alpine issueshttps://gitlab.alpinelinux.org/groups/alpine/-/issues2019-07-23T13:32:48Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4488whois doesn't work2019-07-23T13:32:48Zalgitbotwhois doesn't workWhen I whois a domain, it just hangs, without giving any output.
*(from redmine: issue id 4488, created on 2015-07-28, closed on 2016-08-12)*
* Relations:
* duplicates #5705
* Changesets:
* Revision 4eb826279c131257c3bc37d42f39420...When I whois a domain, it just hangs, without giving any output.
*(from redmine: issue id 4488, created on 2015-07-28, closed on 2016-08-12)*
* Relations:
* duplicates #5705
* Changesets:
* Revision 4eb826279c131257c3bc37d42f394208022ef07e on 2016-08-11T10:58:11Z:
```
main/busybox: include whois fix from upstream
Fixes #4488
```
* Revision 5a256fe62326a15ce7a303733cfcb19800ebe914 on 2016-08-12T14:34:59Z:
```
main/busybox: include whois fix from upstream
Fixes #4488
(cherry picked from commit 4eb826279c131257c3bc37d42f394208022ef07e)
```3.4.3https://gitlab.alpinelinux.org/alpine/aports/-/issues/4487[v2.7] php: Segfault, Buffer overflow and stack smashing (CVE-2015-5589, CVE-...2019-07-23T13:49:56ZAlexander Belous[v2.7] php: Segfault, Buffer overflow and stack smashing (CVE-2015-5589, CVE-2015-5590)Segfault in Phar::convertToData on invalid file
https://bugs.php.net/bug.php?id=69958
http://git.php.net/?p=php-src.git;a=commit;h=bf58162ddf970f63502837f366930e44d6a992cf
\- php\_stream\_close(phar->fp);
+ if (phar->fp) { ...Segfault in Phar::convertToData on invalid file
https://bugs.php.net/bug.php?id=69958
http://git.php.net/?p=php-src.git;a=commit;h=bf58162ddf970f63502837f366930e44d6a992cf
\- php\_stream\_close(phar->fp);
+ if (phar->fp) {
+ php\_stream\_close(phar->fp);
+ }
Use CVE-2015-5589.
Buffer overflow and stack smashing error in phar\_fix\_filepath
https://bugs.php.net/bug.php?id=69923
http://git.php.net/?p=php-src.git;a=commit;h=6dedeb40db13971af45276f80b5375030aa7e76f
there is no check if \`newpath\_len\` will exceed MAXPATHLEN, which is
the size of \`newpath\` on the stack.
Use CVE-2015-5590.
Reference:
http://seclists.org/oss-sec/2015/q3/147
http://seclists.org/oss-sec/2015/q3/161
*(from redmine: issue id 4487, created on 2015-07-27, closed on 2015-07-31)*
* Relations:
* parent #4485
* Changesets:
* Revision af4ecb2f45cb22986569333512a85f995728a742 by Natanael Copa on 2015-07-30T14:46:13Z:
```
main/php: security upgrade to 5.5.27 (CVE-2015-3152,CVE-2015-5589,CVE-2015-5590)
fixes #4487
```Alpine 2.7.10Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4486[v3.0] php: Segfault, Buffer overflow and stack smashing (CVE-2015-5589, CVE-...2019-07-23T13:49:57ZAlexander Belous[v3.0] php: Segfault, Buffer overflow and stack smashing (CVE-2015-5589, CVE-2015-5590)Segfault in Phar::convertToData on invalid file
https://bugs.php.net/bug.php?id=69958
http://git.php.net/?p=php-src.git;a=commit;h=bf58162ddf970f63502837f366930e44d6a992cf
\- php\_stream\_close(phar->fp);
+ if (phar->fp) { ...Segfault in Phar::convertToData on invalid file
https://bugs.php.net/bug.php?id=69958
http://git.php.net/?p=php-src.git;a=commit;h=bf58162ddf970f63502837f366930e44d6a992cf
\- php\_stream\_close(phar->fp);
+ if (phar->fp) {
+ php\_stream\_close(phar->fp);
+ }
Use CVE-2015-5589.
Buffer overflow and stack smashing error in phar\_fix\_filepath
https://bugs.php.net/bug.php?id=69923
http://git.php.net/?p=php-src.git;a=commit;h=6dedeb40db13971af45276f80b5375030aa7e76f
there is no check if \`newpath\_len\` will exceed MAXPATHLEN, which is
the size of \`newpath\` on the stack.
Use CVE-2015-5590.
