alpine issues
https://gitlab.alpinelinux.org/groups/alpine/-/issues
2019-07-23T13:49:13Z
https://gitlab.alpinelinux.org/alpine/aports/-/issues/4543
nfs not working on v3.2
2019-07-23T13:49:13Z
Yves Schumann
nfs not working on v3.2
I’ve updated a machine which is running as a DomU on a Xen host from
v3.1 to v3.2 and now NFS is not starting.
Dmesg tells me this:
`[ 28.242069] Installing knfsd (copyright (C) 1996 okir`monad.swb.de).
\[ 28.251182\] ——————\[ cut...
I’ve updated a machine which is running as a DomU on a Xen host from
v3.1 to v3.2 and now NFS is not starting.
Dmesg tells me this:
`[ 28.242069] Installing knfsd (copyright (C) 1996 okir`monad.swb.de).
\[ 28.251182\] ——————\[ cut here \]——————
\[ 28.251207\] WARNING: CPU: 1 PID: 1590 at
/home/buildozer/aports/main/linux-grsec/src/linux-3.18/fs/nfsd/nfs4recover.c:1257
nfsd4\_umh\_cltrack\_init+0x60/0x8b \[nfsd\]()
\[ 28.251209\] NFSD: attempt to initialize umh client tracking in a
container!
\[ 28.251211\] Modules linked in: nfsd auth\_rpcgss oid\_registry
exportfs nfsv4 nfs lockd grace sunrpc veth bridge stp llc ipv6
af\_packet evdev pcspkr coretemp hwmon loop ext4 mbcache jbd2 crc16
usb\_storage sd\_mod scsi\_mod
\[ 28.251237\] CPU: 1 PID: 1590 Comm: rpc.nfsd Not tainted
3.18.20-1-grsec \#2-Alpine
\[ 28.251240\] 0000000000000009 ffffc90002b43c78 ffffffff81389318
0000000000000000
\[ 28.251244\] ffffc90002b43cc8 ffffc90002b43cb8 ffffffff81045022
ffffc90002b43ce8
\[ 28.251247\] ffffffffa041cef3 ffff88003d2c8000 ffff88003c5b7040
ffff88003d2c8000
\[ 28.251250\] Call Trace:
\[ 28.251261\] \[<ffffffff81389318>\] dump\_stack+0x46/0x58
\[ 28.251268\] \[<ffffffff81045022>\] warn\_slowpath\_common+0x77/0x91
\[ 28.251279\] \[<ffffffffa041cef3>\] ?
nfsd4\_umh\_cltrack\_init+0x60/0x8b \[nfsd\]
@
See the full output on http://sprunge.us/KSTH
Maybe https://lkml.org/lkml/2013/4/16/168 is neccessary?
*(from redmine: issue id 4543, created on 2015-08-20, closed on 2015-08-25)*
https://gitlab.alpinelinux.org/alpine/aports/-/issues/4542
imagemagick doesn't support lcms
2019-07-23T13:49:14Z
Julian Einwag
imagemagick doesn't support lcms
It appears that the imagemagick packge doesn’t support lcms, although
the lcms2 package is being installed as a depedency:
\# apk add —update imagemagick
fetch
http://dl-4.alpinelinux.org/alpine/v3.2/main/x86\_64/APKINDEX.tar.gz
(1/...
It appears that the imagemagick packge doesn’t support lcms, although
the lcms2 package is being installed as a depedency:
\# apk add —update imagemagick
fetch
http://dl-4.alpinelinux.org/alpine/v3.2/main/x86\_64/APKINDEX.tar.gz
(1/26) Installing libpng (1.6.16-r0)
(2/26) Installing freetype (2.5.5-r0)
(3/26) Installing libgomp (4.9.2-r5)
(4/26) Installing dbus-libs (1.8.16-r1)
(5/26) Installing libintl (0.19.4-r1)
(6/26) Installing avahi-libs (0.6.31-r7)
(7/26) Installing libgcc (4.9.2-r5)
(8/26) Installing gmp (6.0.0a-r0)
(9/26) Installing nettle (3.1.1-r0)
(10/26) Installing libffi (3.2.1-r0)
(11/26) Installing libtasn1 (4.5-r0)
(12/26) Installing p11-kit (0.23.1-r0)
(13/26) Installing gnutls (3.4.1-r0)
(14/26) Installing libstdc<span class="underline"></span> (4.9.2-r5)
(15/26) Installing cups-libs (2.0.3-r1)
(16/26) Installing expat (2.1.0-r1)
(17/26) Installing fontconfig (2.11.1-r1)
(18/26) Installing jbig2dec (0.12-r0)
(19/26) Installing libjpeg-turbo (1.4.0-r0)
(20/26) Installing lcms2 (2.7-r0)
(21/26) Installing openjpeg (2.1.0-r0)
(22/26) Installing tiff (4.0.3-r3)
(23/26) Installing ghostscript (9.16-r1)
(24/26) Installing libltdl (2.4.6-r0)
(25/26) Installing libwebp (0.4.3-r0)
(26/26) Installing imagemagick (6.9.1.2-r0)
/ \# convert -version
Version: ImageMagick 6.9.1-2 Q16 x86\_64 2015-04-29
http://www.imagemagick.org
Copyright: Copyright © 1999-2015 ImageMagick Studio LLC
License: http://www.imagemagick.org/script/license.php
Features: DPC Modules
Delegates (built-in): freetype gslib jng jpeg ltdl png ps webp zlib
Lcms doesn’t show up in the delegates line, but it should if imagemagick
is built with lcms.
