alpine issueshttps://gitlab.alpinelinux.org/groups/alpine/-/issues2019-07-23T11:22:31Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9339libetan: claws mail do2019-07-23T11:22:31ZMilan P. Stanićlibetan: claws mail do*(from redmine: issue id 9339, created on 2018-08-26, closed on 2018-08-26)**(from redmine: issue id 9339, created on 2018-08-26, closed on 2018-08-26)*https://gitlab.alpinelinux.org/alpine/aports/-/issues/9338Add gpg-zip to gnupg package2019-07-23T11:22:32ZChristian KotteAdd gpg-zip to gnupg packagePlease add gpg-zip to gnupg. The 1.x version is only included in gnupg1
(gnupg v2 and v1 can’t be installed in parallel).
*(from redmine: issue id 9338, created on 2018-08-26, closed on 2019-05-03)*
* Changesets:
* Revision 393016de...Please add gpg-zip to gnupg. The 1.x version is only included in gnupg1
(gnupg v2 and v1 can’t be installed in parallel).
*(from redmine: issue id 9338, created on 2018-08-26, closed on 2019-05-03)*
* Changesets:
* Revision 393016de635098a1296aa9e8ccdb181c6ee1b2b4 by Natanael Copa on 2018-08-27T15:18:42Z:
```
main/gnupg: install gpg-zip
fixes #9338
```https://gitlab.alpinelinux.org/alpine/aports/-/issues/9337Package update request: firefox-esr 52.9.02019-07-23T11:22:33ZalgitbotPackage update request: firefox-esr 52.9.0Please update firefox-esr to the latest version, if it can be useful
Adélie Linux has the APKBUILD for this version:
https://code.foxkit.us/adelie/packages/tree/master/user/firefox-esr
*(from redmine: issue id 9337, created on 2018-08-...Please update firefox-esr to the latest version, if it can be useful
Adélie Linux has the APKBUILD for this version:
https://code.foxkit.us/adelie/packages/tree/master/user/firefox-esr
*(from redmine: issue id 9337, created on 2018-08-26, closed on 2019-03-25)*
* Changesets:
* Revision acbd6624994984fe4b444cc793d6ea9b72845017 by Natanael Copa on 2018-08-27T08:20:33Z:
```
community/firefox-esr: upgrade to 52.9.0
ref #9337
```
* Revision 87a3f3ec119e2ca27908978694a5d2bb744f0494 by Natanael Copa on 2018-08-27T08:21:47Z:
```
community/firefox-esr: upgrade to 52.9.0
fixes #9337
(cherry picked from commit acbd6624994984fe4b444cc793d6ea9b72845017)
```https://gitlab.alpinelinux.org/alpine/aports/-/issues/9335Bad postfix package2019-07-23T11:22:34ZJohn DoeBad postfix packageThe Postfix package seems to be a little dodgy, changes made which seem
to go against the grain of Postfix.
For example, setting some directories to postifx owned when Postfix
expecting to be owned as root:
mail.warn postfix/postfi...The Postfix package seems to be a little dodgy, changes made which seem
to go against the grain of Postfix.
For example, setting some directories to postifx owned when Postfix
expecting to be owned as root:
mail.warn postfix/postfix-script[6967]: warning: not owned by root: /var/spool/postfix/.
mail.warn postfix/postfix-script[6968]: warning: not owned by root: /var/spool/postfix/pid
But worse seems to be compiling with custom directories with no thought
to Postfix expectations.