Reference:
http://seclists.org/oss-sec/2015/q3/147
http://seclists.org/oss-sec/2015/q3/161
*(from redmine: issue id 4486, created on 2015-07-27, closed on 2015-07-31)*
* Relations:
* parent #4485
* Changesets:
* Revision 203c60e93f227c5829b37eb04feb8e53045cabdf by Natanael Copa on 2015-07-30T14:23:50Z:
```
main/php: security upgrade to 5.5.27 (CVE-2015-3152,CVE-2015-5589,CVE-2015-5590)
fixes #4486
```3.0.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4485php: Segfault, Buffer overflow and stack smashing (CVE-2015-5589, CVE-2015-5590)2019-07-23T13:49:59ZAlexander Belousphp: Segfault, Buffer overflow and stack smashing (CVE-2015-5589, CVE-2015-5590)Segfault in Phar::convertToData on invalid file
https://bugs.php.net/bug.php?id=69958
http://git.php.net/?p=php-src.git;a=commit;h=bf58162ddf970f63502837f366930e44d6a992cf
\- php\_stream\_close(phar->fp);
+ if (phar->fp) { ...Segfault in Phar::convertToData on invalid file
https://bugs.php.net/bug.php?id=69958
http://git.php.net/?p=php-src.git;a=commit;h=bf58162ddf970f63502837f366930e44d6a992cf
\- php\_stream\_close(phar->fp);
+ if (phar->fp) {
+ php\_stream\_close(phar->fp);
+ }
Use CVE-2015-5589.
Buffer overflow and stack smashing error in phar\_fix\_filepath
https://bugs.php.net/bug.php?id=69923
http://git.php.net/?p=php-src.git;a=commit;h=6dedeb40db13971af45276f80b5375030aa7e76f
there is no check if \`newpath\_len\` will exceed MAXPATHLEN, which is
the size of \`newpath\` on the stack.
Use CVE-2015-5590.
Reference:
http://seclists.org/oss-sec/2015/q3/147
http://seclists.org/oss-sec/2015/q3/161
*(from redmine: issue id 4485, created on 2015-07-27, closed on 2015-07-31)*
* Relations:
* child #4486
* child #4487https://gitlab.alpinelinux.org/alpine/aports/-/issues/4484strongswan-5.3.2-r6: /etc/strongswan.d/charon/kernel-netlink.conf is empty, c...2019-07-23T13:49:59ZWilliam Shallumstrongswan-5.3.2-r6: /etc/strongswan.d/charon/kernel-netlink.conf is empty, charon cannot startI installed strongswan-5.3.2-r6, did some configuration, tried to start
it (/etc/init.d/charon start) and charon fails to start with this error:
00[LIB] feature CUSTOM:libcharon in critical plugin 'charon' has unmet dependency: CUST...I installed strongswan-5.3.2-r6, did some configuration, tried to start
it (/etc/init.d/charon start) and charon fails to start with this error:
00[LIB] feature CUSTOM:libcharon in critical plugin 'charon' has unmet dependency: CUSTOM:kernel-ipsec
I checked and found that /etc/strongswan.d/charon/kernel-netlink.conf is
empty.
Changing the contents to:
kernel-netlink {
load = yes
}
allows charon to start.
*(from redmine: issue id 4484, created on 2015-07-26, closed on 2015-08-10)*
* Changesets:
* Revision d634801b2da421730ff3c224c3af3f67193f5f0a by Timo Teräs on 2015-07-31T22:53:37Z:
```
main/strongswan: additional fixes
- python is needed to prepare config file templates, ref #4484
- three cherry-picks from upstream git master and merge pending branches
- add patch to fix connection authentication when multiple CAs are allowed
```
* Revision 0fe0ce7c76ad69510ff0edfdb9bd7d9d244787d5 by Timo Teräs on 2015-07-31T22:56:58Z:
```
main/strongswan: additional fixes
- python is needed to prepare config file templates, ref #4484
- three cherry-picks from upstream git master and merge pending branches
- add patch to fix connection authentication when multiple CAs are allowed
(cherry picked from commit d634801b2da421730ff3c224c3af3f67193f5f0a)
```3.2.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4483[PATCH] main/mksh: add /bin/mksh to /etc/shells2019-07-23T13:50:01ZBernd Lauert[PATCH] main/mksh: add /bin/mksh to /etc/shellsThis adds /bin/mksh to the /etc/shells file.
*(from redmine: issue id 4483, created on 2015-07-25, closed on 2017-04-08)*
* Uploads:
* [0001-main-mksh-add-bin-mksh-to-etc-shells.patch](/uploads/a4439011ccdd459b1d2481f78166864d/0001-...This adds /bin/mksh to the /etc/shells file.
