alpine issueshttps://gitlab.alpinelinux.org/groups/alpine/-/issues2019-07-23T13:50:07Zhttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4477[v3.2] OpenSSH: keyboard-interactive authentication brute force vulnerability...2019-07-23T13:50:07ZAlexander Belous[v3.2] OpenSSH: keyboard-interactive authentication brute force vulnerability (CVE-2015-5600)OpenSSH has a default value of six authentication tries before it will
close the connection (the ssh client allows only three password
entries per default).
With this vulnerability an attacker is able to request as many
password p...OpenSSH has a default value of six authentication tries before it will
close the connection (the ssh client allows only three password
entries per default).
With this vulnerability an attacker is able to request as many
password prompts limited by the “login graced time” setting, that is
set to two minutes by default.
Especially FreeBSD systems are affected by the vulnerability because
they have keyboard-interactive authentication enabled by default.
A simple way to exploit the bug is to execute this command:
ssh -lusername -oKbdInteractiveDevices=\`perl -e ‘print “pam,” x
10000’\` targethost
This will effectively allow up to 10000 password entries limited by
the login grace time setting.
The crucial part is that if the attacker requests 10000
keyboard-interactive devices openssh will gracefully execute the
request and will be inside a loop to accept passwords until the
specified devices are exceeded.
Reference:
http://seclists.org/fulldisclosure/2015/Jul/92
*(from redmine: issue id 4477, created on 2015-07-24, closed on 2015-07-31)*
* Relations:
* parent #4473
* Changesets:
* Revision 349ad37b3400ed4f7f3fb02db6fec33d252dd704 by Natanael Copa on 2015-07-30T14:21:52Z:
```
main/openssh: security fix for CVE-2015-5600
fixes #4477
```3.2.3Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4476[v3.1] OpenSSH: keyboard-interactive authentication brute force vulnerability...2019-07-23T13:50:08ZAlexander Belous[v3.1] OpenSSH: keyboard-interactive authentication brute force vulnerability (CVE-2015-5600)OpenSSH has a default value of six authentication tries before it will
close the connection (the ssh client allows only three password
entries per default).
With this vulnerability an attacker is able to request as many
password p...OpenSSH has a default value of six authentication tries before it will
close the connection (the ssh client allows only three password
entries per default).
With this vulnerability an attacker is able to request as many
password prompts limited by the “login graced time” setting, that is
set to two minutes by default.
Especially FreeBSD systems are affected by the vulnerability because
they have keyboard-interactive authentication enabled by default.
A simple way to exploit the bug is to execute this command:
ssh -lusername -oKbdInteractiveDevices=\`perl -e ‘print “pam,” x
10000’\` targethost
This will effectively allow up to 10000 password entries limited by
the login grace time setting.
The crucial part is that if the attacker requests 10000
keyboard-interactive devices openssh will gracefully execute the
request and will be inside a loop to accept passwords until the
specified devices are exceeded.
Reference:
http://seclists.org/fulldisclosure/2015/Jul/92
*(from redmine: issue id 4476, created on 2015-07-24, closed on 2015-07-31)*
* Relations:
* parent #4473
* Changesets:
* Revision 3885568b0e267af8bd7ce20f4c0337c84312da01 by Natanael Copa on 2015-07-30T14:38:40Z:
```
main/openssh: security fix for CVE-2015-5600
fixes #4476
```3.1.5Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4475[v3.0] OpenSSH: keyboard-interactive authentication brute force vulnerability...2019-07-23T13:50:09ZAlexander Belous[v3.0] OpenSSH: keyboard-interactive authentication brute force vulnerability (CVE-2015-5600)OpenSSH has a default value of six authentication tries before it will
close the connection (the ssh client allows only three password
entries per default).
With this vulnerability an attacker is able to request as many
password p...OpenSSH has a default value of six authentication tries before it will
close the connection (the ssh client allows only three password
entries per default).
With this vulnerability an attacker is able to request as many
password prompts limited by the “login graced time” setting, that is
set to two minutes by default.
Especially FreeBSD systems are affected by the vulnerability because
they have keyboard-interactive authentication enabled by default.
A simple way to exploit the bug is to execute this command:
ssh -lusername -oKbdInteractiveDevices=\`perl -e ‘print “pam,” x
10000’\` targethost
This will effectively allow up to 10000 password entries limited by
the login grace time setting.
The crucial part is that if the attacker requests 10000
keyboard-interactive devices openssh will gracefully execute the
request and will be inside a loop to accept passwords until the
specified devices are exceeded.
Reference:
http://seclists.org/fulldisclosure/2015/Jul/92
*(from redmine: issue id 4475, created on 2015-07-24, closed on 2015-07-31)*
* Relations:
* parent #4473
* Changesets:
* Revision 4c781145fea2f72a16dcf5acd51e426850ef540a by Natanael Copa on 2015-07-30T14:32:56Z:
```
main/openssh: security fix for CVE-2015-5600
fixes #4475
```3.0.7Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4474[v2.7] OpenSSH: keyboard-interactive authentication brute force vulnerability...2019-07-23T13:50:10ZAlexander Belous[v2.7] OpenSSH: keyboard-interactive authentication brute force vulnerability (CVE-2015-5600)OpenSSH has a default value of six authentication tries before it will
close the connection (the ssh client allows only three password
entries per default).
With this vulnerability an attacker is able to request as many
password p...OpenSSH has a default value of six authentication tries before it will
close the connection (the ssh client allows only three password
entries per default).
With this vulnerability an attacker is able to request as many
password prompts limited by the “login graced time” setting, that is
set to two minutes by default.
Especially FreeBSD systems are affected by the vulnerability because
they have keyboard-interactive authentication enabled by default.
A simple way to exploit the bug is to execute this command:
ssh -lusername -oKbdInteractiveDevices=\`perl -e ‘print “pam,” x
10000’\` targethost
This will effectively allow up to 10000 password entries limited by
the login grace time setting.
The crucial part is that if the attacker requests 10000
keyboard-interactive devices openssh will gracefully execute the
request and will be inside a loop to accept passwords until the
specified devices are exceeded.
Reference:
http://seclists.org/fulldisclosure/2015/Jul/92
*(from redmine: issue id 4474, created on 2015-07-24, closed on 2015-07-31)*
* Relations:
* parent #4473
* Changesets:
* Revision f313c8ea055322f60121a3baf75c0d16ea154978 by Natanael Copa on 2015-07-30T14:47:07Z:
```
main/openssh: security fix for CVE-2015-5600
fixes #4474
```Alpine 2.7.10Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4473OpenSSH: keyboard-interactive authentication brute force vulnerability (CVE-2...2019-07-23T13:50:12ZAlexander BelousOpenSSH: keyboard-interactive authentication brute force vulnerability (CVE-2015-5600)OpenSSH has a default value of six authentication tries before it will
close the connection (the ssh client allows only three password
entries per default).
With this vulnerability an attacker is able to request as many
password p...OpenSSH has a default value of six authentication tries before it will
close the connection (the ssh client allows only three password
entries per default).
With this vulnerability an attacker is able to request as many
password prompts limited by the “login graced time” setting, that is
set to two minutes by default.
Especially FreeBSD systems are affected by the vulnerability because
they have keyboard-interactive authentication enabled by default.
A simple way to exploit the bug is to execute this command:
ssh -lusername -oKbdInteractiveDevices=\`perl -e ‘print “pam,” x
10000’\` targethost
This will effectively allow up to 10000 password entries limited by
the login grace time setting.
The crucial part is that if the attacker requests 10000
keyboard-interactive devices openssh will gracefully execute the
request and will be inside a loop to accept passwords until the
specified devices are exceeded.
Reference:
http://seclists.org/fulldisclosure/2015/Jul/92
*(from redmine: issue id 4473, created on 2015-07-24, closed on 2015-07-31)*
* Relations:
* child #4474
* child #4475
* child #4476
* child #4477
* Changesets:
* Revision dcd01962e2f8f725ba879e17feb98988480f5500 by Natanael Copa on 2015-07-30T14:19:24Z:
```
main/openssh: security fix for CVE-2015-5600
ref #4473
```https://gitlab.alpinelinux.org/alpine/aports/-/issues/4472[v3.2] ghostscript: Crash file for the ps2pdf command (CVE-2015-3228)2019-07-23T13:50:13ZAlexander Belous[v3.2] ghostscript: Crash file for the ps2pdf command (CVE-2015-3228)The crash can be triggered with the following command on older versions
of Ghostscript:
$ ps2pdf test.ps
Segmentation fault
The affected versions are still shipped by various distributions.
ps2pdf is a shell script that calls the gs...The crash can be triggered with the following command on older versions
of Ghostscript:
$ ps2pdf test.ps
Segmentation fault
The affected versions are still shipped by various distributions.
ps2pdf is a shell script that calls the gs binary in the following way:
$ /usr/bin/gs P dSAFER -dCompatibilityLevel=1.4 -q -P dNOPAUSE -dBATCH
-sDEVICE=pdfwrite -sstdout=%stderr -sOutputFile=test.pdf -P -dSAFER
-dCompatibilityLevel=1.4 -c .setpdfwrite -f test.ps
Segmentation fault
I attached gdb and valgrind sessions showing the crash on RHEL 6.6 and
RHEL 7.1.1503.
