alpine issueshttps://gitlab.alpinelinux.org/groups/alpine/-/issues2019-07-23T13:40:20Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/5153nodejs: Security issues (CVE-2016-2086, CVE-2016-2216)2019-07-23T13:40:20ZAlicha CHnodejs: Security issues (CVE-2016-2086, CVE-2016-2216)### (CVE-2016-2086) Request smuggling vulnerability
A request smuggling vulnerability was found in Node.js
that can be exploited under certain unspecified circumstances.
### Fixed In Version:
nodejs 0.10.42, nodejs 0.12.10, nodejs 4...### (CVE-2016-2086) Request smuggling vulnerability
A request smuggling vulnerability was found in Node.js
that can be exploited under certain unspecified circumstances.
### Fixed In Version:
nodejs 0.10.42, nodejs 0.12.10, nodejs 4.3.0, nodejs 5.6.0
### (CVE-2016-2216) Response splitting vulnerability using Unicode characters
It was reported that HTTP header parsing in Node.js is vulnerable to
response splitting attacks.
While Node.js has been protecting against response splitting attacks by
checking for CRLF characters,
it is possible to compose response headers using Unicode characters that
decompose to these characters,
bypassing the checks previously in place.
### Fixed In Version:
nodejs 0.10.42, nodejs 0.12.10, nodejs 4.3.0, nodejs 5.6.0
### References:
https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2016-2086
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2016-2216
*(from redmine: issue id 5153, created on 2016-02-22, closed on 2016-02-24)*
* Relations:
* child #5154
* child #5155
* child #5156
* child #5157Eivind UggedalEivind Uggedalhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/5152[3.0] xdelta3: buffer overflow in main_get_appheader (CVE-2014-9765)2019-07-23T13:40:21ZAlicha CH[3.0] xdelta3: buffer overflow in main_get_appheader (CVE-2014-9765)A buffer overflow vulnerability in xdelta3 was reported,
allowing arbitrary code execution from input files on some systems.
### Fixed In Version:
xdelta3 3.0.9 and later
### References:
http://seclists.org/oss-sec/2016/q1/294
ht...A buffer overflow vulnerability in xdelta3 was reported,
allowing arbitrary code execution from input files on some systems.
### Fixed In Version:
xdelta3 3.0.9 and later
### References:
http://seclists.org/oss-sec/2016/q1/294
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2014-9765
*(from redmine: issue id 5152, created on 2016-02-22, closed on 2016-02-22)*
* Relations:
* parent #5150
* Changesets:
* Revision 26db5b0795a14008e9883430ce8ceb1c58c102e6 on 2016-02-22T14:35:21Z:
```
main/xdelta3: security upgrade to 3.0.11 (CVE-2014-9765). Fixes #5152
```3.0.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/5151[3.1] xdelta3: buffer overflow in main_get_appheader (CVE-2014-9765)2019-07-23T13:40:22ZAlicha CH[3.1] xdelta3: buffer overflow in main_get_appheader (CVE-2014-9765)A buffer overflow vulnerability in xdelta3 was reported,
allowing arbitrary code execution from input files on some systems.
### Fixed In Version:
xdelta3 3.0.9 and later
### References:
http://seclists.org/oss-sec/2016/q1/294
ht...A buffer overflow vulnerability in xdelta3 was reported,
allowing arbitrary code execution from input files on some systems.
### Fixed In Version:
xdelta3 3.0.9 and later
### References:
http://seclists.org/oss-sec/2016/q1/294
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2014-9765
*(from redmine: issue id 5151, created on 2016-02-22, closed on 2016-02-22)*
* Relations:
* parent #5150
* Changesets:
* Revision b2908b33c1c9bead1a61151009b3d853ef43e399 on 2016-02-22T14:33:25Z:
```
main/xdelta3: security upgrade to 3.0.11 (CVE-2014-9765). Fixes #5151
```3.1.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/5150xdelta3: buffer overflow in main_get_appheader (CVE-2014-9765)2019-07-23T13:40:23ZAlicha CHxdelta3: buffer overflow in main_get_appheader (CVE-2014-9765)A buffer overflow vulnerability in xdelta3 was reported,
allowing arbitrary code execution from input files on some systems.
### Fixed In Version:
xdelta3 3.0.9 and later
### References:
http://seclists.org/oss-sec/2016/q1/294
ht...A buffer overflow vulnerability in xdelta3 was reported,
allowing arbitrary code execution from input files on some systems.
### Fixed In Version:
xdelta3 3.0.9 and later
### References:
http://seclists.org/oss-sec/2016/q1/294
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2014-9765
*(from redmine: issue id 5150, created on 2016-02-22, closed on 2016-02-22)*
* Relations:
* child #5151
* child #5152Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/5149[3.2] libreoffice: Multiple out-of-bounds overflows in lwp filter (CVE-2016-0...2019-07-12T15:06:21ZAlicha CH[3.2] libreoffice: Multiple out-of-bounds overflows in lwp filter (CVE-2016-0794, CVE-2016-0795)### (CVE-2016-0794) LotusWordPro Multiple bounds overflows in lwp filter
Multiple offsets in parsing lwp documents were insufficiently checked
for validity.
Documents can be constructed which cause memory corruption by
overflowing var...### (CVE-2016-0794) LotusWordPro Multiple bounds overflows in lwp filter
Multiple offsets in parsing lwp documents were insufficiently checked
for validity.
Documents can be constructed which cause memory corruption by
overflowing various buffer bounds.
### Fixed in:
LibreOffice 5.0.4/5.1.0
### References:
http://www.libreoffice.org/about-us/security/advisories/cve-2016-0794/
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0794
### (CVE-2016-0795) LotusWordPro Bounds overflows in LwpTocSuperLayout processing
Parsing the LwpTocSuperLayout record was insufficiently checked for
validity.
Documents can be constructed which cause memory corruption by
overflowing the LwpTocSuperLayout buffer..
### Fixed in:
LibreOffice 5.0.5/5.1.0
### References:
http://www.libreoffice.org/about-us/security/advisories/cve-2016-0795/
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0795
*(from redmine: issue id 5149, created on 2016-02-22, closed on 2017-01-24)*
* Relations:
* parent #51473.2.4Timo TeräsTimo Teräshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/5148[3.3] libreoffice: Multiple out-of-bounds overflows in lwp filter (CVE-2016-0...2019-07-23T13:40:24ZAlicha CH[3.3] libreoffice: Multiple out-of-bounds overflows in lwp filter (CVE-2016-0794, CVE-2016-0795)### (CVE-2016-0794) LotusWordPro Multiple bounds overflows in lwp filter
Multiple offsets in parsing lwp documents were insufficiently checked
for validity.
Documents can be constructed which cause memory corruption by
overflowing var...### (CVE-2016-0794) LotusWordPro Multiple bounds overflows in lwp filter
Multiple offsets in parsing lwp documents were insufficiently checked
for validity.
Documents can be constructed which cause memory corruption by
overflowing various buffer bounds.
### Fixed in:
LibreOffice 5.0.4/5.1.0
### References:
http://www.libreoffice.org/about-us/security/advisories/cve-2016-0794/
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0794
### (CVE-2016-0795) LotusWordPro Bounds overflows in LwpTocSuperLayout processing
Parsing the LwpTocSuperLayout record was insufficiently checked for
validity.
Documents can be constructed which cause memory corruption by
overflowing the LwpTocSuperLayout buffer..