*(from redmine: issue id 4483, created on 2015-07-25, closed on 2017-04-08)*
* Uploads:
* [0001-main-mksh-add-bin-mksh-to-etc-shells.patch](/uploads/a4439011ccdd459b1d2481f78166864d/0001-main-mksh-add-bin-mksh-to-etc-shells.patch)
* [0001-main-mksh-add-usr-bin-mksh-to-etc-shells.patch](/uploads/da8aa8faf083fd43a6cdce10b393fa55/0001-main-mksh-add-usr-bin-mksh-to-etc-shells.patch)Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4482[v3.2] cacti: multiple SQL injections (CVE-2015-4634)2019-07-23T13:50:01ZAlexander Belous[v3.2] cacti: multiple SQL injections (CVE-2015-4634)CVE-2015-4634 was assigned for an SQL injection in cacti \[0\], but
according to
the commit fixing it \[1\] several other SQL injections were also found:
-bug\#0002574: SQL Injection Vulnerabilitie in graph items and graph
template it...CVE-2015-4634 was assigned for an SQL injection in cacti \[0\], but
according to
the commit fixing it \[1\] several other SQL injections were also found:
-bug\#0002574: SQL Injection Vulnerabilitie in graph items and graph
template items
http://bugs.cacti.net/view.php?id=0002574
-bug\#0002579: SQL Injection Vulnerabilitie in data sources
http://bugs.cacti.net/view.php?id=0002579
-bug\#0002580: SQL Injection in cdef.php
http://bugs.cacti.net/view.php?id=0002580
-bug\#0002582: SQL Injection in data\_templates.php
http://bugs.cacti.net/view.php?id=0002582
-bug\#0002583: SQL Injection in graph\_templates.php
http://bugs.cacti.net/view.php?id=0002583
-bug\#0002584: SQL Injection in host\_templates.php
http://bugs.cacti.net/view.php?id=0002584
Reference:
http://seclists.org/oss-sec/2015/q3/150
*(from redmine: issue id 4482, created on 2015-07-24, closed on 2015-07-31)*
* Relations:
* parent #4478
* Changesets:
* Revision 5d1d6ac80a8133f1a46f399aeb26d15ec909975f by Natanael Copa on 2015-07-31T06:28:17Z:
```
main/cacti: security upgrade to 0.8.8f (CVE-2015-4634)
fixes #4482
```3.2.3Jeff Bilykjbilyk@gmail.comJeff Bilykjbilyk@gmail.comhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4481[v3.1] cacti: multiple SQL injections (CVE-2015-4634)2019-07-23T13:50:03ZAlexander Belous[v3.1] cacti: multiple SQL injections (CVE-2015-4634)CVE-2015-4634 was assigned for an SQL injection in cacti \[0\], but
according to
the commit fixing it \[1\] several other SQL injections were also found:
-bug\#0002574: SQL Injection Vulnerabilitie in graph items and graph
template it...CVE-2015-4634 was assigned for an SQL injection in cacti \[0\], but
according to
the commit fixing it \[1\] several other SQL injections were also found:
-bug\#0002574: SQL Injection Vulnerabilitie in graph items and graph
template items
http://bugs.cacti.net/view.php?id=0002574
-bug\#0002579: SQL Injection Vulnerabilitie in data sources
http://bugs.cacti.net/view.php?id=0002579
-bug\#0002580: SQL Injection in cdef.php
http://bugs.cacti.net/view.php?id=0002580
-bug\#0002582: SQL Injection in data\_templates.php
http://bugs.cacti.net/view.php?id=0002582
-bug\#0002583: SQL Injection in graph\_templates.php
http://bugs.cacti.net/view.php?id=0002583
-bug\#0002584: SQL Injection in host\_templates.php
http://bugs.cacti.net/view.php?id=0002584
Reference:
http://seclists.org/oss-sec/2015/q3/150
*(from redmine: issue id 4481, created on 2015-07-24, closed on 2015-07-31)*
* Relations:
* parent #4478
* Changesets:
* Revision fd036067c2525ea92d3fd4f1ca013e9e25ed3cb7 by Natanael Copa on 2015-07-31T06:28:54Z:
```
main/cacti: security upgrade to 0.8.8f (CVE-2015-4634)
fixes #4481
```3.1.5Jeff Bilykjbilyk@gmail.comJeff Bilykjbilyk@gmail.comhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4480[v3.0] cacti: multiple SQL injections (CVE-2015-4634)2019-07-23T13:50:04ZAlexander Belous[v3.0] cacti: multiple SQL injections (CVE-2015-4634)CVE-2015-4634 was assigned for an SQL injection in cacti \[0\], but
according to
the commit fixing it \[1\] several other SQL injections were also found:
-bug\#0002574: SQL Injection Vulnerabilitie in graph items and graph
template it...CVE-2015-4634 was assigned for an SQL injection in cacti \[0\], but
according to
the commit fixing it \[1\] several other SQL injections were also found:
-bug\#0002574: SQL Injection Vulnerabilitie in graph items and graph
template items
http://bugs.cacti.net/view.php?id=0002574
-bug\#0002579: SQL Injection Vulnerabilitie in data sources
http://bugs.cacti.net/view.php?id=0002579
-bug\#0002580: SQL Injection in cdef.php
http://bugs.cacti.net/view.php?id=0002580
-bug\#0002582: SQL Injection in data\_templates.php
http://bugs.cacti.net/view.php?id=0002582
-bug\#0002583: SQL Injection in graph\_templates.php
http://bugs.cacti.net/view.php?id=0002583
-bug\#0002584: SQL Injection in host\_templates.php
http://bugs.cacti.net/view.php?id=0002584
Reference:
http://seclists.org/oss-sec/2015/q3/150
*(from redmine: issue id 4480, created on 2015-07-24, closed on 2015-07-31)*
* Relations:
* parent #4478
* Changesets:
* Revision 0c74063e921f944d6debcce9d4cea8f1effe11b6 by Natanael Copa on 2015-07-31T06:29:10Z:
```
main/cacti: security upgrade to 0.8.8f (CVE-2015-4634)
fixes #4480
```3.0.7Jeff Bilykjbilyk@gmail.comJeff Bilykjbilyk@gmail.comhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4479[v2.7] cacti: multiple SQL injections (CVE-2015-4634)2019-07-23T13:50:05ZAlexander Belous[v2.7] cacti: multiple SQL injections (CVE-2015-4634)CVE-2015-4634 was assigned for an SQL injection in cacti \[0\], but
according to
the commit fixing it \[1\] several other SQL injections were also found:
-bug\#0002574: SQL Injection Vulnerabilitie in graph items and graph
template it...CVE-2015-4634 was assigned for an SQL injection in cacti \[0\], but
according to
the commit fixing it \[1\] several other SQL injections were also found:
-bug\#0002574: SQL Injection Vulnerabilitie in graph items and graph
template items
http://bugs.cacti.net/view.php?id=0002574
-bug\#0002579: SQL Injection Vulnerabilitie in data sources
http://bugs.cacti.net/view.php?id=0002579
-bug\#0002580: SQL Injection in cdef.php
http://bugs.cacti.net/view.php?id=0002580
-bug\#0002582: SQL Injection in data\_templates.php
http://bugs.cacti.net/view.php?id=0002582
-bug\#0002583: SQL Injection in graph\_templates.php
http://bugs.cacti.net/view.php?id=0002583
-bug\#0002584: SQL Injection in host\_templates.php
http://bugs.cacti.net/view.php?id=0002584
Reference:
http://seclists.org/oss-sec/2015/q3/150
*(from redmine: issue id 4479, created on 2015-07-24, closed on 2015-07-31)*
* Relations:
* parent #4478
* Changesets:
* Revision fc4d059b9902c642dfb7f2c6eb48528ebb0571a1 by Natanael Copa on 2015-07-31T06:29:20Z:
```
main/cacti: security upgrade to 0.8.8f (CVE-2015-4634)
fixes #4479
```Alpine 2.7.10Jeff Bilykjbilyk@gmail.comJeff Bilykjbilyk@gmail.comhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4478cacti: multiple SQL injections (CVE-2015-4634)2019-07-23T13:50:06ZAlexander Belouscacti: multiple SQL injections (CVE-2015-4634)CVE-2015-4634 was assigned for an SQL injection in cacti \[0\], but
according to
the commit fixing it \[1\] several other SQL injections were also found:
-bug\#0002574: SQL Injection Vulnerabilitie in graph items and graph
template it...CVE-2015-4634 was assigned for an SQL injection in cacti \[0\], but
according to
the commit fixing it \[1\] several other SQL injections were also found:
-bug\#0002574: SQL Injection Vulnerabilitie in graph items and graph
template items
http://bugs.cacti.net/view.php?id=0002574
-bug\#0002579: SQL Injection Vulnerabilitie in data sources
http://bugs.cacti.net/view.php?id=0002579
-bug\#0002580: SQL Injection in cdef.php
http://bugs.cacti.net/view.php?id=0002580
-bug\#0002582: SQL Injection in data\_templates.php
http://bugs.cacti.net/view.php?id=0002582
-bug\#0002583: SQL Injection in graph\_templates.php
http://bugs.cacti.net/view.php?id=0002583
-bug\#0002584: SQL Injection in host\_templates.php
http://bugs.cacti.net/view.php?id=0002584
Reference:
http://seclists.org/oss-sec/2015/q3/150
*(from redmine: issue id 4478, created on 2015-07-24, closed on 2015-07-31)*
* Relations:
* child #4479
* child #4480
* child #4481
* child #4482https://gitlab.alpinelinux.org/alpine/aports/-/issues/4477[v3.2] OpenSSH: keyboard-interactive authentication brute force vulnerability...2019-07-23T13:50:07ZAlexander Belous[v3.2] OpenSSH: keyboard-interactive authentication brute force vulnerability (CVE-2015-5600)OpenSSH has a default value of six authentication tries before it will
close the connection (the ssh client allows only three password
entries per default).
With this vulnerability an attacker is able to request as many
password p...OpenSSH has a default value of six authentication tries before it will
close the connection (the ssh client allows only three password
entries per default).
With this vulnerability an attacker is able to request as many
password prompts limited by the “login graced time” setting, that is
set to two minutes by default.
Especially FreeBSD systems are affected by the vulnerability because
they have keyboard-interactive authentication enabled by default.
A simple way to exploit the bug is to execute this command:
ssh -lusername -oKbdInteractiveDevices=\`perl -e ‘print “pam,” x
10000’\` targethost
This will effectively allow up to 10000 password entries limited by
the login grace time setting.
The crucial part is that if the attacker requests 10000
keyboard-interactive devices openssh will gracefully execute the
request and will be inside a loop to accept passwords until the
specified devices are exceeded.
Reference:
http://seclists.org/fulldisclosure/2015/Jul/92
*(from redmine: issue id 4477, created on 2015-07-24, closed on 2015-07-31)*
* Relations:
* parent #4473
* Changesets:
* Revision 349ad37b3400ed4f7f3fb02db6fec33d252dd704 by Natanael Copa on 2015-07-30T14:21:52Z:
```
main/openssh: security fix for CVE-2015-5600
fixes #4477
```3.2.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4476[v3.1] OpenSSH: keyboard-interactive authentication brute force vulnerability...2019-07-23T13:50:08ZAlexander Belous[v3.1] OpenSSH: keyboard-interactive authentication brute force vulnerability (CVE-2015-5600)OpenSSH has a default value of six authentication tries before it will
close the connection (the ssh client allows only three password
entries per default).
With this vulnerability an attacker is able to request as many
password p...OpenSSH has a default value of six authentication tries before it will
close the connection (the ssh client allows only three password
entries per default).
With this vulnerability an attacker is able to request as many
password prompts limited by the “login graced time” setting, that is
set to two minutes by default.
Especially FreeBSD systems are affected by the vulnerability because
they have keyboard-interactive authentication enabled by default.
A simple way to exploit the bug is to execute this command:
ssh -lusername -oKbdInteractiveDevices=\`perl -e ‘print “pam,” x
10000’\` targethost
This will effectively allow up to 10000 password entries limited by
the login grace time setting.
The crucial part is that if the attacker requests 10000
keyboard-interactive devices openssh will gracefully execute the
request and will be inside a loop to accept passwords until the
specified devices are exceeded.
Reference:
http://seclists.org/fulldisclosure/2015/Jul/92
*(from redmine: issue id 4476, created on 2015-07-24, closed on 2015-07-31)*
* Relations:
* parent #4473
* Changesets:
* Revision 3885568b0e267af8bd7ce20f4c0337c84312da01 by Natanael Copa on 2015-07-30T14:38:40Z:
```
main/openssh: security fix for CVE-2015-5600
fixes #4476
```3.1.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4475[v3.0] OpenSSH: keyboard-interactive authentication brute force vulnerability...2019-07-23T13:50:09ZAlexander Belous[v3.0] OpenSSH: keyboard-interactive authentication brute force vulnerability (CVE-2015-5600)OpenSSH has a default value of six authentication tries before it will
close the connection (the ssh client allows only three password
entries per default).
With this vulnerability an attacker is able to request as many
password p...OpenSSH has a default value of six authentication tries before it will
close the connection (the ssh client allows only three password
entries per default).
With this vulnerability an attacker is able to request as many
password prompts limited by the “login graced time” setting, that is
set to two minutes by default.
Especially FreeBSD systems are affected by the vulnerability because
they have keyboard-interactive authentication enabled by default.
A simple way to exploit the bug is to execute this command:
ssh -lusername -oKbdInteractiveDevices=\`perl -e ‘print “pam,” x
10000’\` targethost
This will effectively allow up to 10000 password entries limited by
the login grace time setting.
The crucial part is that if the attacker requests 10000
keyboard-interactive devices openssh will gracefully execute the
request and will be inside a loop to accept passwords until the
specified devices are exceeded.