The versions of the affected packages on RHEL are:
RHEL6.6
ghostscript-8.70-19.el6.x86\_64
ghostscript-debuginfo-8.70-19.el6.x86\_64
ghostscript-fonts-5.50-23.2.el6.noarch
RHEL7.1.1503
ghostscript-9.07-18.el7.x86\_64
ghostscript-debuginfo-9.07-18.el7.x86\_64
ghostscript-fonts-5.50-32.el7.noarch
The problem does not occur with current source revision.
The following commit fixes the segfault, but the problem is not
mentioned in
the commit log:
ecc7a199e9307475c37fea0c44d24b85df814ead
The offending file seems to be gs/Resource/Init/gs\_ttf.ps
If one replaces this file with the one from the specified commit (or
from
the current master) on RHEL 7.1.1503 or RHEL 6.6, the segfault does
not
occur anymore.
Since the influence of this commit on the problem is not yet fully
understood,
the problem might still be present in current version of gs.
Reference:
http://bugs.ghostscript.com/show\_bug.cgi?id=696041
*(from redmine: issue id 4472, created on 2015-07-24, closed on 2015-08-05)*
* Relations:
* parent #4468
* Changesets:
* Revision 4562dbd2e017349035b31df017bee36d5d6b201b by Natanael Copa on 2015-08-04T09:44:25Z:
```
main/ghostscript: security fix for CVE-2015-3228
fixes #4472
```3.2.3Cameron BantaCameron Bantahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4471[v3.1] ghostscript: Crash file for the ps2pdf command (CVE-2015-3228)2019-07-23T13:50:14ZAlexander Belous[v3.1] ghostscript: Crash file for the ps2pdf command (CVE-2015-3228)The crash can be triggered with the following command on older versions
of Ghostscript:
$ ps2pdf test.ps
Segmentation fault
The affected versions are still shipped by various distributions.
ps2pdf is a shell script that calls the gs...The crash can be triggered with the following command on older versions
of Ghostscript:
$ ps2pdf test.ps
Segmentation fault
The affected versions are still shipped by various distributions.
ps2pdf is a shell script that calls the gs binary in the following way:
$ /usr/bin/gs P dSAFER -dCompatibilityLevel=1.4 -q -P dNOPAUSE -dBATCH
-sDEVICE=pdfwrite -sstdout=%stderr -sOutputFile=test.pdf -P -dSAFER
-dCompatibilityLevel=1.4 -c .setpdfwrite -f test.ps
Segmentation fault
I attached gdb and valgrind sessions showing the crash on RHEL 6.6 and
RHEL 7.1.1503.
The versions of the affected packages on RHEL are:
RHEL6.6
ghostscript-8.70-19.el6.x86\_64
ghostscript-debuginfo-8.70-19.el6.x86\_64
ghostscript-fonts-5.50-23.2.el6.noarch
RHEL7.1.1503
ghostscript-9.07-18.el7.x86\_64
ghostscript-debuginfo-9.07-18.el7.x86\_64
ghostscript-fonts-5.50-32.el7.noarch
The problem does not occur with current source revision.
The following commit fixes the segfault, but the problem is not
mentioned in
the commit log:
ecc7a199e9307475c37fea0c44d24b85df814ead
The offending file seems to be gs/Resource/Init/gs\_ttf.ps
If one replaces this file with the one from the specified commit (or
from
the current master) on RHEL 7.1.1503 or RHEL 6.6, the segfault does
not
occur anymore.
Since the influence of this commit on the problem is not yet fully
understood,
the problem might still be present in current version of gs.
Reference:
http://bugs.ghostscript.com/show\_bug.cgi?id=696041
*(from redmine: issue id 4471, created on 2015-07-24, closed on 2015-08-05)*
* Relations:
* parent #4468
* Changesets:
* Revision ca4a30adeb8a02a127c6030e2730f8ec7900c915 by Natanael Copa on 2015-08-04T12:05:07Z:
```
main/ghostscript: security fix for CVE-2015-3228
fixes #4471
```3.1.5Cameron BantaCameron Bantahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4470[v3.0] ghostscript: Crash file for the ps2pdf command (CVE-2015-3228)2019-07-23T13:50:15ZAlexander Belous[v3.0] ghostscript: Crash file for the ps2pdf command (CVE-2015-3228)The crash can be triggered with the following command on older versions
of Ghostscript:
$ ps2pdf test.ps
Segmentation fault
The affected versions are still shipped by various distributions.
ps2pdf is a shell script that calls the gs...The crash can be triggered with the following command on older versions
of Ghostscript:
$ ps2pdf test.ps
Segmentation fault
The affected versions are still shipped by various distributions.
ps2pdf is a shell script that calls the gs binary in the following way:
$ /usr/bin/gs P dSAFER -dCompatibilityLevel=1.4 -q -P dNOPAUSE -dBATCH
-sDEVICE=pdfwrite -sstdout=%stderr -sOutputFile=test.pdf -P -dSAFER
-dCompatibilityLevel=1.4 -c .setpdfwrite -f test.ps
Segmentation fault
I attached gdb and valgrind sessions showing the crash on RHEL 6.6 and
RHEL 7.1.1503.
The versions of the affected packages on RHEL are:
RHEL6.6
ghostscript-8.70-19.el6.x86\_64
ghostscript-debuginfo-8.70-19.el6.x86\_64
ghostscript-fonts-5.50-23.2.el6.noarch
RHEL7.1.1503
ghostscript-9.07-18.el7.x86\_64
ghostscript-debuginfo-9.07-18.el7.x86\_64
ghostscript-fonts-5.50-32.el7.noarch
The problem does not occur with current source revision.
The following commit fixes the segfault, but the problem is not
mentioned in
the commit log:
ecc7a199e9307475c37fea0c44d24b85df814ead
The offending file seems to be gs/Resource/Init/gs\_ttf.ps
If one replaces this file with the one from the specified commit (or
from
the current master) on RHEL 7.1.1503 or RHEL 6.6, the segfault does
not
occur anymore.
Since the influence of this commit on the problem is not yet fully
understood,
the problem might still be present in current version of gs.
Reference:
http://bugs.ghostscript.com/show\_bug.cgi?id=696041
*(from redmine: issue id 4470, created on 2015-07-24, closed on 2015-08-05)*
* Relations:
* parent #4468
* Changesets:
* Revision 6c275fa9475ad80a6e7801bf9356cb7acc22c654 by Natanael Copa on 2015-08-04T14:35:15Z:
```
main/ghostscript: security fix for CVE-2015-3228
fixes #4470
```3.0.7Cameron BantaCameron Bantahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4469[v2.7] ghostscript: Crash file for the ps2pdf command (CVE-2015-3228)2019-07-23T13:50:16ZAlexander Belous[v2.7] ghostscript: Crash file for the ps2pdf command (CVE-2015-3228)The crash can be triggered with the following command on older versions
of Ghostscript:
$ ps2pdf test.ps
Segmentation fault
The affected versions are still shipped by various distributions.
ps2pdf is a shell script that calls the gs...The crash can be triggered with the following command on older versions
of Ghostscript:
$ ps2pdf test.ps
Segmentation fault
The affected versions are still shipped by various distributions.
ps2pdf is a shell script that calls the gs binary in the following way:
$ /usr/bin/gs P dSAFER -dCompatibilityLevel=1.4 -q -P dNOPAUSE -dBATCH
-sDEVICE=pdfwrite -sstdout=%stderr -sOutputFile=test.pdf -P -dSAFER
-dCompatibilityLevel=1.4 -c .setpdfwrite -f test.ps
Segmentation fault
I attached gdb and valgrind sessions showing the crash on RHEL 6.6 and
RHEL 7.1.1503.
The versions of the affected packages on RHEL are:
RHEL6.6
ghostscript-8.70-19.el6.x86\_64
ghostscript-debuginfo-8.70-19.el6.x86\_64
ghostscript-fonts-5.50-23.2.el6.noarch
RHEL7.1.1503
ghostscript-9.07-18.el7.x86\_64
ghostscript-debuginfo-9.07-18.el7.x86\_64
ghostscript-fonts-5.50-32.el7.noarch
The problem does not occur with current source revision.
The following commit fixes the segfault, but the problem is not
mentioned in
the commit log:
ecc7a199e9307475c37fea0c44d24b85df814ead
The offending file seems to be gs/Resource/Init/gs\_ttf.ps
If one replaces this file with the one from the specified commit (or
from
the current master) on RHEL 7.1.1503 or RHEL 6.6, the segfault does
not
occur anymore.
Since the influence of this commit on the problem is not yet fully
understood,
the problem might still be present in current version of gs.
