From owner-svn-ports-branches@FreeBSD.ORG Wed May 14 11:41:41 2014 Return-Path: Delivered-To: svn-ports-branches@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id F1124F17; Wed, 14 May 2014 11:41:40 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DC5B226B6; Wed, 14 May 2014 11:41:40 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s4EBfe4R090618; Wed, 14 May 2014 11:41:40 GMT (envelope-from rene@svn.freebsd.org) Received: (from rene@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s4EBfeQJ090617; Wed, 14 May 2014 11:41:40 GMT (envelope-from rene@svn.freebsd.org) Message-Id: <201405141141.s4EBfeQJ090617@svn.freebsd.org> From: Rene Ladan Date: Wed, 14 May 2014 11:41:40 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r354038 - branches/2014Q2/security/vuxml X-SVN-Group: ports-branches MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-branches@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for all the branches of the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 May 2014 11:41:41 -0000 Author: rene Date: Wed May 14 11:41:40 2014 New Revision: 354038 URL: http://svnweb.freebsd.org/changeset/ports/354038 QAT: https://qat.redports.org/buildarchive/r354038/ Log: MFH: r354037 Describe new vulnerabilities in www/chromium < 34.0.1847.137 Obtained from: http://googlechromereleases.blogspot.nl/ Also merge entries for: - libXfont < 1.4.7_3 - libxml2 < 2.8.0_5 - openssl >= 1.0.1 < 1.0.1_12 - qt4-xml < 4.8.6 - strongswan < 5.1.3 - mohawk < 2.0.12 - chromium < 34.0.1847.132 - mozilla/firefox < 29.0 / 24.5.0 (esr), seamonkey < 2.26, thunderbird < 24.5 Approved by: portmgr (erwin) Modified: branches/2014Q2/security/vuxml/vuln.xml Directory Properties: branches/2014Q2/ (props changed) Modified: branches/2014Q2/security/vuxml/vuln.xml ============================================================================== --- branches/2014Q2/security/vuxml/vuln.xml Wed May 14 10:38:06 2014 (r354037) +++ branches/2014Q2/security/vuxml/vuln.xml Wed May 14 11:41:40 2014 (r354038) @@ -51,6 +51,419 @@ Note: Please add new entries to the beg --> + + chromium -- multiple vulnerabilities + + + chromium + 34.0.1847.137 + + + + +

Google Chrome Releases reports:

+
3 security fixes in this release:
+
+
[358038] High CVE-2014-1740: Use-after-free in WebSockets. + Credit to Collin Payne.
+
[349898] High CVE-2014-1741: Integer overflow in DOM ranges. + Credit to John Butler.
+
[356690] High CVE-2014-1742: Use-after-free in editing. Credit + to cloudfuzzer.
+
+

+ + + + CVE-2014-1740 + CVE-2014-1741 + CVE-2014-1742 + http://googlechromereleases.blogspot.nl/ + + + 2014-05-13 + 2014-05-14 + + + + + libXfont -- X Font Service Protocol and Font metadata file handling issues + + + libXfont + 1.4.7_3 + + + + +

Alan Coopersmith reports:

+
Ilja van Sprundel, a security researcher with IOActive, has + discovered several issues in the way the libXfont library + handles the responses it receives from xfs servers, and has + worked with X.Org's security team to analyze, confirm, and fix + these issues.
+
Most of these issues stem from libXfont trusting the font server + to send valid protocol data, and not verifying that the values + will not overflow or cause other damage. This code is commonly + called from the X server when an X Font Server is active in the + font path, so may be running in a setuid-root process depending + on the X server in use. Exploits of this path could be used by + a local, authenticated user to attempt to raise privileges; or + by a remote attacker who can control the font server to attempt + to execute code with the privileges of the X server.
+

+ + + + CVE-2014-0209 + CVE-2014-0210 + CVE-2014-0211 + http://lists.x.org/archives/xorg-announce/2014-May/002431.html + + + 2014-05-13 + 2014-05-13 + + + + + libxml2 -- lack of end-of-document check DoS + + + libxml2 + 2.8.0_5 + + + + +

CVE MITRE reports:

+
parser.c in libxml2 before 2.9.0, as used in Google + Chrome before 28.0.1500.71 and other products, allows remote + attackers to cause a denial of service (out-of-bounds read) + via a document that ends abruptly, related to the lack of + certain checks for the XML_PARSER_EOF state.
+

+ + + + CVE-2013-2877 + https://git.gnome.org/browse/libxml2/tag/?id=CVE-2013-2877 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2877 + https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2877 + + + 2013-04-11 + 2013-07-10 + + + + + libxml2 -- entity substitution DoS + + + libxml2 + 2.8.0_5 + + + + +

Stefan Cornelius reports:

+
It was discovered that libxml2, a library providing + support to read, modify and write XML files, incorrectly + performs entity substitution in the doctype prolog, even if + the application using libxml2 disabled any entity + substitution. A remote attacker could provide a + specially-crafted XML file that, when processed, would lead + to the exhaustion of CPU and memory resources or file + descriptors.
+
This issue was discovered by Daniel Berrange of Red Hat.
+

+ + + + CVE-2014-0191 + http://www.openwall.com/lists/oss-security/2014/05/06/4 + https://git.gnome.org/browse/libxml2/tag/?id=CVE-2014-0191 + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0191 + + + 2013-12-03 + 2014-05-06 + + + + + OpenSSL -- NULL pointer dereference / DoS + + + openssl + 1.0.11.0.1_12 + + + + +

OpenBSD and David Ramos reports:

+
Applications that use SSL_MODE_RELEASE_BUFFERS, such as nginx/apache, + are prone to a race condition which may allow a remote attacker to + crash the current service.
+

+ + + + http://www.openwall.com/lists/oss-security/2014/05/02/5 + https://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=3321 + CVE-2014-0198 + + + 2014-05-02 + 2014-05-03 + + + + + qt4-xml -- XML Entity Expansion Denial of Service + + + qt4-xml + 4.8.6 + + + + +

Richard J. Moore reports:

+
QXmlSimpleReader in Qt versions prior to 5.2 supports + expansion of internal entities in XML documents without + placing restrictions to ensure the document does not cause + excessive memory usage. If an application using this API + processes untrusted data then the application may use + unexpected amounts of memory if a malicious document is + processed.
+
It is possible to construct XML documents using internal + entities that consume large amounts of memory and other + resources to process, this is known as the 'Billion Laughs' + attack. Qt versions prior to 5.2 did not offer protection + against this issue.
+

+ + + + CVE-2013-4549 + http://lists.qt-project.org/pipermail/announce/2013-December/000036.html + + + 2013-12-05 + 2014-05-05 + + + + + strongswan -- Remote Authentication Bypass + + + strongswan + 5.1.3 + + + + +

strongSwan developers report:

+
Remote attackers are able to bypass authentication by rekeying an + IKE_SA during (1) initiation or (2) re-authentication, which + triggers the IKE_SA state to be set to established.
+
Only installations that actively initiate or re-authenticate IKEv2 + IKE_SAs are affected.
+

+ + + + CVE-2014-2338 + http://www.strongswan.org/blog/2014/04/14/strongswan-authentication-bypass-vulnerability-%28cve-2014-2338%29.html + + + 2014-03-12 + 2014-05-04 + + + + + mohawk -- multiple vulnerabilities + + + mohawk + 2.0.12 + + + + +

The mohawk project reports:

+
Segfault when parsing malformed / unescaped url, coredump when setting syslog facility.
+

+ + + + http://fossil.bsdsx.fr/mohawk/tktview?name=1707f0e351 + http://fossil.bsdsx.fr/mohawk/tktview?name=1c7565019e + + + 2014-04-10 + 2014-04-30 + + + + + chromium -- multiple vulnerabilities + + + chromium + 34.0.1847.132 + + + + +

Google Chrome Releases reports (belatedly):