Reference:
http://seclists.org/fulldisclosure/2015/Jul/92
*(from redmine: issue id 4475, created on 2015-07-24, closed on 2015-07-31)*
* Relations:
* parent #4473
* Changesets:
* Revision 4c781145fea2f72a16dcf5acd51e426850ef540a by Natanael Copa on 2015-07-30T14:32:56Z:
```
main/openssh: security fix for CVE-2015-5600
fixes #4475
```3.0.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4474[v2.7] OpenSSH: keyboard-interactive authentication brute force vulnerability...2019-07-23T13:50:10ZAlexander Belous[v2.7] OpenSSH: keyboard-interactive authentication brute force vulnerability (CVE-2015-5600)OpenSSH has a default value of six authentication tries before it will
close the connection (the ssh client allows only three password
entries per default).
With this vulnerability an attacker is able to request as many
password p...OpenSSH has a default value of six authentication tries before it will
close the connection (the ssh client allows only three password
entries per default).
With this vulnerability an attacker is able to request as many
password prompts limited by the “login graced time” setting, that is
set to two minutes by default.
Especially FreeBSD systems are affected by the vulnerability because
they have keyboard-interactive authentication enabled by default.
A simple way to exploit the bug is to execute this command:
ssh -lusername -oKbdInteractiveDevices=\`perl -e ‘print “pam,” x
10000’\` targethost
This will effectively allow up to 10000 password entries limited by
the login grace time setting.
The crucial part is that if the attacker requests 10000
keyboard-interactive devices openssh will gracefully execute the
request and will be inside a loop to accept passwords until the
specified devices are exceeded.
Reference:
http://seclists.org/fulldisclosure/2015/Jul/92
*(from redmine: issue id 4474, created on 2015-07-24, closed on 2015-07-31)*
* Relations:
* parent #4473
* Changesets:
* Revision f313c8ea055322f60121a3baf75c0d16ea154978 by Natanael Copa on 2015-07-30T14:47:07Z:
```
main/openssh: security fix for CVE-2015-5600
fixes #4474
```Alpine 2.7.10Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4473OpenSSH: keyboard-interactive authentication brute force vulnerability (CVE-2...2019-07-23T13:50:12ZAlexander BelousOpenSSH: keyboard-interactive authentication brute force vulnerability (CVE-2015-5600)OpenSSH has a default value of six authentication tries before it will
close the connection (the ssh client allows only three password
entries per default).
With this vulnerability an attacker is able to request as many
password p...OpenSSH has a default value of six authentication tries before it will
close the connection (the ssh client allows only three password
entries per default).
With this vulnerability an attacker is able to request as many
password prompts limited by the “login graced time” setting, that is
set to two minutes by default.
Especially FreeBSD systems are affected by the vulnerability because
they have keyboard-interactive authentication enabled by default.
A simple way to exploit the bug is to execute this command:
ssh -lusername -oKbdInteractiveDevices=\`perl -e ‘print “pam,” x
10000’\` targethost
This will effectively allow up to 10000 password entries limited by
the login grace time setting.
The crucial part is that if the attacker requests 10000
keyboard-interactive devices openssh will gracefully execute the
request and will be inside a loop to accept passwords until the
specified devices are exceeded.
Reference:
http://seclists.org/fulldisclosure/2015/Jul/92
*(from redmine: issue id 4473, created on 2015-07-24, closed on 2015-07-31)*
* Relations:
* child #4474
* child #4475
* child #4476
* child #4477
* Changesets:
* Revision dcd01962e2f8f725ba879e17feb98988480f5500 by Natanael Copa on 2015-07-30T14:19:24Z:
```
main/openssh: security fix for CVE-2015-5600
ref #4473
```https://gitlab.alpinelinux.org/alpine/aports/-/issues/4472[v3.2] ghostscript: Crash file for the ps2pdf command (CVE-2015-3228)2019-07-23T13:50:13ZAlexander Belous[v3.2] ghostscript: Crash file for the ps2pdf command (CVE-2015-3228)The crash can be triggered with the following command on older versions
of Ghostscript:
$ ps2pdf test.ps
Segmentation fault
The affected versions are still shipped by various distributions.
ps2pdf is a shell script that calls the gs...The crash can be triggered with the following command on older versions
of Ghostscript:
$ ps2pdf test.ps
Segmentation fault
The affected versions are still shipped by various distributions.
ps2pdf is a shell script that calls the gs binary in the following way:
$ /usr/bin/gs P dSAFER -dCompatibilityLevel=1.4 -q -P dNOPAUSE -dBATCH
-sDEVICE=pdfwrite -sstdout=%stderr -sOutputFile=test.pdf -P -dSAFER
-dCompatibilityLevel=1.4 -c .setpdfwrite -f test.ps
Segmentation fault
I attached gdb and valgrind sessions showing the crash on RHEL 6.6 and
RHEL 7.1.1503.
