aports issueshttps://gitlab.alpinelinux.org/alpine/aports/-/issues2019-07-23T14:18:26Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2275[v2.3] Zabbix vulnerability in 2.0.8 (CVE-2013-5743)2019-07-23T14:18:26ZNatanael Copa[v2.3] Zabbix vulnerability in 2.0.8 (CVE-2013-5743)More details in https://support.zabbix.com/browse/ZBX-7091. Can we
patch
2.0.8 in edge (at least) please?
*(from redmine: issue id 2275, created on 2013-10-08, closed on 2013-10-09)*
* Relations:
* parent #2271
* Changesets:
* R...More details in https://support.zabbix.com/browse/ZBX-7091. Can we
patch
2.0.8 in edge (at least) please?
*(from redmine: issue id 2275, created on 2013-10-08, closed on 2013-10-09)*
* Relations:
* parent #2271
* Changesets:
* Revision 8ecfcb4d01a6b3094d571e93b5ccc629193f09dc by Natanael Copa on 2013-10-09T08:26:47Z:
```
main/zabbix: security upgrade to 1.8.18 (CVE-2013-5743)
fixes #2275
```Alpine 2.3.7https://gitlab.alpinelinux.org/alpine/aports/-/issues/2242[2.3]lcms CVE-2013-42762019-07-23T14:18:49ZPeter Kotcauer[2.3]lcms CVE-2013-4276references:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718682
https://bugzilla.redhat.com/show\_bug.cgi?id=991757\#attach\_783274
https://bugzilla.redhat.com/show\_bug.cgi?id=991757
*(from redmine: issue id 2242, created on...references:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718682
https://bugzilla.redhat.com/show\_bug.cgi?id=991757\#attach\_783274
https://bugzilla.redhat.com/show\_bug.cgi?id=991757
*(from redmine: issue id 2242, created on 2013-08-29, closed on 2013-08-30)*
* Relations:
* parent #2237
* Changesets:
* Revision 921298d100ce1bee3a8d45a5aefb2b210d559c64 by Natanael Copa on 2013-08-30T13:32:01Z:
```
main/lcms: fix CVE-2013-4276
fixes #2242
```Alpine 2.3.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2236[2.3] cacti CVE-2013-1434, CVE-2013-14352019-07-23T14:18:55ZPeter Kotcauer[2.3] cacti CVE-2013-1434, CVE-2013-1435Two security issues (SQL injection and command line injection via SNMP
settings) were found in Cacti, a web interface for graphing of
monitoring
systems.
*(from redmine: issue id 2236, created on 2013-08-29, closed on 2013-08-30)*
...Two security issues (SQL injection and command line injection via SNMP
settings) were found in Cacti, a web interface for graphing of
monitoring
systems.
*(from redmine: issue id 2236, created on 2013-08-29, closed on 2013-08-30)*
* Relations:
* parent #2231
* Changesets:
* Revision 6b1166aa69670d64f2077805845475d1578ffced by Natanael Copa on 2013-08-30T13:47:30Z:
```
main/cacti: security upgrade to 0.8.8b (CVE-2013-1434,CVE-2013-1435)
fixes #2236
```Alpine 2.3.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2217[v2.3] CVE-2013-1896 apache2: mod_dav DoS (httpd child process crash) via a U...2019-07-23T14:19:14ZPeter Kotcauer[v2.3] CVE-2013-1896 apache2: mod_dav DoS (httpd child process crash) via a URI MERGE request with source URI not handled by mod_davreferences:
http://s.apache.org/H1a
https://access.redhat.com/security/cve/CVE-2013-1896
mod\_dav.c in the Apache HTTP Server before 2.2.25 does not properly
determine whether DAV is enabled for a URI, which allows remote
attackers ...references:
http://s.apache.org/H1a
https://access.redhat.com/security/cve/CVE-2013-1896
mod\_dav.c in the Apache HTTP Server before 2.2.25 does not properly
determine whether DAV is enabled for a URI, which allows remote
attackers to cause a denial of service (segmentation fault) via a MERGE
request in which the URI is configured for handling by the mod\_dav\_svn
module, but a certain href attribute in XML data refers to a non-DAV
URI.
*(from redmine: issue id 2217, created on 2013-08-06, closed on 2013-08-30)*
* Relations:
* parent #2214
* Changesets:
* Revision 4b8d261b5d7f5e82122cdc6d62e7ee382d9a4a23 by Natanael Copa on 2013-08-08T10:52:47Z:
```
main/apache2: security upgrade to 2.2.25 (CVE-2013-1896)
fixes #2217
```Alpine 2.3.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2213[v2.3] CVE-2013-4131 subversion: DoS (assertion failure, crash) in mod_dav_sv...2019-07-23T14:19:18ZPeter Kotcauer[v2.3] CVE-2013-4131 subversion: DoS (assertion failure, crash) in mod_dav_svn when handling certain MOVE, COPY, or DELETE HTTP requestsreference:
http://subversion.apache.org/security/CVE-2013-4131-advisory.txt
A vulnerability has been found and corrected in subversion:
The mod\_dav\_svn Apache HTTPD server module in Subversion 1.7.0
through
1.7.10 and 1.8.x befor...reference:
http://subversion.apache.org/security/CVE-2013-4131-advisory.txt
A vulnerability has been found and corrected in subversion:
The mod\_dav\_svn Apache HTTPD server module in Subversion 1.7.0
through
1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to
cause a denial of service (assertion failure or out-of-bounds read)
via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a
revision root (CVE-2013-4131).
*(from redmine: issue id 2213, created on 2013-08-06, closed on 2013-08-30)*
* Relations:
* parent #2209
* Changesets:
* Revision e45527d19883379cca01edc2a576ab128f5fb7c1 by Natanael Copa on 2013-08-07T15:57:25Z:
```
main/subversion: security upgrade to 1.7.11 (CVE-2013-4131)
fixes #2213
```Alpine 2.3.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2208[v2.3] Multiple security issues in libtiff (CVE-2013-1960 , CVE-2013-1961)2019-07-23T14:19:23ZPeter Kotcauer[v2.3] Multiple security issues in libtiff (CVE-2013-1960 , CVE-2013-1961)references:
https://access.redhat.com/security/cve/CVE-2013-1960
https://access.redhat.com/security/cve/CVE-2013-1961
Two flaws were reported to us in tiff2pdf utility shipped with the
libtiff library. Details as follows:
1. CVE-...references:
https://access.redhat.com/security/cve/CVE-2013-1960
https://access.redhat.com/security/cve/CVE-2013-1961
Two flaws were reported to us in tiff2pdf utility shipped with the
libtiff library. Details as follows:
1. CVE-2013-1961 libtiff (tiff2pdf): Stack-based buffer overflow with
malformed image-length and resolution
A stack-based buffer overflow was found in the way tiff2pdf, a TIFF
image to a PDF document conversion tool, of libtiff, a library of
functions for manipulating TIFF (Tagged Image File Format) image
format
files, performed write of TIFF image content into particular PDF
document file, when malformed image-length and resolution values are
used in the TIFF file. A remote attacker could provide a specially-
crafted TIFF image format file, that when processed by tiff2pdf would
lead to tiff2pdf executable crash.
Reference: https://bugzilla.redhat.com/show\_bug.cgi?id=952131
2. CVE-2013-1960 libtiff (tiff2pdf): Heap-based buffer overflow in
t2\_process\_jpeg\_strip()
A heap-based buffer overflow flaw was found in the way tiff2pdf, a
TIFF
image to a PDF document conversion tool, of libtiff, a library of
functions for manipulating TIFF (Tagged Image File Format) image
format
files, performed write of TIFF image content into particular PDF
document file, in the tp\_process\_jpeg\_strip() function. A remote
attacker could provide a specially-crafted TIFF image format file,
that
when processed by tiff2pdf would lead to tiff2pdf executable crash or,
potentially, arbitrary code execution with the privileges of the user
running the tiff2pdf binary.
Reference: https://bugzilla.redhat.com/show\_bug.cgi?id=952158
*(from redmine: issue id 2208, created on 2013-08-06, closed on 2013-08-29)*
* Relations:
* parent #2203
* Changesets:
* Revision a3d144a35f3ff8ce363d828327fb1e02b68eb1f4 by Natanael Copa on 2013-08-07T15:51:08Z:
```
main/tiff: sec fixes from upstream (CVE-2013-1960,CVE-2013-1961)
ref #2203
fixes #2208
```Alpine 2.3.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2199[v2.3] quagga: CVE-2013-2236, stack overrun in apiserver2019-07-23T14:19:30ZNatanael Copa[v2.3] quagga: CVE-2013-2236, stack overrun in apiserverhttp://nongnu.uib.no//quagga/quagga-0.99.22.3.changelog.txt
commit 3f872fe60463a931c5c766dbf8c36870c0023e88
Author: David Lamparter <equinox@opensourcerouting.org>
Date: Mon Jul 8 23:05:28 2013 +0200
ospfd: CVE-20...http://nongnu.uib.no//quagga/quagga-0.99.22.3.changelog.txt
commit 3f872fe60463a931c5c766dbf8c36870c0023e88
Author: David Lamparter <equinox@opensourcerouting.org>
Date: Mon Jul 8 23:05:28 2013 +0200
ospfd: CVE-2013-2236, stack overrun in apiserver
the OSPF API-server (exporting the LSDB and allowing announcement of
Opaque-LSAs) writes past the end of fixed on-stack buffers. This leads
to an exploitable stack overflow.
For this condition to occur, the following two conditions must be true:
- Quagga is configured with --enable-opaque-lsa
- ospfd is started with the "-a" command line option
If either of these does not hold, the relevant code is not executed and
the issue does not get triggered.
Since the issue occurs on receiving large LSAs (larger than 1488 bytes),
it is possible for this to happen during normal operation of a network.
In particular, if there is an OSPF router with a large number of
interfaces, the Router-LSA of that router may exceed 1488 bytes and
trigger this, leading to an ospfd crash.
For an attacker to exploit this, s/he must be able to inject valid LSAs
into the OSPF domain. Any best-practice protection measure (using
crypto authentication, restricting OSPF to internal interfaces, packet
filtering protocol 89, etc.) will prevent exploitation. On top of that,
remote (not on an OSPF-speaking network segment) attackers will have
difficulties bringing up the adjacency needed to inject a LSA.
This patch only performs minimal changes to remove the possibility of a
stack overrun. The OSPF API in general is quite ugly and needs a
rewrite.
Reported-by: Ricky Charlet <ricky.charlet@hp.com>
Cc: Florian Weimer <fweimer@redhat.com>
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
*(from redmine: issue id 2199, created on 2013-08-06, closed on 2013-08-30)*
* Relations:
* parent #2195Alpine 2.3.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2191[v2.3] libgcrypt CVE-2013-4242 GnuPG susceptible to Yarom/Falkner flush+reloa...2019-07-23T14:19:36ZPeter Kotcauer[v2.3] libgcrypt CVE-2013-4242 GnuPG susceptible to Yarom/Falkner flush+reload cache side-channel attackreferences:
http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000329.html
http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html
Libgcrypt version 1.5.3.
This is a **security fix** release for the stable branch.
...references:
http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000329.html
http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html
Libgcrypt version 1.5.3.
This is a **security fix** release for the stable branch.
Libgcrypt is a general purpose library of cryptographic building
blocks. It is originally based on code used by GnuPG. It does not
provide any implementation of OpenPGP or other protocols. Thorough
understanding of applied cryptography is required to use Libgcrypt.
Noteworthy changes in version 1.5.3:
\* Mitigate the Yarom/Falkner flush+reload side-channel attack on
RSA secret keys. See <http://eprint.iacr.org/2013/448>.
\[ Note that Libgcrypt is used by GnuPG 2.x and thus this release
fixes
the above problem. The fix for GnuPG < 2.0 can be found in the just
released GnuPG 1.4.14. \]
Source code is hosted at the GnuPG FTP server and its mirrors as
listed at http://www.gnupg.org/download/mirrors.html . On the primary
server the source file and its digital signatures is:
ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.3.tar.bz2 (1.5M)
ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.3.tar.bz2.sig
This file is bzip2 compressed. A gzip compressed version is also
available:
ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.3.tar.gz (1.8M)
ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.3.tar.gz.sig
Alternativley you may upgrade version 1.5.2 using this patch file:
ftp://ftp.gnupg.org/gcrypt/libgcrypt/libgcrypt-1.5.2-1.5.3.diff.bz2 (4k)
The SHA-1 checksums are:
2c6553cc17f2a1616d512d6870fe95edf6b0e26e libgcrypt-1.5.3.tar.bz2
184405c91d1ab4877caefb1a6458767e5f0b639e libgcrypt-1.5.3.tar.gz
b711fe3ddf534bb6f11823542036eb4a32e0c914 libgcrypt-1.5.2-1.5.3.diff.bz2
*(from redmine: issue id 2191, created on 2013-08-02, closed on 2013-08-06)*
* Relations:
* parent #2187
* Changesets:
* Revision 6e323da51f93cc5ca6159bc38b4213ca2c50d915 by Natanael Copa on 2013-08-05T14:14:33Z:
```
main/libgcrypt: security upgrade to 1.5.3 (CVE-2013-4242)
ref #2187
fixes #2191
```Alpine 2.3.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2178[v2.3] bind: CVE-2013-4854: A specially crafted query can cause BIND to termi...2019-07-23T14:19:49ZNatanael Copa[v2.3] bind: CVE-2013-4854: A specially crafted query can cause BIND to terminate abnormallCVE: CVE-2013-4854
Document Version: 2.0
Posting date: 26 July 2013
Program Impacted: BIND
Versions affected: 9.7.0<s><span style="text-align:right;">9.7.7,
9.8.0</span></s>&gt;9.8.5-P1, 9.9.0-&gt;9.9.3-P1, 9.8.6b1 and 9.9.4b1;
S...CVE: CVE-2013-4854
Document Version: 2.0
Posting date: 26 July 2013
Program Impacted: BIND
Versions affected: 9.7.0<s><span style="text-align:right;">9.7.7,
9.8.0</span></s>>9.8.5-P1, 9.9.0->9.9.3-P1, 9.8.6b1 and 9.9.4b1;
Subscription: 9.9.3-S1 and 9.9.4-S1b1
Severity: Critical
Exploitable: Remotely
### Description
A specially crafted query that includes malformed rdata can cause named
to terminate with an assertion failure while rejecting the malformed
query.
BIND 9.6 and BIND 9.6-ESV are unaffected by this problem. Earlier
branches of BIND 9 are believed to be unaffected but have not been
tested. BIND 10 is also unaffected by this issue.
Please Note: All versions of BIND 9.7 are known to be affected, but
these branches are beyond their “end of life” (EOL) and no longer
receive testing or security fixes from ISC. For current information on
which versions are actively supported, please see
http://www.isc.org/downloads/software-support-policy/bind-software-status/.
### Impact
Authoritative and recursive servers are equally vulnerable. Intentional
exploitation of this condition can cause a denial of service in all
nameservers running affected versions of BIND 9. Access Control Lists do
not provide any protection from malicious clients.
In addition to the named server, applications built using libraries from
the affected source distributions may crash with assertion failures
triggered in the same fashion.
CVSS Score: 7.8
CVSS Equation: (AV:N/AC:L/Au:N/C:N/I:N/A:C)
For more information on the Common Vulnerability Scoring System and to
obtain your specific environmental score please visit:
http://nvd.nist.gov/cvss.cfm?calculator&adv&version=2&vector=(AV:N/AC:L/Au:N/C:N/I:N/A:C)
### Workarounds
No known workarounds at this time.
### Active exploits
Crashes have been reported by multiple ISC customers. First observed in
the wild on 26 July 2013.
*(from redmine: issue id 2178, created on 2013-07-29, closed on 2013-07-30)*
* Relations:
* parent #2173
* Changesets:
* Revision 9fe775998eff36811aca578eeedf08c89082b2c0 by Natanael Copa on 2013-07-29T08:26:56Z:
```
main/bind: security upgrade to 9.8.5_p2 (CVE-2013-4854)
fixes #2178
```Alpine 2.3.7https://gitlab.alpinelinux.org/alpine/aports/-/issues/2165[v2.3] CVE-2013-4073 ruby: hostname check bypassing vulnerability in SSL client2019-07-23T14:20:02ZPeter Kotcauer[v2.3] CVE-2013-4073 ruby: hostname check bypassing vulnerability in SSL clientreferences:
http://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073/
https://bugzilla.redhat.com/show\_bug.cgi?id=979251
*(from redmine: issue id 2165, created on 2013-07-1...references:
http://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073/
https://bugzilla.redhat.com/show\_bug.cgi?id=979251
*(from redmine: issue id 2165, created on 2013-07-18, closed on 2013-07-29)*
* Relations:
* parent #2164Alpine 2.3.7Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2163[v2.3] CVE-2013-4130 spice: unsafe clients ring access abort2019-07-12T14:40:30ZPeter Kotcauer[v2.3] CVE-2013-4130 spice: unsafe clients ring access abortreference:
https://bugzilla.redhat.com/show\_bug.cgi?id=984769
*(from redmine: issue id 2163, created on 2013-07-18, closed on 2013-07-19)*
* Relations:
* parent #2159reference:
https://bugzilla.redhat.com/show\_bug.cgi?id=984769
*(from redmine: issue id 2163, created on 2013-07-18, closed on 2013-07-19)*
* Relations:
* parent #2159Alpine 2.3.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2148[v2.3] CVE-2013-4127 kernel: vhost-net: use-after-free in vhost_net_flush2019-07-12T14:40:26ZPeter Kotcauer[v2.3] CVE-2013-4127 kernel: vhost-net: use-after-free in vhost_net_flushreference:
https://bugzilla.redhat.com/show\_bug.cgi?id=984722
vhost\_net\_ubuf\_put\_and\_wait has a confusing name: it will actually
also free it’s argument. vhost\_net\_flush tries to use the argument
after passing it to vhost\_net...reference:
https://bugzilla.redhat.com/show\_bug.cgi?id=984722
vhost\_net\_ubuf\_put\_and\_wait has a confusing name: it will actually
also free it’s argument. vhost\_net\_flush tries to use the argument
after passing it to vhost\_net\_ubuf\_put\_and\_wait, this results in
use after free.
