From owner-freebsd-ports-bugs@FreeBSD.ORG Sat Apr 12 13:50:00 2014 Return-Path: Delivered-To: freebsd-ports-bugs@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id ADA255ED for ; Sat, 12 Apr 2014 13:50:00 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 88CFA18FC for ; Sat, 12 Apr 2014 13:50:00 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s3CDo08f068159 for ; Sat, 12 Apr 2014 13:50:00 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s3CDo0Cg068158; Sat, 12 Apr 2014 13:50:00 GMT (envelope-from gnats) Resent-Date: Sat, 12 Apr 2014 13:50:00 GMT Resent-Message-Id: <201404121350.s3CDo0Cg068158@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Pawel Biernacki Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 6314E3E1 for ; Sat, 12 Apr 2014 13:41:13 +0000 (UTC) Received: from cgiserv.freebsd.org (cgiserv.freebsd.org [IPv6:2001:1900:2254:206a::50:4]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4EF5C18A5 for ; Sat, 12 Apr 2014 13:41:13 +0000 (UTC) Received: from cgiserv.freebsd.org ([127.0.1.6]) by cgiserv.freebsd.org (8.14.8/8.14.8) with ESMTP id s3CDfDnc025293 for ; Sat, 12 Apr 2014 13:41:13 GMT (envelope-from nobody@cgiserv.freebsd.org) Received: (from nobody@localhost) by cgiserv.freebsd.org (8.14.8/8.14.8/Submit) id s3CDfDZr025286; Sat, 12 Apr 2014 13:41:13 GMT (envelope-from nobody) Message-Id: <201404121341.s3CDfDZr025286@cgiserv.freebsd.org> Date: Sat, 12 Apr 2014 13:41:13 GMT From: Pawel Biernacki To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Subject: ports/188512: Multiple vulnerabilities not listed in vuln.xml X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Apr 2014 13:50:00 -0000 >Number: 188512 >Category: ports >Synopsis: Multiple vulnerabilities not listed in vuln.xml >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Sat Apr 12 13:50:00 UTC 2014 >Closed-Date: >Last-Modified: >Originator: Pawel Biernacki >Release: FreeBSD 11.0-CURRENT >Organization: Collaborative work of #freebsd on irc.freenode.net >Environment: FreeBSD a.b.c. 11.0-CURRENT FreeBSD 11.0-CURRENT #2 r264308: Wed Apr 9 22:29:38 UTC 2014 toor@a.b.c:/usr/obj/usr/src/sys/ABC amd64 >Description: Multiple vulnerabilities are not listed in vuln.xml: OpenLDAP -- incorrect handling of NULL in certificate Common Name (openldap24-client and linux-f10-openldap) cURL -- inappropriate GSSAPI delegation (curl and linux-f10-curl) dbus-glib -- privledge escalation (dbus-glib and linux-f10-dbus-glib) nas -- multiple vulnerabilities (nas and linux-f10-nas-libs) libaudiofile -- heap-based overflow in Microsoft ADPCM compression module (libaudiofile and linux-f10-libaudiofile) also previous vulnerabilities entries don't cover linux-f10-* packages: linux-f10-gnutls, linux-f10-libgcrypt, linux-f10-libxml2, linux-f10-png, linux-f10-tiff, linux-f10-nss, linux-f10-expat. Please find attached patch for vuxml adding vulnerable ports to the database. >How-To-Repeat: Choose a random listed package(s) and read attached link to description of vulnerability. >Fix: Patch attached with submission follows: Index: security/vuxml/vuln.xml =================================================================== --- security/vuxml/vuln.xml (revision 351090) +++ security/vuxml/vuln.xml (working copy) @@ -51,6 +51,160 @@ --> + + OpenLDAP -- incorrect handling of NULL in certificate Common Name + + + openldap24-client + linux-f10-openldap + 2.4.18 + + + + +

Jan Lieskovsky reports:

+
+

OpenLDAP does not properly handle a '\0' character in a domain name + in the subject's Common Name (CN) field of an X.509 certificate, + which allows man-in-the-middle attackers to spoof arbitrary SSL + servers via a crafted certificate issued by a legitimate + Certification Authority

+
+ + + + CVE-2009-3767 + https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3767 + + + 2009-08-07 + 2014-04-11 + + + + + cURL -- inappropriate GSSAPI delegation + + + curl + linux-f10-curl + 7.10.67.21.6 + + + + +

cURL reports:

+
+

When doing GSSAPI authentication, libcurl unconditionally performs + credential delegation. This hands the server a copy of the client's + security credentials, allowing the server to impersonate the client + to any other using the same GSSAPI mechanism.

+
+ + + + CVE-2011-2192 + http://curl.haxx.se/docs/adv_20110623.html + + + 2011-06-23 + 2014-04-11 + + + + + dbus-glib -- privledge escalation + + + dbus-glib + linux-f10-dbus-glib + 0.100.1 + + + + +

Sebastian Krahmer reports:

+
+

A privilege escalation flaw was found in the way dbus-glib, the + D-Bus add-on library to integrate the standard D-Bus library with + the GLib thread abstraction and main loop, performed filtering of + the message sender (message source subject), when the + NameOwnerChanged signal was received. A local attacker could use + this flaw to escalate their privileges.

+
+ + + + CVE-2013-0292 + https://bugs.freedesktop.org/show_bug.cgi?id=60916 + + + 2013-02-15 + 2014-04-11 + + + + + nas -- multiple vulnerabilities + + + nas + linux-f10-nas-libs + 1.9.4 + + + + +

Hamid Zamani reports:

+
+

multiple security problems (buffer overflows, format string + vulnerabilities and missing input sanitising), which could lead to + the execution of arbitrary code.

+
+ + + + CVE-2013-4256 + CVE-2013-4257 + CVE-2013-4258 + http://radscan.com/pipermail/nas/2013-August/001270.html + + + 2013-08-07 + 2014-04-11 + + + + + libaudiofile -- heap-based overflow in Microsoft ADPCM compression module + + + libaudiofile + linux-f10-libaudiofile + 0.2.7 + + + + +

Debian reports:

+
+

Heap-based buffer overflow in msadpcm.c in libaudiofile in audiofile + 0.2.6 allows context-dependent attackers to cause a denial of service + (application crash) or possibly execute arbitrary code via a crafted + WAV file.

+
+ + + + CVE-2014-0159 + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510205 + + + 2008-12-30 + 2014-04-11 + + + OpenSSL -- Local Information Disclosure @@ -1084,6 +1238,7 @@ gnutls + linux-f10-gnutls 2.12.23_4 @@ -4644,6 +4799,7 @@ libgcrypt + linux-f10-libgcrypt 1.5.3 @@ -4660,6 +4816,7 @@ + CVE-2013-4242 http://eprint.iacr.org/2013/448 http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000329.html http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html @@ -17586,6 +17743,7 @@ libxml2 + linux-f10-libxml2 2.7.8_3 @@ -18888,6 +19046,7 @@ png + linux-f10-png 1.4.11 @@ -19929,6 +20088,7 @@ libxml2 + linux-f10-libxml2 2.7.8_2 @@ -22706,6 +22866,7 @@ libxml2 + linux-f10-libxml2 2.7.8 @@ -32355,6 +32516,7 @@ linux-tiff + linux-f10-tiff 3.9.4 @@ -33540,6 +33702,11 @@ linux-firefox-devel 3.5.9 + + nss + linux-f10-nss + 3.12.5 + @@ -35069,6 +35236,7 @@ expat2 + linux-f10-expat 2.0.1_1 >Release-Note: >Audit-Trail: >Unformatted: