Date: Sun, 25 Nov 2012 04:02:29 +0000 (UTC) From: Wesley Shields <wxs@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r307733 - head/security/vuxml Message-ID: <201211250402.qAP42T0H089385@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: wxs Date: Sun Nov 25 04:02:28 2012 New Revision: 307733 URL: http://svnweb.freebsd.org/changeset/ports/307733 Log: Add entries for the following advisories: FreeBSD-SA-12:08.linux FreeBSD-SA-12:07.hostapd FreeBSD-SA-12:06.bind Feature safe: yes Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Sun Nov 25 03:21:09 2012 (r307732) +++ head/security/vuxml/vuln.xml Sun Nov 25 04:02:28 2012 (r307733) @@ -51,6 +51,97 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="5536c8e4-36b3-11e2-a633-902b343deec9"> + <topic>FreeBSD -- Linux compatibility layer input validation error</topic> + <affects> + <package> + <name>FreeBSD</name> + <range><ge>7.4</ge><lt>7.4_11</lt></range> + <range><ge>8.3</ge><lt>8.3_5</lt></range> + <range><ge>9.0</ge><lt>9.0_5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Problem description:</p> + <blockquote cite="http://www.freebsd.org/security/advisories/FreeBSD-SA-12:08.linux.asc">; + <p>A programming error in the handling of some Linux system calls + may result in memory locations being accessed without proper + validation.</p> + </blockquote> + </body> + </description> + <references> + <freebsdsa>SA-12:08.linux</freebsdsa> + <cvename>CVE-2012-4576</cvename> + </references> + <dates> + <discovery>2012-11-22</discovery> + <entry>2012-11-24</entry> + </dates> + </vuln> + + <vuln vid="f115f693-36b2-11e2-a633-902b343deec9"> + <topic>FreeBSD -- Insufficient message length validation for EAP-TLS messages</topic> + <affects> + <package> + <name>FreeBSD</name> + <range><ge>8.3</ge><lt>8.3_5</lt></range> + <range><ge>9.0</ge><lt>9.0_5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Problem description:</p> + <blockquote cite="http://www.freebsd.org/security/advisories/FreeBSD-SA-12:07.hostapd.asc">; + <p>The internal authentication server of hostapd does not + sufficiently validate the message length field of EAP-TLS + messages.</p> + </blockquote> + </body> + </description> + <references> + <freebsdsa>SA-12:07.hostapd</freebsdsa> + <cvename>CVE-2012-4445</cvename> + </references> + <dates> + <discovery>2012-11-22</discovery> + <entry>2012-11-24</entry> + </dates> + </vuln> + + <vuln vid="0f020b7b-e033-11e1-90a2-000c299b62e1"> + <topic>FreeBSD -- Multiple Denial of Service vulnerabilities with named(8)</topic> + <affects> + <package> + <name>FreeBSD</name> + <range><ge>7.4</ge><lt>7.4_11</lt></range> + <range><ge>8.3</ge><lt>8.3_5</lt></range> + <range><ge>9.0</ge><lt>9.0_5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Problem description:</p> + <blockquote cite="http://www.freebsd.org/security/advisories/FreeBSD-SA-12:06.bind.asc">; + <p>The BIND daemon would crash when a query is made on a resource + record with RDATA that exceeds 65535 bytes.</p> + <p>The BIND daemon would lock up when a query is made on specific + combinations of RDATA.</p> + </blockquote> + </body> + </description> + <references> + <freebsdsa>SA-12:06.bind</freebsdsa> + <cvename>CVE-2012-4244</cvename> + <cvename>CVE-2012-5166</cvename> + </references> + <dates> + <discovery>2012-11-22</discovery> + <entry>2012-11-24</entry> + </dates> + </vuln> + <vuln vid="0925716f-34e2-11e2-aa75-003067c2616f"> <topic>opera -- execution of arbitrary code</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201211250402.qAP42T0H089385>