Reference:
http://bugs.ghostscript.com/show\_bug.cgi?id=696041
*(from redmine: issue id 4469, created on 2015-07-24, closed on 2015-08-05)*
* Relations:
* parent #4468
* Changesets:
* Revision 85d3c3bf7d2914b99cad25b6b45a73e5c8f7df54 by Natanael Copa on 2015-08-04T14:45:44Z:
```
main/ghostscript: security fix for CVE-2015-3228
fixes #4469
```Alpine 2.7.10Cameron BantaCameron Bantahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4468ghostscript: Crash file for the ps2pdf command (CVE-2015-3228)2019-07-23T13:50:17ZAlexander Belousghostscript: Crash file for the ps2pdf command (CVE-2015-3228)The crash can be triggered with the following command on older versions
of Ghostscript:
$ ps2pdf test.ps
Segmentation fault
The affected versions are still shipped by various distributions.
ps2pdf is a shell script that calls the gs...The crash can be triggered with the following command on older versions
of Ghostscript:
$ ps2pdf test.ps
Segmentation fault
The affected versions are still shipped by various distributions.
ps2pdf is a shell script that calls the gs binary in the following way:
$ /usr/bin/gs <s>P</s> -dSAFER -dCompatibilityLevel=1.4 -q <s>P</s>
-dNOPAUSE -dBATCH -sDEVICE=pdfwrite -sstdout=%stderr
-sOutputFile=test.pdf <s>P</s> -dSAFER -dCompatibilityLevel=1.4 -c
.setpdfwrite -f test.ps
Segmentation fault
I attached gdb and valgrind sessions showing the crash on RHEL 6.6 and
RHEL 7.1.1503.
The versions of the affected packages on RHEL are:
RHEL6.6
ghostscript-8.70-19.el6.x86\_64
ghostscript-debuginfo-8.70-19.el6.x86\_64
ghostscript-fonts-5.50-23.2.el6.noarch
RHEL7.1.1503
ghostscript-9.07-18.el7.x86\_64
ghostscript-debuginfo-9.07-18.el7.x86\_64
ghostscript-fonts-5.50-32.el7.noarch
The problem does not occur with current source revision.
The following commit fixes the segfault, but the problem is not
mentioned in
the commit log:
ecc7a199e9307475c37fea0c44d24b85df814ead
The offending file seems to be gs/Resource/Init/gs\_ttf.ps
If one replaces this file with the one from the specified commit (or
from
the current master) on RHEL 7.1.1503 or RHEL 6.6, the segfault does
not
occur anymore.
Since the influence of this commit on the problem is not yet fully
understood,
the problem might still be present in current version of gs.
Reference:
http://bugs.ghostscript.com/show\_bug.cgi?id=696041
*(from redmine: issue id 4468, created on 2015-07-24, closed on 2015-08-05)*
* Relations:
* child #4469
* child #4470
* child #4471
* child #4472
* Changesets:
* Revision 65e4c60a4f8332d1525882aa8b02db6d3c554ffe by Natanael Copa on 2015-07-31T15:08:00Z:
```
main/ghostscript: security fix for CVE-2015-3228
ref #4468
```https://gitlab.alpinelinux.org/alpine/aports/-/issues/4467sshguard not working in recent version2019-07-15T14:23:32Zalgitbotsshguard not working in recent versionsshguard in alpine 3.2.2 is not working as opposed to 1.5-r1 in alpine
3.1.4
Teststring: Jul 24 11:29:08 vpn auth.info sshd\[7870\]: Failed password
for root from 210.245.80.192 port 1160 ssh2
alpine 3.1.4 / sshguard 1.5 (working)
xxx...sshguard in alpine 3.2.2 is not working as opposed to 1.5-r1 in alpine
3.1.4
Teststring: Jul 24 11:29:08 vpn auth.info sshd\[7870\]: Failed password
for root from 210.245.80.192 port 1160 ssh2
alpine 3.1.4 / sshguard 1.5 (working)
xxx:~\# SSHGUARD\_DEBUG=“” sshguard
whitelist: add ‘127.0.0.1’ as plain IPv4.
whitelist: add plain IPv4 127.0.0.1.
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Run command “iptables -L”: exited 0.
Started successfully \[(a,p,s)=(40, 420, 1200)\], now ready to scan.