Upstream fix:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dd7633ecd553a5e304d349aa6f8eb8a0417098c5
Introduced by:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1280c27f8e29acf4af2da914e80ec27c3dbd5c01
Introduced in upstream version:
v3.8-rc1
*(from redmine: issue id 2148, created on 2013-07-18, closed on 2013-07-23)*
* Relations:
* parent #2144Alpine 2.3.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2143[v2.3]CVE-2013-4125 kernel: ipv6: BUG_ON in fib6_add_rt2node()2019-07-12T14:40:24ZPeter Kotcauer[v2.3]CVE-2013-4125 kernel: ipv6: BUG_ON in fib6_add_rt2node()references:
http://www.security-database.com/detail.php?alert=CVE-2013-4125
https://bugzilla.redhat.com/show\_bug.cgi?id=984664
*(from redmine: issue id 2143, created on 2013-07-18, closed on 2013-07-24)*
* Relations:
* parent #...references:
http://www.security-database.com/detail.php?alert=CVE-2013-4125
https://bugzilla.redhat.com/show\_bug.cgi?id=984664
*(from redmine: issue id 2143, created on 2013-07-18, closed on 2013-07-24)*
* Relations:
* parent #2139Alpine 2.3.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2138[v2.3] CVE-2013-4113 php: xml_parse_into_struct buffer overflow when parsing ...2019-07-23T14:20:12ZNatanael Copa[v2.3] CVE-2013-4113 php: xml_parse_into_struct buffer overflow when parsing deeply nested XMLreferences:
https://bugs.php.net/bug.php?id=65236
https://bugzilla.redhat.com/show\_bug.cgi?id=983689
*(from redmine: issue id 2138, created on 2013-07-16, closed on 2013-07-18)*
* Relations:
* parent #2136
* Changesets:
* Rev...references:
https://bugs.php.net/bug.php?id=65236
https://bugzilla.redhat.com/show\_bug.cgi?id=983689
*(from redmine: issue id 2138, created on 2013-07-16, closed on 2013-07-18)*
* Relations:
* parent #2136
* Changesets:
* Revision 557e3af1ace8b185c2831c4ebe37fc8c5326c189 by Natanael Copa on 2013-07-16T12:48:13Z:
```
main/php: security upgrade to 5.3.27 (CVE-2013-4113)
ref #2136
fixes #2138
```Alpine 2.3.7Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2127[v2.3] Xen Security Advisory 58 (CVE-2013-1432) - Page reference counting err...2019-07-23T14:20:21ZPeter Kotcauer[v2.3] Xen Security Advisory 58 (CVE-2013-1432) - Page reference counting error due to XSA-45/CVE-2013-1918 fixesreferences:
http://lists.xen.org/archives/html/xen-announce/2013-06/msg00012.html
ISSUE DESCRIPTION
=
The XSA-45/CVE-2013-1918 patch making error handling paths preemptible
broke
page reference counting by not retaining a referen...references:
http://lists.xen.org/archives/html/xen-announce/2013-06/msg00012.html
ISSUE DESCRIPTION
=
The XSA-45/CVE-2013-1918 patch making error handling paths preemptible
broke
page reference counting by not retaining a reference on pages stored
for
deferred cleanup. This would lead to the hypervisor prematurely
attempting to
free the page, generally crashing upon finding the page still in use.
CREDITS
===
Thanks to Andrew Cooper and the Citrix XenServer team for discovering
and reporting this vulnerability, and helping investigate it.
IMPACT
==
Malicious or buggy PV guest kernels can mount a denial of service
attack
affecting the whole system. It can’t be excluded that this could also
be
exploited to mount a privilege escalation attack.
VULNERABLE SYSTEMS
==
All Xen versions having the XSA-45/CVE-2013-1918 fixes applied are
vulnerable.
The vulnerability is only exposed by PV guests.
MITIGATION
==
Running only HVM guests, or PV guests with trusted kernels, will avoid
this
vulnerability.
RESOLUTION
==
Applying the appropriate attached patch resolves this issue.
xsa58-4.1.patch Xen 4.1.x
xsa58-4.2.patch Xen 4.2.x
xsa58-unstable.patch xen-unstable
$ sha256sum xsa58\*.patch
3623ec87e5a2830f0d41de19a8e448d618954973c3264727a1f3a095f15a8641
xsa58-4.1.patch
194d6610fc38b767d643e5d58a1268f45921fb35e309b47aca6a388b861311c2
xsa58-4.2.patch
2c94b099d7144d03c0f7f44e892a521537fc040d11bc46f84a2438eece46a0f5
xsa58-unstable.patch
*(from redmine: issue id 2127, created on 2013-06-26, closed on 2013-07-03)*
* Relations:
* parent #2123
* Changesets:
* Revision 14e8058dddb5be40c29deb267ffbc23171991c7a by Natanael Copa on 2013-07-02T11:54:33Z:
```
main/xen: main/xen: fix xsa45 and xsa58 (CVE-2013-1918,CVE-2013-1432)
ref #2123
fixes #2127
```Alpine 2.3.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2121[v2.3] Xen Security Advisory 57 - libxl allows guest write access to sensitiv...2019-07-23T14:20:28ZPeter Kotcauer[v2.3] Xen Security Advisory 57 - libxl allows guest write access to sensitive console related xenstore keys (CVE-2013-2211 )ISSUE DESCRIPTION
=
The libxenlight (libxl) toolstack library does not correctly set
permissions on xenstore keys relating to paravirtualised and emulated
serial console devices. This could allow a malicious guest
administrator ...ISSUE DESCRIPTION
=
The libxenlight (libxl) toolstack library does not correctly set
permissions on xenstore keys relating to paravirtualised and emulated
serial console devices. This could allow a malicious guest
administrator to change values in xenstore which the host later relies
on being implicitly trusted.
