diff options
author | miwi <miwi@FreeBSD.org> | 2011-06-03 11:36:15 +0800 |
---|---|---|
committer | miwi <miwi@FreeBSD.org> | 2011-06-03 11:36:15 +0800 |
commit | e9e1e815accf5436d24e6012e84a2591ddc0e2fe (patch) | |
tree | a6581a6f848ee21f2266973827f6d9e54e442ff3 | |
parent | 8be8de18b4d01fcbe0af86c6ab805ca3cf9aaa1f (diff) | |
download | freebsd-ports-gnome-e9e1e815accf5436d24e6012e84a2591ddc0e2fe.tar.gz freebsd-ports-gnome-e9e1e815accf5436d24e6012e84a2591ddc0e2fe.tar.zst freebsd-ports-gnome-e9e1e815accf5436d24e6012e84a2591ddc0e2fe.zip |
- Cleanup
-rw-r--r-- | security/vuxml/vuln.xml | 249 |
1 files changed, 124 insertions, 125 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index e2def2995d65..97c5ad1bc565 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -80,10 +80,10 @@ Note: Please add new entries to the beginning of this file. <p>Subversion tram reports:</p> <blockquote cite="http://subversion.apache.org/security/CVE-2011-1752-advisory.txt"> <p>Subversion's mod_dav_svn Apache HTTPD server module will - dereference a NULL pointer if asked to deliver baselined WebDAV - resources.</p> + dereference a NULL pointer if asked to deliver baselined WebDAV + resources.</p> <p>This can lead to a DoS. An exploit has been tested, and tools or - users have been observed triggering this problem in the wild.</p> + users have been observed triggering this problem in the wild.</p> </blockquote> <blockquote cite="http://subversion.apache.org/security/CVE-2011-1783-advisory.txt"> <p>Subversion's mod_dav_svn Apache HTTPD server module may in certain @@ -161,11 +161,11 @@ Note: Please add new entries to the beginning of this file. <p>US-CERT reports:</p> <blockquote cite="http://www.kb.cert.org/vuls/id/178990"> <p>The Erlang/OTP ssh library implements a number of - cryptographic operations that depend on cryptographically - strong random numbers. Unfortunately the RNG used by the - library is not cryptographically strong, and is further - weakened by the use of predictable seed material. The RNG - (Wichman-Hill) is not mixed with an entropy source.</p> + cryptographic operations that depend on cryptographically + strong random numbers. Unfortunately the RNG used by the + library is not cryptographically strong, and is further + weakened by the use of predictable seed material. The RNG + (Wichman-Hill) is not mixed with an entropy source.</p> </blockquote> </body> </description> @@ -914,26 +914,26 @@ Note: Please add new entries to the beginning of this file. <p>An advisory published by the MIT Kerberos team says:</p> <blockquote cite="http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-002.txt"> <p>The MIT krb5 Key Distribution Center (KDC) daemon is vulnerable - to denial of service attacks from unauthenticated remote - attackers. CVE-2011-0281 and CVE-2011-0282 occur only in KDCs - using LDAP back ends, but CVE-2011-0283 occurs in all krb5-1.9 - KDCs.</p> + to denial of service attacks from unauthenticated remote + attackers. CVE-2011-0281 and CVE-2011-0282 occur only in KDCs + using LDAP back ends, but CVE-2011-0283 occurs in all krb5-1.9 + KDCs.</p> <p>Exploit code is not known to exist, but the vulnerabilities are - easy to trigger manually. The trigger for CVE-2011-0281 has - already been disclosed publicly, but that fact might not be - obvious to casual readers of the message in which it was - disclosed. The triggers for CVE-2011-0282 and CVE-2011-0283 - have not yet been disclosed publicly, but they are also - trivial.</p> + easy to trigger manually. The trigger for CVE-2011-0281 has + already been disclosed publicly, but that fact might not be + obvious to casual readers of the message in which it was + disclosed. The triggers for CVE-2011-0282 and CVE-2011-0283 + have not yet been disclosed publicly, but they are also + trivial.</p> <p>CVE-2011-0281: An unauthenticated remote attacker can cause a KDC - configured with an LDAP back end to become completely unresponsive - until restarted.</p> + configured with an LDAP back end to become completely unresponsive + until restarted.</p> <p>CVE-2011-0282: An unauthenticated remote attacker can cause a KDC - configured with an LDAP back end to crash with a null pointer - dereference.</p> + configured with an LDAP back end to crash with a null pointer + dereference.</p> <p>CVE-2011-0283: An unauthenticated remote attacker can cause a - krb5-1.9 KDC with any back end to crash with a null pointer - dereference.</p> + krb5-1.9 KDC with any back end to crash with a null pointer + dereference.</p> </blockquote> </body> </description> @@ -962,20 +962,20 @@ Note: Please add new entries to the beginning of this file. <p>An advisory published by the MIT Kerberos team says:</p> <blockquote cite="http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2011-001.txt"> <p>The MIT krb5 KDC database propagation daemon (kpropd) is - vulnerable to a denial-of-service attack triggered by invalid - network input. If a kpropd worker process receives invalid - input that causes it to exit with an abnormal status, it can - cause the termination of the listening process that spawned it, - preventing the slave KDC it was running on from receiving - database updates from the master KDC.