Date: Wed, 4 Oct 2017 07:56:03 +0000 (UTC) From: Bernard Spil <brnrd@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r451185 - head/security/vuxml Message-ID: <201710040756.v947u3mi008114@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: brnrd Date: Wed Oct 4 07:56:03 2017 New Revision: 451185 URL: https://svnweb.freebsd.org/changeset/ports/451185 Log: security/vuxml: Document latest cURL vulnerability Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed Oct 4 07:53:36 2017 (r451184) +++ head/security/vuxml/vuln.xml Wed Oct 4 07:56:03 2017 (r451185) @@ -58,6 +58,48 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="ccace707-a8d8-11e7-ac58-b499baebfeaf"> + <topic>cURL -- out of bounds read</topic> + <affects> + <package> + <name>curl</name> + <range><lt>7.56.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>The cURL project reports:</p> + <blockquote cite="https://curl.haxx.se/docs/adv_20171004.html">; + <p>FTP PWD response parser out of bounds read</p> + <p>libcurl may read outside of a heap allocated buffer when doing FTP.</p> + <p>When libcurl connects to an FTP server and successfully logs in + (anonymous or not), it asks the server for the current directory with + the PWD command. The server then responds with a 257 response containing + the path, inside double quotes. The returned path name is then kept by + libcurl for subsequent uses.</p> + <p>Due to a flaw in the string parser for this directory name, a directory + name passed like this but without a closing double quote would lead to + libcurl not adding a trailing NUL byte to the buffer holding the name. + When libcurl would then later access the string, it could read beyond + the allocated heap buffer and crash or wrongly access data beyond the + buffer, thinking it was part of the path.</p> + <p>A malicious server could abuse this fact and effectively prevent + libcurl-based clients to work with it - the PWD command is always issued + on new FTP connections and the mistake has a high chance of causing a + segfault.</p> + </blockquote> + </body> + </description> + <references> + <url>https://curl.haxx.se/docs/adv_20171004.html</url>; + <cvename>CVE-2017-1000254</cvename> + </references> + <dates> + <discovery>2017-10-04</discovery> + <entry>2017-10-04</entry> + </dates> + </vuln> + <vuln vid="6ed5c5e3-a840-11e7-b5af-a4badb2f4699"> <topic>FreeBSD -- OpenSSH Denial of Service vulnerability</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201710040756.v947u3mi008114>