Jul 24 11:29:08 vpn auth.info sshd\[7870\]: Failed password for root
from 210.245.80.192 port 1160 ssh2
Starting parse
Entering state 0
Reading a token: —accepting rule at line 110 (“Jul 24 11:29:08 vpn
auth.info sshd\[7870\]: ”)
Next token is token SYSLOG\_BANNER\_PID ()
Shifting token SYSLOG\_BANNER\_PID ()
Entering state 1
Reading a token: —accepting rule at line 142 (“Failed password for root
from ”)
Next token is token SSH\_LOGINERR\_PREF ()
Shifting token SSH\_LOGINERR\_PREF ()
Entering state 8
Reading a token: —accepting rule at line 201 (“210.245.80.192”)
Next token is token IPv4 ()
Shifting token IPv4 ()
Entering state 50
Reducing stack by rule 23 (line 203):
$1 = token IPv4 ()
->$$ = nterm addr ()
Stack now 0 1 8
Entering state 55
Reading a token: —accepting rule at line 221 (" “)
—accepting rule at line 143 (”port 1160 ssh2“)
Next token is token SSH\_LOGINERR\_SUFF ()
Shifting token SSH\_LOGINERR\_SUFF ()
Entering state 72
Reducing stack by rule 33 (line 278):
$1 = token SSH\_LOGINERR\_PREF ()
$2 = nterm addr ()
$3 = token SSH\_LOGINERR\_SUFF ()
->$$ = nterm ssh\_authfail ()
Stack now 0 1
Entering state 32
Reducing stack by rule 27 (line 264):
$1 = nterm ssh\_authfail ()
->$$ = nterm sshmsg ()
Stack now 0 1
Entering state 30
Reducing stack by rule 11 (line 169):
$1 = nterm sshmsg ()
->$$ = nterm msg\_single ()
Stack now 0 1
Entering state 28
Reducing stack by rule 9 (line 163):
$1 = nterm msg\_single ()
->$$ = nterm logmsg ()
Stack now 0 1
Entering state 46
Reducing stack by rule 5 (line 138):
$1 = token SYSLOG\_BANNER\_PID ()
$2 = nterm logmsg ()
->$$ = nterm syslogent ()
Stack now 0
Entering state 24
Reducing stack by rule 1 (line 122):
$1 = nterm syslogent ()
->$$ = nterm text ()
Stack now 0
Entering state 23
Reading a token: —(end of buffer or a NUL)
—accepting rule at line 221 (”
")
—(end of buffer or a NUL)
—EOF (start condition 0)
Now at end of input.
Stack now 0 23
Cleanup: popping nterm text ()
Matched address 210.245.80.192:4 attacking service 100, dangerousness
10.
Purging stale attackers.
alpine v3.2.2 /sshguard 1.6.0-r0 (not working)
xxx~:\# SSHGUARD\_DEBUG=“” sshguard
whitelist: add ‘127.0.0.1’ as plain IPv4.
whitelist: add plain IPv4 127.0.0.1.
Set environment: SSHG\_ACTION=init;SSHG\_PID=1450
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Run command “iptables -w -L -n”: exited 0.
Started with danger threshold=40 ; minimum block=420 seconds
Jul 24 11:29:08 vpn auth.info sshd\[7870\]: Failed password for root
from 210.245.80.192 port 1160 ssh2
Starting parse
Entering state 0
Reading a token: —accepting rule at line 96 (“Jul 24 11:29:08 vpn ”)
Next token is token SYSLOG\_BANNER ()
Shifting token SYSLOG\_BANNER ()
Entering state 3
Reading a token: —accepting rule at line 197 (“auth.info”)
Next token is token HOSTADDR ()
Error: popping token SYSLOG\_BANNER ()
Stack now 0
Cleanup: discarding lookahead token HOSTADDR ()
Stack now 0
*(from redmine: issue id 4467, created on 2015-07-24)*https://gitlab.alpinelinux.org/alpine/aports/-/issues/4466ngrep in LXC container2019-07-23T13:50:18ZMichael Masonngrep in LXC containerGet segmentation fault using ngrep on LXC container.
ngrep -s0 -d eth0 port 5060 -qtWbyline
interface: eth0 (10.1.1.0/255.255.255.0)
Segmentation fault
Tcpdump does work.
Ngrep does work on the parent host.
The parent has bonded ...Get segmentation fault using ngrep on LXC container.
ngrep -s0 -d eth0 port 5060 -qtWbyline
interface: eth0 (10.1.1.0/255.255.255.0)
Segmentation fault
Tcpdump does work.
Ngrep does work on the parent host.
The parent has bonded nics with vlans.
*(from redmine: issue id 4466, created on 2015-07-23, closed on 2015-08-04)*
* Changesets:
* Revision 25948a450ec1e10d2d4d52b2cd50e032d0a8e732 by Natanael Copa on 2015-07-24T08:55:08Z:
```
main/ngrep: fix segfault on invalid filters and add -dbg
A comment in configure.in says:
> dnl For libpcap's that don't need the restart function called for
> dnl multiple lexer passes, allow them to turn it off here. This option
> dnl exists solely to address a very rude email from the maintainer
> dnl indicating that it shouldn't be called directly (and of course he
> dnl was wrong because this is still needed).
