aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2019-07-23T14:18:49Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2242[2.3]lcms CVE-2013-42762019-07-23T14:18:49ZPeter Kotcauer[2.3]lcms CVE-2013-4276references:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718682
https://bugzilla.redhat.com/show\_bug.cgi?id=991757\#attach\_783274
https://bugzilla.redhat.com/show\_bug.cgi?id=991757
*(from redmine: issue id 2242, created on...references:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718682
https://bugzilla.redhat.com/show\_bug.cgi?id=991757\#attach\_783274
https://bugzilla.redhat.com/show\_bug.cgi?id=991757
*(from redmine: issue id 2242, created on 2013-08-29, closed on 2013-08-30)*
* Relations:
* parent #2237
* Changesets:
* Revision 921298d100ce1bee3a8d45a5aefb2b210d559c64 by Natanael Copa on 2013-08-30T13:32:01Z:
```
main/lcms: fix CVE-2013-4276
fixes #2242
```Alpine 2.3.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2275[v2.3] Zabbix vulnerability in 2.0.8 (CVE-2013-5743)2019-07-23T14:18:26ZNatanael Copa[v2.3] Zabbix vulnerability in 2.0.8 (CVE-2013-5743)More details in https://support.zabbix.com/browse/ZBX-7091. Can we
patch
2.0.8 in edge (at least) please?
*(from redmine: issue id 2275, created on 2013-10-08, closed on 2013-10-09)*
* Relations:
* parent #2271
* Changesets:
* R...More details in https://support.zabbix.com/browse/ZBX-7091. Can we
patch
2.0.8 in edge (at least) please?
*(from redmine: issue id 2275, created on 2013-10-08, closed on 2013-10-09)*
* Relations:
* parent #2271
* Changesets:
* Revision 8ecfcb4d01a6b3094d571e93b5ccc629193f09dc by Natanael Copa on 2013-10-09T08:26:47Z:
```
main/zabbix: security upgrade to 1.8.18 (CVE-2013-5743)
fixes #2275
```Alpine 2.3.7https://gitlab.alpinelinux.org/alpine/aports/-/issues/1509[v2.3] Vulnerability in libproxy < 0.4.9 allows remote code execution2019-07-23T11:56:03ZLeonardo Arena[v2.3] Vulnerability in libproxy < 0.4.9 allows remote code executionhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4504
Solution:
\- Upgrade to 0.4.9
*(from redmine: issue id 1509, created on 2012-12-05, closed on 2012-12-17)*
* Changesets:
* Revision d043b9a3153b51e86ca7aa15dad872c28bb094...http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4504
Solution:
\- Upgrade to 0.4.9
*(from redmine: issue id 1509, created on 2012-12-05, closed on 2012-12-17)*
* Changesets:
* Revision d043b9a3153b51e86ca7aa15dad872c28bb094d0 by Natanael Copa on 2012-12-10T16:51:35Z:
```
main/libproxy: security upgrade to 0.4.9 (CVE-2012-4504)
fixes #1509
```Alpine 2.3.7https://gitlab.alpinelinux.org/alpine/aports/-/issues/2163[v2.3] CVE-2013-4130 spice: unsafe clients ring access abort2019-07-12T14:40:30ZPeter Kotcauer[v2.3] CVE-2013-4130 spice: unsafe clients ring access abortreference:
https://bugzilla.redhat.com/show\_bug.cgi?id=984769
*(from redmine: issue id 2163, created on 2013-07-18, closed on 2013-07-19)*
* Relations:
* parent #2159reference:
https://bugzilla.redhat.com/show\_bug.cgi?id=984769
*(from redmine: issue id 2163, created on 2013-07-18, closed on 2013-07-19)*
* Relations:
* parent #2159Alpine 2.3.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2148[v2.3] CVE-2013-4127 kernel: vhost-net: use-after-free in vhost_net_flush2019-07-12T14:40:26ZPeter Kotcauer[v2.3] CVE-2013-4127 kernel: vhost-net: use-after-free in vhost_net_flushreference:
https://bugzilla.redhat.com/show\_bug.cgi?id=984722
vhost\_net\_ubuf\_put\_and\_wait has a confusing name: it will actually
also free it’s argument. vhost\_net\_flush tries to use the argument
after passing it to vhost\_net...reference:
https://bugzilla.redhat.com/show\_bug.cgi?id=984722
vhost\_net\_ubuf\_put\_and\_wait has a confusing name: it will actually
also free it’s argument. vhost\_net\_flush tries to use the argument
after passing it to vhost\_net\_ubuf\_put\_and\_wait, this results in
use after free.