*(from redmine: issue id 4542, created on 2015-08-18, closed on 2017-05-17)*
* Changesets:
* Revision 7b08bdce91d0f7978d7b9fd97cc427a45db125b0 by Natanael Copa on 2015-08-18T11:26:17Z:
```
main/imagemagick: enable lcms2
ref #4542
```
* Revision 36dd9538db3039e6ccf89542fe5b9e5d956b39ca by Natanael Copa on 2015-08-18T11:30:48Z:
```
main/imagemagick: enable lcms2
fixes #4542
(cherry picked from commit 7b08bdce91d0f7978d7b9fd97cc427a45db125b0)
```
3.2.4
https://gitlab.alpinelinux.org/alpine/aports/-/issues/4541
imagemagick doesn't support TIFF files
2019-07-23T13:49:15Z
Julian Einwag
imagemagick doesn't support TIFF files
It appears that the imagemagick packge doesn’t support TIFF files,
although the tiff package is being installed as a depedency:
/ \# apk add —update imagemagick
fetch
http://dl-4.alpinelinux.org/alpine/v3.2/main/x86\_64/APKINDEX.tar.g...
It appears that the imagemagick packge doesn’t support TIFF files,
although the tiff package is being installed as a depedency:
/ \# apk add —update imagemagick
fetch
http://dl-4.alpinelinux.org/alpine/v3.2/main/x86\_64/APKINDEX.tar.gz
(1/26) Installing libpng (1.6.16-r0)
(2/26) Installing freetype (2.5.5-r0)
(3/26) Installing libgomp (4.9.2-r5)
(4/26) Installing dbus-libs (1.8.16-r1)
(5/26) Installing libintl (0.19.4-r1)
(6/26) Installing avahi-libs (0.6.31-r7)
(7/26) Installing libgcc (4.9.2-r5)
(8/26) Installing gmp (6.0.0a-r0)
(9/26) Installing nettle (3.1.1-r0)
(10/26) Installing libffi (3.2.1-r0)
(11/26) Installing libtasn1 (4.5-r0)
(12/26) Installing p11-kit (0.23.1-r0)
(13/26) Installing gnutls (3.4.1-r0)
(14/26) Installing libstdc<span class="underline"></span> (4.9.2-r5)
(15/26) Installing cups-libs (2.0.3-r1)
(16/26) Installing expat (2.1.0-r1)
(17/26) Installing fontconfig (2.11.1-r1)
(18/26) Installing jbig2dec (0.12-r0)
(19/26) Installing libjpeg-turbo (1.4.0-r0)
(20/26) Installing lcms2 (2.7-r0)
(21/26) Installing openjpeg (2.1.0-r0)
(22/26) Installing tiff (4.0.3-r3)
(23/26) Installing ghostscript (9.16-r1)
(24/26) Installing libltdl (2.4.6-r0)
(25/26) Installing libwebp (0.4.3-r0)
(26/26) Installing imagemagick (6.9.1.2-r0)
/ \# convert -version
Version: ImageMagick 6.9.1-2 Q16 x86\_64 2015-04-29
http://www.imagemagick.org
Copyright: Copyright © 1999-2015 ImageMagick Studio LLC
License: http://www.imagemagick.org/script/license.php
Features: DPC Modules
Delegates (built-in): freetype gslib jng jpeg ltdl png ps webp zlib
TIFF doesn’t show up in delegates. Please add TIFF support.
Same for lcms btw, but I can file a seperate bug for that one.
*(from redmine: issue id 4541, created on 2015-08-18, closed on 2017-04-08)*
* Changesets:
* Revision 25173a6a7c1332487454074c45264d4019ec9547 by Natanael Copa on 2015-08-18T11:15:16Z:
```
main/imagemagick: enable tiff support
ref #4541
```
* Revision a8412d03005fa8cda15275cbf6bc172f1976da84 by Natanael Copa on 2015-08-18T11:18:38Z:
```
main/imagemagick: enable tiff support
fixes #4541
(cherry picked from commit 25173a6a7c1332487454074c45264d4019ec9547)
```
3.2.4
https://gitlab.alpinelinux.org/alpine/aports/-/issues/4540
Update to stunnel 5.22
2019-07-23T13:49:16Z
algitbot
Update to stunnel 5.22
The stunnel package is currently on 5.01 this is considerably old and
this should be updated. Updating this fixes a number of severe security
issues.
https://www.stunnel.org/sdf\_ChangeLog.html
There are other problems with the APKBUIL...
The stunnel package is currently on 5.01 this is considerably old and
this should be updated. Updating this fixes a number of severe security
issues.
https://www.stunnel.org/sdf\_ChangeLog.html
There are other problems with the APKBUILD too.
* checkpath: owner `root:stunnel' not found
* checkpath: owner `stunnel:stunnel' not found
It doesn’t appear to create the correct user stunnel and group stunnel.
The process should be run by this user and the configurations in
/etc/stunnel should be owned by this user/group.
Updating this APKBUILD would silence this warning.
[.] Compiled with OpenSSL 1.0.1g 7 Apr 2014
[.] Running with OpenSSL 1.0.2d 9 Jul 2015
[.] Update OpenSSL shared libraries or rebuild stunnel
stunnel is required by those who experience some sort of DPI (deep
packet inspection) which involves throttling/blocking of OpenVPN
connections.
http://kyl191.net/2012/12/tunneling-openvpn-through-stunnel/
*(from redmine: issue id 4540, created on 2015-08-18, closed on 2015-12-09)*
3.3.0
Natanael Copa
Natanael Copa
https://gitlab.alpinelinux.org/alpine/infra/turbo-paste/-/issues/3
Serve tpaste.us through SSL/TLS
2015-08-20T22:38:40Z
Carlo Landmeter
Serve tpaste.us through SSL/TLS
*Created by: ScrumpyJack*
that would be lovely
*Created by: ScrumpyJack*
that would be lovely
https://gitlab.alpinelinux.org/alpine/aports/-/issues/4539
lvm2: looks for dmeventd in /usr/sbin
2019-07-23T13:49:16Z
Dennis Przytarski
lvm2: looks for dmeventd in /usr/sbin
# lvchange -a n /dev/vg0/test
/usr/sbin/dmeventd: stat failed: No such file or directory
**Solution**
Add parameter —with-dmeventd-path= to ./configure in APKBUILD.
