Date: Sun, 11 Mar 2012 21:48:28 +0000 From: "Simon L. B. Nielsen" <simon@FreeBSD.org> To: freebsd-security@freebsd.org Subject: Upgrade port audit now! Message-ID: <B9C4FE06-CB0F-4A00-B90C-9262F98257BF@FreeBSD.org> References: <0E8E530C-BD7D-46BD-80A0-BE947D73429E@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hey, Bleh, even I forget at times that security@ !=3D freebsd-security@ :-). Begin forwarded message: > From: "Simon L. B. Nielsen" <simon@FreeBSD.org> > Subject: Upgrade port audit now! > Date: 11 March 2012 21:40:26 GMT > To: ports@FreeBSD.org, security@FreeBSD.org >=20 > Hey, >=20 > If you have portaudit installed, you should upgrade sooner rather than = later! >=20 > Begin forwarded message: >=20 >> From: "Simon L. Nielsen" <simon@FreeBSD.org> >> Subject: cvs commit: ports/ports-mgmt/portaudit Makefile pkg-plist = ports/ports-mgmt/portaudit/files portaudit-cmd.sh >> Date: 11 March 2012 21:32:58 GMT >> To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, = cvs-all@FreeBSD.org >>=20 >> simon 2012-03-11 21:32:58 UTC >>=20 >> FreeBSD ports repository >>=20 >> Modified files: >> ports-mgmt/portaudit Makefile pkg-plist=20 >> ports-mgmt/portaudit/files portaudit-cmd.sh=20 >> Log: >> Portaudit 0.6.0: >>=20 >> Fix remote code execution which can occur with a specially crafted >> audit file. The attacker would need to get the portaudit(1) to >> download the bad audit database, e.g. by performing a man in the >> middle attack. >>=20 >> Add signature verification of the portaudit database. The public key >> is for the database generated for portaudit.FreeBSD.org is included >> in the distribution. >>=20 >> Submitted by: Michael Gmelin <freebsd@grem.de> >> Reported by: Michael Gmelin <freebsd@grem.de>, Joerg Scheinert >> Security: Remote code execution >> Security: = http://vuxml.FreeBSD.org/6d329b64-6bbb-11e1-9166-001e4f0fb9b1.html >> Feature safe: yes >> With hat: so >=20 > --=20 > Simon L. B. Nielsen > FreeBSD Deputy Security Officer >=20 > _______________________________________________________ > Please think twice when forwarding, cc:ing, or bcc:ing > security-team messages. Ask if you are unsure. --=20 Simon L. B. Nielsen FreeBSD Deputy Security Officer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B9C4FE06-CB0F-4A00-B90C-9262F98257BF>