This indicates that you should not really call pcap_restart() directly,
so we use this --disable-pcap-restart.
This fixes segfault when the filter is invalid.
ref #4466
```
* Revision 5e67aa4075e3974be40bf9e6e691c77d4cd1c939 by Natanael Copa on 2015-07-24T09:00:21Z:
```
main/ngrep: fix segfault on invalid filters and add -dbg
A comment in configure.in says:
> dnl For libpcap's that don't need the restart function called for
> dnl multiple lexer passes, allow them to turn it off here. This option
> dnl exists solely to address a very rude email from the maintainer
> dnl indicating that it shouldn't be called directly (and of course he
> dnl was wrong because this is still needed).
This indicates that you should not really call pcap_restart() directly,
so we use this --disable-pcap-restart.
This fixes segfault when the filter is invalid.
fixes #4466
(cherry picked from commit 25948a450ec1e10d2d4d52b2cd50e032d0a8e732)
```3.2.3https://gitlab.alpinelinux.org/alpine/aports/-/issues/4465Targetcli broke. Missing py-parsing dependency.2019-07-23T13:50:19ZJann - Ove RisvikTargetcli broke. Missing py-parsing dependency.Targetcli now needs the pyparsing module to work.
https://pyparsing.wikispaces.com/
usaklig-server:/var/spool/vhosts/usaklig.com\# targetcli
Traceback (most recent call last):
File “/usr/bin/targetcli”, line 24, in <module>
from t...Targetcli now needs the pyparsing module to work.
https://pyparsing.wikispaces.com/
usaklig-server:/var/spool/vhosts/usaklig.com\# targetcli
Traceback (most recent call last):
File “/usr/bin/targetcli”, line 24, in <module>
from targetcli import UIRoot
File “/usr/lib/python2.7/site-packages/targetcli/*init*.py”, line 18, in
<module>
from ui\_root import UIRoot
File “/usr/lib/python2.7/site-packages/targetcli/ui\_root.py”, line 22,
in <module>
from configshell\_fb import ExecutionError
File “/usr/lib/python2.7/site-packages/configshell\_fb/*init*.py”, line
25, in <module>
from shell import ConfigShell
File “/usr/lib/python2.7/site-packages/configshell\_fb/shell.py”, line
20, in <module>
from pyparsing import Empty, Group, OneOrMore, Optional, ParseResults,
Regex, Suppress, Word
ImportError: No module named pyparsing
*(from redmine: issue id 4465, created on 2015-07-23, closed on 2015-08-06)*
* Changesets:
* Revision 665799c015964e2e1070a97278517a0eaf4e85b1 on 2015-07-24T07:32:53Z:
```
main/targetcli: add py-parsing dependency. Fixes #4465
(cherry picked from commit b7cedfd50a6dbb773a0b308ec6eb678b4cd4e457)
Signed-off-by: Leonardo Arena <rnalrd@alpinelinux.org>
```3.2.3Alan LacerdaAlan Lacerdahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4464libreswan - ERROR: ipsec failed to stop2019-07-15T05:09:15ZDanilo Godeclibreswan - ERROR: ipsec failed to stopWhenever I try to stop (or restart) libreswan’s ‘ipsec’ (either by
/etc/init.d/ipsec stop or by ‘ipsec setup stop’), pluto process doesn’t
exit properly and the init script returns:
\* Stopping ipsec …
\* start-stop-daemon: 1 process ...Whenever I try to stop (or restart) libreswan’s ‘ipsec’ (either by
/etc/init.d/ipsec stop or by ‘ipsec setup stop’), pluto process doesn’t
exit properly and the init script returns:
\* Stopping ipsec …
\* start-stop-daemon: 1 process refused to stop \[ !! \]
\* ERROR: ipsec failed to stop
To be able to run ‘ipsec’ again, I have to kill pluto process and run
the init script with ‘stop’ command again - only then am I able to run
it again.
*(from redmine: issue id 4464, created on 2015-07-23)*3.2.4Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4463testing/terminus-font: Install acm and uni fonts2019-07-23T13:50:20ZBernd Lauerttesting/terminus-font: Install acm and uni fontsThose fonts can be used with busyboxs setfont utility theoretically.
Of cause they can also be used with kbds setfont utility. Either way
I believe they are useful and should be installed.
Furthermore, I moved the psf, acm and uni f...Those fonts can be used with busyboxs setfont utility theoretically.
Of cause they can also be used with kbds setfont utility. Either way
I believe they are useful and should be installed.
Furthermore, I moved the psf, acm and uni fonts to /lib/kbd because
that is the path where kbd-misc stores them as well.
