Active forum topics

xorg-server: a 20 year old security bug

AmatCoder — Fri, 18 Oct 2013 18:15:04 +0000

Forums:

Common Vulnerabilities and Exposures

I inaugurate this section...;-)

http://lists.freedesktop.org/archives/xorg/2013-October/056074.html

Regards.

Ghost (CVE-2015-0235)

bwhite — Wed, 28 Jan 2015 18:49:38 +0000

Forums:

Common Vulnerabilities and Exposures

Is Alpine Linux 3.1 (or other version) vulnerable to GHOST? https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability

Is there something like the '-security' lists of other distros?

Pearson — Mon, 06 Jul 2015 19:21:52 +0000

Forums:

Common Vulnerabilities and Exposures

I just read about Alpine Linux in this week's Distrowatch Weekly. This looks very interesting, and I'd like to look into it during my (limited) spare time. One question I have is whether the Apline package maintainers track and report which CVEs are fixed in which releases. In particular, if a security patch is applied to a release, then I presume the package version number would be bumped; in that case, would there be something that says "fixed CVE-xxxx-yyy"? Is there something that would collect those?

openssl CVE-2016-2180

sword — Mon, 29 Aug 2016 00:36:06 +0000

Forums:

Common Vulnerabilities and Exposures

Do alpine have any plan to fix this vulnerable?

Below link is a patch to fix this vulnerable:
https://github.com/openssl/openssl/commit/0ed26acce328ec16a3aa635f1ca37365e8c7403a

chrome firefox package vulnerable from phishing attack

mmix — Wed, 26 Apr 2017 14:31:18 +0000

Forums:

Common Vulnerabilities and Exposures

chrome and firefox package from alpine linux are not safe from phishing attack.

latest chrome version safe but the version from alpine linux is 57.0.2987.133 (64-bit) which is NOT safe.

https://www.wordfence.com/blog/2017/04/chrome-firefox-unicode-phishing/

Bug #7357: Is there an ETA for 3.5.3?

spencerwilson-optimizely — Tue, 05 Sep 2017 23:14:53 +0000

Forums:

Common Vulnerabilities and Exposures

Hi all,

First off, thank you for the work you all put into maintaining Alpine. It is appreciated.

I was wondering when the 3.5.x branch might see its next release? A few CVEs had their fix merged 3 months ago (http://bugs.alpinelinux.org/issues/7357), but haven't yet seen release. I understand there is in general no firm release cadence; just am wondering if there is an estimate available on when might be released.

Need help with erlang-inets package

nihar_pattanaik — Wed, 22 Nov 2017 07:37:51 +0000

Forums:

Common Vulnerabilities and Exposures

Hi,

I'm using Alpine RabbitMQ docker image and our security team has found unencrypted private keys in erlang-inets example package. Because of this our product has failed in security vulnerability test. I know this certificate is just a example one, however as the appcheck tool finds it, will be difficult to pass the test.

Can we somehow custom build erlang-inets removing the examples or is there a way to remove the example folder from the package. Could someone please help.

Regards,
Nihar