Date: Thu, 2 Feb 2006 00:53:02 -0500 From: Kris Kennaway <kris@obsecurity.org> To: Mark Lubratt <mark.lubratt@indeq.com> Cc: ports@FreeBSD.org, anholt@FreeBSD.org Subject: Re: FreeBSD Port: paraview-2.4.2 - security vulnerabilities Message-ID: <20060202055302.GA87420@xor.obsecurity.org> In-Reply-To: <E342ABF2-28C7-4C73-AB7B-EF1A0A82CCF4@indeq.com> References: <E342ABF2-28C7-4C73-AB7B-EF1A0A82CCF4@indeq.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--W/nzBZO5zC0uMSeA Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Feb 01, 2006 at 09:10:07PM -0600, Mark Lubratt wrote: > Hello! >=20 > I originally posted this to the questions list. But, now I realize =20 > that it's probably better posted here. >=20 > I'm trying to install the OpenFoam port on 6.0 Stable with the =20 > current ports tree. During the install, I get the following errors =20 > from the paraview dependency: >=20 > Verifying install for /usr/local/lib/paraview-2.4/=20 > ParaViewConfig.cmake i > n /usr/ports/science/paraview > =3D=3D=3D> paraview-2.4.2 has known vulnerabilities: > =3D> tiff -- buffer overflow vulnerability. > Reference: <http://www.FreeBSD.org/ports/portaudit/=20 > 68222076-010b-11da-bc08-00 > 01020eed82.html> > =3D> tiff -- divide-by-zero denial-of-service. > Reference: <http://www.FreeBSD.org/ports/portaudit/=20 > b58ff497-6977-11d9-ae49-00 > 0c41e2cdad.html> > =3D> tiff -- directory entry count integer overflow vulnerability. > Reference: <http://www.FreeBSD.org/ports/portaudit/=20 > fc7e6a42-6012-11d9-a9e7-00 > 01020eed82.html> > =3D> tiff -- multiple integer overflows. > Reference: <http://www.FreeBSD.org/ports/portaudit/=20 > 3897a2f8-1d57-11d9-bc4a-00 > 0c41e2cdad.html> > =3D> tiff -- RLE decoder heap overflows. > Reference: <http://www.FreeBSD.org/ports/portaudit/=20 > f6680c03-0bd8-11d9-8a8a-00 > 0c41e2cdad.html> > =3D> Please update your ports tree and try again. >=20 >=20 > I've updated the ports tree multiple times. I've perused the =20 > archives and found that all of these vulnerabilities should already =20 > be fixed (to the best of my understanding). Portaudit doesn't report =20 > the current linux-tiff-3.6.1_5 has having these vulnerabilities. =20 > I've tried deinstalling and reinstalling linux-tiff. Portversion =20 > reports that linux-tiff is up to date. >=20 Did you update your portaudit database? Kris --W/nzBZO5zC0uMSeA Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFD4Z49Wry0BWjoQKURAoNdAJ4o1tuMBL2hKkp+W9QXQ7FFdrRidwCgjqyf O2SaQ8INDMzS/Ch3qUHot/U= =SDsb -----END PGP SIGNATURE----- --W/nzBZO5zC0uMSeA--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060202055302.GA87420>