Date: Tue, 12 May 2015 10:48:17 +0000 (UTC) From: Kubilay Kocak <koobs@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r386133 - head/security/vuxml Message-ID: <201505121048.t4CAmHXR086225@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: koobs Date: Tue May 12 10:48:17 2015 New Revision: 386133 URL: https://svnweb.freebsd.org/changeset/ports/386133 Log: security/vuxml: Add CVE-2015-0971 entry for security/suricata Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue May 12 09:48:02 2015 (r386132) +++ head/security/vuxml/vuln.xml Tue May 12 10:48:17 2015 (r386133) @@ -57,6 +57,43 @@ Notes: --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="fe910ed6-f88d-11e4-9ae3-0050562a4d7b"> + <topic>suricata -- TLS/DER Parser Bug (DoS)</topic> + <affects> + <package> + <name>suricata</name> + <range><lt>2.0.8</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>OISF Development Team reports:</p> + <blockquote cite="https://lists.openinfosecfoundation.org/pipermail/oisf-devel/2015-May/003406.html">; + <p>The OISF development team is pleased to announce Suricata 2.0.8. + This release fixes a number of issues in the 2.0 series.</p> + + <p>The most important issue is a bug in the DER parser which is used to + decode SSL/TLS certificates could crash Suricata. This issue was + reported by Kostya Kortchinsky of the Google Security Team and was fixed + by Pierre Chifflier of ANSSI.</p> + + <p>Those processing large numbers of (untrusted) pcap files need to update + as a malformed pcap could crash Suricata. Again, credits go to Kostya + Kortchinsky.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2015-0971</cvename> + <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0971</url>; + <url>https://github.com/inliniac/suricata/commit/fa73a0bb8f312fd0a95cc70f6b3ee4e4997bdba7</url>; + </references> + <dates> + <discovery>2015-05-06</discovery> + <entry>2015-05-12</entry> + </dates> + </vuln> + <vuln vid="0b040e24-f751-11e4-b24d-5453ed2e2b49"> <topic>libssh -- null pointer dereference</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201505121048.t4CAmHXR086225>