Download
| Alert*
oval:org.secpod.oval:def:1800267
musl 1.1.16 and previous are affected by CVE-2017-15650. The issue was resolved in 1.1.17 which is currently in the edge repository. The patch looks simple and is said to apply cleanly to "all recent versions". I suggest including the patch in all currently supported Alpine releases, assuming it doe ... oval:org.secpod.oval:def:1800259 musl 1.1.16 and previous are affected by CVE-2017-15650. The issue was resolved in 1.1.17 which is currently in the edge repository. The patch looks simple and is said to apply cleanly to "all recent versions". I suggest including the patch in all currently supported Alpine releases, assuming it doe ... oval:org.secpod.oval:def:1901421 musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query. oval:org.secpod.oval:def:1800425 musl 1.1.16 and previous are affected by CVE-2017-15650. The issue was resolved in 1.1.17 which is currently in the edge repository. The patch looks simple and is said to apply cleanly to "all recent versions". I suggest including the patch in all currently supported Alpine releases, assuming it doe ... oval:org.secpod.oval:def:2001200 musl libc before 1.1.17 has a buffer overflow via crafted DNS replies because dns_parse_callback in network/lookup_name.c does not restrict the number of addresses, and thus an attacker can provide an unexpected number by sending A records in a reply to an AAAA query. |