For example, running:
postmulti -e init
Yields an error message:
postmulti: fatal: instance /etc/postfix, shlib_directory=/usr/lib/postfix conflicts with instance /etc/postfix, daemon_directory=/usr/lib/postfix
This is what the Alpine compiled default directories look like:
# postconf -d | fgrep "_directory ="
command_directory = /usr/sbin
command_execution_directory =
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
data_directory = /var/lib/postfix
html_directory = no
mail_spool_directory = /var/mail
manpage_directory = /usr/local/man
meta_directory = /etc/postfix
process_id_directory = pid
queue_directory = /var/spool/postfix
readme_directory = no
require_home_directory = no
sample_directory = /etc/postfix
shlib_directory = /usr/lib/postfix
This is what an “out of the box” standard compile looks like:
$ ./bin/postconf -d | fgrep "_directory ="
command_directory = /usr/sbin
command_execution_directory =
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
html_directory = no
mail_spool_directory = /var/mail
manpage_directory = /usr/local/man
meta_directory = /etc/postfix
process_id_directory = pid
queue_directory = /var/spool/postfix
readme_directory = no
require_home_directory = no
sample_directory = /etc/postfix
shlib_directory = no
The reason for the error message on Alpine is as described here:
http://postfix.1071664.n5.nabble.com/postmulti-fatal-error-with-3-0-0-td74946.html
In Wietse Venema’s own words:
**“DO NOT set daemon\_directory the same as shlib\_directory”**
And yet, what are the Alpine package maintainers doing ? Yup, that’s
right. Setting daemon\_directory and shlib\_directory as the same thing.
*(from redmine: issue id 9335, created on 2018-08-24, closed on 2019-05-04)*
* Relations:
* relates #9356
* Changesets:
* Revision 36a0f13aa064d0534fee0e90c0ed85a5cae23bae by Natanael Copa on 2018-08-27T09:40:00Z:
```
main/postfix: fixes for postmulti and permissions
move daemon_directory to /usr/libexec. Upstream recommends that
shlib_directory should not be the same as shlib_directory.
include *.proto files in /etc/postfix instead of doc dir. Those are
needed by postmulti.
fix permsions. The following dirs should be owned by root:
/var/spool/postfix
/var/spool/postfix/pid
ref #9335
```
* Revision f83e779ce2429c137e01b973527baa2ab74e8b15 by Natanael Copa on 2018-08-29T08:18:12Z:
```
main/postfix: preserve permission of /var/spool/postfix
Do not create the homedir when creating 'postfix' user. This is so we
keep the permissions of /var/spool/postfix from apk.
fixes #9335
```https://gitlab.alpinelinux.org/alpine/aports/-/issues/9334compile busybox cp with reflink support2019-07-23T11:22:35ZJohn Doecompile busybox cp with reflink supportGiven that:
(a) Alpine supports BTRFS
(b) Alpine uses busybox as its default coreutils
It would be useful if that enabled access to functionality useful for
BTRFS (namely —reflink).
Comments in the busybox code
(https://git.busybox...Given that:
(a) Alpine supports BTRFS
(b) Alpine uses busybox as its default coreutils
It would be useful if that enabled access to functionality useful for
BTRFS (namely —reflink).
Comments in the busybox code
(https://git.busybox.net/busybox/tree/coreutils/cp.c) seem to suggest
there is reflink support if you choose to compile it:
//config:config FEATURE_CP_REFLINK
//config: bool "Enable --reflink[=auto]"
//config: default y
//config: depends on FEATURE_CP_LONG_OPTIONS
*(from redmine: issue id 9334, created on 2018-08-23, closed on 2019-01-23)*
* Changesets:
* Revision 6e465f74c5d66caced2d255001dbb8d393d90f6a by Natanael Copa on 2019-01-10T14:57:24Z:
```
main/busybox: backport cp --reflink support
fixes #9334
```3.9.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/9328testing/frr: unable to copy running-config startup-config2019-07-23T11:22:39ZArthur Jonestesting/frr: unable to copy running-config startup-configRe-writing config happens as frr user, but /etc/frr is not writable, we
need /etc/frr to be owned by frr:frr…
Tested patch pending…
*(from redmine: issue id 9328, created on 2018-08-22, closed on 2019-05-04)*
* Changesets:
* Revisi...Re-writing config happens as frr user, but /etc/frr is not writable, we
need /etc/frr to be owned by frr:frr…
Tested patch pending…
*(from redmine: issue id 9328, created on 2018-08-22, closed on 2019-05-04)*
* Changesets:
* Revision b59f1ba19925bb222f1dd525700e8d1111a9dd1d by Arthur Jones on 2018-08-30T15:33:02Z:
```
testing/frr: set /etc/frr to be owned by frr:frr
Currently, /etc/frr is owned by root, but when re-writing config
with command like:
router# copy running-config startup-config
we fail as we drop down to frr:frr when writing config.