### Fixed in:
LibreOffice 5.0.5/5.1.0
### References:
http://www.libreoffice.org/about-us/security/advisories/cve-2016-0795/
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0795
*(from redmine: issue id 5148, created on 2016-02-22, closed on 2017-06-29)*
* Relations:
* parent #5147
* Changesets:
* Revision ff69ce7465b8c9fdca8ef4609ed3dc40dbd63049 on 2016-02-23T14:51:44Z:
```
main/libreoffice: security upgrade to 5.0.5.2 (CVE-2016-0794, CVE-2016-0795). Fixes #5148
```3.3.2Timo TeräsTimo Teräshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/5147libreoffice: Multiple out-of-bounds overflows in lwp filter (CVE-2016-0794, C...2019-07-23T13:40:25ZAlicha CHlibreoffice: Multiple out-of-bounds overflows in lwp filter (CVE-2016-0794, CVE-2016-0795)### (CVE-2016-0794) LotusWordPro Multiple bounds overflows in lwp filter
Multiple offsets in parsing lwp documents were insufficiently checked
for validity.
Documents can be constructed which cause memory corruption by
overflowing var...### (CVE-2016-0794) LotusWordPro Multiple bounds overflows in lwp filter
Multiple offsets in parsing lwp documents were insufficiently checked
for validity.
Documents can be constructed which cause memory corruption by
overflowing various buffer bounds.
### Fixed in:
LibreOffice 5.0.4/5.1.0
### References:
http://www.libreoffice.org/about-us/security/advisories/cve-2016-0794/
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0794
### (CVE-2016-0795) LotusWordPro Bounds overflows in LwpTocSuperLayout processing
Parsing the LwpTocSuperLayout record was insufficiently checked for
validity.
Documents can be constructed which cause memory corruption by
overflowing the LwpTocSuperLayout buffer..
### Fixed in:
LibreOffice 5.0.5/5.1.0
### References:
http://www.libreoffice.org/about-us/security/advisories/cve-2016-0795/
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0795
*(from redmine: issue id 5147, created on 2016-02-22, closed on 2017-06-29)*
* Relations:
* child #5148
* child #5149Timo TeräsTimo Teräshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/5146Firmware does not mount on tmpfs2019-07-23T13:40:27ZCarlo LandmeterFirmware does not mount on tmpfsWhen booting latest 3.3.1, the firmware directory does not get mounted
on /lib/firmware, it does exist in /.modloop/firmware
*(from redmine: issue id 5146, created on 2016-02-22, closed on 2017-05-19)*When booting latest 3.3.1, the firmware directory does not get mounted
on /lib/firmware, it does exist in /.modloop/firmware
*(from redmine: issue id 5146, created on 2016-02-22, closed on 2017-05-19)*3.3.2Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/5145Add official ARMv5 (armel) architecture2020-06-12T11:05:57ZJouke WitteveenAdd official ARMv5 (armel) architectureGiven the focus of Alpine, it is suitable for embedded devices. Please
consider supporting ARMv5 as an official target platform. There are
plenty of devices around that would benefit from an official Alpine
build.
Last month Valery McHn...Given the focus of Alpine, it is suitable for embedded devices. Please
consider supporting ARMv5 as an official target platform. There are
plenty of devices around that would benefit from an official Alpine
build.
Last month Valery McHno demonstrated the possibility of such support:
http://lists.alpinelinux.org/alpine-devel/5129.html
His patches to the gcc
(http://lists.alpinelinux.org/alpine-devel/5130.html) and musl
(http://lists.alpinelinux.org/alpine-devel/5131.html) buildscripts
appear to have gone unnoticed.
*(from redmine: issue id 5145, created on 2016-02-22)*Timo TeräsTimo Teräshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/5144[raspberry pi] apk add linux-rpi-dev returns error ERROR: Failed to create..2019-07-23T13:40:27ZRay Davis[raspberry pi] apk add linux-rpi-dev returns error ERROR: Failed to create..Folks
When running the raspberry pi distro on RPI 2 Quad-core, the alpine
version 3.3.1 produces the following error.
Command: apk add linux-rpi-dev
Error: ERROR: Failed to create lib/modules/4.1.15-1-rpi/build: No such
file or direc...Folks
When running the raspberry pi distro on RPI 2 Quad-core, the alpine
version 3.3.1 produces the following error.