The versions of the affected packages on RHEL are:
RHEL6.6
ghostscript-8.70-19.el6.x86\_64
ghostscript-debuginfo-8.70-19.el6.x86\_64
ghostscript-fonts-5.50-23.2.el6.noarch
RHEL7.1.1503
ghostscript-9.07-18.el7.x86\_64
ghostscript-debuginfo-9.07-18.el7.x86\_64
ghostscript-fonts-5.50-32.el7.noarch
The problem does not occur with current source revision.
The following commit fixes the segfault, but the problem is not
mentioned in
the commit log:
ecc7a199e9307475c37fea0c44d24b85df814ead
The offending file seems to be gs/Resource/Init/gs\_ttf.ps
If one replaces this file with the one from the specified commit (or
from
the current master) on RHEL 7.1.1503 or RHEL 6.6, the segfault does
not
occur anymore.
Since the influence of this commit on the problem is not yet fully
understood,
the problem might still be present in current version of gs.
Reference:
http://bugs.ghostscript.com/show\_bug.cgi?id=696041
*(from redmine: issue id 4472, created on 2015-07-24, closed on 2015-08-05)*
* Relations:
* parent #4468
* Changesets:
* Revision 4562dbd2e017349035b31df017bee36d5d6b201b by Natanael Copa on 2015-08-04T09:44:25Z:
```
main/ghostscript: security fix for CVE-2015-3228
fixes #4472
```3.2.3Cameron BantaCameron Bantahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4471[v3.1] ghostscript: Crash file for the ps2pdf command (CVE-2015-3228)2019-07-23T13:50:14ZAlexander Belous[v3.1] ghostscript: Crash file for the ps2pdf command (CVE-2015-3228)The crash can be triggered with the following command on older versions
of Ghostscript:
$ ps2pdf test.ps
Segmentation fault
The affected versions are still shipped by various distributions.
ps2pdf is a shell script that calls the gs...The crash can be triggered with the following command on older versions
of Ghostscript:
$ ps2pdf test.ps
Segmentation fault
The affected versions are still shipped by various distributions.
ps2pdf is a shell script that calls the gs binary in the following way:
$ /usr/bin/gs P dSAFER -dCompatibilityLevel=1.4 -q -P dNOPAUSE -dBATCH
-sDEVICE=pdfwrite -sstdout=%stderr -sOutputFile=test.pdf -P -dSAFER
-dCompatibilityLevel=1.4 -c .setpdfwrite -f test.ps
Segmentation fault
I attached gdb and valgrind sessions showing the crash on RHEL 6.6 and
RHEL 7.1.1503.
The versions of the affected packages on RHEL are:
RHEL6.6
ghostscript-8.70-19.el6.x86\_64
ghostscript-debuginfo-8.70-19.el6.x86\_64
ghostscript-fonts-5.50-23.2.el6.noarch
RHEL7.1.1503
ghostscript-9.07-18.el7.x86\_64
ghostscript-debuginfo-9.07-18.el7.x86\_64
ghostscript-fonts-5.50-32.el7.noarch
The problem does not occur with current source revision.
The following commit fixes the segfault, but the problem is not
mentioned in
the commit log:
ecc7a199e9307475c37fea0c44d24b85df814ead
The offending file seems to be gs/Resource/Init/gs\_ttf.ps
If one replaces this file with the one from the specified commit (or
from
the current master) on RHEL 7.1.1503 or RHEL 6.6, the segfault does
not
occur anymore.
Since the influence of this commit on the problem is not yet fully
understood,
the problem might still be present in current version of gs.
Reference:
http://bugs.ghostscript.com/show\_bug.cgi?id=696041
*(from redmine: issue id 4471, created on 2015-07-24, closed on 2015-08-05)*
* Relations:
* parent #4468
* Changesets:
* Revision ca4a30adeb8a02a127c6030e2730f8ec7900c915 by Natanael Copa on 2015-08-04T12:05:07Z:
```
main/ghostscript: security fix for CVE-2015-3228
fixes #4471
```3.1.5Cameron BantaCameron Bantahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4470[v3.0] ghostscript: Crash file for the ps2pdf command (CVE-2015-3228)2019-07-23T13:50:15ZAlexander Belous[v3.0] ghostscript: Crash file for the ps2pdf command (CVE-2015-3228)The crash can be triggered with the following command on older versions
of Ghostscript:
$ ps2pdf test.ps
Segmentation fault
The affected versions are still shipped by various distributions.
ps2pdf is a shell script that calls the gs...The crash can be triggered with the following command on older versions
of Ghostscript:
$ ps2pdf test.ps
Segmentation fault
The affected versions are still shipped by various distributions.
ps2pdf is a shell script that calls the gs binary in the following way:
$ /usr/bin/gs P dSAFER -dCompatibilityLevel=1.4 -q -P dNOPAUSE -dBATCH
-sDEVICE=pdfwrite -sstdout=%stderr -sOutputFile=test.pdf -P -dSAFER
-dCompatibilityLevel=1.4 -c .setpdfwrite -f test.ps
Segmentation fault
I attached gdb and valgrind sessions showing the crash on RHEL 6.6 and
RHEL 7.1.1503.