Here, we chown -R frr:frr /etc/frr to make sure we can re-write config
safely
Fixes: #9328
```Arthur JonesArthur Joneshttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9327postfix-cdb please2019-07-12T15:39:17ZJohn Doepostfix-cdb pleaseSubject says it all. You guys have exim-cdb but no postfix-cdb in your
packages. ;-(
postmap cdb:virtual
postmap: fatal: unsupported dictionary type: cdb. Is the postfix-cdb package installed?
make: *** [Makefile:6: virtual....Subject says it all. You guys have exim-cdb but no postfix-cdb in your
packages. ;-(
postmap cdb:virtual
postmap: fatal: unsupported dictionary type: cdb. Is the postfix-cdb package installed?
make: *** [Makefile:6: virtual.cdb] Error 1
*(from redmine: issue id 9327, created on 2018-08-22)*https://gitlab.alpinelinux.org/alpine/aports/-/issues/9326/etc/apache2/conf.d/proxy.conf appears to be loading some modules in the wron...2019-07-23T11:22:40ZAntonio Teixeira/etc/apache2/conf.d/proxy.conf appears to be loading some modules in the wrong orderThe apache default installation with apache2 and apache2-proxy packages
fails to start when loading some modules from proxy.conf.
The lines in question are:
LoadModule lbmethod\_bybusyness\_module
modules/mod\_lbmethod\_bybusyness.so ...The apache default installation with apache2 and apache2-proxy packages
fails to start when loading some modules from proxy.conf.
The lines in question are:
LoadModule lbmethod\_bybusyness\_module
modules/mod\_lbmethod\_bybusyness.so
LoadModule lbmethod\_byrequests\_module
modules/mod\_lbmethod\_byrequests.so
LoadModule lbmethod\_bytraffic\_module
modules/mod\_lbmethod\_bytraffic.so
LoadModule lbmethod\_heartbeat\_module
modules/mod\_lbmethod\_heartbeat.so
From my understanding, these modules depend on either mod\_proxy.so or
mod\_proxy\_balancer.so, but they’re being loaded before them in the
proxy.conf file.
Moving those 4 lines to the end of the file solves the problem and
apache starts normally.
*(from redmine: issue id 9326, created on 2018-08-22, closed on 2019-05-04)*https://gitlab.alpinelinux.org/alpine/aports/-/issues/9325Please rebuild openvpn package against supported libraries2019-12-05T06:27:02ZJohn DoePlease rebuild openvpn package against supported librariesThe openvpn package is currently built against LibreSSL.
OpenVPN tell you quite clearly that this is not supported, e.g.:
“Please note that LibreSSL is not a supported crypto backend. We accept
patches and we do test on OpenBSD 6.0 whi...The openvpn package is currently built against LibreSSL.
OpenVPN tell you quite clearly that this is not supported, e.g.:
“Please note that LibreSSL is not a supported crypto backend. We accept
patches and we do test on OpenBSD 6.0 which comes with LibreSSL, but if
newer versions of LibreSSL break API compatibility we do not take
responsibility to fix that.”
https://openvpn.net/index.php/open-source/downloads.html
and elsewhere on their website where they describe dependencies and
state OpenSSL or PolarSSL.
Surely you are just asking for trouble by building against unsupported
libraries ?
*(from redmine: issue id 9325, created on 2018-08-22)*https://gitlab.alpinelinux.org/alpine/aports/-/issues/9324Please remove the alternate console entry from /etc/inittab for alpine-virt2023-02-21T02:55:15ZJohn DoePlease remove the alternate console entry from /etc/inittab for alpine-virtThe last line in /etc/inittab for alpine-virt
(ttyS0::respawn:/sbin/getty -L 115200 ttyS0 vt100) should really not be
there.
It generates a loop of incessant dmesg noise when installed on VMWare
esxi and no doubt other virtual installs ...The last line in /etc/inittab for alpine-virt
(ttyS0::respawn:/sbin/getty -L 115200 ttyS0 vt100) should really not be
there.
It generates a loop of incessant dmesg noise when installed on VMWare
esxi and no doubt other virtual installs too.
That line is not present in other builds such as alpine-extended.
