~alpine/users

[alpine-user] apk MITM bug

Fabio Martins <fm+alpine+user+list@phosphorusnetworks.com>
Details
Message ID
<c6595cb2b1367aac07c08919c1a3312a>
Sender timestamp
1537020080
DKIM signature
missing
Download raw message
6 years ago 
Just read:

https://www.theregister.co.uk/2018/09/15/alpine_linux_bug/

..."The vulnerability lies in the way apk unpacks archives and deals with
suspicious code. Justicz found that if the malware could be hidden within
the package's commit_hooks directory, it would escape the cleanup and
could then be executed as normal."

Didn't found nothing here:

https://bugs.alpinelinux.org/projects/alpine/issues

Am I missing something?

cheers.

-- 
Fabio Martins
PHOSPHORUS NETWORKS
https://phosphorusnetworks.com/en/



---
Unsubscribe:  alpine-user+unsubscribe@lists.alpinelinux.org
Help:         alpine-user+help@lists.alpinelinux.org
---
Reply to thread Export thread (mbox)