* Revision 7890ebc1bf4e23cac47c1a880702f1580f0e5b84 by Natanael Copa on 2015-07-07T11:56:40Z:
```
main/pmacct: fix trivial typo in stacksize
fixes #4272
```
* Uploads:
* [nfacctd-startup.txt](/uploads/8cd6cd3ba89d2c63a71ff4865bb2c529/nfacctd-startup.txt)
* [compile-nfacctd.gz](/uploads/a80a9ff3272e9c4214df681c48ea81d1/compile-nfacctd.gz) configure / make output
* [steps_to_reproduce.txt](/uploads/8ce0a21cfff374f157a2263266540574/steps_to_reproduce.txt) installation / start log and steps3.2.1Leonardo ArenaLeonardo Arenahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4279Squid requires --with-openssl to handle SSL encrypted connections2019-07-23T13:52:46ZPanthera TigrisSquid requires --with-openssl to handle SSL encrypted connectionsPlease, add “—with-openssl” to the build options of Squid to allow the
handling SSL connections, just like in previous package versions.
2015/06/08 12:27:22 kid1| ERROR: 'sslproxy_capath' requires --with-openssl
2015/06/08 12:27...Please, add “—with-openssl” to the build options of Squid to allow the
handling SSL connections, just like in previous package versions.
2015/06/08 12:27:22 kid1| ERROR: 'sslproxy_capath' requires --with-openssl
2015/06/08 12:27:22 kid1| ERROR: 'https_port' requires --with-openssl
2015/06/08 12:27:22 kid1| ERROR: 'ssl_bump' requires --with-openssl
2015/06/08 12:27:22 kid1| ERROR: 'ssl_bump' requires --with-openssl
2015/06/08 12:27:22 kid1| ERROR: 'ssl_bump' requires --with-openssl
2015/06/08 12:27:22 kid1| ERROR: 'ssl_bump' requires --with-openssl
2015/06/08 12:27:22 kid1| ERROR: 'sslproxy_cert_error' requires --with-openssl
2015/06/08 12:27:22 kid1| ERROR: 'sslproxy_cert_error' requires --with-openssl
Thanks,
Tiger
*(from redmine: issue id 4279, created on 2015-06-08, closed on 2015-07-07)*
* Changesets:
* Revision 14111dc8c37598d45072b49f07c0fc021ad10cc6 by Natanael Copa on 2015-06-09T19:55:25Z:
```
main/squid: enable openssl
Earlier versions of squid would enable openssl support if it was
autodetected. We now need to add it explicitly.
ref #4279
```
* Revision d329b25d64bd5b229d63e0cf7b8debd19cdd68f5 by Natanael Copa on 2015-06-09T20:00:55Z:
```
main/squid: enable openssl
Earlier versions of squid would enable openssl support if it was
autodetected. We now need to add it explicitly.
fixes #4279
(cherry picked from commit 14111dc8c37598d45072b49f07c0fc021ad10cc6)
```3.2.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4280acf-iptables crashes2019-07-23T13:52:45ZPanthera Tigrisacf-iptables crashesThere seems to be a bug in *acf-iptables*:
error loading module 'iptables.iptables-model' from file '/usr/share/acf/appiptables/iptables-model.lua': /usr/share/acf/appiptables/iptables-model.lua:84: <name> expected near 'goto' stack...There seems to be a bug in *acf-iptables*:
error loading module 'iptables.iptables-model' from file '/usr/share/acf/appiptables/iptables-model.lua': /usr/share/acf/appiptables/iptables-model.lua:84: <name> expected near 'goto' stack traceback: [C]: in ? [C]: in function 'require' /usr/share/lua/5.2/acf/mvc.lua:234: in function 'soft_require' /usr/share/lua/5.2/acf/mvc.lua:62: in function 'new' /usr/share/acf/appacf_www-controller.lua:467: in function </usr/share/acf/appacf_www-controller.lua:410> [C]: in function 'xpcall' /usr/share/acf/app//acf_www-controller.lua:410: in function 'dispatch' [string "acf"]:18: in main chunk
At this stage, I can’t tell, if this is due to my complex firewall
configuration or a mishap in the ACF module. If you need additional
information to locate the problem, please, feel free to contact me by
e-mail.