This report is based on the current version available on your website
dl-cdn.alpinelinux.org/alpine/v3.8/releases/x86\_64/alpine-virt-3.8.0-x86\_64.iso
*(from redmine: issue id 9324, created on 2018-08-22, closed on 2019-05-12)*
* Relations:
* duplicates #8704https://gitlab.alpinelinux.org/alpine/aports/-/issues/9323amavisd-new package missing dependency on IO::Socket::INET62019-07-23T11:22:41ZJohn Doeamavisd-new package missing dependency on IO::Socket::INET6mail.warn amavis[4059]: (!)Net::Server: 2018/08/22-13:44:45 Unresolveable host [::1]:10024 - could not load IO::Socket::INET6: Can't locate Socket6.pm in @INC (you may need to install the Socket6 module) (@INC contains: /usr/local/lib/pe...mail.warn amavis[4059]: (!)Net::Server: 2018/08/22-13:44:45 Unresolveable host [::1]:10024 - could not load IO::Socket::INET6: Can't locate Socket6.pm in @INC (you may need to install the Socket6 module) (@INC contains: /usr/local/lib/perl5/site
The amavisd-package really should be built with IPv6 support enabled !
Please add dependency to IO::Socket::INET6.
*(from redmine: issue id 9323, created on 2018-08-22, closed on 2018-09-10)*
* Changesets:
* Revision 1e9764994323fecc78772a1035cc7f4380e7f63d by Natanael Copa on 2018-08-22T13:09:31Z:
```
main/amavisd-new: fix dependency for inet6
ref #9323
```
* Revision 2150195f6ca729d5244c3b7f22fd6c7a375fbe30 by Natanael Copa on 2018-08-22T13:11:07Z:
```
main/amavisd-new: fix dependency for inet6
fixes #9323
```3.8.1https://gitlab.alpinelinux.org/alpine/aports/-/issues/9322Broken python2.7 and icu in alpine v3.72019-07-23T11:22:42Zpraneet droliaBroken python2.7 and icu in alpine v3.7Getting this error while running a docker file
\`\`\` ERROR: python2-2.7.14-r2:
usr/lib/python2.7/distutils/tests/test\_bdild\_vecb/py: no dirent in
archive
ERROR: python2-2.7.14-r2: run\_unittest(test\_suite())
/ reif nd\_vcecutioa...Getting this error while running a docker file
\`\`\` ERROR: python2-2.7.14-r2:
usr/lib/python2.7/distutils/tests/test\_bdild\_vecb/py: no dirent in
archive
ERROR: python2-2.7.14-r2: run\_unittest(test\_suite())
/ reif nd\_vcecutioable(cmmd\[0\]) None, re palf.asipUnstCa(‘T
co%rompind.bs not found
’: no dirent in archive
ERROR: python2-2.7.14-r2: BAD archive\`\`\`
\`\`\` WARNING: icu-libs-59.1-r1: ignoring malicious file
/libicudata.so.59.1
ERROR: icu-libs-59.1-r1: BAD archive \`\`\`
Attached the error logs
*(from redmine: issue id 9322, created on 2018-08-22, closed on 2018-09-11)*
* Uploads:
* [stack_trace](/uploads/361134e0c1c6750b72d3278521e6f776/stack_trace)3.7.1https://gitlab.alpinelinux.org/alpine/aports/-/issues/9315[apache-mod-auth-kerb] package is broken2020-08-10T20:20:39ZJames White[apache-mod-auth-kerb] package is brokenInstalling apache-mod-auth-kerb leaves Apache in a broken state.
httpd: Syntax error on line 480 of /etc/apache2/httpd.conf: Syntax error on line 6 of /etc/apache2/conf.d/mod-auth-kerb.conf: Cannot load modules/mod_auth_kerb.so i...Installing apache-mod-auth-kerb leaves Apache in a broken state.
httpd: Syntax error on line 480 of /etc/apache2/httpd.conf: Syntax error on line 6 of /etc/apache2/conf.d/mod-auth-kerb.conf: Cannot load modules/mod_auth_kerb.so into server: Error relocating /var/www/modules/mod_auth_kerb.so: fix_dce: symbol not found.
