Date: Wed, 8 Jan 2014 11:18:12 +0000 (UTC) From: Baptiste Daroussin <bapt@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r339093 - branches/2014Q1/security/vuxml Message-ID: <201401081118.s08BICEh035322@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: bapt Date: Wed Jan 8 11:18:11 2014 New Revision: 339093 URL: http://svnweb.freebsd.org/changeset/ports/339093 Log: MFH: r337930 Correct ident for most recent entries. No functional changes. People, please be aware that we use the FreeBSD Documentation Primer and that there are style rules we have to follow. If you are in doubt please consult me and I am more then willing to help. Hat: secteam Modified: branches/2014Q1/security/vuxml/vuln.xml Directory Properties: branches/2014Q1/ (props changed) Modified: branches/2014Q1/security/vuxml/vuln.xml ============================================================================== --- branches/2014Q1/security/vuxml/vuln.xml Wed Jan 8 11:16:17 2014 (r339092) +++ branches/2014Q1/security/vuxml/vuln.xml Wed Jan 8 11:18:11 2014 (r339093) @@ -177,25 +177,23 @@ Note: Please add new entries to the beg <p>Werner Koch reports:</p> <blockquote cite="http://lists.gnupg.org/pipermail/gnupg-announce/2013q4/000337.html"> <p>CVE-2013-4576 has been assigned to this security bug.</p> - <p>The paper describes two attacks. The first attack allows -to distinguish keys: An attacker is able to notice which key is -currently used for decryption. This is in general not a problem but -may be used to reveal the information that a message, encrypted to a -commonly not used key, has been received by the targeted machine. We -do not have a software solution to mitigate this attack.</p> - + to distinguish keys: An attacker is able to notice which key is + currently used for decryption. This is in general not a problem but + may be used to reveal the information that a message, encrypted to a + commonly not used key, has been received by the targeted machine. We + do not have a software solution to mitigate this attack.</p> <p>The second attack is more serious. It is an adaptive -chosen ciphertext attack to reveal the private key. A possible -scenario is that the attacker places a sensor (for example a standard -smartphone) in the vicinity of the targeted machine. That machine is -assumed to do unattended RSA decryption of received mails, for example -by using a mail client which speeds up browsing by opportunistically -decrypting mails expected to be read soon. While listening to the -acoustic emanations of the targeted machine, the smartphone will send -new encrypted messages to that machine and re-construct the private -key bit by bit. A 4096 bit RSA key used on a laptop can be revealed -within an hour.</p> + chosen ciphertext attack to reveal the private key. A possible + scenario is that the attacker places a sensor (for example a standard + smartphone) in the vicinity of the targeted machine. That machine is + assumed to do unattended RSA decryption of received mails, for example + by using a mail client which speeds up browsing by opportunistically + decrypting mails expected to be read soon. While listening to the + acoustic emanations of the targeted machine, the smartphone will send + new encrypted messages to that machine and re-construct the private + key bit by bit. A 4096 bit RSA key used on a laptop can be revealed + within an hour.</p> </blockquote> </body> </description> @@ -487,7 +485,7 @@ within an hour.</p> <body xmlns="http://www.w3.org/1999/xhtml"> <p>The Samba project reports:</p> <blockquote cite="http://www.samba.org/samba/latest_news.html#4.1.3"> - <p>These are security releases in order to address CVE-2013-4408 + <p>These are security releases in order to address CVE-2013-4408 (DCE-RPC fragment length field is incorrectly checked) and CVE-2012-6150 (pam_winbind login without require_membership_of restrictions).</p> </blockquote> @@ -822,12 +820,12 @@ within an hour.</p> <p>Ruby Gem developers report:</p> <blockquote cite="http://blog.rubygems.org/2013/09/24/CVE-2013-4363.html"> <p>The patch for CVE-2013-4363 was insufficiently verified so the - combined regular expression for verifying gem version remains - vulnerable following CVE-2013-4363.</p> + combined regular expression for verifying gem version remains + vulnerable following CVE-2013-4363.</p> <p>RubyGems validates versions with a regular expression that is - vulnerable to denial of service due to backtracking. For specially - crafted RubyGems versions attackers can cause denial of service - through CPU consumption.</p> + vulnerable to denial of service due to backtracking. For specially + crafted RubyGems versions attackers can cause denial of service + through CPU consumption.</p> </blockquote> </body> </description> @@ -857,9 +855,9 @@ within an hour.</p> <p>Ruby Gem developers report:</p> <blockquote cite="http://blog.rubygems.org/2013/09/09/CVE-2013-4287.html"> <p>RubyGems validates versions with a regular expression that is - vulnerable to denial of service due to backtracking. For specially - crafted RubyGems versions attackers can cause denial of service - through CPU consumption.</p> + vulnerable to denial of service due to backtracking. For specially + crafted RubyGems versions attackers can cause denial of service + through CPU consumption.</p> </blockquote> </body> </description> @@ -889,11 +887,11 @@ within an hour.</p> <p>Ruby developers report:</p> <blockquote cite="https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164/"> <p>Any time a string is converted to a floating point value, a - specially crafted string can cause a heap overflow. This can lead - to a denial of service attack via segmentation faults and possibly - arbitrary code execution. Any program that converts input of - unknown origin to floating point values (especially common when - accepting JSON) are vulnerable. + specially crafted string can cause a heap overflow. This can lead + to a denial of service attack via segmentation faults and possibly + arbitrary code execution. Any program that converts input of + unknown origin to floating point values (especially common when + accepting JSON) are vulnerable. </p> </blockquote> </body> @@ -925,11 +923,11 @@ within an hour.</p> <body xmlns="http://www.w3.org/1999/xhtml"> <p>The Samba project reports:</p> <blockquote cite="http://www.samba.org/samba/security/CVE-2013-4476"> - <p>Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is - provided over SSL, uses world-readable permissions for a private key, - which allows local users to obtain sensitive information by reading the - key file, as demonstrated by access to the local filesystem on an AD - domain controller.</p> + <p>Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is + provided over SSL, uses world-readable permissions for a private key, + which allows local users to obtain sensitive information by reading the + key file, as demonstrated by access to the local filesystem on an AD + domain controller.</p> </blockquote> </body> </description> @@ -971,7 +969,7 @@ within an hour.</p> <body xmlns="http://www.w3.org/1999/xhtml"> <p>The Samba project reports:</p> <blockquote cite="http://www.samba.org/samba/security/CVE-2013-4475"> - <p>Samba versions 3.2.0 and above (all versions of 3.2.x, 3.3.x, + <p>Samba versions 3.2.0 and above (all versions of 3.2.x, 3.3.x, 3.4.x, 3.5.x, 3.6.x, 4.0.x and 4.1.x) do not check the underlying file or directory ACL when opening an alternate data stream.</p> <p>According to the SMB1 and SMB2+ protocols the ACL on an underlying @@ -1160,18 +1158,15 @@ within an hour.</p> <p>A memory corruption vulnerability exists in the post- authentication sshd process when an AES-GCM cipher (aes128-gcm@openssh.com or aes256-gcm@openssh.com) is - selected during kex exchange. - - If exploited, this vulnerability might permit code execution + selected during kex exchange.</p> + <p>If exploited, this vulnerability might permit code execution with the privileges of the authenticated user and may therefore allow bypassing restricted shell/command configurations.</p> <p>Either upgrade to 6.4 or disable AES-GCM in the server configuration. The following sshd_config option will disable - AES-GCM while leaving other ciphers active: - - Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc - </p> + AES-GCM while leaving other ciphers active:</p> + <p>Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc</p> </blockquote> </body> </description> @@ -1198,9 +1193,9 @@ within an hour.</p> <p>Quassel IRC developers report:</p> <blockquote cite="http://www.quassel-irc.org/node/120"> <p>SQL injection vulnerability in Quassel IRC before 0.9.1, - when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, - allows remote attackers to execute arbitrary SQL commands via - a \ (backslash) in a message.</p> + when Qt 4.8.5 or later and PostgreSQL 8.2 or later are used, + allows remote attackers to execute arbitrary SQL commands via + a \ (backslash) in a message.</p> </blockquote> </body> </description> @@ -1310,10 +1305,10 @@ within an hour.</p> <p>mod_pagespeed developers report:</p> <blockquote cite="https://groups.google.com/forum/#!msg/mod-pagespeed-announce/oo015UHRxMc/JcAuf1hE8L8J"> <p>Various versions of mod_pagespeed are subject to critical - cross-site scripting (XSS) vulnerability, CVE-2013-6111. This - permits a hostile third party to execute JavaScript in users' - browsers in context of the domain running mod_pagespeed, which - could permit theft of users' cookies or data on the site.</p> + cross-site scripting (XSS) vulnerability, CVE-2013-6111. This + permits a hostile third party to execute JavaScript in users' + browsers in context of the domain running mod_pagespeed, which + could permit theft of users' cookies or data on the site.</p> </blockquote> </body> </description> @@ -1343,8 +1338,8 @@ within an hour.</p> <p>Salvatore Bonaccorso reports:</p> <blockquote cite="http://www.gnutls.org/security.html#GNUTLS-SA-2013-3"> <p>This vulnerability affects the DANE library of gnutls 3.1.x and - gnutls 3.2.x. A server that returns more 4 DANE entries could - corrupt the memory of a requesting client.</p> + gnutls 3.2.x. A server that returns more 4 DANE entries could + corrupt the memory of a requesting client.</p> </blockquote> </body> </description> @@ -1373,9 +1368,9 @@ within an hour.</p> <p>Alan Coopersmith reports:</p> <blockquote cite="http://lists.x.org/archives/xorg-announce/2013-October/002332.html"> <p>Pedro Ribeiro (pedrib at gmail.com) reported an issue to the X.Org - security team in which an authenticated X client can cause an X - server to use memory after it was freed, potentially leading to - crash and/or memory corruption.</p> + security team in which an authenticated X client can cause an X + server to use memory after it was freed, potentially leading to + crash and/or memory corruption.</p> </blockquote> </body> </description> @@ -1443,16 +1438,16 @@ within an hour.</p> <blockquote cite="http://wordpress.org/news/2013/09/wordpress-3-6-1/"> <ul> <li>Block unsafe PHP unserialization that could occur in limited - situations and setups, which can lead to remote code - execution.</li> + situations and setups, which can lead to remote code + execution.</li> <li>Prevent a user with an Author role, using a specially crafted - request, from being able to create a post "written by" another - user.</li> + request, from being able to create a post "written by" another + user.</li> <li>Fix insufficient input validation that could result in - redirecting or leading a user to another website.</li> + redirecting or leading a user to another website.</li> </ul> <p>Additionally, we've adjusted security restrictions around file - uploads to mitigate the potential for cross-site scripting.</p> + uploads to mitigate the potential for cross-site scripting.</p> </blockquote> </body> </description>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201401081118.s08BICEh035322>