Command: apk add linux-rpi-dev
Error: ERROR: Failed to create lib/modules/4.1.15-1-rpi/build: No such
file or directory
Command: apk add linux-rpi2
Error: Failed to create lib/modules/4.1.15-1-rpi2/kernel…… Read Only
File System
We need linux-headers to compile wi-fi drivers etc.
Request: Is it possible to allow them to be installed in the current
in-memory distribution of rpi (disk-less mode).
*(from redmine: issue id 5144, created on 2016-02-20, closed on 2016-03-18)*
* Changesets:
* Revision 945bf9e18b6cc6525aeee325047d9e7a833fa879 by Mark White on 2016-02-22T16:46:40Z:
```
main/openrc: use overlayfs instead of unionfs for modloop
fixes #5144
```
* Revision 368c2a1d13cddb972bc7b41b0a5beaea304c7839 by Mark White on 2016-03-18T09:43:42Z:
```
main/openrc: use overlayfs instead of unionfs for modloop
fixes #5144
(cherry picked from commit 945bf9e18b6cc6525aeee325047d9e7a833fa879)
```3.3.2Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/5143Asterisk x86 pjsip errors - failed to start2019-07-23T13:40:28ZLeszek CimałaAsterisk x86 pjsip errors - failed to starton clean Alpine x86 install upgraded to edge:
# apk add asterisk asterisk-sample-config
# service asterisk start
* Caching service dependencies ... ...on clean Alpine x86 install upgraded to edge:
# apk add asterisk asterisk-sample-config
# service asterisk start
* Caching service dependencies ... [ ok ]
* Starting asterisk PBX (as asterisk) ... [ !! ]
* ERROR: asterisk failed to start
# asterisk -cvvv
<trimmed output>
[Feb 20 20:53:02] WARNING[2507]: loader.c:553 load_dynamic_module: Error loading module 'res_pjsip_t38.so': Error relocating /usr/lib/asterisk/modules/res_pjsip_t38.so: ast_sip_session_get_datastore: symbol not found
<a lot of pjsip related errors>
-- Local IPv4 address determined to be: 192.168.1.100
Assertion failed: ai.ai_addr.addr.sa_family == (pj_uint16_t)af (../src/pj/sock_common.c: pj_gethostip: 794)
Aborted
I believe problem lies in res\_pjsip module, I can ran asterisk with
chan\_sip, but res\_pjsip is what I want to use (it is modern version of
chan\_sip).
I am attaching full output.
*(from redmine: issue id 5143, created on 2016-02-20, closed on 2016-05-31)*
* Changesets:
* Revision 60d81d4e9c540f8fe9819d63850372b456a36a6f by Timo Teräs on 2016-02-23T06:49:32Z:
```
main/musl: fix handling of non matching address family entries in hosts
fixes #5143
```
* Uploads:
* [asterisk-output.txt](/uploads/03348b8f86ce0ec387553eaaeada267d/asterisk-output.txt) full asterisk -cvvv output3.4.0Timo TeräsTimo Teräshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/5142mariadb package does not create wsrep.cnf2019-07-15T17:48:31ZFederico Razzolimariadb package does not create wsrep.cnfwsrep.cnf file includes Galera settings. Galera is integrated in MariaDB
10.1.
IMHO, wsrep.cnf should be merged with my.cnf or written as a separate
file.
*(from redmine: issue id 5142, created on 2016-02-20)*wsrep.cnf file includes Galera settings. Galera is integrated in MariaDB
10.1.
IMHO, wsrep.cnf should be merged with my.cnf or written as a separate
file.
*(from redmine: issue id 5142, created on 2016-02-20)*https://gitlab.alpinelinux.org/alpine/aports/-/issues/5141php crypt/blowfish not show as expected2019-07-23T13:40:29ZV Krishnphp crypt/blowfish not show as expectedHow to test,
1. apk add php-cli
2. php -f crypt-test.php
**Result: ===**
Standard DES: rl.3StKT.4T8M
Extended DES: _J9..rasmBYk8r9AiWNc
MD5: $1$rasmusle$rISCgZzpwk3UhDidwXvin0
Blowfish(1): $2a$07$usesomesi...How to test,
1. apk add php-cli
2. php -f crypt-test.php
**Result: ===**
Standard DES: rl.3StKT.4T8M
Extended DES: _J9..rasmBYk8r9AiWNc
MD5: $1$rasmusle$rISCgZzpwk3UhDidwXvin0
Blowfish(1): $2a$07$usesomesillystringfore2uDLvp1Ii2e./U9C8sBjqp8I90dH6hi
Blowfish(2): *
Blowfish(3): $2a$07$rasmuslerd...........uWT0/evsycV1j8mw6CBI/GvO1o5WHpyO
Blowfish(4): $2a$07$rasmuslerd............nIdrcHdxcUxWomQX9j6kvERCFjTg7Ra
**Expected: ===**
Standard DES: rl.3StKT.4T8M
Extended DES: _J9..rasmBYk8r9AiWNc
MD5: $1$rasmusle$rISCgZzpwk3UhDidwXvin0
Blowfish(1): $2a$07$usesomesillystringfore2uDLvp1Ii2e./U9C8sBjqp8I90dH6hi
Blowfish(2): $2a$07$rasmuslerd............nIdrcHdxcUxWomQX9j6kvERCFjTg7Ra
Blowfish(3): $2a$07$rasmuslerd...........uWT0/evsycV1j8mw6CBI/GvO1o5WHpyO
Blowfish(4): $2a$07$rasmuslerd............nIdrcHdxcUxWomQX9j6kvERCFjTg7Ra
SHA-256: $5$rounds=5000$usesomesillystri$KqJWpanXZHKq2BOB43TSaYhEWsQ1Lr5QNyPCDH/Tp.6
SHA-512: $6$rounds=5000$usesomesillystri$D4IrlXatmP7rx3P3InaxBeoomnAihCKRVQP22JZ6EY47Wc6BkroIuUUBOov1i.S5KPgErtP/EN5mcO.ChWQW21
For, SHA-256 and SHA-512, I maynot be installing some module, but any
guide would be nice.
*(from redmine: issue id 5141, created on 2016-02-19, closed on 2017-05-19)*
* Changesets:
* Revision 13863cc1f5f194a380e822e4dd6a6f548864f6b0 by Timo Teräs on 2016-03-25T08:08:42Z:
```
main/php: fix sha256/512 passwords
ref #5141
```
* Revision a924aa20210e7f26602f9ecb3822fb78a101e251 by Timo Teräs on 2016-03-25T08:24:25Z:
```
testing/php7: fix sha256/512 passwords
ref #5141
```
* Uploads:
* [crypt-test.php](/uploads/db17c3d3652a60af55c54490eb0a4510/crypt-test.php)Timo TeräsTimo Teräshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/5140Package request: uwsgi-python32019-07-14T18:35:11ZRoy SindrePackage request: uwsgi-python3According to
http://git.alpinelinux.org/cgit/aports/commit/?id=5526cbe899d66dcd420ef40feff9ef6f5b954e26
Bartłomiej Piotrowski made python2 to be the default supported version
when using uwsgi-python in alpine.
I would like to request to...According to
http://git.alpinelinux.org/cgit/aports/commit/?id=5526cbe899d66dcd420ef40feff9ef6f5b954e26
Bartłomiej Piotrowski made python2 to be the default supported version
when using uwsgi-python in alpine.
I would like to request to package uwsgi-python3 as a separate package
which provides the plugin built for python3 which can be activated by
using “-plugins python3” for example.
(this is how it’s done in other distros it seems, debian and arch)
Assigned issue to current package maintainer of uwsgi.
*(from redmine: issue id 5140, created on 2016-02-18)*Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/5139[3.0] freetype: multiple integer overflows Mac_Read_POST_Resource() leading t...2019-07-23T13:40:31ZAlicha CH[3.0] freetype: multiple integer overflows Mac_Read_POST_Resource() leading to heap-based buffer overflows (CVE-2014-9674)The Mac\_Read\_POST\_Resource function in base/ftobjs.c in FreeType
before 2.5.4
proceeds with adding to length values without validating the original
values,
which allows remote attackers to cause a denial of service (integer
overfl...The Mac\_Read\_POST\_Resource function in base/ftobjs.c in FreeType
before 2.5.4
proceeds with adding to length values without validating the original
values,
which allows remote attackers to cause a denial of service (integer
overflow
and heap-based buffer overflow) or possibly have unspecified other
impact via a crafted Mac font.
### Fixed in version:
freetype 2.5.4
### References:
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2014-9674
https://code.google.com/p/google-security-research/issues/detail?id=153
### Patches:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=240c94a185cd8dae7d03059abec8a5662c35ecd3
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=cd4a5a26e591d01494567df9dec7f72d59551f6e
*(from redmine: issue id 5139, created on 2016-02-18, closed on 2016-02-22)*
* Relations:
* parent #5138
* Changesets:
* Revision 1d2c50f3f04d4a28e1436583aa0cbc42e4071709 on 2016-02-19T11:25:42Z:
```
main/freetype: security upgrade to 2.5.4 (CVE-2014-9674). Fixes #5139
```3.0.7Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/5138freetype: multiple integer overflows Mac_Read_POST_Resource() leading to heap...2019-07-23T13:40:32ZAlicha CHfreetype: multiple integer overflows Mac_Read_POST_Resource() leading to heap-based buffer overflows (CVE-2014-9674)The Mac\_Read\_POST\_Resource function in base/ftobjs.c in FreeType
before 2.5.4
proceeds with adding to length values without validating the original
values,
which allows remote attackers to cause a denial of service (integer
overfl...The Mac\_Read\_POST\_Resource function in base/ftobjs.c in FreeType
before 2.5.4
proceeds with adding to length values without validating the original
values,
which allows remote attackers to cause a denial of service (integer
overflow
and heap-based buffer overflow) or possibly have unspecified other
impact via a crafted Mac font.
### Fixed in version:
freetype 2.5.4
### References:
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2014-9674
https://code.google.com/p/google-security-research/issues/detail?id=153
### Patches:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=240c94a185cd8dae7d03059abec8a5662c35ecd3
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=cd4a5a26e591d01494567df9dec7f72d59551f6e
*(from redmine: issue id 5138, created on 2016-02-18, closed on 2016-02-22)*
* Relations:
* child #5139Carlo LandmeterCarlo Landmeterhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/5137[3.0] libgcrypt: side-channel attack on ECDH with Weierstrass curves (CVE-201...2019-07-23T13:40:33ZAlicha CH[3.0] libgcrypt: side-channel attack on ECDH with Weierstrass curves (CVE-2015-7511)A vulnerability was found in a way the ECDH encryption algorithm
decrypts data.
An attacker with a specialised setup can extract the secret decryption
key from
a target located in an adjacent room within seconds.
This is done by me...A vulnerability was found in a way the ECDH encryption algorithm
decrypts data.
An attacker with a specialised setup can extract the secret decryption
key from
a target located in an adjacent room within seconds.
This is done by measuring the target’s electromagnetic emanations.
### Fixed in version:
libgcrypt 1.6.5
### References:
http://www.cs.tau.ac.il/~tromer/ecdh/
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2015-7511
https://lists.gnupg.org/pipermail/gnupg-announce/2016q1/000384.html
*(from redmine: issue id 5137, created on 2016-02-18, closed on 2016-02-22)*
* Relations:
* parent #5133
* Changesets:
* Revision 50c5627c9d06dca29a6659ea453cf13744758634 on 2016-02-18T14:01:54Z:
```
main/libgcrypt: security upgrade to 1.6.5 (CVE-2015-7511). Fixes #5137
```3.0.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/5136[3.1] libgcrypt: side-channel attack on ECDH with Weierstrass curves (CVE-201...2019-07-23T13:40:34ZAlicha CH[3.1] libgcrypt: side-channel attack on ECDH with Weierstrass curves (CVE-2015-7511)A vulnerability was found in a way the ECDH encryption algorithm
decrypts data.