*(from redmine: issue id 9315, created on 2018-08-21)*
* Changesets:
* Revision 8cae7d3770fc1921865d50994af75d83116c597c by Natanael Copa on 2018-08-22T08:00:56Z:
```
main/apache-mod-auth-kerb: build with krb5 instead of heimdal
ref #9315
```https://gitlab.alpinelinux.org/alpine/aports/-/issues/9304[3.5] krb5: Multiple vulnerabilities (CVE-2017-15088, CVE-2018-5709, CVE-2018...2019-07-23T11:22:57ZAlicha CH[3.5] krb5: Multiple vulnerabilities (CVE-2017-15088, CVE-2018-5709, CVE-2018-5710)CVE-2017-15088: Buffer overflow in get\_matching\_data()
--------------------------------------------------------
plugins/preauth/pkinit/pkinit\_crypto\_openssl.c in MIT Kerberos 5 (aka
krb5) through 1.15.2 mishandles Distinguished Name...CVE-2017-15088: Buffer overflow in get\_matching\_data()
--------------------------------------------------------
plugins/preauth/pkinit/pkinit\_crypto\_openssl.c in MIT Kerberos 5 (aka
krb5) through 1.15.2 mishandles Distinguished Name
(DN) fields, which allows remote attackers to execute arbitrary code or
cause a denial of service (buffer overflow and application
crash) in situations involving untrusted X.509 data, related to the
get\_matching\_data and X509\_NAME\_oneline\_ex functions.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-15088
https://github.com/krb5/krb5/pull/707
### Patch:
https://github.com/krb5/krb5/commit/fbb687db1088ddd894d975996e5f6a4252b9a2b4
CVE-2018-5709: integer overflow in dbentry->n\_key\_data in kadmin/dbutil/dump.c
-----------------------------------------------------------------------------------
An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There
is a variable “dbentry->n\_key\_data” in kadmin/dbutil/dump.c
that can store 16-bit data but unknowingly the developer has assigned a
“u4” variable to it, which is for 32-bit data. An attacker can use
this
vulnerability to affect other artifacts of the database as we know that
a Kerberos database dump file contains trusted data.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-5709
https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities
CVE-2018-5710: null pointer deference in strlen function in plugins/kdb/ldap/libkdb\_ldap/ldap\_principal2.c
------------------------------------------------------------------------------------------------------------
An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The
pre-defined function “strlen” is getting a “NULL” string as a
parameter
value in plugins/kdb/ldap/libkdb\_ldap/ldap\_principal2.c in the Key
Distribution Center (KDC), which allows remote authenticated users
to cause a denial of service (NULL pointer dereference) via a modified
kadmin client.
### References:
https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Denial%20Of%20Service%28DoS%29
https://nvd.nist.gov/vuln/detail/CVE-2018-5710
*(from redmine: issue id 9304, created on 2018-08-21, closed on 2019-05-04)*
* Relations:
* copied_to #9299
* parent #92993.5.4Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9302[3.7] krb5: Multiple vulnerabilities (CVE-2017-15088, CVE-2018-5709, CVE-2018...2019-07-23T11:22:58ZAlicha CH[3.7] krb5: Multiple vulnerabilities (CVE-2017-15088, CVE-2018-5709, CVE-2018-5710)CVE-2017-15088: Buffer overflow in get\_matching\_data()
--------------------------------------------------------
plugins/preauth/pkinit/pkinit\_crypto\_openssl.c in MIT Kerberos 5 (aka
krb5) through 1.15.2 mishandles Distinguished Name...CVE-2017-15088: Buffer overflow in get\_matching\_data()
--------------------------------------------------------
plugins/preauth/pkinit/pkinit\_crypto\_openssl.c in MIT Kerberos 5 (aka
krb5) through 1.15.2 mishandles Distinguished Name
(DN) fields, which allows remote attackers to execute arbitrary code or
cause a denial of service (buffer overflow and application
crash) in situations involving untrusted X.509 data, related to the
get\_matching\_data and X509\_NAME\_oneline\_ex functions.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-15088
https://github.com/krb5/krb5/pull/707
### Patch:
https://github.com/krb5/krb5/commit/fbb687db1088ddd894d975996e5f6a4252b9a2b4
CVE-2018-5709: integer overflow in dbentry->n\_key\_data in kadmin/dbutil/dump.c
-----------------------------------------------------------------------------------
An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There
is a variable “dbentry->n\_key\_data” in kadmin/dbutil/dump.c
that can store 16-bit data but unknowingly the developer has assigned a
“u4” variable to it, which is for 32-bit data. An attacker can use
this
vulnerability to affect other artifacts of the database as we know that
a Kerberos database dump file contains trusted data.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-5709
https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities
CVE-2018-5710: null pointer deference in strlen function in plugins/kdb/ldap/libkdb\_ldap/ldap\_principal2.c
------------------------------------------------------------------------------------------------------------
An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The
pre-defined function “strlen” is getting a “NULL” string as a
parameter
value in plugins/kdb/ldap/libkdb\_ldap/ldap\_principal2.c in the Key
Distribution Center (KDC), which allows remote authenticated users
to cause a denial of service (NULL pointer dereference) via a modified
kadmin client.
