Date: Sun, 11 Mar 2012 21:40:26 +0000 From: "Simon L. B. Nielsen" <simon@FreeBSD.org> To: ports@FreeBSD.org, security@FreeBSD.org Subject: Upgrade port audit now! Message-ID: <0E8E530C-BD7D-46BD-80A0-BE947D73429E@FreeBSD.org> References: <201203112132.q2BLWwTZ074498@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hey, If you have portaudit installed, you should upgrade sooner rather than = later! Begin forwarded message: > From: "Simon L. Nielsen" <simon@FreeBSD.org> > Subject: cvs commit: ports/ports-mgmt/portaudit Makefile pkg-plist = ports/ports-mgmt/portaudit/files portaudit-cmd.sh > Date: 11 March 2012 21:32:58 GMT > To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, = cvs-all@FreeBSD.org >=20 > simon 2012-03-11 21:32:58 UTC >=20 > FreeBSD ports repository >=20 > Modified files: > ports-mgmt/portaudit Makefile pkg-plist=20 > ports-mgmt/portaudit/files portaudit-cmd.sh=20 > Log: > Portaudit 0.6.0: >=20 > Fix remote code execution which can occur with a specially crafted > audit file. The attacker would need to get the portaudit(1) to > download the bad audit database, e.g. by performing a man in the > middle attack. >=20 > Add signature verification of the portaudit database. The public key > is for the database generated for portaudit.FreeBSD.org is included > in the distribution. >=20 > Submitted by: Michael Gmelin <freebsd@grem.de> > Reported by: Michael Gmelin <freebsd@grem.de>, Joerg Scheinert > Security: Remote code execution > Security: = http://vuxml.FreeBSD.org/6d329b64-6bbb-11e1-9166-001e4f0fb9b1.html > Feature safe: yes > With hat: so --=20 Simon L. B. Nielsen FreeBSD Deputy Security Officer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0E8E530C-BD7D-46BD-80A0-BE947D73429E>