IMPACT
==
A malicious guest administrator can read and write any files in the
host filesystem which are accessible to the user id running the
xenconsole client binary. This may be the user id of a host
administrator who connects to the guest’s console or the user id of
any self service mechanism provided to guest administrators by the
host provider.
As well as reading and writing files an attacker with access to an HVM
guest can cause any PV or serial consoles to be connected to a variety
of network resources (sockets, udp connections) or other end points
(fifo, pipes) in the host file filesystem according to the privileges
granted to the qemu device model for that guest.
A malicious guest administrator can also redirect the VNC console
port of the guest to another port on the host. This may expose the VNC
port of other guests or of other firewalled services to an attack.
VULNERABLE SYSTEMS
==
All systems which use libxl as part of the toolstack are vulnerable.
libxl is present in Xen versions 4.0 onwards.
The major consumer of libxl functionality is the xl toolstack which
became the default in Xen 4.2.
In addition to this libvirt can optionally make use of libxl. This can
be queried with
\# virsh version
Which will report “xenlight” if libxl is in use. libvirt currently
prefers the xend backend if xend is running.
The xend and xapi toolstacks do not currently use libxl.
MITIGATION
==
Host administrators can start a domain paused and manually correct the
xenstore permissions of the relevant nodes.
A domain can be started in the paused state with xl by using
\# xl create -p <cfg>
A domain’s domid can then be determined with:
\# xl domid <name>
If using libvirt then virsh can be used instead:
\# virsh start —paused <name>
\# virsh domid <name>
For a domain $DOMID the following command will recursively correct the
permissions for the primary PV console:
\# xenstore-chmod -r /local/domain/$DOMID/console n0 r$DOMID
If the domain uses a device model stubdomain then it will also be
necessary to fix the permissions for the stubdomain. The stubdomain is
named “<name>-dm”. Assuming its domain ID is $DMDOM:
\# xenstore-chmod -r /local/domain/$DMDOM/console n0 r$DMDOM
In addition a stub domain has three secondary PV consoles which must
be
fixed, however in this case the “state” and “protocol” nodes along
with the device node itself should not be restricted. For each device
$D in \[1,2,3\]:
\# xenstore-chmod -r /local/domain/$DMDOM/device/console/$N n0 r$DMDOM
\# xenstore-chmod /local/domain/$DMDOM/device/console/$N/state n$DMDOM
r0
\# xenstore-chmod /local/domain/$DMDOM/device/console/$N/protocol
n$DMDOM r0
\# xenstore-chmod /local/domain/$DMDOM/device/console/$N n$DMDOM r0
The current permissions can be listed with
\# xenstore-ls -fp <PATH>
Once the permissions are fixed you may unpause the domain with
\# xl unpause <domain>
or with virsh:
\# virsh resume <domain>
The permissions can also be corrected on a live system if they are
then manually validated to be non-malicious.
See http://wiki.xen.org/wiki/XenBus\#Permissions for information on
the
permissions syntax.
RESOLUTION
==
Applying the appropriate attached patch resolves this issue.
xsa57-4.2.patch Xen 4.2.x
xsa57-4.1.patch Xen 4.1.x
xsa57-unstable.patch xen-unstable
$ sha256sum xsa57-\*.patch
428a1d42f4314404cde339a78a59422bf4f0590c4d16ea8adc83425fe5eede3d
xsa57-4.1.patch
b6a5106848541972519cc529859d9ff3083c79367276c7031560fa4ce6f9f770
xsa57-4.2.patch
d329f56c30f7a4f91906658ea661234d2ca31b74ee68257bf009072999b3d3ef
xsa57-unstable.patch
*(from redmine: issue id 2121, created on 2013-06-26, closed on 2013-07-03)*
* Relations:
* parent #2117
* Changesets:
* Revision dac4485dfa4d8ae59e99caf4b911c196dc2b717f by Natanael Copa on 2013-06-26T14:10:30Z:
```
main/xen: fix xsa55 and xsa57 (CVE-2013-2194,CVE-2013-2195,CVE-2013-2196,CV
E-2013-2211)
ref #2108
ref #2117
fixes #2112
fixes #2121
```Alpine 2.3.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2112[v2.3] Xen Security Advisory 55 (CVE-2013-2194, CVE-2013-2195, CVE-2013-2196)...2019-07-23T14:20:37ZPeter Kotcauer[v2.3] Xen Security Advisory 55 (CVE-2013-2194, CVE-2013-2195, CVE-2013-2196) - Multiple vulnerabilities in libelf PV kernel handling——<s>BEGIN PGP SIGNED MESSAGE——</s>
Hash: SHA1
Xen Security Advisory CVE-2013-2194,CVE-2013-2195,CVE-2013-2196 /
XSA-55
version 5
Multiple vulnerabilities in libelf PV kernel handling
UPDATES IN VERSION 5
CVE numbers have been ...——<s>BEGIN PGP SIGNED MESSAGE——</s>
Hash: SHA1
Xen Security Advisory CVE-2013-2194,CVE-2013-2195,CVE-2013-2196 /
XSA-55
version 5
Multiple vulnerabilities in libelf PV kernel handling
UPDATES IN VERSION 5
CVE numbers have been assigned.
ISSUE DESCRIPTION
=
The ELF parser used by the Xen tools to read domains’ kernels and
construct domains has multiple integer overflows, pointer dereferences
based on calculations from unchecked input values, and other problems.
This corresponds to the following CVEs:
CVE-2013-2194 XEN XSA-55 integer overflows
CVE-2013-2195 XEN XSA-55 pointer dereferences
CVE-2013-2196 XEN XSA-55 other problems
IMPACT
==
A malicious PV domain administrator who can specify their own kernel
can escalate their privilege to that of the domain construction tools
(i.e., normally, to control of the host).
Additionally a malicious HVM domain administrator who is able to
supply their own firmware (“hvmloader”) can do likewise; however we
think this would be very unusual and it is unlikely that such
configurations exist in production systems.
VULNERABLE SYSTEMS
==
All Xen versions are affected.
Installations which only allow the use of trustworthy kernels for PV
domains are not affected.
MITIGATION
==
Ensuring that PV guests use only trustworthy kernels will avoid this
problem.
RESOLUTION
==
Applying the appropriate patch series will resolve this issue.
These were attached to v3 of the advisory which can be found here:
http://lists.xen.org/archives/html/xen-devel/2013-06/msg01626.html
These are available in xen.git
http://xenbits.xen.org/gitweb/?p=xen.git
git://xenbits.xen.org/xen.git
http://xenbits.xen.org/git-http/xen.git
in the git changesets listed below.
xen-unstable:
82cb4113b6ace16de192021de20f6cbd991e478f libxc: Better range check in
xc\_dom\_alloc\_segment
966070058d02cce9684e30073b61d6465e4b351c libxc: check blob size before
proceeding in xc\_dom\_check\_gzip
de7911eaef98b6643d80e4612fe4dcd4528d15b9 libxc: range checks in
xc\_dom\_p2m\_host
and \_guest
3d5a1d4733e55e33521cd5004cab1313e5c5d5ff libxc: check return values from
malloc
aaebaba5ae225f591e0602e071037a935bb281b6 libxc: check failure of
xc\_dom\_\*\_to\_ptr, xc\_map\_foreign\_range
2bcee4b3c316379f4b52cb308947eb6db3faf1a0 libxc: Add range checking to
xc\_dom\_binloader
66fe2726fe8492676f9970b9c2c511bce6186ece libelf: abolish obsolete
macros
39bf7b9d0ae534491745e54df5232127c0bddaf1 libelf: check loops for running
away
a004800f8fc607b96527815c8e3beabcb455d8e0 libelf: use only unsigned
integers
7a549a6aa04dba807f8dd4c1577ab6a7592c4c76 libelf: use C99 bool for
booleans
c84481fbc7de7d15ff7476b3b9cd2713f81feaa3 libelf: Make all callers call
elf\_check\_broken
943de71cf07d9d04ccb215bd46153b04930e9f25 libelf: Check pointer
references in
elf\_is\_elfbinary
65808a8ed41cc7c044f588bd6cab5af0fdc0e029 libelf: check all pointer
accesses
04877847ade4ac9216e9f408fd544ade8f90cf9a libelf: check nul-terminated
strings
properly
50421bd56bf164f490d7d0bf5741e58936de41e8 tools/xcutils/readnotes:
adjust
print\_l1\_mfn\_valid\_note
85256359995587df00001dca22e9a76ba6ea8258 libelf: introduce macros for
memory
access and pointer handling
95dd49bed681af93f71a401b0a35bf2f917c6e68
libelf/xc\_dom\_load\_elf\_symtab: Do not
use “syms” uninitialised
f7aa72ec00aec71eed055dac5e8a151966d75c9c libelf: move include of
<asm/guest\_access.h>to top of file
13e2c808f7ea721c8f200062e2b9b977ee924471 libelf: abolish elf\_sval and
elf\_access\_signed
009ddca51504ce80889937e485d44ac0f9290d63 libelf: add \`struct
elf\_binary\*’
parameter to elf\_load\_image
b5a869209998fedadfe205d37addbd50a802998b libxc: Fix range checking in
xc\_dom\_pfn\_to\_ptr etc.
53bfcf585b09eb4ac2240f89d1ade77421cd2451 libxc: introduce
xc\_dom\_seg\_to\_ptr\_pages
14573b974850d82de7aebad17e6471d27d847f2c libelf: abolish
libelf-relocate.c
Xen 4.2.x:
d21d36e84354c04638b60a739a5f7c3d9f8adaf8 libxc: Better range check in
xc\_dom\_alloc\_segment
2a548e22915535ac13694eb38222903bca7245e3 libxc: check blob size before
proceeding in xc\_dom\_check\_gzip
052a689aa526ca51fd70528d4b0f83dfb2de99c1 libxc: range checks in
xc\_dom\_p2m\_host
and \_guest
8dc90d163650ce8aa36ae0b46debab83cc61edb6 libxc: check return values from
malloc
77c0829fa751f052f7b8ec08287aef6e7ba97bc5 libxc: check failure of
xc\_dom\_\*\_to\_ptr, xc\_map\_foreign\_range
b06e277b1fc08c7da3befeb3ac3950e1d941585d libxc: Add range checking to
xc\_dom\_binloader
3baaa4ffcd3e7dd6227f9bdf817f90e5b75aeda2 libelf: abolish obsolete
macros
52d8cc2dd3bb3e0f6d51e00280da934e8d91653a libelf: check loops for running
away
e673ca50127b6c1263727aa31de0b8bb966ca7a2 libelf: use only unsigned
integers
3fb6ccf2faccaf5e22e33a3155ccc72d732896d8 libelf: use C99 bool for
booleans
a965b8f80388603d439ae2b8ee7b9b018a079f90 libelf: Make all callers call
elf\_check\_broken
d0790bdad7496e720416b2d4a04563c4c27e7b95 libelf: Check pointer
references in
elf\_is\_elfbinary
cc8761371aac432318530c2ddfe2c8234bc0621f libelf: check all pointer
accesses
db14d5bd9b6508adfcd2b910f454fae12fa4ba00 libelf: check nul-terminated
strings
properly
59f66d58180832af6b99a9e4489031b5c2f627ab tools/xcutils/readnotes:
adjust
print\_l1\_mfn\_valid\_note
40020ab55a1e9a1674ddecdb70299fab4fe8579d libelf: introduce macros for
memory
access and pointer handling
de9089b449d2508b1ba05590905c7ebaee00c8c4
libelf/xc\_dom\_load\_elf\_symtab: Do not
use “syms” uninitialised
682a04488e7b3bd6c3448ab60599566eb7c6177a libelf: move include of
<asm/guest\_access.h>to top of file
83ec905922b496e1a5756e3a88405eb6c2c6ba88 libelf: abolish elf\_sval and
elf\_access\_signed
035634047d10c678cbb8801c4263747bdaf4e5b1 libelf: add \`struct
elf\_binary\*’
parameter to elf\_load\_image
8c738fa5c1f3cfcd935b6191b3526f7ac8b2a5bd libxc: Fix range checking in
xc\_dom\_pfn\_to\_ptr etc.