### References:
https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Denial%20Of%20Service%28DoS%29
https://nvd.nist.gov/vuln/detail/CVE-2018-5710
*(from redmine: issue id 9302, created on 2018-08-21, closed on 2019-05-04)*
* Relations:
* copied_to #9299
* parent #9299
* Changesets:
* Revision 896ae53d1849faa57ea676acd47332399c11bae7 by Natanael Copa on 2018-08-21T14:37:39Z:
```
main/krb5: security upgrade to 1.15.3 (CVE-2017-15088,CVE-2018-5709,CVE-2018-5710)
fixes #9302
```3.7.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9301[3.8] krb5: Multiple vulnerabilities (CVE-2017-15088, CVE-2018-5709, CVE-2018...2019-07-23T11:22:59ZAlicha CH[3.8] krb5: Multiple vulnerabilities (CVE-2017-15088, CVE-2018-5709, CVE-2018-5710)CVE-2017-15088: Buffer overflow in get\_matching\_data()
--------------------------------------------------------
plugins/preauth/pkinit/pkinit\_crypto\_openssl.c in MIT Kerberos 5 (aka
krb5) through 1.15.2 mishandles Distinguished Name...CVE-2017-15088: Buffer overflow in get\_matching\_data()
--------------------------------------------------------
plugins/preauth/pkinit/pkinit\_crypto\_openssl.c in MIT Kerberos 5 (aka
krb5) through 1.15.2 mishandles Distinguished Name
(DN) fields, which allows remote attackers to execute arbitrary code or
cause a denial of service (buffer overflow and application
crash) in situations involving untrusted X.509 data, related to the
get\_matching\_data and X509\_NAME\_oneline\_ex functions.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2017-15088
https://github.com/krb5/krb5/pull/707
### Patch:
https://github.com/krb5/krb5/commit/fbb687db1088ddd894d975996e5f6a4252b9a2b4
CVE-2018-5709: integer overflow in dbentry->n\_key\_data in kadmin/dbutil/dump.c
-----------------------------------------------------------------------------------
An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There
is a variable “dbentry->n\_key\_data” in kadmin/dbutil/dump.c
that can store 16-bit data but unknowingly the developer has assigned a
“u4” variable to it, which is for 32-bit data. An attacker can use
this
vulnerability to affect other artifacts of the database as we know that
a Kerberos database dump file contains trusted data.
### References:
https://nvd.nist.gov/vuln/detail/CVE-2018-5709
https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities
CVE-2018-5710: null pointer deference in strlen function in plugins/kdb/ldap/libkdb\_ldap/ldap\_principal2.c
------------------------------------------------------------------------------------------------------------
An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The
pre-defined function “strlen” is getting a “NULL” string as a
parameter
value in plugins/kdb/ldap/libkdb\_ldap/ldap\_principal2.c in the Key
Distribution Center (KDC), which allows remote authenticated users
to cause a denial of service (NULL pointer dereference) via a modified
kadmin client.
