Date: Fri, 2 Mar 2018 17:01:15 +0000 (UTC) From: Ryan Steinmetz <zi@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r463418 - head/security/vuxml Message-ID: <201803021701.w22H1FBY000787@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: zi Date: Fri Mar 2 17:01:14 2018 New Revision: 463418 URL: https://svnweb.freebsd.org/changeset/ports/463418 Log: - Document vulnerabilities (CVE-2018-5732, CVE-2018-5733) in isc-dhcp ports Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri Mar 2 16:50:46 2018 (r463417) +++ head/security/vuxml/vuln.xml Fri Mar 2 17:01:14 2018 (r463418) @@ -58,6 +58,56 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="2040c7f5-1e3a-11e8-8ae9-0050569f0b83"> + <topic>isc-dhcp -- Multiple vulnerabilities</topic> + <affects> + <package> + <name>isc-dhcp44-server</name> + <range><lt>4.4.1</lt></range> + </package> + <package> + <name>isc-dhcp44-client</name> + <range><lt>4.4.1</lt></range> + </package> + <package> + <name>isc-dhcp43-server</name> + <range><le>4.3.6</le></range> + </package> + <package> + <name>isc-dhcp43-client</name> + <range><le>4.3.6</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>ISC reports:</p> + <blockquote cite="https://kb.isc.org/article/AA-01565"> + <p>Failure to properly bounds check a buffer used for processing + DHCP options allows a malicious server (or an entity + masquerading as a server) to cause a buffer overflow (and + resulting crash) in dhclient by sending a response containing a + specially constructed options section.</p> + </blockquote> + <blockquote cite="https://kb.isc.org/article/AA-01567"> + <p>A malicious client which is allowed to send very large amounts + of traffic (billions of packets) to a DHCP server can eventually + overflow a 32-bit reference counter, potentially causing dhcpd + to crash.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2018-5732</cvename> + <cvename>CVE-2018-5733</cvename> + <url>https://kb.isc.org/article/AA-01565</url> + <url>https://kb.isc.org/article/AA-01567</url> + </references> + <dates> + <discovery>2018-02-21</discovery> + <entry>2018-03-02</entry> + </dates> + </vuln> + <vuln vid="30704aba-1da4-11e8-b6aa-4ccc6adda413"> <topic>libsndfile -- out-of-bounds reads</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201803021701.w22H1FBY000787>