*(from redmine: issue id 4463, created on 2015-07-22, closed on 2015-12-06)*
* Uploads:
* [0001-testing-terminus-font-Install-uni-and-acm-fonts-as-w.patch](/uploads/969a5e824519b31f1c1e18096408385d/0001-testing-terminus-font-Install-uni-and-acm-fonts-as-w.patch)Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4462Don't run chronyd as root2019-07-23T13:50:21ZBernd LauertDon't run chronyd as root- \* The chronyd NTP daemon runs as root by default. If chrony is
compiled with support for libcap it has the capability to drop
privileges to a non-root user. This highly increases security and
thus I would suggest that th...- \* The chronyd NTP daemon runs as root by default. If chrony is
compiled with support for libcap it has the capability to drop
privileges to a non-root user. This highly increases security and
thus I would suggest that the chrony APKBUILD adds a chrony user by
default and configures the package with ‘—with-user=chrony’.
See also:
http://chrony.tuxfamily.org/faq.html\#\_how\_can\_i\_make\_chronyd\_more\_secure.
*(from redmine: issue id 4462, created on 2015-07-22, closed on 2015-12-15)*
* Changesets:
* Revision 4311f61b56a1ba41ee617a143f2e67ce23a987b7 on 2015-08-10T08:50:21Z:
```
main/chrony: don't run chronyd as root
fixes #4462
```3.3.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4461Package upgrade: quassel2019-07-23T13:50:22ZPaweł KozubalPackage upgrade: quasselVersion in main is 0.11.0 when there is 0.12.2 released.
Changelog here: https://github.com/quassel/quassel/blob/0.12/ChangeLog
*(from redmine: issue id 4461, created on 2015-07-22, closed on 2015-12-18)*
* Changesets:
* Revision 3...Version in main is 0.11.0 when there is 0.12.2 released.
Changelog here: https://github.com/quassel/quassel/blob/0.12/ChangeLog
*(from redmine: issue id 4461, created on 2015-07-22, closed on 2015-12-18)*
* Changesets:
* Revision 33d2cec5e249960b1f976c9eb58e4f3d7ce94ab6 on 2015-07-22T12:37:06Z:
```
main/quassel: upgrade to 0.12.2. Fixes #4461
```3.3.0https://gitlab.alpinelinux.org/alpine/aports/-/issues/4460Package request: openscap2019-07-14T18:27:47ZBob AmanPackage request: openscapOpenSCAP is a configuration and vulnerability scanner.
http://www.open-scap.org/page/Main\_Page
http://www.open-scap.org/page/Download
https://github.com/OpenSCAP/openscap
*(from redmine: issue id 4460, created on 2015-07-22)*OpenSCAP is a configuration and vulnerability scanner.
http://www.open-scap.org/page/Main\_Page
http://www.open-scap.org/page/Download
https://github.com/OpenSCAP/openscap
*(from redmine: issue id 4460, created on 2015-07-22)*https://gitlab.alpinelinux.org/alpine/aports/-/issues/4459main/ansible: upgrade to 1.9.22019-07-23T13:50:23ZBernd Lauertmain/ansible: upgrade to 1.9.2Had to remove the ansible-apk module by bpiotrowski@ not because it
didn’t work work with 1.9.2 anymore but because the tarball couldn’t be
extracted with tar(1). The error message was ‘bzip2: invalid magic’.
Maybe somebody could fix the...Had to remove the ansible-apk module by bpiotrowski@ not because it
didn’t work work with 1.9.2 anymore but because the tarball couldn’t be
extracted with tar(1). The error message was ‘bzip2: invalid magic’.
Maybe somebody could fix the tarball and modify the patch accordingly?
*(from redmine: issue id 4459, created on 2015-07-20, closed on 2015-12-15)*
* Uploads:
* [0001-main-ansible-upgrade-to-1.9.2.patch](/uploads/3d7f9de310c768f4e133ebdd256dbac8/0001-main-ansible-upgrade-to-1.9.2.patch)3.3.0Natanael CopaNatanael Copahttps://gitlab.alpinelinux.org/alpine/aports/-/issues/4458Package request: firejail2019-07-14T18:27:38ZBob AmanPackage request: firejailFirejail is a security sandbox that uses seccomp-bpf and namespaces to
lock down access when running untrusted code.
https://l3net.wordpress.com/projects/firejail/
http://sourceforge.net/projects/firejail/
*(from redmine: issue id 4...Firejail is a security sandbox that uses seccomp-bpf and namespaces to
lock down access when running untrusted code.
https://l3net.wordpress.com/projects/firejail/
http://sourceforge.net/projects/firejail/
*(from redmine: issue id 4458, created on 2015-07-20)*