From owner-svn-ports-branches@FreeBSD.ORG Wed Jan 8 11:18:12 2014
Return-Path: Werner Koch reports: CVE-2013-4576 has been assigned to this security bug. The paper describes two attacks. The first attack allows
-to distinguish keys: An attacker is able to notice which key is
-currently used for decryption. This is in general not a problem but
-may be used to reveal the information that a message, encrypted to a
-commonly not used key, has been received by the targeted machine. We
-do not have a software solution to mitigate this attack.
The second attack is more serious. It is an adaptive -chosen ciphertext attack to reveal the private key. A possible -scenario is that the attacker places a sensor (for example a standard -smartphone) in the vicinity of the targeted machine. That machine is -assumed to do unattended RSA decryption of received mails, for example -by using a mail client which speeds up browsing by opportunistically -decrypting mails expected to be read soon. While listening to the -acoustic emanations of the targeted machine, the smartphone will send -new encrypted messages to that machine and re-construct the private -key bit by bit. A 4096 bit RSA key used on a laptop can be revealed -within an hour.
+ chosen ciphertext attack to reveal the private key. A possible + scenario is that the attacker places a sensor (for example a standard + smartphone) in the vicinity of the targeted machine. That machine is + assumed to do unattended RSA decryption of received mails, for example + by using a mail client which speeds up browsing by opportunistically + decrypting mails expected to be read soon. While listening to the + acoustic emanations of the targeted machine, the smartphone will send + new encrypted messages to that machine and re-construct the private + key bit by bit. A 4096 bit RSA key used on a laptop can be revealed + within an hour.The Samba project reports:
-@@ -822,12 +820,12 @@ within an hour.These are security releases in order to address CVE-2013-4408 +
These are security releases in order to address CVE-2013-4408 (DCE-RPC fragment length field is incorrectly checked) and CVE-2012-6150 (pam_winbind login without require_membership_of restrictions).
Ruby Gem developers report:
The patch for CVE-2013-4363 was insufficiently verified so the - combined regular expression for verifying gem version remains - vulnerable following CVE-2013-4363.
+ combined regular expression for verifying gem version remains + vulnerable following CVE-2013-4363.RubyGems validates versions with a regular expression that is - vulnerable to denial of service due to backtracking. For specially - crafted RubyGems versions attackers can cause denial of service - through CPU consumption.
+ vulnerable to denial of service due to backtracking. For specially + crafted RubyGems versions attackers can cause denial of service + through CPU consumption.
The Samba project reports:
-Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is - provided over SSL, uses world-readable permissions for a private key, - which allows local users to obtain sensitive information by reading the - key file, as demonstrated by access to the local filesystem on an AD - domain controller.
+Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is + provided over SSL, uses world-readable permissions for a private key, + which allows local users to obtain sensitive information by reading the + key file, as demonstrated by access to the local filesystem on an AD + domain controller.
The Samba project reports:
-Samba versions 3.2.0 and above (all versions of 3.2.x, 3.3.x, +
Samba versions 3.2.0 and above (all versions of 3.2.x, 3.3.x, 3.4.x, 3.5.x, 3.6.x, 4.0.x and 4.1.x) do not check the underlying file or directory ACL when opening an alternate data stream.
According to the SMB1 and SMB2+ protocols the ACL on an underlying @@ -1160,18 +1158,15 @@ within an hour.
A memory corruption vulnerability exists in the post- authentication sshd process when an AES-GCM cipher (aes128-gcm@openssh.com or aes256-gcm@openssh.com) is - selected during kex exchange. - - If exploited, this vulnerability might permit code execution + selected during kex exchange.
+If exploited, this vulnerability might permit code execution with the privileges of the authenticated user and may therefore allow bypassing restricted shell/command configurations.
Either upgrade to 6.4 or disable AES-GCM in the server configuration. The following sshd_config option will disable - AES-GCM while leaving other ciphers active: - - Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc -
+ AES-GCM while leaving other ciphers active: +Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc