2021-10-01 10:40:29 3 CVE's announced for vim: https://www.openwall.com/lists/oss-security/2021/10/01/1 (CVE-2021-3796, CVE-2021-3778, CVE-2021-3770) 2021-10-01 10:43:57 Seems like we're already upgraded to a version that contains those patchs 2021-10-01 10:48:17 updated secfixes 2021-10-01 15:23:16 would you look at that, it's alan 2021-10-01 22:12:40 oh 2021-10-01 22:12:45 somebody found a way to exit vim 2021-10-01 22:12:47 good for them 2021-10-01 22:12:49 :) 2021-10-02 08:33:49 lol, overflow it? 2021-10-02 08:34:03 seems a teeeny tiny bit extreme 2021-10-03 18:15:52 Supply Chain Security and Tar: https://www.openwall.com/lists/oss-security/2021/10/03/1 2021-10-03 18:35:38 summary: tar is insufficiently standardized and allows for different results with different implementations, resulting in hypothetical supply chain attacks 2021-10-03 18:36:17 suggestion to use ustar instead which is standardized, or pax for longer paths 2021-10-04 10:21:10 CVE-2021-28116: SQUID Out-Of-Bounds memory access in WCCPv2 (https://www.openwall.com/lists/oss-security/2021/10/04/1) 2021-10-04 15:38:22 what this cecurity do? 2021-10-04 15:39:09 can i borrow power? i need to spy on top of rooftop like no1 cares in my area. 2021-10-04 15:39:41 mini camera, any of my drones, then law dont notice i fly drones 2021-10-04 15:40:52 law can detect flying object? 2021-10-04 15:41:09 i feel if 1 small drone i fly into the house. they really been attacking since baby. 2021-10-04 17:09:29 what the hell 2021-10-04 20:04:45 I just ignored it 2021-10-04 20:06:35 CVE-2021-41089: docker cp into specially crafted container could modify file permissions on host (https://www.openwall.com/lists/oss-security/2021/10/04/5) 2021-10-05 08:46:24 i'll work on both of those in the afternoon 2021-10-05 08:48:08 docker has alreayd been fixed by tomalok 2021-10-05 08:49:54 yeah i was referring to squid specifically 2021-10-05 08:50:16 ok 2021-10-05 10:39:35 we need someone competent who can help us maintain our ca-certificates: https://gitlab.alpinelinux.org/alpine/ca-certificates 2021-10-05 14:00:16 huh, wasn't there a CVE with `docker cp` before? 2021-10-05 14:00:37 CVE-2019-14271 I think 2021-10-05 14:01:19 https://httpd.apache.org/security/vulnerabilities_24.html yay, critical apache2 vulns! 2021-10-05 16:26:14 Yup 2021-10-05 16:26:17 CVE-2021-41773 2021-10-05 16:28:50 exploited in the wild :/ 2021-10-05 16:28:59 ahuh 2021-10-05 16:29:03 A proper zero-day 2021-10-05 16:30:07 ouch.. 2021-10-05 16:30:14 a very nasty one too 2021-10-05 16:33:08 easy to write from the PoC as well :) 2021-10-05 16:36:30 Both of them introduced in 2.49.0 2021-10-05 16:38:26 awesome 2021-10-05 16:38:36 2.4.49 you mean? 2021-10-05 16:39:14 yes 2021-10-05 16:41:41 Ariadne: !26165 2021-10-05 16:41:51 but apparently you already pushed it 2021-10-05 16:42:50 Ariadne: !26166 !26167 !26168 !26169 2021-10-05 17:04:30 !26174 2021-10-05 17:47:24 nodejs security upgrades announced for the 12th 2021-10-05 17:47:42 https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/ 2021-10-07 18:41:29 Oof 2021-10-07 18:42:15 Apache fix for CVE-2021-41773 was not sufficient: https://www.openwall.com/lists/oss-security/2021/10/07/6 2021-10-07 18:46:22 !26230 2021-10-07 20:16:51 ouch 2021-10-08 21:31:44 !26243 2021-10-10 21:33:36 !26286 2021-10-10 22:59:19 omni: is it really ready? there are unresolved threads 2021-10-10 23:16:14 Ariadne: thank you, please tell me and/or PureTryOut if there are any issues 2021-10-14 00:30:00 CVE for the OpenRC checkpath(1) vulnerability has been requested. not like Gentoo is going to admit to that fuckup. 2021-10-16 18:08:46 #13076 2021-10-16 18:08:58 Package has no maintainer 2021-10-20 19:09:43 coredump + suid + logrotate == arbitray code execution: https://www.openwall.com/lists/oss-security/2021/10/20/2 2021-10-21 15:39:03 !26606 2021-10-21 15:39:49 !26624 !26625 !26626 2021-10-22 17:09:14 hmm 2021-10-22 17:09:23 we need to do the move of sudo to community still :) 2021-10-22 17:10:17 Did we meet all pre-conditions? 2021-10-22 17:10:42 doas.d is a thing now 2021-10-23 02:24:20 yes, i think so 2021-10-23 02:24:41 it was just doas.d and removal of sudo dependencies from main 2021-10-24 15:13:11 hi 2021-10-24 15:18:09 hello 2021-10-24 15:26:57 hey hi 2021-10-24 15:27:03 danieli 2021-10-24 15:27:09 hwo are you 2021-10-24 15:27:19 decent 2021-10-24 15:27:28 well good to hear 2021-10-24 15:27:35 I am frm india and you 2021-10-24 15:27:50 can you help me regarding linux,if you dont mind 2021-10-24 15:27:59 that's a bit of a vague question, and this is the security channel 2021-10-24 15:28:07 if you need community support, you're better off asking in #alpine-linux 2021-10-24 15:28:39 can you tell me from terminal how to detect that someone is connected remoptely to your system 2021-10-24 15:28:46 on linux 2021-10-25 15:30:24 Several freeswitch vulnerabilities: CVE-2021-41158, CVE-2021-41157, CVE-2021-41145, CVE-2021-41105, CVE-2021-37624 https://www.openwall.com/lists/oss-security/2021/10/25/ 2021-10-25 15:31:12 ncopa: kubernetes CVE-2021-25742 https://www.openwall.com/lists/oss-security/2021/10/21/3 2021-10-25 15:58:38 ikke: thanks! 2021-10-26 13:35:35 PHP-FPM Privilege escalation (CVE-2021-21703) https://www.openwall.com/lists/oss-security/2021/10/26/7 2021-10-30 08:28:17 cve.mitre.org -> cve.org https://www.openwall.com/lists/oss-security/2021/10/30/ 2021-10-30 18:09:51 indeed 2021-10-31 10:40:34 CVE's still open in edge-main: cairo: https://security.alpinelinux.org/vuln/CVE-2019-6461, freeswitch: https://security.alpinelinux.org/vuln/CVE-2021-41145 2021-10-31 10:51:32 looks that the only way to get FS fixed is upgrading to 1.10.7 2021-10-31 10:51:43 which in turns has moved freetdm out of the tree 2021-10-31 10:51:57 and they does not tag a release... 2021-10-31 10:52:13 wondering why they should make the life so hard for packagers 2021-10-31 11:22:10 I wonder if we should move freeswitch to community