+
9 security fixes in this release, including:
+
+
[354967] High CVE-2014-1730: Type confusion in V8. Credit to + Anonymous.
+
[349903] High CVE-2014-1731: Type confusion in DOM. Credit to + John Butler.
+
[359802] High CVE-2014-1736: Integer overflow in V8. Credit to + SkyLined working with HP's Zero Day Initiative.
+
[352851] Medium CVE-2014-1732: Use-after-free in Speech + Recognition. Credit to Khalil Zhani.
+
[351103] Medium CVE-2014-1733: Compiler bug in Seccomp-BPF. + Credit to Jed Davis.
+
[367314] CVE-2014-1734: Various fixes from internal audits, + fuzzing and other initiatives.
+
[359130, 359525, 360429] CVE-2014-1735: Multiple + vulnerabilities in V8 fixed in version 3.24.35.33.
+
+

+ + + + CVE-2014-1730 + CVE-2014-1731 + CVE-2014-1732 + CVE-2014-1733 + CVE-2014-1734 + CVE-2014-1735 + CVE-2014-1736 + http://googlechromereleases.blogspot.nl/ + + + 2014-04-24 + 2014-04-30 + + + + + mozilla -- multiple vulnerabilities + + + firefox + 29.0,1 + + + firefox-esr + 24.5.0,1 + + + linux-firefox + 29.0,1 + + + linux-seamonkey + 2.26 + + + linux-thunderbird + 24.5.0 + + + seamonkey + 2.26 + + + thunderbird + 24.5.0 + + + + +

The Mozilla Project reports:

+
MFSA 2014-34 Miscellaneous memory safety hazards + (rv:29.0 / rv:24.5)
+
MFSA 2014-35 Privilege escalation through Mozilla Maintenance + Service Installer
+
MFSA 2014-36 Web Audio memory corruption issues
+
MFSA 2014-37 Out of bounds read while decoding JPG images
+
MFSA 2014-38 Buffer overflow when using non-XBL object as + XBL
+
MFSA 2014-39 Use-after-free in the Text Track Manager + for HTML video
+
MFSA 2014-41 Out-of-bounds write in Cairo
+
MFSA 2014-42 Privilege escalation through Web Notification + API
+
MFSA 2014-43 Cross-site scripting (XSS) using history + navigations
+
MFSA 2014-44 Use-after-free in imgLoader while resizing + images
+
MFSA 2014-45 Incorrect IDNA domain name matching for + wildcard certificates
+
MFSA 2014-46 Use-after-free in nsHostResolve
+
MFSA 2014-47 Debugger can bypass XrayWrappers + with JavaScript
+

+ + + + CVE-2014-1492 + CVE-2014-1518 + CVE-2014-1519 + CVE-2014-1520 + CVE-2014-1522 + CVE-2014-1523 + CVE-2014-1524 + CVE-2014-1525 + CVE-2014-1526 + CVE-2014-1527 + CVE-2014-1528 + CVE-2014-1529 + CVE-2014-1530 + CVE-2014-1531 + CVE-2014-1532 + https://www.mozilla.org/security/announce/2014/mfsa2014-34.html + https://www.mozilla.org/security/announce/2014/mfsa2014-35.html + https://www.mozilla.org/security/announce/2014/mfsa2014-36.html + https://www.mozilla.org/security/announce/2014/mfsa2014-37.html + https://www.mozilla.org/security/announce/2014/mfsa2014-38.html + https://www.mozilla.org/security/announce/2014/mfsa2014-39.html + https://www.mozilla.org/security/announce/2014/mfsa2014-41.html + https://www.mozilla.org/security/announce/2014/mfsa2014-42.html + https://www.mozilla.org/security/announce/2014/mfsa2014-43.html + https://www.mozilla.org/security/announce/2014/mfsa2014-44.html + https://www.mozilla.org/security/announce/2014/mfsa2014-45.html + https://www.mozilla.org/security/announce/2014/mfsa2014-46.html + https://www.mozilla.org/security/announce/2014/mfsa2014-47.html + http://www.mozilla.org/security/known-vulnerabilities/ + + + 2014-04-29 + 2014-04-29 + + + django -- multiple vulnerabilities