Thanks,
Tiger
*(from redmine: issue id 4280, created on 2015-06-08, closed on 2015-07-07)*3.2.1Ted TraskTed Traskhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4286[v3.2] redis: Lua sandbox escape and arbitrary code execution (CVE-2015-4335)2019-07-23T13:52:40ZAlexander Belous[v3.2] redis: Lua sandbox escape and arbitrary code execution (CVE-2015-4335)redis 3.0.2 and 2.8.21 have been released with the following changelog
entry:
Upgrade urgency: HIGH for Redis because of a security issue.
LOW for Sentinel.
•\[FIX\] Critical security issue fix by Ben Murphy:
http://t.co/LpGTyZmfS7
...redis 3.0.2 and 2.8.21 have been released with the following changelog
entry:
Upgrade urgency: HIGH for Redis because of a security issue.
LOW for Sentinel.
•\[FIX\] Critical security issue fix by Ben Murphy:
http://t.co/LpGTyZmfS7
https://groups.google.com/forum/\#!msg/redis-db/4Y6OqK8gEyk/Dg-5cejl-eUJ
The vulnerability is explained in more detail at:
http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape/
The Lua interpreter allows the user to load insecure bytecode that can
be used to bypass the redis Lua sandbox.
The upstream patch fixing this is:
https://github.com/antirez/redis/commit/fdf9d455098f54f7666c702ae464e6ea21e25411
Reference: http://seclists.org/oss-sec/2015/q2/639
*(from redmine: issue id 4286, created on 2015-06-10, closed on 2015-06-11)*
* Relations:
* parent #4283
* Changesets:
* Revision 95eec31812f85bec465aefbb911a1a61cf850844 by Natanael Copa on 2015-06-11T09:36:31Z:
```
main/redis: security upgrade to 3.0.2 (CVE-2015-4335)
fixes #4286
```3.2.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4291[v3.2] pcre: PCRE Library Call Stack Overflow Vulnerability in match() (CVE-2...2019-07-23T13:52:37ZAlexander Belous[v3.2] pcre: PCRE Library Call Stack Overflow Vulnerability in match() (CVE-2015-3217)Latest version of PCRE is prone to a Stack Overflow vulnerability which
could caused by the following regular expression.
/<sup><span class="?:(?(1">\\\\.|(\[</span></sup>\\\\\\\\W\_\])?)<span
class="underline">)</span>$/
Affected
PC...Latest version of PCRE is prone to a Stack Overflow vulnerability which
could caused by the following regular expression.
/<sup><span class="?:(?(1">\\\\.|(\[</span></sup>\\\\\\\\W\_\])?)<span
class="underline">)</span>$/
Affected
PCRE 8.33, 8.34, 8.35, 8.36, 8.37 are confirmed to be vulnerable.
PCRE2 10.10 is also confirmed to be vulnerable.
Other applications may also be affected.
Reference: https://bugs.exim.org/show\_bug.cgi?id=1638
*(from redmine: issue id 4291, created on 2015-06-10, closed on 2019-05-03)*
* Relations:
* parent #4287
* Changesets:
* Revision 1187799566cb8d6a53722bcb8a2bc5dafe23e80a by Natanael Copa on 2015-07-07T13:43:11Z:
```
main/pcre: various security fixes
CVE-2015-3210
CVE-2015-3217
CVE-2015-5073
fixes #4291
fixes #4404
(cherry picked from commit 77345a923c72d9e8d0a4202d893239ba43b903a3)
```3.2.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4294[v3.2] zeromq: downgrade attack (CVE-2014-9721)2019-07-23T13:52:35ZAlexander Belous[v3.2] zeromq: downgrade attack (CVE-2014-9721)libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to
conduct downgrade attacks and bypass ZMPT v3 protocol security
mechanisms via a ZMTP v2 or earlier header.
Vulnerable:
before 4.0.6 and 4.1.x before 4.1.1
Referenc...libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to
conduct downgrade attacks and bypass ZMPT v3 protocol security
mechanisms via a ZMTP v2 or earlier header.
Vulnerable:
before 4.0.6 and 4.1.x before 4.1.1
Reference: https://security-tracker.debian.org/tracker/CVE-2014-9721
http://www.openwall.com/lists/oss-security/2015/05/11/1
*(from redmine: issue id 4294, created on 2015-06-12, closed on 2019-05-03)*
* Relations:
* parent #4293
* Changesets:
* Revision adc076823ef0c94e839e6686bd0d275c639d8415 by Natanael Copa on 2015-07-07T10:05:01Z:
```
main/zeromq: security upgrade to 4.0.7 (CVE-2014-9721)
fixes #4294
```3.2.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4299[v3.2] wireshark: DEC DNA routing protocol processing error lets remote users...2019-07-23T13:52:31ZAlexander Belous[v3.2] wireshark: DEC DNA routing protocol processing error lets remote users deny service (CVE-2015-3182)It was found that Wireshark crashes when processing (with “tshark -nr
genbroad.snoop”) a sample file from the Wireshark wiki page:
wget
‘http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=genbroad.snoop’
-O genbroa...It was found that Wireshark crashes when processing (with “tshark -nr
genbroad.snoop”) a sample file from the Wireshark wiki page:
wget
‘http://wiki.wireshark.org/SampleCaptures?action=AttachFile&do=get&target=genbroad.snoop’
-O genbroad.snoop
Additional details:
•crash reason: strlen() called on invalid pointer (value 0x56998680 ==
1452902016)
•the function set\_dnet\_address at packet-dec-dnart.c:355
•it is called 4 times
•the 2nd time is the one when the value is set
•the variable is called addr in the context of
/epan/dissectors/packet-dec-dnart.c:357, function set\_dnet\_address
•the variable is called pinfo<s><span
style="text-align:right;">src</span></s>>data in the upper frames
•in this function, this macro modifies the value:
SET\_ADDRESS(paddr\_tgt, AT\_STRINGZ, 1,
wmem\_strdup(pinfo->pool, addr));
•it should set paddr\_tgt->data = addr, but the value gets garbled by
the ctlq instruction:
.. |0x7ffff4d85522 dnet\_address+50>callq 0x7ffff4b0d4b0
<wmem\_strdup@plt>|0x7ffff4d85527 dnet\_address+55>cltq
..
Reference: https://bugzilla.redhat.com/show\_bug.cgi?id=1219409
https://ask.wireshark.org/questions/42658/vulnerability-cve-2015-3182-wireshark-dec-dna-routing-protocol-processing-error-lets-remote-users-deny-service
*(from redmine: issue id 4299, created on 2015-06-12, closed on 2015-08-07)*
* Relations:
* parent #42983.2.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4323[v3.2] python: incorrect wildcard matching rules (CVE-2013-7440)2019-07-23T13:52:14ZAlexander Belous[v3.2] python: incorrect wildcard matching rules (CVE-2013-7440)It was found that Python’s SSL hostname matching rules did not conform
to RFC 6125 when the hostname included wildcards.
Reference: http://www.openwall.com/lists/oss-security/2015/05/21/12
https://bugzilla.redhat.com/show\_bug.cgi?id=...It was found that Python’s SSL hostname matching rules did not conform
to RFC 6125 when the hostname included wildcards.
Reference: http://www.openwall.com/lists/oss-security/2015/05/21/12
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2013-7440
*(from redmine: issue id 4323, created on 2015-06-15, closed on 2015-08-05)*
* Relations:
* parent #43193.2.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4328[v3.2] qemu: tmp vulns (CVE-2015-4037)2019-07-23T13:52:08ZAlexander Belous[v3.2] qemu: tmp vulns (CVE-2015-4037)So some suspicious looking tmp usage in qemu …
snprintf(s<s><span style="text-align:right;">smb\_dir,
sizeof(s</span></s>&gt;smb\_dir), "/tmp/qemu-smb.%ld<s>%d“,
(long)getpid(), instance<span class="underline"></span>);
if (mkdir(s-...So some suspicious looking tmp usage in qemu …
snprintf(s<s><span style="text-align:right;">smb\_dir,
sizeof(s</span></s>>smb\_dir), "/tmp/qemu-smb.%ld<s>%d“,
(long)getpid(), instance<span class="underline"></span>);
if (mkdir(s->smb\_dir, 0700) < 0) {
error\_report(”could not create samba server dir ’%s’",
s</s>>smb\_dir);
return –1;
The simplest attack would be a DoS in which someone creates
/tmp/qemu-smb.**-** files to prevent the legitimate creation of
s->smb\_dir (mkdir will not follow a symlink).
Reference: http://www.openwall.com/lists/oss-security/2015/05/23/4
*(from redmine: issue id 4328, created on 2015-06-15, closed on 2015-08-05)*
* Relations:
* parent #4324
* Changesets:
* Revision 786a06d135bec56c5f93b9b5a0099cb34957f1da by Natanael Copa on 2015-07-08T07:59:26Z:
```
main/qemu: security fix for CVE-2015-4037
ref #4328
```
* Revision 3397c7cce9410a6c2e244bfd6727eac84eca7d8a by Natanael Copa on 2015-07-08T08:01:44Z:
```
main/qemu: security fix for CVE-2015-4037
ref #4324
fixes #4328
(cherry picked from commit 786a06d135bec56c5f93b9b5a0099cb34957f1da)
```3.2.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4330[v3.2] lighttpd: Log injection vulnerability in mod_auth (CVE-2015-3200)2019-07-23T13:52:07ZAlexander Belous[v3.2] lighttpd: Log injection vulnerability in mod_auth (CVE-2015-3200)When basic HTTP authentication base64 string does not contain colon
character (or contains it after NULL byte - can be inserted inside
base64 encoding), then that ituation is logged with a string “: is
missing in ” and the simply decoded...When basic HTTP authentication base64 string does not contain colon
character (or contains it after NULL byte - can be inserted inside
base64 encoding), then that ituation is logged with a string “: is
missing in ” and the simply decoded base64 string. This means that new
lines, NULL byte and everything else can be encoded with base64 and are
then inserted to logs as they are after decoding.
Reference: http://redmine.lighttpd.net/issues/2646
https://security-tracker.debian.org/tracker/CVE-2015-3200
*(from redmine: issue id 4330, created on 2015-06-15, closed on 2019-05-03)*
* Relations:
* parent #4329
* Changesets:
* Revision a7cd05c24e19250420da81b72e89a4abf367b785 by Natanael Copa on 2015-07-07T14:23:40Z:
```
main/lighttpd: security fix for CVE-2015-3200
The upstream patch does not apply without applying lot other stuff so we
simply apply all since 1.4.35 release.
fixes #4330
(cherry picked from commit c1ee7a6e6d21447788c7512e7197d49ebfbc3096)
```3.2.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4335[v3.2] hostapd: vulnerability was found in EAP-pwd server (CVE-2015-4143, CVE...2019-07-23T13:52:04ZAlexander Belous[v3.2] hostapd: vulnerability was found in EAP-pwd server (CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146)A vulnerability was found in EAP-pwd server and peer implementation
used
in hostapd and wpa\_supplicant, respectively. The EAP-pwd/Commit and
EAP-pwd/Confirm message payload is processed without verifying that
the
received frame is...A vulnerability was found in EAP-pwd server and peer implementation
used
in hostapd and wpa\_supplicant, respectively. The EAP-pwd/Commit and
EAP-pwd/Confirm message payload is processed without verifying that
the
received frame is long enough to include all the fields. This results
in
buffer read overflow of up to couple of hundred bytes.
The exact result of this buffer overflow depends on the platform and
may
be either not noticeable (i.e., authentication fails due to invalid
data
without any additional side effects) or process termination due to the
buffer read overflow being detected and stopped. The latter case could
potentially result in denial of service when EAP-pwd authentication is
used.
Further research into this issue found that the fragment reassembly
processing is also missing a check for the Total-Length field and this
could result in the payload length becoming negative. This itself
would
not add more to the vulnerability due to the payload length not being
verified anyway. However, it is possible that a related reassembly
step
would result in hitting an internal security check on buffer use and
result in the processing being terminated.