The versions of the affected packages on RHEL are:
RHEL6.6
ghostscript-8.70-19.el6.x86\_64
ghostscript-debuginfo-8.70-19.el6.x86\_64
ghostscript-fonts-5.50-23.2.el6.noarch
RHEL7.1.1503
ghostscript-9.07-18.el7.x86\_64
ghostscript-debuginfo-9.07-18.el7.x86\_64
ghostscript-fonts-5.50-32.el7.noarch
The problem does not occur with current source revision.
The following commit fixes the segfault, but the problem is not
mentioned in
the commit log:
ecc7a199e9307475c37fea0c44d24b85df814ead
The offending file seems to be gs/Resource/Init/gs\_ttf.ps
If one replaces this file with the one from the specified commit (or
from
the current master) on RHEL 7.1.1503 or RHEL 6.6, the segfault does
not
occur anymore.
Since the influence of this commit on the problem is not yet fully
understood,
the problem might still be present in current version of gs.
Reference:
http://bugs.ghostscript.com/show\_bug.cgi?id=696041
*(from redmine: issue id 4470, created on 2015-07-24, closed on 2015-08-05)*
* Relations:
* parent #4468
* Changesets:
* Revision 6c275fa9475ad80a6e7801bf9356cb7acc22c654 by Natanael Copa on 2015-08-04T14:35:15Z:
```
main/ghostscript: security fix for CVE-2015-3228
fixes #4470
```3.0.7Cameron BantaCameron Bantahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4469[v2.7] ghostscript: Crash file for the ps2pdf command (CVE-2015-3228)2019-07-23T13:50:16ZAlexander Belous[v2.7] ghostscript: Crash file for the ps2pdf command (CVE-2015-3228)The crash can be triggered with the following command on older versions
of Ghostscript:
$ ps2pdf test.ps
Segmentation fault
The affected versions are still shipped by various distributions.
ps2pdf is a shell script that calls the gs...The crash can be triggered with the following command on older versions
of Ghostscript:
$ ps2pdf test.ps
Segmentation fault
The affected versions are still shipped by various distributions.
ps2pdf is a shell script that calls the gs binary in the following way:
$ /usr/bin/gs P dSAFER -dCompatibilityLevel=1.4 -q -P dNOPAUSE -dBATCH
-sDEVICE=pdfwrite -sstdout=%stderr -sOutputFile=test.pdf -P -dSAFER
-dCompatibilityLevel=1.4 -c .setpdfwrite -f test.ps
Segmentation fault
I attached gdb and valgrind sessions showing the crash on RHEL 6.6 and
RHEL 7.1.1503.
The versions of the affected packages on RHEL are:
RHEL6.6
ghostscript-8.70-19.el6.x86\_64
ghostscript-debuginfo-8.70-19.el6.x86\_64
ghostscript-fonts-5.50-23.2.el6.noarch
RHEL7.1.1503
ghostscript-9.07-18.el7.x86\_64
ghostscript-debuginfo-9.07-18.el7.x86\_64
ghostscript-fonts-5.50-32.el7.noarch
The problem does not occur with current source revision.
The following commit fixes the segfault, but the problem is not
mentioned in
the commit log:
ecc7a199e9307475c37fea0c44d24b85df814ead
The offending file seems to be gs/Resource/Init/gs\_ttf.ps
If one replaces this file with the one from the specified commit (or
from
the current master) on RHEL 7.1.1503 or RHEL 6.6, the segfault does
not
occur anymore.
Since the influence of this commit on the problem is not yet fully
understood,
the problem might still be present in current version of gs.
Reference:
http://bugs.ghostscript.com/show\_bug.cgi?id=696041
*(from redmine: issue id 4469, created on 2015-07-24, closed on 2015-08-05)*
* Relations:
* parent #4468
* Changesets:
* Revision 85d3c3bf7d2914b99cad25b6b45a73e5c8f7df54 by Natanael Copa on 2015-08-04T14:45:44Z:
```
main/ghostscript: security fix for CVE-2015-3228
fixes #4469
```Alpine 2.7.10Cameron BantaCameron Banta