--with-dmeventd-path=PATH
...
# lvchange -a n /dev/vg0/test
/usr/sbin/dmeventd: stat failed: No such file or directory
**Solution**
Add parameter —with-dmeventd-path= to ./configure in APKBUILD.
--with-dmeventd-path=PATH
dmeventd path [EPREFIX/sbin/dmeventd]
*(from redmine: issue id 4539, created on 2015-08-15, closed on 2017-05-17)*
* Changesets:
* Revision 0a8f934cc3fed755d8d3bea6a06f8dacfaf1778b by Dennis Przytarski on 2015-08-17T10:01:53Z:
```
main/lvm2: fixed dmeventd path, fixes #4539
```
* Revision 377648cf652c7a9d9dbc32be574dc9809ed7b2b1 by Dennis Przytarski on 2015-08-18T09:40:10Z:
```
main/lvm2: fixed dmeventd path, fixes #4539
(cherry picked from commit 0a8f934cc3fed755d8d3bea6a06f8dacfaf1778b)
```
3.2.4
https://gitlab.alpinelinux.org/alpine/aports/-/issues/4538
lvm2: shared library loading error
2019-07-23T13:49:17Z
Dennis Przytarski
lvm2: shared library loading error
# apk add lvm2 lvm2-dmeventd
# ...
# lvcreate --type raid1 -m 1 -L 1G -n test vg0
vg0-test: event registration failed: 2791:3 libdevmapper-event-lvm2raid.so dlopen failed: Error loading shared library libdevmapper-event-lv...
# apk add lvm2 lvm2-dmeventd
# ...
# lvcreate --type raid1 -m 1 -L 1G -n test vg0
vg0-test: event registration failed: 2791:3 libdevmapper-event-lvm2raid.so dlopen failed: Error loading shared library libdevmapper-event-lvm2raid.so: No such file or directory
vg0/test: raid1 segment monitoring function failed.
Logical volume "test" created.
# find / -name libdevmapper-event-lvm2raid.so
/lib/device-mapper/libdevmapper-event-lvm2raid.so
*(from redmine: issue id 4538, created on 2015-08-15, closed on 2017-05-17)*
* Changesets:
* Revision 27a1bb5555f187ba803940f698d3196523f16e84 by Dennis Przytarski on 2015-08-17T11:19:08Z:
```
main/lvm2: added library_dir default config, fixes #4538
```
* Revision 8471f500eb74d5f8cb03b994d9eced24971094a9 by Dennis Przytarski on 2015-08-18T09:44:36Z:
```
main/lvm2: added library_dir default config, fixes #4538
(cherry picked from commit 27a1bb5555f187ba803940f698d3196523f16e84)
```
3.2.4
Natanael Copa
Natanael Copa
https://gitlab.alpinelinux.org/alpine/infra/aports-turbo/-/issues/1
Add repository filter on contents form
2015-08-20T09:20:57Z
Carlo Landmeter
Add repository filter on contents form
This should make it easier to find contents when a package exists in multiple repositories.
This should make it easier to find contents when a package exists in multiple repositories.
Carlo Landmeter
Carlo Landmeter
https://gitlab.alpinelinux.org/alpine/aports/-/issues/4537
hiawatha does not start on alpine 3.2
2019-07-23T13:49:18Z
Jan Vlach
hiawatha does not start on alpine 3.2
Hello alpine bug team,
I need small and lightweight webserver and I thought I’d give hiawatha
a
try, but it doesn’t at all. Seems that it needs to be recompiled with
MBEDTLS\_THREADING\_PTHREAD compiler flag.
So I would like to fil...
Hello alpine bug team,
I need small and lightweight webserver and I thought I’d give hiawatha
a
try, but it doesn’t at all. Seems that it needs to be recompiled with
MBEDTLS\_THREADING\_PTHREAD compiler flag.
So I would like to file a bug.
1. alias pkg=‘apk’ \# to help muscle memory
2. pkg add hiawatha
(1/4) Installing mbedtls (2.0.0-r0)
(2/4) Installing libxml2 (2.9.2-r0)
(3/4) Installing libxslt (1.1.28-r1)
(4/4) Installing hiawatha (9.14-r0)
Executing busybox-1.23.2-r0.trigger
OK: 557 MiB in 137 packages
<!-- -->
1. /etc/init.d/hiawatha start
\* Caching service dependencies …
\[ ok \]
\* Starting hiawatha …
mbed TLS was compiled without the required
MBEDTLS\_THREADING\_PTHREAD
compiler flag.
\* start-stop-daemon: failed to start \`/usr/sbin/hiawatha’
\[ !! \]
\* ERROR: hiawatha failed to start
<!-- -->
1. uname -a
Linux matterhorn 3.18.20-1-grsec \#2-Alpine SMP Wed Aug 12 14:04:15
GMT
2015 x86\_64 Linux
<!-- -->
1. grep Alpine /etc/\*
/etc/issue:Alpine Linux 3.2
/etc/os-release:NAME=“Alpine Linux”
/etc/os-release:PRETTY\_NAME=“Alpine Linux v3.2”
Thank you and have a nice day,
Jan
—
Be the change you want to see in the world.