An attacker with a specialised setup can extract the secret decryption
key from
a target located in an adjacent room within seconds.
This is done by me...A vulnerability was found in a way the ECDH encryption algorithm
decrypts data.
An attacker with a specialised setup can extract the secret decryption
key from
a target located in an adjacent room within seconds.
This is done by measuring the target’s electromagnetic emanations.
### Fixed in version:
libgcrypt 1.6.5
### References:
http://www.cs.tau.ac.il/~tromer/ecdh/
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2015-7511
https://lists.gnupg.org/pipermail/gnupg-announce/2016q1/000384.html
*(from redmine: issue id 5136, created on 2016-02-18, closed on 2016-02-22)*
* Relations:
* parent #5133
* Changesets:
* Revision ac62e682204cffba83c50bb239066f30fad7d00c on 2016-02-18T14:00:13Z:
```
main/libgcrypt: security upgrade to 1.6.5 (CVE-2015-7511). Fixes #5136
```3.1.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/5135[3.2] libgcrypt: side-channel attack on ECDH with Weierstrass curves (CVE-201...2019-07-23T13:40:35ZAlicha CH[3.2] libgcrypt: side-channel attack on ECDH with Weierstrass curves (CVE-2015-7511)A vulnerability was found in a way the ECDH encryption algorithm
decrypts data.
An attacker with a specialised setup can extract the secret decryption
key from
a target located in an adjacent room within seconds.
This is done by me...A vulnerability was found in a way the ECDH encryption algorithm
decrypts data.
An attacker with a specialised setup can extract the secret decryption
key from
a target located in an adjacent room within seconds.
This is done by measuring the target’s electromagnetic emanations.
### Fixed in version:
libgcrypt 1.6.5
### References:
http://www.cs.tau.ac.il/~tromer/ecdh/
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2015-7511
https://lists.gnupg.org/pipermail/gnupg-announce/2016q1/000384.html
*(from redmine: issue id 5135, created on 2016-02-18, closed on 2016-02-22)*
* Relations:
* parent #5133
* Changesets:
* Revision 7bba78bee999efc963c5103be483b0c21a0d84fb on 2016-02-18T13:58:20Z:
```
main/libgcrypt: security upgrade to 1.6.5 (CVE-2015-7511). Fixes #5135
```3.2.4Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/5134[3.3] libgcrypt: side-channel attack on ECDH with Weierstrass curves (CVE-201...2019-07-23T13:40:35ZAlicha CH[3.3] libgcrypt: side-channel attack on ECDH with Weierstrass curves (CVE-2015-7511)A vulnerability was found in a way the ECDH encryption algorithm
decrypts data.
An attacker with a specialised setup can extract the secret decryption
key from
a target located in an adjacent room within seconds.
This is done by me...A vulnerability was found in a way the ECDH encryption algorithm
decrypts data.
An attacker with a specialised setup can extract the secret decryption
key from
a target located in an adjacent room within seconds.
This is done by measuring the target’s electromagnetic emanations.
### Fixed in version:
libgcrypt 1.6.5
### References:
http://www.cs.tau.ac.il/~tromer/ecdh/
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2015-7511
https://lists.gnupg.org/pipermail/gnupg-announce/2016q1/000384.html
*(from redmine: issue id 5134, created on 2016-02-18, closed on 2016-02-22)*
* Relations:
* parent #5133
* Changesets:
* Revision 4f4f6d422f481b09dcc2a537a61530d20f85d19e on 2016-02-18T13:21:29Z:
```
main/libgcrypt: security upgrade to 1.6.5. Fixes #5134
```3.3.2Natanael CopaNatanael Copa