From owner-svn-ports-head@FreeBSD.ORG Thu Feb 20 18:11:26 2014 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 28296B4; Thu, 20 Feb 2014 18:11:26 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 070CF1DB0; Thu, 20 Feb 2014 18:11:26 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s1KIBPNE083850; Thu, 20 Feb 2014 18:11:25 GMT (envelope-from girgen@svn.freebsd.org) Received: (from girgen@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s1KIBPYr083849; Thu, 20 Feb 2014 18:11:25 GMT (envelope-from girgen@svn.freebsd.org) Message-Id: <201402201811.s1KIBPYr083849@svn.freebsd.org> From: Palle Girgensohn Date: Thu, 20 Feb 2014 18:11:25 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r345256 - head/security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Feb 2014 18:11:26 -0000 Author: girgen Date: Thu Feb 20 18:11:25 2014 New Revision: 345256 URL: http://svnweb.freebsd.org/changeset/ports/345256 QAT: https://qat.redports.org/buildarchive/r345256/ Log: The PostgreSQL Global Development Group has released an important update to all supported versions of the PostgreSQL database system, which includes minor versions 9.3.3, 9.2.7, 9.1.12, 9.0.16, and 8.4.20. This update contains fixes for multiple security issues, as well as several fixes for replication and data integrity issues. All users are urged to update their installations at the earliest opportunity, especially those using binary replication or running a high-security application. This update fixes CVE-2014-0060, in which PostgreSQL did not properly enforce the WITH ADMIN OPTION permission for ROLE management. Before this fix, any member of a ROLE was able to grant others access to the same ROLE regardless if the member was given the WITH ADMIN OPTION permission. It also fixes multiple privilege escalation issues, including: CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, and CVE-2014-0066. More information on these issues can be found on our security page and the security issue detail wiki page. Security: CVE-2014-0060,CVE-2014-0061,CVE-2014-0062,CVE-2014-0063 CVE-2014-0064,CVE-2014-0065,CVE-2014-0066,CVE-2014-0067 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Thu Feb 20 17:42:11 2014 (r345255) +++ head/security/vuxml/vuln.xml Thu Feb 20 18:11:25 2014 (r345256) @@ -51,6 +51,60 @@ Note: Please add new entries to the beg --> + + PostgreSQL -- multiple privilege issues + + + postgresql-server + 8.4.20 + 9.0.09.0.16 + 9.1.09.1.12 + 9.2.09.2.7 + 9.3.09.3.3 + + + + +

PostgreSQL Project reports:

+
+

This update fixes CVE-2014-0060, in which PostgreSQL did not + properly enforce the WITH ADMIN OPTION permission for ROLE management. + Before this fix, any member of a ROLE was able to grant others access + to the same ROLE regardless if the member was given the WITH ADMIN + OPTION permission. It also fixes multiple privilege escalation issues, + including: CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, + CVE-2014-0065, and CVE-2014-0066. More information on these issues can + be found on our security page and the security issue detail wiki page. +

+

+ With this release, we are also alerting users to a known security hole + that allows other users on the same machine to gain access to an + operating system account while it is doing "make check": + CVE-2014-0067. "Make check" is normally part of building PostgreSQL + from source code. As it is not possible to fix this issue without + causing significant issues to our testing infrastructure, a patch will + be released separately and publicly. Until then, users are strongly + advised not to run "make check" on machines where untrusted users have + accounts.

+
+ + + + CVE-2014-0060 + CVE-2014-0061 + CVE-2014-0062 + CVE-2014-0063 + CVE-2014-0064 + CVE-2014-0065 + CVE-2014-0066 + CVE-2014-0067 + + + 2014-02-20 + 2014-02-20 + + + phpMyAdmin -- Self-XSS due to unescaped HTML output in import. @@ -101,48 +155,48 @@ Note: Please add new entries to the beg

  • iSECURITY-105

    In some places, Jenkins XML API uses XStream to deserialize - arbitrary content, which is affected by CVE-2013-7285 reported - against XStream. This allows malicious users of Jenkins with - a limited set of permissions to execute arbitrary code inside - Jenkins master.

    + arbitrary content, which is affected by CVE-2013-7285 reported + against XStream. This allows malicious users of Jenkins with + a limited set of permissions to execute arbitrary code inside + Jenkins master.

  • SECURITY-76 & SECURITY-88 / CVE-2013-5573

    Restrictions of HTML tags for user-editable contents are too - lax. This allows malicious users of Jenkins to trick other - unsuspecting users into providing sensitive information.