*(from redmine: issue id 4537, created on 2015-08-14, closed on 2017-05-17)*
* Changesets:
* Revision 84f1ba016af9f1cc1b1d23f1af8360a3b60703fd by Stuart Cardall on 2015-12-24T06:02:18Z:
```
testing/mbedtls: fixes #4537
fixes #4537
```
https://gitlab.alpinelinux.org/alpine/aports/-/issues/4536
[v3.2] go: multiple issues (CVE-2015-5739, CVE-2015-5740, CVE-2015-5741)
2019-07-23T13:49:19Z
Alexander Belous
[v3.2] go: multiple issues (CVE-2015-5739, CVE-2015-5740, CVE-2015-5741)
There have been found potentially exploitable flaws in Golang net/http
library affecting versions 1.4.2 and 1.5.
Problems:
- Double Content-length headers in a request does not generate a 400
error, the second Content-length is i...
There have been found potentially exploitable flaws in Golang net/http
library affecting versions 1.4.2 and 1.5.
Problems:
- Double Content-length headers in a request does not generate a 400
error, the second Content-length is ignored.
- Invalid headers are parsed as valid headers (like “Content Length:”
with a space in the middle)
Exploitations:
In a situation where the net/http agent HTTP communication with the
final
http clients is using some reverse proxy (reverse proxy cache, SSL
terminators, etc), some requests can be made exploiting the net/http
HTTP
protocol violations.
Attacker could possibly:
- bypass security controls on theses previous elements
- perform some cache poisoning on these elements
- alter the request/response map on these previous elements (for DOS)
Reference:
>https://bugzilla.redhat.com/show\_bug.cgi?id=1250352
*(from redmine: issue id 4536, created on 2015-08-14, closed on 2015-09-22)*
* Relations:
* parent #4532
3.2.4
Natanael Copa
Natanael Copa
https://gitlab.alpinelinux.org/alpine/aports/-/issues/4535
[v3.1] go: multiple issues (CVE-2015-5739, CVE-2015-5740, CVE-2015-5741)
2019-07-12T15:00:56Z
Alexander Belous
[v3.1] go: multiple issues (CVE-2015-5739, CVE-2015-5740, CVE-2015-5741)
There have been found potentially exploitable flaws in Golang net/http
library affecting versions 1.4.2 and 1.5.
Problems:
- Double Content-length headers in a request does not generate a 400
error, the second Content-length is i...
There have been found potentially exploitable flaws in Golang net/http
library affecting versions 1.4.2 and 1.5.
Problems:
- Double Content-length headers in a request does not generate a 400
error, the second Content-length is ignored.
- Invalid headers are parsed as valid headers (like “Content Length:”
with a space in the middle)
Exploitations:
In a situation where the net/http agent HTTP communication with the
final
http clients is using some reverse proxy (reverse proxy cache, SSL
terminators, etc), some requests can be made exploiting the net/http
HTTP
protocol violations.
Attacker could possibly:
- bypass security controls on theses previous elements
- perform some cache poisoning on these elements
- alter the request/response map on these previous elements (for DOS)
Reference:
>https://bugzilla.redhat.com/show\_bug.cgi?id=1250352
*(from redmine: issue id 4535, created on 2015-08-14, closed on 2015-09-21)*
* Relations:
* parent #4532
3.1.5
Natanael Copa
Natanael Copa
https://gitlab.alpinelinux.org/alpine/aports/-/issues/4534
[v3.0] go: multiple issues (CVE-2015-5739, CVE-2015-5740, CVE-2015-5741)
2019-07-12T15:00:55Z
Alexander Belous
[v3.0] go: multiple issues (CVE-2015-5739, CVE-2015-5740, CVE-2015-5741)
There have been found potentially exploitable flaws in Golang net/http
library affecting versions 1.4.2 and 1.5.
Problems:
- Double Content-length headers in a request does not generate a 400
error, the second Content-length is i...
There have been found potentially exploitable flaws in Golang net/http
library affecting versions 1.4.2 and 1.5.
Problems:
- Double Content-length headers in a request does not generate a 400
error, the second Content-length is ignored.
- Invalid headers are parsed as valid headers (like “Content Length:”
with a space in the middle)
Exploitations:
In a situation where the net/http agent HTTP communication with the
final
http clients is using some reverse proxy (reverse proxy cache, SSL
terminators, etc), some requests can be made exploiting the net/http
HTTP
protocol violations.
Attacker could possibly:
- bypass security controls on theses previous elements
- perform some cache poisoning on these elements
- alter the request/response map on these previous elements (for DOS)
Reference:
>https://bugzilla.redhat.com/show\_bug.cgi?id=1250352
*(from redmine: issue id 4534, created on 2015-08-14, closed on 2015-09-21)*
* Relations:
* parent #4532
3.0.7
Natanael Copa
Natanael Copa
https://gitlab.alpinelinux.org/alpine/aports/-/issues/4533
[v2.7] go: multiple issues (CVE-2015-5739, CVE-2015-5740, CVE-2015-5741)
2019-07-12T15:00:54Z
Alexander Belous
[v2.7] go: multiple issues (CVE-2015-5739, CVE-2015-5740, CVE-2015-5741)
There have been found potentially exploitable flaws in Golang net/http
library affecting versions 1.4.2 and 1.5.
Problems:
- Double Content-length headers in a request does not generate a 400
error, the second Content-length is i...
There have been found potentially exploitable flaws in Golang net/http
library affecting versions 1.4.2 and 1.5.
Problems:
- Double Content-length headers in a request does not generate a 400
error, the second Content-length is ignored.
- Invalid headers are parsed as valid headers (like “Content Length:”
with a space in the middle)
Exploitations:
In a situation where the net/http agent HTTP communication with the
final
http clients is using some reverse proxy (reverse proxy cache, SSL
terminators, etc), some requests can be made exploiting the net/http
HTTP
protocol violations.
Attacker could possibly:
- bypass security controls on theses previous elements
- perform some cache poisoning on these elements
- alter the request/response map on these previous elements (for DOS)
Reference:
>https://bugzilla.redhat.com/show\_bug.cgi?id=1250352
*(from redmine: issue id 4533, created on 2015-08-14, closed on 2015-09-21)*
* Relations:
* parent #4532
Alpine 2.7.10
Natanael Copa
Natanael Copa
https://gitlab.alpinelinux.org/alpine/aports/-/issues/4531
[v3.2] gdk-pixbuf: heap overflow and DoS affecting Firefox and other programs...
2019-07-23T13:49:20Z
Alexander Belous
[v3.2] gdk-pixbuf: heap overflow and DoS affecting Firefox and other programs [x86_64] (CVE-2015-4491)
We found a heap overflow and a DoS in the gdk-pixbuf implementation
triggered by the scaling of a malformed bmp. These issues are affecting
x86\_64 builds (we tested in a fully updated Ubuntu 14.04 and Debian
Wheezy). For example, Ubuntu...
We found a heap overflow and a DoS in the gdk-pixbuf implementation
triggered by the scaling of a malformed bmp. These issues are affecting
x86\_64 builds (we tested in a fully updated Ubuntu 14.04 and Debian
Wheezy). For example, Ubuntu 14.04 ships with gdk-pixbuf 2.30 but newer
versions are affected as well.
The issue happens when a program is trying to parse and scale a crafted
bmp using gdk-pixbuf (for instance, using get\_scaled\_pixbuf). It will
result at least in an DoS aborting the program with a SIGTRAP. It is
also possible to perform a heap overflow if you select the suitable
width and height in a malicious bmp according to the scaled width and
height. The cause of the heap overflow is this integer overflow located
here:
https://github.com/GNOME/gdk-pixbuf/blob/f79085cbec9997895e252dce994d18139d719e26/gdk-pixbuf/pixops/pixops.c\#L1275
and the insufficient checks performed in the gdk\_pixbuf\_new function.
Interestingly enough, in a recent version of gdk-pixbuf (2.31 or newer)
somebody replaced some old code that checks for a overflow with a
g\_try\_malloc\_n that is supposed to check for overflow, but it doesn’t
in x86\_64 (you can see the old and new code here:
https://github.com/GNOME/gdk-pixbuf/commit/deb78d971c4bcb9e3ccbb71e7925bc6baa707188\#diff-cde3af8b5b1c0789407148d53a75
ae22R448)
Unfortunately, at least Firefox and Chromium are using gdk-pixbuf
primitives to implement file pickers, so they are affected. A minimal
example of a vulnerable program is attached: it is just a call to
gdk\_pixbuf\_new\_from\_file\_at\_size. Also two bmp POC are included:
one to crash the minimal example and another POC to trigger a heap
overflow in Firefox (it works with pixbuf 2.31 or newer). You should
attach the uncompressed bmp or try to open it (using ctrl+O) (that’s the
reason we are sending it compressed!). Remember that this vulnerability
depends on a malloc call and can fail if your real/virtual memory is not
large enough. In particular, the Firefox POC requires at least 12GB of
memory available for allocation.
Reference:
>https://bugzilla.gnome.org/show\_bug.cgi?id=752297
*(from redmine: issue id 4531, created on 2015-08-14, closed on 2015-10-02)*
* Relations:
* parent #4527
* Changesets:
* Revision 855144a2d8b93a86606f4b6f5dd87f994a09ee2f by Natanael Copa on 2015-09-21T07:09:53Z:
```
main/gdk-pixbuf: security upgrade to 2.31.5 (CVE-2015-4491)
ref #4527
fixes #4531
```
3.2.4
Natanael Copa
Natanael Copa
https://gitlab.alpinelinux.org/alpine/aports/-/issues/4530
[v3.1] gdk-pixbuf: heap overflow and DoS affecting Firefox and other programs...
2019-07-23T13:49:21Z
Alexander Belous
[v3.1] gdk-pixbuf: heap overflow and DoS affecting Firefox and other programs [x86_64] (CVE-2015-4491)
We found a heap overflow and a DoS in the gdk-pixbuf implementation
triggered by the scaling of a malformed bmp. These issues are affecting
x86\_64 builds (we tested in a fully updated Ubuntu 14.04 and Debian
Wheezy). For example, Ubuntu...
We found a heap overflow and a DoS in the gdk-pixbuf implementation
triggered by the scaling of a malformed bmp. These issues are affecting
x86\_64 builds (we tested in a fully updated Ubuntu 14.04 and Debian
Wheezy). For example, Ubuntu 14.04 ships with gdk-pixbuf 2.30 but newer
versions are affected as well.
The issue happens when a program is trying to parse and scale a crafted
bmp using gdk-pixbuf (for instance, using get\_scaled\_pixbuf). It will
result at least in an DoS aborting the program with a SIGTRAP. It is
also possible to perform a heap overflow if you select the suitable
width and height in a malicious bmp according to the scaled width and
height. The cause of the heap overflow is this integer overflow located
here:
https://github.com/GNOME/gdk-pixbuf/blob/f79085cbec9997895e252dce994d18139d719e26/gdk-pixbuf/pixops/pixops.c\#L1275
and the insufficient checks performed in the gdk\_pixbuf\_new function.