a672da4b2d58ef12be9d7407160e9fb43cac75d9 libxc: introduce
xc\_dom\_seg\_to\_ptr\_pages
9737484becab4a25159f1e985700eaee89690d34 libelf: abolish
libelf-relocate.c
Xen 4.1.x:
ac63ddd70a5ccf5ebf790f06ea4cd4ed794c3978 libxc: check blob size before
proceeding in xc\_dom\_check\_gzip
6eca85d5c144ee8c899ee3cf8791f9087b15f2e8 libxc: range checks in
xc\_dom\_p2m\_host
and \_guest
a2986a7959919bc748784bb75970bfbd42697d3b libxc: check return values from
malloc
117a538dbef62f8d39159dea652e633e01b50a9a libxc: check failure of
xc\_dom\_\*\_to\_ptr, xc\_map\_foreign\_range
40b76f1fb04af421c1415f7bcb168dfaa6960d0d libxc: Add range checking to
xc\_dom\_binloader
4a3a60d8caee49af6951a672c55b08436a8d1f86 libelf: abolish obsolete
macros
968c0399159c65e24bb8b9969259e18791e1f4d8 libelf: check loops for running
away
282188ea84b9e0f9c4865f0609e7740f2f28e7b0 libxc: Introduce xc\_bitops.h
86e39ce58e91fe55d4fdbc914cb1955c45acc20e libelf: use only unsigned
integers
bd3dba9f435fa59f305407f7d9b34e1e164ddd98 libelf: use C99 bool for
booleans
44c74b1ed31c75ed9026abf62ab7427a46d8027a libelf: Make all callers call
elf\_check\_broken
9962d7ffcce97ec2d69a15ef861996b1ead33694 libelf: Check pointer
references in
elf\_is\_elfbinary
39923542bb43e67776c4e8292d4a5a1adef2bd3b libelf: check all pointer
accesses
8ce60b35beaac91a97b79c004ca6bf5d58e7390b libelf: check nul-terminated
strings
properly
4e46085972d2367dff2345a73361c1c17b47ce73 tools/xcutils/readnotes:
adjust
print\_l1\_mfn\_valid\_note
de49d6e83c3a8c753646b007972140ddbb746ba8 libelf: introduce macros for
memory
access and pointer handling
4d3339de1fe3cbf7b05487fdb6cadd7267950948
libelf/xc\_dom\_load\_elf\_symtab: Do not
use “syms” uninitialised
e719b136b750e5eee87c4647d1846e4e1e70eac0 libelf: abolish elf\_sval and
elf\_access\_signed
f7fb94409c562beec06094141ef262dc85f28dac libxc: Fix range checking in
xc\_dom\_pfn\_to\_ptr etc.
bbf40e6b6d47809f4289a866d7d167c25104ecc0 libxc: introduce
xc\_dom\_seg\_to\_ptr\_pages
64a0206c451920b72a9c5721a6f2427baf99e3dd libelf: abolish
libelf-relocate.c
——<s>BEGIN PGP SIGNATURE——</s>
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJRwticAAoJEIP+FMlX6CvZFbEIAMjbI64TpgYSm3cRSFmdHol/
FC2d4mo/aeb8e24RCTnJvxP3oE+o1Oar5FGJi+AATDynzbqcuv7yK7iDQ9ZfwGm5
xZR+knkFKymWLsutb8uhDRT8eYCgmK8aQEXorvcjr69sxrxJascPGv4aHesNihxO
t4tRqRbqGhAzkm9Gm32LaVz3UYCW2ZRs4lxDBjtW5HmsugaOarCYNTqSpftAiAkn
XE8UChNUVO95PAJKRtmihLQ+TGJ9cyujBACrl6RsxdD8JZU6EP4rq7fccdzyqD6D
+c5pw859mtukyy56fwfP5Ji6G9O2VrrZyf4kq13V74SPZ/LV3VKDalfaVVItLGQ=
=RVh5
——<s>END PGP SIGNATURE——</s>
*(from redmine: issue id 2112, created on 2013-06-21, closed on 2013-07-03)*
* Relations:
* parent #2108
* Changesets:
* Revision dac4485dfa4d8ae59e99caf4b911c196dc2b717f by Natanael Copa on 2013-06-26T14:10:30Z:
```
main/xen: fix xsa55 and xsa57 (CVE-2013-2194,CVE-2013-2195,CVE-2013-2196,CV
E-2013-2211)
ref #2108
ref #2117
fixes #2112
fixes #2121
```Alpine 2.3.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2107[v2.3] CVE-2013-2206 Linux kernel: sctp: duplicate cookie handling NULL point...2019-07-12T14:40:05ZPeter Kotcauer[v2.3] CVE-2013-2206 Linux kernel: sctp: duplicate cookie handling NULL pointer dereferenceA flaw was found in the way Linux kernel’s SCTP network protocol
implementation handled duplicate cookies. A transient empty
association
is created while processing the duplicate cookie chunk that userspace
could query, potentially...A flaw was found in the way Linux kernel’s SCTP network protocol
implementation handled duplicate cookies. A transient empty
association
is created while processing the duplicate cookie chunk that userspace
could query, potentially leading to NULL pointer dereference. A remote
attacker able to initiate SCTP connection to the system could use this
flaw to create transient conditions that could lead to remote system
crash if remote system user is querying SCTP connection info at the
time
these conditions exist.
Upstream fix:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f2815633504b442ca0b0605c16bf3d88a3a0fcea
(already in stable)
References:
https://bugzilla.redhat.com/show\_bug.cgi?id=976562
*(from redmine: issue id 2107, created on 2013-06-21, closed on 2013-06-26)*
* Relations:
* parent #2105Alpine 2.3.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2102[v2.3] CVE-2013-2175 : haproxy may crash when using header occurrences relati...2019-07-23T14:20:46ZPeter Kotcauer[v2.3] CVE-2013-2175 : haproxy may crash when using header occurrences relative to the tailDavid Torgerson reported an haproxy crash with enough traces to
diagnose
the cause as being related to the use of a negative occurrence number
in
a header extraction, which is used to extract an entry starting from
the
last occurre...David Torgerson reported an haproxy crash with enough traces to
diagnose
the cause as being related to the use of a negative occurrence number
in
a header extraction, which is used to extract an entry starting from
the
last occurrence.
—- summary —-
Configurations at risk are those which make use of “hdr\_ip(name,–1)”
(in
1.4) or any hdr\_\* variant with a negative occurrence count in 1.5,
or
the “usesrc hdr\_ip(name)” statement in both 1.4 and 1.5. These
configurations may be crashed when run with haproxy 1.4.4 to 1.4.23 or
development versions up to and including 1.5-dev18. Versions 1.4.24
and
1.5-dev19 are safe.
—- quick workaround —-
A workaround consists in rejecting dangerous requests early using
hdr\_cnt(<name>), which is available both in 1.4 and 1.5 :
block if { hdr\_cnt(<name>) ge 10 }
—- details —-
When a config makes use of hdr\_ip(x-forwarded-for,–1) or any such
thing
involving a negative occurrence count, the header is still parsed in
the
order it appears, and an array of up to MAX\_HDR\_HISTORY entries is
created.
When more entries are used, the entries simply wrap and continue this
way.
A problem happens when the incoming header field count exactly divides
MAX\_HDR\_HISTORY, because the computation removes the number of
requested
occurrences from the count, but does not care about the risk of
wrapping
with a negative number. Thus we can dereference the array with a
negative
number and randomly crash the process.
The bug is located in http\_get\_hdr() in haproxy 1.5, and
get\_ip\_from\_hdr2()
in haproxy 1.4. It affects configurations making use of one of the
following
functions with a negative <value> occurence number :
\- hdr\_ip(<name>, <value>) (in 1.4)
- hdr\_\*(<name>, <value>) (in 1.5)
It also affects “source” statements involving “hdr\_ip(<name>)” since
that
statement implicitly uses –1 for <value> :
\- source 0.0.0.0 usesrc hdr\_ip(<name>)
This bug has been present since the introduction of the negative
offset
count in 1.4.4 via commit bce70882.
CVE-2013-2175 was assigned to this bug.
Special thanks to David Torgerson who provided a significant number of
traces, and to Ryan O’Hara from Red Hat for providing a CVE id.
—- links —-
1.4-stable patch for version <= 1.4.23 :
http://git.1wt.eu/web?p=haproxy-1.4.git;a=commitdiff;h=f534af74ed
1.4.24 source code:
http://haproxy.1wt.eu/download/1.4/src/haproxy-1.4.24.tar.gz
1.5-dev patch for versions <= 1.5-dev18 :
http://git.1wt.eu/web?p=haproxy.git;a=commitdiff;h=67dad2715b
1.5-dev19 source code:
http://haproxy.1wt.eu/download/1.5/src/devel/haproxy-1.5-dev19.tar.gz
*(from redmine: issue id 2102, created on 2013-06-18, closed on 2013-06-21)*
* Relations:
* parent #2098
* Changesets:
* Revision d18986df20f642070086bc7da1c238a7aa986c87 by Natanael Copa on 2013-06-21T14:04:56Z:
```
main/haproxy: security upgrade to 1.4.24 (CVE-2013-2175)
fixes #2102
(cherry picked from commit d2207b3c4708cac6038cfbb0b7c58722e49c5c4e)
Conflicts:
main/haproxy/APKBUILD
```Alpine 2.3.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/2097[v2.3] CVE-2013-2851 Linux-Kernel: block layer2019-07-23T14:20:53ZPeter Kotcauer[v2.3] CVE-2013-2851 Linux-Kernel: block layerThe block layer uses the “disk\_name” field as a format
string in a number of places. While this is normally not a problem due
to how disk names are created (statically or incrementally), there
is currently at least one way to defi...The block layer uses the “disk\_name” field as a format
string in a number of places. While this is normally not a problem due
to how disk names are created (statically or incrementally), there
is currently at least one way to define nearly arbitrary names via
md. Instead of filtering md, this should be fixed within the kernel’s
interfaces. This flaw could potentially allow escalation from uid-0 to
ring-0, so except for certain environments, it is not too serious.
The test case is trivial:
1. echo md\_%x.%x.%x.%x >/sys/module/md\_mod/parameters/new\_array
2. ls /dev/md\_\*
/dev/md\_c12cc370.df66d800.df66d80c.c13da45b
Using %n instead of %x leads to exciting crashes. :)
The fix has been sent upstream:
http://marc.info/?l=linux-kernel&m=137055204522556&w=2
With the above fixes, a series of additional format string related
clean
ups has also been sent upstream:
http://marc.info/?l=linux-kernel&m=137055207522563&w=2
*(from redmine: issue id 2097, created on 2013-06-18, closed on 2013-07-03)*
* Relations:
* parent #2093
* Changesets:
* Revision 25d456a566f8d7bdc343a3a55219b23a29433f5f by Natanael Copa on 2013-06-26T14:10:30Z:
```
main/linux-grsec: security fixes (CVE-2013-2164,CVE-2013-2851,CVE-2013-2852)
ref #2077
ref #2088
ref #2093
fixes #2083
fixes #2092
fixes #2097
```Alpine 2.3.7Natanael CopaNatanael Copa