Mail archive
alpine-user

[alpine-user] apk MITM bug

From: Fabio Martins <fm+alpine+user+list_at_phosphorusnetworks.com>
Date: Sat, 15 Sep 2018 11:01:20 -0300

Just read:

https://www.theregister.co.uk/2018/09/15/alpine_linux_bug/

..."The vulnerability lies in the way apk unpacks archives and deals with
suspicious code. Justicz found that if the malware could be hidden within
the package's commit_hooks directory, it would escape the cleanup and
could then be executed as normal."

Didn't found nothing here:

https://bugs.alpinelinux.org/projects/alpine/issues

Am I missing something?

cheers.

-- 
Fabio Martins
PHOSPHORUS NETWORKS
https://phosphorusnetworks.com/en/
---
Unsubscribe:  alpine-user+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-user+help_at_lists.alpinelinux.org
---
Received on Sat Sep 15 2018 - 11:01:20 UTC