Interestingly enough, in a recent version of gdk-pixbuf (2.31 or newer)
somebody replaced some old code that checks for a overflow with a
g\_try\_malloc\_n that is supposed to check for overflow, but it doesn’t
in x86\_64 (you can see the old and new code here:
https://github.com/GNOME/gdk-pixbuf/commit/deb78d971c4bcb9e3ccbb71e7925bc6baa707188\#diff-cde3af8b5b1c0789407148d53a75
ae22R448)
Unfortunately, at least Firefox and Chromium are using gdk-pixbuf
primitives to implement file pickers, so they are affected. A minimal
example of a vulnerable program is attached: it is just a call to
gdk\_pixbuf\_new\_from\_file\_at\_size. Also two bmp POC are included:
one to crash the minimal example and another POC to trigger a heap
overflow in Firefox (it works with pixbuf 2.31 or newer). You should
attach the uncompressed bmp or try to open it (using ctrl+O) (that’s the
reason we are sending it compressed!). Remember that this vulnerability
depends on a malloc call and can fail if your real/virtual memory is not
large enough. In particular, the Firefox POC requires at least 12GB of
memory available for allocation.
Reference:
>https://bugzilla.gnome.org/show\_bug.cgi?id=752297
*(from redmine: issue id 4530, created on 2015-08-14, closed on 2015-10-02)*
* Relations:
* parent #4527
* Changesets:
* Revision fac73347e841c6a32b01f2a0c29c6e352c8fcae0 by Natanael Copa on 2015-09-21T07:10:39Z:
```
main/gdk-pixbuf: security upgrade to 2.31.5 (CVE-2015-4491)
ref #4527
fixes #4530
```
3.1.5
Natanael Copa
Natanael Copa
https://gitlab.alpinelinux.org/alpine/aports/-/issues/4529
[v3.0] gdk-pixbuf: heap overflow and DoS affecting Firefox and other programs...
2019-07-23T13:49:22Z
Alexander Belous
[v3.0] gdk-pixbuf: heap overflow and DoS affecting Firefox and other programs [x86_64] (CVE-2015-4491)
We found a heap overflow and a DoS in the gdk-pixbuf implementation
triggered by the scaling of a malformed bmp. These issues are affecting
x86\_64 builds (we tested in a fully updated Ubuntu 14.04 and Debian
Wheezy). For example, Ubuntu...
We found a heap overflow and a DoS in the gdk-pixbuf implementation
triggered by the scaling of a malformed bmp. These issues are affecting
x86\_64 builds (we tested in a fully updated Ubuntu 14.04 and Debian
Wheezy). For example, Ubuntu 14.04 ships with gdk-pixbuf 2.30 but newer
versions are affected as well.
The issue happens when a program is trying to parse and scale a crafted
bmp using gdk-pixbuf (for instance, using get\_scaled\_pixbuf). It will
result at least in an DoS aborting the program with a SIGTRAP. It is
also possible to perform a heap overflow if you select the suitable
width and height in a malicious bmp according to the scaled width and
height. The cause of the heap overflow is this integer overflow located
here:
https://github.com/GNOME/gdk-pixbuf/blob/f79085cbec9997895e252dce994d18139d719e26/gdk-pixbuf/pixops/pixops.c\#L1275
and the insufficient checks performed in the gdk\_pixbuf\_new function.
Interestingly enough, in a recent version of gdk-pixbuf (2.31 or newer)
somebody replaced some old code that checks for a overflow with a
g\_try\_malloc\_n that is supposed to check for overflow, but it doesn’t
in x86\_64 (you can see the old and new code here:
https://github.com/GNOME/gdk-pixbuf/commit/deb78d971c4bcb9e3ccbb71e7925bc6baa707188\#diff-cde3af8b5b1c0789407148d53a75
ae22R448)
Unfortunately, at least Firefox and Chromium are using gdk-pixbuf
primitives to implement file pickers, so they are affected. A minimal
example of a vulnerable program is attached: it is just a call to
gdk\_pixbuf\_new\_from\_file\_at\_size. Also two bmp POC are included:
one to crash the minimal example and another POC to trigger a heap
overflow in Firefox (it works with pixbuf 2.31 or newer). You should
attach the uncompressed bmp or try to open it (using ctrl+O) (that’s the
reason we are sending it compressed!). Remember that this vulnerability
depends on a malloc call and can fail if your real/virtual memory is not
large enough. In particular, the Firefox POC requires at least 12GB of
memory available for allocation.
Reference:
>https://bugzilla.gnome.org/show\_bug.cgi?id=752297
*(from redmine: issue id 4529, created on 2015-08-14, closed on 2015-10-02)*
* Relations:
* parent #4527
* Changesets:
* Revision d72bd99a0754b62de5b56c5ae2ef29e4eafc4488 by Natanael Copa on 2015-09-21T07:13:55Z:
```
main/gdk-pixbuf: security upgrade to 2.31.5 (CVE-2015-4491)
ref #4527
fixes #4529
```
3.0.7
Natanael Copa
Natanael Copa
https://gitlab.alpinelinux.org/alpine/aports/-/issues/4528
[v2.7] gdk-pixbuf: heap overflow and DoS affecting Firefox and other programs...
2019-07-23T13:49:23Z
Alexander Belous
[v2.7] gdk-pixbuf: heap overflow and DoS affecting Firefox and other programs [x86_64] (CVE-2015-4491)
We found a heap overflow and a DoS in the gdk-pixbuf implementation
triggered by the scaling of a malformed bmp. These issues are affecting
x86\_64 builds (we tested in a fully updated Ubuntu 14.04 and Debian
Wheezy). For example, Ubuntu...
We found a heap overflow and a DoS in the gdk-pixbuf implementation
triggered by the scaling of a malformed bmp. These issues are affecting
x86\_64 builds (we tested in a fully updated Ubuntu 14.04 and Debian
Wheezy). For example, Ubuntu 14.04 ships with gdk-pixbuf 2.30 but newer
versions are affected as well.
The issue happens when a program is trying to parse and scale a crafted
bmp using gdk-pixbuf (for instance, using get\_scaled\_pixbuf). It will
result at least in an DoS aborting the program with a SIGTRAP. It is
also possible to perform a heap overflow if you select the suitable
width and height in a malicious bmp according to the scaled width and
height. The cause of the heap overflow is this integer overflow located
here:
https://github.com/GNOME/gdk-pixbuf/blob/f79085cbec9997895e252dce994d18139d719e26/gdk-pixbuf/pixops/pixops.c\#L1275
and the insufficient checks performed in the gdk\_pixbuf\_new function.
Interestingly enough, in a recent version of gdk-pixbuf (2.31 or newer)
somebody replaced some old code that checks for a overflow with a
g\_try\_malloc\_n that is supposed to check for overflow, but it doesn’t
in x86\_64 (you can see the old and new code here:
https://github.com/GNOME/gdk-pixbuf/commit/deb78d971c4bcb9e3ccbb71e7925bc6baa707188\#diff-cde3af8b5b1c0789407148d53a75
ae22R448)
Unfortunately, at least Firefox and Chromium are using gdk-pixbuf
primitives to implement file pickers, so they are affected. A minimal
example of a vulnerable program is attached: it is just a call to
gdk\_pixbuf\_new\_from\_file\_at\_size. Also two bmp POC are included:
one to crash the minimal example and another POC to trigger a heap
overflow in Firefox (it works with pixbuf 2.31 or newer). You should
attach the uncompressed bmp or try to open it (using ctrl+O) (that’s the
reason we are sending it compressed!). Remember that this vulnerability
depends on a malloc call and can fail if your real/virtual memory is not
large enough. In particular, the Firefox POC requires at least 12GB of
memory available for allocation.
Reference:
>https://bugzilla.gnome.org/show\_bug.cgi?id=752297
*(from redmine: issue id 4528, created on 2015-08-14, closed on 2015-10-02)*
* Relations:
* parent #4527
* Changesets:
* Revision 24bd75c799179686597754fad1d6f4393a9daa02 by Natanael Copa on 2015-09-21T07:14:35Z:
```
main/gdk-pixbuf: security upgrade to 2.31.5 (CVE-2015-4491)
ref #4527
fixes #4528
```
Alpine 2.7.10
Natanael Copa
Natanael Copa
https://gitlab.alpinelinux.org/alpine/aports/-/issues/4527
gdk-pixbuf: heap overflow and DoS affecting Firefox and other programs [x86_6...
2019-07-23T13:49:25Z
Alexander Belous
gdk-pixbuf: heap overflow and DoS affecting Firefox and other programs [x86_64] (CVE-2015-4491)
We found a heap overflow and a DoS in the gdk-pixbuf implementation
triggered by the scaling of a malformed bmp. These issues are affecting
x86\_64 builds (we tested in a fully updated Ubuntu 14.04 and Debian
Wheezy). For example, Ubuntu...
We found a heap overflow and a DoS in the gdk-pixbuf implementation
triggered by the scaling of a malformed bmp. These issues are affecting
x86\_64 builds (we tested in a fully updated Ubuntu 14.04 and Debian
Wheezy). For example, Ubuntu 14.04 ships with gdk-pixbuf 2.30 but newer
versions are affected as well.
The issue happens when a program is trying to parse and scale a crafted
bmp using gdk-pixbuf (for instance, using get\_scaled\_pixbuf). It will
result at least in an DoS aborting the program with a SIGTRAP. It is
also possible to perform a heap overflow if you select the suitable
width and height in a malicious bmp according to the scaled width and
height. The cause of the heap overflow is this integer overflow located
here:
https://github.com/GNOME/gdk-pixbuf/blob/f79085cbec9997895e252dce994d18139d719e26/gdk-pixbuf/pixops/pixops.c\#L1275
and the insufficient checks performed in the gdk\_pixbuf\_new function.
Interestingly enough, in a recent version of gdk-pixbuf (2.31 or newer)
somebody replaced some old code that checks for a overflow with a
g\_try\_malloc\_n that is supposed to check for overflow, but it doesn’t
in x86\_64 (you can see the old and new code here:
https://github.com/GNOME/gdk-pixbuf/commit/deb78d971c4bcb9e3ccbb71e7925bc6baa707188\#diff-cde3af8b5b1c0789407148d53a75
ae22R448)
Unfortunately, at least Firefox and Chromium are using gdk-pixbuf
primitives to implement file pickers, so they are affected. A minimal
example of a vulnerable program is attached: it is just a call to
gdk\_pixbuf\_new\_from\_file\_at\_size. Also two bmp POC are included:
one to crash the minimal example and another POC to trigger a heap
overflow in Firefox (it works with pixbuf 2.31 or newer). You should
attach the uncompressed bmp or try to open it (using ctrl+O) (that’s the
reason we are sending it compressed!). Remember that this vulnerability
depends on a malloc call and can fail if your real/virtual memory is not
large enough. In particular, the Firefox POC requires at least 12GB of
memory available for allocation.
Reference:
>https://bugzilla.gnome.org/show\_bug.cgi?id=752297
*(from redmine: issue id 4527, created on 2015-08-14, closed on 2015-10-02)*
* Relations:
* child #4528
* child #4529
* child #4530
* child #4531
* Changesets:
* Revision 8eb537ab7f1ef8e526a8d037bee262a0f540f56b by Natanael Copa on 2015-08-14T11:22:26Z:
```
main/gdk-pixbuf: security upgrade to 2.31.5 (CVE-2015-4491)
ref #4527
```
* Revision 855144a2d8b93a86606f4b6f5dd87f994a09ee2f by Natanael Copa on 2015-09-21T07:09:53Z:
```
main/gdk-pixbuf: security upgrade to 2.31.5 (CVE-2015-4491)
ref #4527
fixes #4531
```
* Revision fac73347e841c6a32b01f2a0c29c6e352c8fcae0 by Natanael Copa on 2015-09-21T07:10:39Z:
```
main/gdk-pixbuf: security upgrade to 2.31.5 (CVE-2015-4491)
ref #4527
fixes #4530
```
* Revision d72bd99a0754b62de5b56c5ae2ef29e4eafc4488 by Natanael Copa on 2015-09-21T07:13:55Z:
```
main/gdk-pixbuf: security upgrade to 2.31.5 (CVE-2015-4491)
ref #4527
fixes #4529
```
* Revision 24bd75c799179686597754fad1d6f4393a9daa02 by Natanael Copa on 2015-09-21T07:14:35Z:
```
main/gdk-pixbuf: security upgrade to 2.31.5 (CVE-2015-4491)
ref #4527
fixes #4528
```
https://gitlab.alpinelinux.org/alpine/aports/-/issues/4526
[v3.2] rt4: vulnerable to a cross-site scripting (XSS) attack via the user an...
2019-07-23T13:49:26Z
Alexander Belous
[v3.2] rt4: vulnerable to a cross-site scripting (XSS) attack via the user and group rights management pages and the cryptography interface (CVE-2015-5475)
We have discovered security vulnerabilities which affect both RT 4.0.x
and RT 4.2.x. We are releasing RT versions 4.0.24 and 4.2.12 to resolve
these vulnerabilities, as well as patches which apply atop all released
versions of 4.0 and 4....
We have discovered security vulnerabilities which affect both RT 4.0.x
and RT 4.2.x. We are releasing RT versions 4.0.24 and 4.2.12 to resolve
these vulnerabilities, as well as patches which apply atop all released
versions of 4.0 and 4.2.
The vulnerabilities addressed by 4.0.24, 4.2.12, and the below patches
include the following:
RT 4.0.0 and above are vulnerable to a cross-site scripting (XSS) attack
via the user and group rights management pages. This vulnerability is
assigned CVE-2015-5475. It was discovered and reported by Marcin Kopeć
at Data Reliance Shared Service Center.
RT 4.2.0 and above are vulnerable to a cross-site scripting (XSS) attack
via the cryptography interface. This vulnerability could allow an
attacker with a carefully-crafted key to inject JavaScript into RT’s
user interface. Installations which use neither GnuPG nor S/MIME are
unaffected.
Patches for all releases of 4.0.x and 4.2.x are available (signature).
Versions of RT older than 4.0.0 are unsupported and do not receive
security patches; please contact sales@bestpractical.com if you need
assistance with an older RT version.
Reference:
>
http://blog.bestpractical.com/2015/08/security-vulnerabilities-in-rt.html
*(from redmine: issue id 4526, created on 2015-08-14, closed on 2016-06-24)*
* Relations:
* parent #4522
* Changesets:
* Revision f6613c0a589c390c2eccf8341b6a740b393ecdda by Natanael Copa on 2015-08-14T11:08:12Z:
```
main/rt4: security upgrade to 4.2.12 (CVE-2015-5475)
fixes #4526
```
3.2.4
Natanael Copa
Natanael Copa
https://gitlab.alpinelinux.org/alpine/aports/-/issues/4525
[v3.1] rt4: vulnerable to a cross-site scripting (XSS) attack via the user an...
2019-07-23T13:49:27Z
Alexander Belous
[v3.1] rt4: vulnerable to a cross-site scripting (XSS) attack via the user and group rights management pages and the cryptography interface (CVE-2015-5475)
We have discovered security vulnerabilities which affect both RT 4.0.x
and RT 4.2.x. We are releasing RT versions 4.0.24 and 4.2.12 to resolve
these vulnerabilities, as well as patches which apply atop all released
versions of 4.0 and 4....
We have discovered security vulnerabilities which affect both RT 4.0.x
and RT 4.2.x. We are releasing RT versions 4.0.24 and 4.2.12 to resolve
these vulnerabilities, as well as patches which apply atop all released
versions of 4.0 and 4.2.
The vulnerabilities addressed by 4.0.24, 4.2.12, and the below patches
include the following:
RT 4.0.0 and above are vulnerable to a cross-site scripting (XSS) attack
via the user and group rights management pages. This vulnerability is
assigned CVE-2015-5475. It was discovered and reported by Marcin Kopeć
at Data Reliance Shared Service Center.
RT 4.2.0 and above are vulnerable to a cross-site scripting (XSS) attack
via the cryptography interface. This vulnerability could allow an
attacker with a carefully-crafted key to inject JavaScript into RT’s
user interface. Installations which use neither GnuPG nor S/MIME are
unaffected.
Patches for all releases of 4.0.x and 4.2.x are available (signature).
Versions of RT older than 4.0.0 are unsupported and do not receive
security patches; please contact sales@bestpractical.com if you need
assistance with an older RT version.
Reference:
>
http://blog.bestpractical.com/2015/08/security-vulnerabilities-in-rt.html
*(from redmine: issue id 4525, created on 2015-08-14, closed on 2016-06-24)*
* Relations:
* parent #4522
* Changesets:
* Revision 6c8810bb2cd58455d9a4044e2d61d58af53ee9b8 on 2015-12-04T10:24:41Z:
```
main/rt4: security fix CVE-2015-5475. Fixes #4525
```
3.1.5
Natanael Copa
Natanael Copa