    + lax. This allows malicious users of Jenkins to trick other + unsuspecting users into providing sensitive information.

  • SECURITY-109

    Plugging a hole in the earlier fix to SECURITY-55. Under some - circimstances, a malicious user of Jenkins can configure job - X to trigger another job Y that the user has no access to.

    + circimstances, a malicious user of Jenkins can configure job + X to trigger another job Y that the user has no access to.

  • SECURITY-108

    CLI job creation had a directory traversal vulnerability. This - allows a malicious user of Jenkins with a limited set of - permissions to overwrite files in the Jenkins master and - escalate privileges.

    + allows a malicious user of Jenkins with a limited set of + permissions to overwrite files in the Jenkins master and + escalate privileges.

  • SECURITY-106

    The embedded Winstone servlet container is susceptive to - session hijacking attack.

    + session hijacking attack.

  • SECURITY-93

    The password input control in the password parameter - definition in the Jenkins UI was serving the actual value of - the password in HTML, not an encrypted one. If a sensitive - value is set as the default value of such a parameter - definition, it can be exposed to unintended audience.

    + definition in the Jenkins UI was serving the actual value of + the password in HTML, not an encrypted one. If a sensitive + value is set as the default value of such a parameter + definition, it can be exposed to unintended audience.

  • SECURITY-89

    Deleting the user was not invalidating the API token, - allowing users to access Jenkins when they shouldn't be - allowed to do so.

    + allowing users to access Jenkins when they shouldn't be + allowed to do so.

  • SECURITY-80

    @@ -151,52 +205,52 @@ Note: Please add new entries to the beg

  • SECURITY-79

    "Jenkins' own user database" was revealing the - presence/absence of users when login attempts fail.

    + presence/absence of users when login attempts fail.

  • SECURITY-77

    Jenkins had a cross-site scripting vulnerability in one of its - cookies. If Jenkins is deployed in an environment that allows - an attacker to override Jenkins cookies in victim's browser, - this vulnerability can be exploited.

    + cookies. If Jenkins is deployed in an environment that allows + an attacker to override Jenkins cookies in victim's browser, + this vulnerability can be exploited.

  • SECURITY-75

    Jenkins was vulnerable to session fixation attack. If Jenkins - is deployed in an environment that allows an attacker to - override Jenkins cookies in victim's browser, this - vulnerability can be exploited.

    + is deployed in an environment that allows an attacker to + override Jenkins cookies in victim's browser, this + vulnerability can be exploited.

  • SECURITY-74

    Stored XSS vulnerability. A malicious user of Jenkins with a - certain set of permissions can cause Jenkins to store - arbitrary HTML fragment.

    + certain set of permissions can cause Jenkins to store + arbitrary HTML fragment.

  • SECURITY-73

    Some of the system diagnostic functionalities were checking a - lesser permission than it should have. In a very limited - circumstances, this can cause an attacker to gain information - that he shouldn't have access to.

    + lesser permission than it should have. In a very limited + circumstances, this can cause an attacker to gain information + that he shouldn't have access to.

    • Severity

    1. SECURITY-106, and SECURITY-80 are rated high. An attacker only - needs direct HTTP access to the server to mount this attack.
      2. + needs direct HTTP access to the server to mount this attack.
    2. SECURITY-105, SECURITY-109, SECURITY-108, and SECURITY-74 are - rated high. These vulnerabilities allow attackes with valid - Jenkins user accounts to escalate privileges in various ways.
      3. + rated high. These vulnerabilities allow attackes with valid + Jenkins user accounts to escalate privileges in various ways.
    3. SECURITY-76, SECURIT-88, and SECURITY-89 are rated medium. - These vulnerabilities requires an attacker to be an user of - Jenkins, and the mode of the attack is limited.
      4. + These vulnerabilities requires an attacker to be an user of + Jenkins, and the mode of the attack is limited.
    4. SECURITY-93, and SECURITY-79 are rated low. These - vulnerabilities only affect a small part of Jenkins and has - limited impact.
      5. + vulnerabilities only affect a small part of Jenkins and has + limited impact.
    5. SECURITY-77, SECURITY-75, and SECURITY-73 are rated low. These - vulnerabilities are hard to exploit unless combined with other - exploit in the network.
      6. + vulnerabilities are hard to exploit unless combined with other + exploit in the network.