Vulnerable versions/configurations
hostapd v1.0-v2.4 with CONFIG\_EAP\_PWD=y in the build configuration
(hostapd/.config) and EAP-pwd authentication server enabled in runtime
configuration.
wpa\_supplicant v1.0-v2.4 with CONFIG\_EAP\_PWD=y in the build
configuration (wpa\_supplicant/.config) and EAP-pwd enabled in a
network
profile at runtime.
Acknowledgments
Thanks to Kostya Kortchinsky of Google Security Team for discovering
and
reporting this issue.
Possible mitigation steps
\- Merge the following commits and rebuild hostapd/wpa\_supplicant:
CVE-2015-4143:
EAP-pwd peer: Fix payload length validation for Commit and Confirm
EAP-pwd server: Fix payload length validation for Commit and Confirm
CVE-2015-4144 (length check) + CVE-2015-4145 (memory leak):
EAP-pwd peer: Fix Total-Length parsing for fragment reassembly
EAP-pwd server: Fix Total-Length parsing for fragment reassembly
CVE-2015-4146:
EAP-pwd peer: Fix asymmetric fragmentation behavior
These patches are available from http://w1.fi/security/2015-4/
\- Update to hostapd/wpa\_supplicant v2.5 or newer, once available
\- Remove CONFIG\_EAP\_PWD=y from build configuration
\- Disable EAP-pwd in runtime configuration
Reference:
http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt
http://www.openwall.com/lists/oss-security/2015/05/31/6
*(from redmine: issue id 4335, created on 2015-06-15, closed on 2015-06-16)*
* Relations:
* parent #4334
* Changesets:
* Revision d8639f35f2edbddd0d541d199154f7c5bd5230ee by Natanael Copa on 2015-06-15T11:32:40Z:
```
main/hostapd: various security fixes
CVE-2015-4141
CVE-2015-4142
CVE-2015-4143
CVE-2015-4144
CVE-2015-4145
CVE-2015-4146
fixes #4335
fixes #4270
```3.2.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4340[v3.2] wpa_supplicant: vulnerability was found in peer implementation (CVE-20...2019-07-23T13:51:59ZAlexander Belous[v3.2] wpa_supplicant: vulnerability was found in peer implementation (CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146)A vulnerability was found in EAP-pwd server and peer implementation
used
in hostapd and wpa\_supplicant, respectively. The EAP-pwd/Commit and
EAP-pwd/Confirm message payload is processed without verifying that
the
received frame is...A vulnerability was found in EAP-pwd server and peer implementation
used
in hostapd and wpa\_supplicant, respectively. The EAP-pwd/Commit and
EAP-pwd/Confirm message payload is processed without verifying that
the
received frame is long enough to include all the fields. This results
in
buffer read overflow of up to couple of hundred bytes.
The exact result of this buffer overflow depends on the platform and
may
be either not noticeable (i.e., authentication fails due to invalid
data
without any additional side effects) or process termination due to the
buffer read overflow being detected and stopped. The latter case could
potentially result in denial of service when EAP-pwd authentication is
used.
Further research into this issue found that the fragment reassembly
processing is also missing a check for the Total-Length field and this
could result in the payload length becoming negative. This itself
would
not add more to the vulnerability due to the payload length not being
verified anyway. However, it is possible that a related reassembly
step
would result in hitting an internal security check on buffer use and
result in the processing being terminated.
Vulnerable versions/configurations
hostapd v1.0-v2.4 with CONFIG\_EAP\_PWD=y in the build configuration
(hostapd/.config) and EAP-pwd authentication server enabled in runtime
configuration.
wpa\_supplicant v1.0-v2.4 with CONFIG\_EAP\_PWD=y in the build
configuration (wpa\_supplicant/.config) and EAP-pwd enabled in a
network
profile at runtime.
Acknowledgments
Thanks to Kostya Kortchinsky of Google Security Team for discovering
and
reporting this issue.
