Date: Sat, 18 May 2019 01:23:59 +0000 (UTC) From: "Timur I. Bakeyev" <timur@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r501893 - head/security/vuxml Message-ID: <201905180123.x4I1Nxrq021580@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: timur Date: Sat May 18 01:23:59 2019 New Revision: 501893 URL: https://svnweb.freebsd.org/changeset/ports/501893 Log: Add entry about Samba4* vulnerabilities. Security: CVE-2018-16860 CVE-2019-3880 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Sat May 18 00:47:38 2019 (r501892) +++ head/security/vuxml/vuln.xml Sat May 18 01:23:59 2019 (r501893) @@ -58,6 +58,56 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="793a0072-7822-11e9-81e2-005056a311d1"> + <topic>samba -- multiple vulnerabilities</topic> + <affects> + <package> + <name>samba46</name> + <range><le>4.6.16</le></range> + </package> + <package> + <name>samba47</name> + <range><le>4.7.12</le></range> + </package> + <package> + <name>samba48</name> + <range><lt>4.8.12</lt></range> + </package> + <package> + <name>samba49</name> + <range><lt>4.9.8</lt></range> + </package> + <package> + <name>samba410</name> + <range><lt>4.10.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>The samba project reports:</p> + <blockquote cite="https://www.samba.org/samba/security/CVE-2018-16860.html">; + <p>The checksum validation in the S4U2Self handler in the embedded Heimdal KDC + did not first confirm that the checksum was keyed, allowing replacement of the + requested target (client) principal</p> + </blockquote> + <blockquote cite="https://www.samba.org/samba/security/CVE-2019-3880.html">; + <p>Authenticated users with write permission can trigger a symlink traversal to write + or detect files outside the Samba share.</p> + </blockquote> + </body> + </description> + <references> + <url>https://www.samba.org/samba/security/CVE-2018-16860.html</url>; + <cvename>CVE-2018-16860</cvename> + <url>https://www.samba.org/samba/security/CVE-2019-3880.html</url>; + <cvename>CVE-2019-3880</cvename> + </references> + <dates> + <discovery>2019-05-14</discovery> + <entry>2019-05-14</entry> + </dates> + </vuln> + <vuln vid="37528379-76a8-11e9-a4fd-00012e582166"> <topic>Rust -- violation of Rust's safety guarantees</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201905180123.x4I1Nxrq021580>