Date: Fri, 13 Jan 2017 16:49:59 +0000 (UTC) From: Mark Felder <feld@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r431401 - head/security/vuxml Message-ID: <201701131649.v0DGnxqf056012@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: feld Date: Fri Jan 13 16:49:59 2017 New Revision: 431401 URL: https://svnweb.freebsd.org/changeset/ports/431401 Log: Consolidate duplicate openssh vuxml entries Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri Jan 13 16:25:58 2017 (r431400) +++ head/security/vuxml/vuln.xml Fri Jan 13 16:49:59 2017 (r431401) @@ -208,6 +208,10 @@ Notes: <topic>FreeBSD -- OpenSSH multiple vulnerabilities</topic> <affects> <package> + <name>openssh-portable</name> + <range><lt>7.4.p1,1</lt></range> + </package> + <package> <name>FreeBSD</name> <range><ge>11.0</ge><lt>11.0_7</lt></range> <range><ge>10.3</ge><lt>10.3_16</lt></range> @@ -239,13 +243,14 @@ Notes: </body> </description> <references> - <cvename>CVE-2016-1000</cvename> - <cvename>CVE-2016-1001</cvename> + <cvename>CVE-2016-10009</cvename> + <cvename>CVE-2016-10010</cvename> <freebsdsa>SA-17:01.openssh</freebsdsa> </references> <dates> <discovery>2017-01-11</discovery> <entry>2017-01-11</entry> + <modified>2017-01-13</modified> </dates> </vuln> @@ -1205,57 +1210,7 @@ Notes: </vuln> <vuln vid="2aedd15f-ca8b-11e6-a9a5-b499baebfeaf"> - <topic>openssh -- multiple vulnerabilities</topic> - <affects> - <package> - <name>openssh-portable</name> - <range><lt>7.4.p1,1</lt></range> - </package> - <package> - <name>FreeBSD</name> - <range><ge>11.0</ge><lt>11.0_7</lt></range> - <range><ge>10.3</ge><lt>10.3_16</lt></range> - <range><ge>10.2</ge><lt>10.2_29</lt></range> - <range><ge>10.1</ge><lt>10.1_46</lt></range> - <range><ge>9.3</ge><lt>9.3_54</lt></range> - </package> - </affects> - <description> - <body xmlns="http://www.w3.org/1999/xhtml">; - <p>The OpenSSH project reports:</p> - <blockquote cite="https://www.openssh.com/txt/release-7.4">; - <ul> - <li>ssh-agent(1): Will now refuse to load PKCS#11 modules from - paths outside a trusted whitelist (run-time configurable). - Requests to load modules could be passed via agent forwarding - and an attacker could attempt to load a hostile PKCS#11 module - across the forwarded agent channel: PKCS#11 modules are shared - libraries, so this would result in code execution on the system - running the ssh-agent if the attacker has control of the - forwarded agent-socket (on the host running the sshd server) - and the ability to write to the filesystem of the host running - ssh-agent (usually the host running the ssh client). - (CVE-2016-10009)</li> - <li>sshd(8): When privilege separation is disabled, forwarded - Unix-domain sockets would be created by sshd(8) with the - privileges of 'root' instead of the authenticated user. This - release refuses Unix-domain socket forwarding when privilege - separation is disabled (Privilege separation has been enabled by - default for 14 years). CVE-2016-10010)</li> - </ul> - </blockquote> - </body> - </description> - <references> - <url>https://www.openssh.com/txt/release-7.4</url>; - <cvename>CVE-2016-10009</cvename> - <cvename>CVE-2016-10010</cvename> - </references> - <dates> - <discovery>2016-12-25</discovery> - <entry>2016-12-25</entry> - <modified>2017-01-09</modified> - </dates> + <cancelled/> </vuln> <vuln vid="c40ca16c-4d9f-4d70-8b6c-4d53aeb8ead4">
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201701131649.v0DGnxqf056012>