Possible mitigation steps
\- Merge the following commits and rebuild hostapd/wpa\_supplicant:
CVE-2015-4143:
EAP-pwd peer: Fix payload length validation for Commit and Confirm
EAP-pwd server: Fix payload length validation for Commit and Confirm
CVE-2015-4144 (length check) + CVE-2015-4145 (memory leak):
EAP-pwd peer: Fix Total-Length parsing for fragment reassembly
EAP-pwd server: Fix Total-Length parsing for fragment reassembly
CVE-2015-4146:
EAP-pwd peer: Fix asymmetric fragmentation behavior
These patches are available from http://w1.fi/security/2015-4/
\- Update to hostapd/wpa\_supplicant v2.5 or newer, once available
\- Remove CONFIG\_EAP\_PWD=y from build configuration
\- Disable EAP-pwd in runtime configuration
Reference:
http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt
http://www.openwall.com/lists/oss-security/2015/05/31/6
*(from redmine: issue id 4340, created on 2015-06-15, closed on 2015-06-16)*
* Relations:
* parent #4339
* Changesets:
* Revision 62ecb530d43d5bdf1a68d3509993e48bddfdb5de by Natanael Copa on 2015-06-15T11:28:06Z:
```
main/wpa_supplicant: various security fixes
CVE-2015-4141
CVE-2015-4142
CVE-2015-4143
CVE-2015-4144
CVE-2015-4145
CVE-2015-4146
fixes #4340
fixes #4270
```3.2.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4345[v3.2] openssl: multiple issues (CVE-2015-1788, CVE-2015-1789, CVE-2015-1790,...2019-07-23T13:51:54ZAlexander Belous[v3.2] openssl: multiple issues (CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792, CVE-2014-8176, CVE-2015-4000)Bugs:
DHE man-in-the-middle protection (Logjam)
A vulnerability in the TLS protocol allows a man-in-the-middle attacker
to downgrade vulnerable TLS connections using ephemeral
Diffie-Hellman key exchange to 512-bit export-grade crypt...Bugs:
DHE man-in-the-middle protection (Logjam)
A vulnerability in the TLS protocol allows a man-in-the-middle attacker
to downgrade vulnerable TLS connections using ephemeral
Diffie-Hellman key exchange to 512-bit export-grade cryptography. This
vulnerability is known as Logjam (CVE-2015-4000).
OpenSSL has added protection for TLS clients by rejecting handshakes
with DH parameters shorter than 768 bits. This limit will be increased
to 1024 bits in a future release.
…
Malformed ECParameters causes infinite loop (CVE-2015-1788)
Severity: Moderate
When processing an ECParameters structure OpenSSL enters an infinite
loop if the curve specified is over a specially malformed binary
polynomial field.
This can be used to perform denial of service against any system which
processes public keys, certificate requests or
certificates. This includes TLS clients and TLS servers with client
authentication enabled.
This issue affects OpenSSL versions: 1.0.2 and 1.0.1. Recent 1.0.0 and
0.9.8 versions are not affected. 1.0.0d and 0.9.8r and below are
affected.
…
Exploitable out-of-bounds read in X509\_cmp\_time (CVE-2015-1789)
Severity: Moderate
X509\_cmp\_time does not properly check the length of the ASN1\_TIME
string and can read a few bytes out of bounds. In addition,
X509\_cmp\_time accepts an arbitrary number of fractional seconds in the
time string.
An attacker can use this to craft malformed certificates and CRLs of
various sizes and potentially cause a segmentation fault, resulting in a
DoS on applications that verify certificates or CRLs. TLS clients that
verify CRLs are affected. TLS clients and servers with client
authentication enabled may be affected if they use custom verification
callbacks.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and
0.9.8.
…
PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)
Severity: Moderate
The PKCS\#7 parsing code does not handle missing inner EncryptedContent
correctly. An attacker can craft malformed ASN.1-encoded PKCS\#7 blobs
with missing content and trigger a NULL pointer dereference on parsing.
Applications that decrypt PKCS\#7 data or otherwise parse PKCS\#7
structures from untrusted sources are affected. OpenSSL clients and
servers are not affected.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and
0.9.8.
…
CMS verify infinite loop with unknown hash function (CVE-2015-1792)
Severity: Moderate
When verifying a signedData message the CMS code can enter an infinite
loop if presented with an unknown hash function OID.
This can be used to perform denial of service against any system which
verifies signedData messages using the CMS code.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and
0.9.8.
…
Race condition handling NewSessionTicket (CVE-2015-1791)
Severity: Low
If a NewSessionTicket is received by a multi-threaded client when
attempting to reuse a previous ticket then a race condition can occur
potentially leading to a double free of the ticket data.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and
0.9.8.
…
Invalid free in DTLS (CVE-2014-8176)
Severity: Moderate
This vulnerability does not affect current versions of OpenSSL. It
existed in previous OpenSSL versions and was fixed in June 2014.
If a DTLS peer receives application data between the ChangeCipherSpec
and Finished messages, buffering of such data may cause an invalid free,
resulting in a segmentation fault or potentially, memory corruption.
This issue affected older OpenSSL versions 1.0.1, 1.0.0 and 0.9.8.
…
Fix:
The latest security updates of OpenSSL (1.0.2b, 1.0.1n, 1.0.0s, 0.9.8zg)
fix all three issues. These releases also fix a number of
other security issues. Shortly after publishing these updates OpenSSL
issued another update (1.0.2c, 1.0.1o), because the versions contained
an ABI change which should not happen in minor releases.
…
References:
http://seclists.org/oss-sec/2015/q2/697
http://seclists.org/oss-sec/2015/q2/703
https://www.openssl.org/news/secadv\_20150611.txt
*(from redmine: issue id 4345, created on 2015-06-15, closed on 2015-06-16)*
* Relations:
* parent #43443.2.1Timo TeräsTimo Teräshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4352[v3.2] cups: Improper Update of Reference Count and Cross-Site Scripting (CVE...2019-07-23T13:51:47ZAlexander Belous[v3.2] cups: Improper Update of Reference Count and Cross-Site Scripting (CVE-2015-1158, CVE-2015-1159)We received a report from Google that cupsd can be exploited to perform
a privilege escalation using a combination of bugs and the dynamic
linker’s support for (pre)loading or redirecting which shared libraries
are used by the cups-exec ...We received a report from Google that cupsd can be exploited to perform
a privilege escalation using a combination of bugs and the dynamic
linker’s support for (pre)loading or redirecting which shared libraries
are used by the cups-exec helper program.
The exact attack does the following:
1. Use the CGI template engine to inject malicious HTML in a hyperlink,
which is executed by the browser (a similar attack could be performed by
a specially written program)
2. A specially-crafted print-job or create-job request is sent to cupsd
containing the job-originating-host-name attribute with multiple
nameWithLanguage values - this triggers a validation error in cupsd,
which then tries to free the language strings multiple times.
3. The language string passed in is /admin, which causes the cupsd.conf
ACL’s copy of the string to become corrupted, allowing anyone to PUT a
new cupsd.conf file.
4. A new cupsd.conf file is uploaded to cupsd containing SetEnv
directives (for DYLD\_PRELOAD or LD\_PRELOAD) pointing to a malicious
dynamic library.
5. The next job or request that triggers the execution of a helper
program through cups-exec, and the dynamic linker loads the malicious
code. Depending on the version of CUPS and platform, the code will
execute either as the “lp” user or “root”.
This attack can be done remotely when printer sharing and the web
interface is enabled, using failed POST or PUT requests to collect stale
request files in the CUPS spool directory containing the malicious code.
This bug tracks resolution of this privilege escalation issue through
the following changes:
\- cupsd should use the ippSetCount and ippSetString APIs rather than
manipulating the string values directly, particularly for the processing
of the job-originating-host-name attribute.
\- cupsd shouldn’t use string pool for config stuff
\- cupsd should remove temp files on partial POST/PUT- cupsd shouldn’t
support LD*\* and DYLD*\* variables when running as root
\- Need to call cgiClearVariables in more places to prevent input from
leaking into output
- Add new cgiSetVariable function to flag variables that are already
encoded HTML, and only give them special treatment
Fix:
CUPS 2.0.3
Reference: http://www.cups.org/str.php?L4609
*(from redmine: issue id 4352, created on 2015-06-15, closed on 2015-06-16)*
* Relations:
* parent #4351
* Changesets:
* Revision ff5aca650b718685ddf975d4f7f26993fc79f235 by Natanael Copa on 2015-06-15T13:40:50Z:
```
main/cups: security upgrade to 2.0.3 (CVE-2015-1158,CVE-2015-1159)
fixes #4352
```3.2.1Natanael CopaNatanael Copa