Upstream fix:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dd7633ecd553a5e304d349aa6f8eb8a0417098c5
Introduced by:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1280c27f8e29acf4af2da914e80ec27c3dbd5c01
Introduced in upstream version:
v3.8-rc1
*(from redmine: issue id 2148, created on 2013-07-18, closed on 2013-07-23)*
* Relations:
* parent #2144Alpine 2.3.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2143[v2.3]CVE-2013-4125 kernel: ipv6: BUG_ON in fib6_add_rt2node()2019-07-12T14:40:24ZPeter Kotcauer[v2.3]CVE-2013-4125 kernel: ipv6: BUG_ON in fib6_add_rt2node()references:
http://www.security-database.com/detail.php?alert=CVE-2013-4125
https://bugzilla.redhat.com/show\_bug.cgi?id=984664
*(from redmine: issue id 2143, created on 2013-07-18, closed on 2013-07-24)*
* Relations:
* parent #...references:
http://www.security-database.com/detail.php?alert=CVE-2013-4125
https://bugzilla.redhat.com/show\_bug.cgi?id=984664
*(from redmine: issue id 2143, created on 2013-07-18, closed on 2013-07-24)*
* Relations:
* parent #2139Alpine 2.3.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2107[v2.3] CVE-2013-2206 Linux kernel: sctp: duplicate cookie handling NULL point...2019-07-12T14:40:05ZPeter Kotcauer[v2.3] CVE-2013-2206 Linux kernel: sctp: duplicate cookie handling NULL pointer dereferenceA flaw was found in the way Linux kernel’s SCTP network protocol
implementation handled duplicate cookies. A transient empty
association
is created while processing the duplicate cookie chunk that userspace
could query, potentially...A flaw was found in the way Linux kernel’s SCTP network protocol
implementation handled duplicate cookies. A transient empty
association
is created while processing the duplicate cookie chunk that userspace
could query, potentially leading to NULL pointer dereference. A remote
attacker able to initiate SCTP connection to the system could use this
flaw to create transient conditions that could lead to remote system
crash if remote system user is querying SCTP connection info at the
time
these conditions exist.
Upstream fix:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f2815633504b442ca0b0605c16bf3d88a3a0fcea
(already in stable)
References:
https://bugzilla.redhat.com/show\_bug.cgi?id=976562
*(from redmine: issue id 2107, created on 2013-06-21, closed on 2013-06-26)*
* Relations:
* parent #2105Alpine 2.3.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/1204[v2.3] Vulnerability in arpwatch fails to drop supplementary groups2019-07-12T14:33:02ZLeonardo Arena[v2.3] Vulnerability in arpwatch fails to drop supplementary groupshttp://www.debian.org/security/2012/dsa-2481
Solution:
\- Patch:
http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=10;filename=arpwatch\_2.1a15-1.1\_2.1a15-1.2.diff;att=1;bug=674715
*(from redmine: issue id 1204, created on 2012-06-10...http://www.debian.org/security/2012/dsa-2481
Solution:
\- Patch:
http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=10;filename=arpwatch\_2.1a15-1.1\_2.1a15-1.2.diff;att=1;bug=674715
*(from redmine: issue id 1204, created on 2012-06-10, closed on 2012-06-11)*Alpine 2.3.7https://gitlab.alpinelinux.org/alpine/aports/-/issues/1015Vulnerability in firefox < 10.0.2 may allow remote code execution2019-07-12T14:31:26ZLeonardo ArenaVulnerability in firefox < 10.0.2 may allow remote code executionhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0452
\- Solution
Upgrade to 10.0.2
*(from redmine: issue id 1015, created on 2012-02-24, closed on 2012-02-28)*http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0452
\- Solution
Upgrade to 10.0.2
*(from redmine: issue id 1015, created on 2012-02-24, closed on 2012-02-28)*Alpine 2.3.7