From owner-svn-ports-all@freebsd.org Sat Dec 19 23:42:27 2015 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 337CDA4DB85; Sat, 19 Dec 2015 23:42:27 +0000 (UTC) (envelope-from timur@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 10A6419B8; Sat, 19 Dec 2015 23:42:26 +0000 (UTC) (envelope-from timur@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id tBJNgQdS098808; Sat, 19 Dec 2015 23:42:26 GMT (envelope-from timur@FreeBSD.org) Received: (from timur@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id tBJNgQ5b098806; Sat, 19 Dec 2015 23:42:26 GMT (envelope-from timur@FreeBSD.org) Message-Id: <201512192342.tBJNgQ5b098806@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: timur set sender to timur@FreeBSD.org using -f From: "Timur I. Bakeyev" Date: Sat, 19 Dec 2015 23:42:26 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r404035 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 19 Dec 2015 23:42:27 -0000 Author: timur Date: Sat Dec 19 23:42:25 2015 New Revision: 404035 URL: https://svnweb.freebsd.org/changeset/ports/404035 Log: Add entry for multiple Samba vulnerabilities Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Sat Dec 19 23:23:36 2015 (r404034) +++ head/security/vuxml/vuln.xml Sat Dec 19 23:42:25 2015 (r404035) @@ -58,6 +58,74 @@ Notes: --> + + samba -- multiple vulnerabilities + + + samba36 + 3.6.03.6.25 + + + samba4 + 4.0.04.0.26 + + + samba41 + 4.1.04.1.22 + + + samba42 + 4.2.04.2.7 + + + samba43 + 4.3.04.3.3 + + + ldb + 1.0.01.1.24 + + + + +

Samba team reports:

+
[CVE-2015-3223] Malicious request can cause Samba LDAP server to hang, spinning using CPU.
+
[CVE-2015-5330] Malicious request can cause Samba LDAP server + to return uninitialized memory that should not be part of the reply.
+
[CVE-2015-5296] Requesting encryption should also request + signing when setting up the connection to protect against man-in-the-middle attacks.
+
[CVE-2015-5299] A missing access control check in the VFS + shadow_copy2 module could allow unauthorized users to access snapshots.
+
[CVE-2015-7540] Malicious request can cause Samba LDAP server to return crash.
+
[CVE-2015-8467] Samba can expose Windows DCs to MS15-096 + Denial of service via the creation of multiple machine accounts(The Microsoft issue is CVE-2015-2535).
+
[CVE-2015-5252] Insufficient symlink verification could allow data access outside share path.
+

+ + + + CVE-2015-3223 + https://www.samba.org/samba/security/CVE-2015-3223.html + CVE-2015-5252 + https://www.samba.org/samba/security/CVE-2015-5252.html + CVE-2015-5296 + https://www.samba.org/samba/security/CVE-2015-5296.html + CVE-2015-5299 + https://www.samba.org/samba/security/CVE-2015-5299.html + CVE-2015-5330 + https://www.samba.org/samba/security/CVE-2015-5330.html + CVE-2015-7540 + https://www.samba.org/samba/security/CVE-2015-7540.html + CVE-2015-8467 + https://www.samba.org/samba/security/CVE-2015-8467.html + + + 2015-12-16 + 2015-12-19 + + + chromium -- multiple vulnerabilities