### References:
https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Denial%20Of%20Service%28DoS%29
https://nvd.nist.gov/vuln/detail/CVE-2018-5710
*(from redmine: issue id 9301, created on 2018-08-21, closed on 2019-05-04)*
* Relations:
* copied_to #9299
* parent #9299
* Changesets:
* Revision cb2ae9a4a2b9b249ba83323406199eb1836f6ded by Natanael Copa on 2018-08-21T14:38:36Z:
```
main/krb5: security upgrade to 1.15.3 (CVE-2017-15088,CVE-2018-5709,CVE-2018-5710)
fixes #9301
```3.8.1Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9298[3.5] xen: Multiple vulnerabilities (CVE-2018-3620, CVE-2018-3646, CVE-2018-1...2019-07-23T11:23:02ZAlicha CH[3.5] xen: Multiple vulnerabilities (CVE-2018-3620, CVE-2018-3646, CVE-2018-14007, CVE-2018-14678, CVE-2018-15468, CVE-2018-15469, CVE-2018-15470, CVE-2018-15471)**CVE-2018-15469, XSA-268**: Use of v2 grant tables may cause crash on
Arm
### Reference:
http://xenbits.xen.org/xsa/advisory-268.html
**CVE-2018-15468, XSA-269**: x86: Incorrect MSR\_DEBUGCTL handling lets
guests enable BTS
### Refe...**CVE-2018-15469, XSA-268**: Use of v2 grant tables may cause crash on
Arm
### Reference:
http://xenbits.xen.org/xsa/advisory-268.html
**CVE-2018-15468, XSA-269**: x86: Incorrect MSR\_DEBUGCTL handling lets
guests enable BTS
### Reference:
http://xenbits.xen.org/xsa/advisory-269.html
**CVE-2018-15471, XSA-270**: Linux netback driver OOB access in hash
handling
### Reference:
http://xenbits.xen.org/xsa/advisory-270.html
**CVE-2018-14007, XSA-271**: XAPI HTTP directory traversal
### Reference:
http://xenbits.xen.org/xsa/advisory-271.html
**CVE-2018-15470, XSA-272**: oxenstored does not apply quota-maxentity
### Reference:
http://xenbits.xen.org/xsa/advisory-272.html
**CVE-2018-3620, CVE-2018-3646, XSA-273**: L1 Terminal Fault speculative
side channel
### Reference:
http://xenbits.xen.org/xsa/advisory-273.html
**CVE-2018-14678, XSA-274**: Linux: Uninitialized state in x86 PV
failsafe callback path
### Reference:
http://xenbits.xen.org/xsa/advisory-274.html
*(from redmine: issue id 9298, created on 2018-08-21, closed on 2019-05-04)*
* Relations:
* copied_to #9293
* parent #92933.5.4Ariadne Conillariadne@ariadne.spaceAriadne Conillariadne@ariadne.spacehttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9295[3.8] xen: Multiple vulnerabilities (CVE-2018-3620, CVE-2018-3646, CVE-2018-1...2019-07-23T11:23:03ZAlicha CH[3.8] xen: Multiple vulnerabilities (CVE-2018-3620, CVE-2018-3646, CVE-2018-14007, CVE-2018-14678, CVE-2018-15468, CVE-2018-15469, CVE-2018-15470, CVE-2018-15471)**CVE-2018-15469, XSA-268**: Use of v2 grant tables may cause crash on
Arm
### Reference:
http://xenbits.xen.org/xsa/advisory-268.html
**CVE-2018-15468, XSA-269**: x86: Incorrect MSR\_DEBUGCTL handling lets
guests enable BTS
### Refe...**CVE-2018-15469, XSA-268**: Use of v2 grant tables may cause crash on
Arm
### Reference:
http://xenbits.xen.org/xsa/advisory-268.html
**CVE-2018-15468, XSA-269**: x86: Incorrect MSR\_DEBUGCTL handling lets
guests enable BTS
### Reference:
http://xenbits.xen.org/xsa/advisory-269.html
**CVE-2018-15471, XSA-270**: Linux netback driver OOB access in hash
handling
### Reference:
http://xenbits.xen.org/xsa/advisory-270.html
**CVE-2018-14007, XSA-271**: XAPI HTTP directory traversal
### Reference:
http://xenbits.xen.org/xsa/advisory-271.html
**CVE-2018-15470, XSA-272**: oxenstored does not apply quota-maxentity
### Reference:
http://xenbits.xen.org/xsa/advisory-272.html
**CVE-2018-3620, CVE-2018-3646, XSA-273**: L1 Terminal Fault speculative
side channel
### Reference:
http://xenbits.xen.org/xsa/advisory-273.html
**CVE-2018-14678, XSA-274**: Linux: Uninitialized state in x86 PV
failsafe callback path
### Reference:
http://xenbits.xen.org/xsa/advisory-274.html
*(from redmine: issue id 9295, created on 2018-08-21, closed on 2019-05-04)*
* Relations:
* copied_to #9293
* parent #9293
* Changesets:
* Revision 74dce6e0451466b8eb5078660886cc226f9704f4 by Natanael Copa on 2018-09-06T06:03:40Z:
```
main/xen: backport various security fixes
fixes #9295
```3.8.1Ariadne Conillariadne@ariadne.spaceAriadne Conillariadne@ariadne.spacehttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9294[3.9] xen: Multiple vulnerabilities (CVE-2018-3620, CVE-2018-3646, CVE-2018-1...2019-07-23T11:23:04ZAlicha CH[3.9] xen: Multiple vulnerabilities (CVE-2018-3620, CVE-2018-3646, CVE-2018-14007, CVE-2018-14678, CVE-2018-15468, CVE-2018-15469, CVE-2018-15470, CVE-2018-15471)**CVE-2018-15469, XSA-268**: Use of v2 grant tables may cause crash on
Arm
### Reference:
http://xenbits.xen.org/xsa/advisory-268.html
**CVE-2018-15468, XSA-269**: x86: Incorrect MSR\_DEBUGCTL handling lets
guests enable BTS
### Refe...**CVE-2018-15469, XSA-268**: Use of v2 grant tables may cause crash on
Arm
### Reference:
http://xenbits.xen.org/xsa/advisory-268.html
**CVE-2018-15468, XSA-269**: x86: Incorrect MSR\_DEBUGCTL handling lets
guests enable BTS
### Reference:
http://xenbits.xen.org/xsa/advisory-269.html
**CVE-2018-15471, XSA-270**: Linux netback driver OOB access in hash
handling
### Reference:
http://xenbits.xen.org/xsa/advisory-270.html
**CVE-2018-14007, XSA-271**: XAPI HTTP directory traversal
### Reference:
http://xenbits.xen.org/xsa/advisory-271.html
**CVE-2018-15470, XSA-272**: oxenstored does not apply quota-maxentity
### Reference:
http://xenbits.xen.org/xsa/advisory-272.html
**CVE-2018-3620, CVE-2018-3646, XSA-273**: L1 Terminal Fault speculative
side channel
### Reference:
http://xenbits.xen.org/xsa/advisory-273.html
**CVE-2018-14678, XSA-274**: Linux: Uninitialized state in x86 PV
failsafe callback path
### Reference:
http://xenbits.xen.org/xsa/advisory-274.html
*(from redmine: issue id 9294, created on 2018-08-21, closed on 2019-05-04)*
* Relations:
* copied_to #9293
* parent #92933.9.1Ariadne Conillariadne@ariadne.spaceAriadne Conillariadne@ariadne.spacehttps://gitlab.alpinelinux.org/alpine/aports/-/issues/9292Docker: download/pull fails with error: Client.Timeout exceeded while awaitin...2020-04-10T18:48:03ZThomas SchneiderDocker: download/pull fails with error: Client.Timeout exceeded while awaiting headersHi,
I’m running Alpine Linux 3.8.0 in KVM.
I have successfully configured this installation incl. Proxy.
This system is running in corporate network and proxy is required.
The internet connection is working fine for apk, wget, …
...Hi,
I’m running Alpine Linux 3.8.0 in KVM.
I have successfully configured this installation incl. Proxy.
This system is running in corporate network and proxy is required.
The internet connection is working fine for apk, wget, …
However I cannot use Docker.
For any image that is not available locally I get this error message:
<code class="text">
vm105-docker:~# docker run -d nginx
Unable to find image 'nginx:latest' locally
docker: Error response from daemon: Get https://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers).
See 'docker run --help'.
</code>
I assume this is related to the required proxy configuration that is
there but not working for docker.
I have installed this Docker version:
<code class="text">
vm105-docker:~# docker --version
Docker version 18.03.1-ce, build 20527e6d83
</code>
*(from redmine: issue id 9292, created on 2018-08-21)*