</p> + vulnerable to a denial-of-service attack triggered by invalid + network input. If a kpropd worker process receives invalid + input that causes it to exit with an abnormal status, it can + cause the termination of the listening process that spawned it, + preventing the slave KDC it was running on from receiving + database updates from the master KDC.</p> <p>Exploit code is not known to exist, but the vulnerabilities are - easy to trigger manually.</p> + easy to trigger manually.</p> <p>An unauthenticated remote attacker can cause kpropd running in - standalone mode (the "-S" option) to terminate its listening - process, preventing database propagations to the KDC host on - which it was running. Configurations where kpropd runs in - incremental propagation mode ("iprop") or as an inetd server - are not affected.</p> + standalone mode (the "-S" option) to terminate its listening + process, preventing database propagations to the KDC host on + which it was running. Configurations where kpropd runs in + incremental propagation mode ("iprop") or as an inetd server + are not affected.</p> </blockquote> </body> </description> @@ -1002,12 +1002,12 @@ Note: Please add new entries to the beginning of this file. <p>Matthias Hopf reports:</p> <blockquote cite="http://lists.freedesktop.org/archives/xorg-announce/2011-April/001636.html"> <p>By crafting hostnames with shell escape characters, arbitrary - commands can be executed in a root environment when a display - manager reads in the resource database via xrdb.</p> + commands can be executed in a root environment when a display + manager reads in the resource database via xrdb.</p> <p>These specially crafted hostnames can occur in two environments:</p> <p>Systems are affected are: systems set their hostname via DHCP, - and the used DHCP client allows setting of hostnames with illegal - characters. And systems that allow remote logins via xdmcp.</p> + and the used DHCP client allows setting of hostnames with illegal + characters. And systems that allow remote logins via xdmcp.</p> </blockquote> </body> </description> @@ -1157,11 +1157,11 @@ Note: Please add new entries to the beginning of this file. <p>Sebastian Krahmer reports:</p> <blockquote cite="http://mail.gnome.org/archives/distributor-list/2011-March/msg00008.html"> <p>It was discovered that the GNOME Display Manager (gdm) cleared the cache - directory, which is owned by an unprivileged user, with the privileges of the - root user. A race condition exists in gdm where a local user could take - advantage of this by writing to the cache directory between ending the session - and the signal to clean up the session, which could lead to the execution of - arbitrary code as the root user.</p> + directory, which is owned by an unprivileged user, with the privileges of the + root user. A race condition exists in gdm where a local user could take + advantage of this by writing to the cache directory between ending the session + and the signal to clean up the session, which could lead to the execution of + arbitrary code as the root user.</p> </blockquote> </body> </description> @@ -1983,9 +1983,9 @@ Note: Please add new entries to the beginning of this file. <p>exim.org reports:</p> <blockquote cite="ftp://ftp.exim.org/pub/exim/ChangeLogs/ChangeLog-4.74"> <p>CVE-2011-0017 - check return value of setuid/setgid. This is a - privilege escalation vulnerability whereby the Exim run-time user - can cause root to append content of the attacker's choosing to - arbitrary files. + privilege escalation vulnerability whereby the Exim run-time user + can cause root to append content of the attacker's choosing to + arbitrary files. </p> </blockquote> </body> @@ -2058,12 +2058,12 @@ Note: Please add new entries to the beginning of this file. <body xmlns="http://www.w3.org/1999/xhtml"> <p>Gustavo Noronha Silva reports:</p> <blockquote cite="http://permalink.gmane.org/gmane.os.opendarwin.webkit.gtk/405"> - <p>This release has essentially security fixes. Refer to the - WebKit/gtk/NEWS file inside the tarball for details. We would like - to thank the Red Hat security team (Huzaifa Sidhpurwala in - particular) and Michael Gilbert from Debian for their help in - checking (and pushing!) security issues affecting the WebKitGTK+ - stable branch for this release.</p> + <p>This release has essentially security fixes. Refer to the + WebKit/gtk/NEWS file inside the tarball for details. We would like + to thank the Red Hat security team (Huzaifa Sidhpurwala in + particular) and Michael Gilbert from Debian for their help in + checking (and pushing!) security issues affecting the WebKitGTK+ + stable branch for this release.</p> </blockquote> </body> </description> @@ -2321,7 +2321,7 @@ Note: Please add new entries to the beginning of this file. <p>VLC team reports:</p> <blockquote cite="http://www.videolan.org/security/sa1102.html"> <p>When parsing an invalid MKV (Matroska or WebM) file, input - validation are insufficient.</p> + validation are insufficient.</p> </blockquote> </body> </description> @@ -2547,12 +2547,12 @@ Note: Please add new entries to the beginning of this file. <p>Colin Percival reports:</p> <blockquote cite="http://www.daemonology.net/blog/2011-01-18-tarsnap-critical-security-bug.html"> <p>In versions 1.0.22 through 1.0.27 of Tarsnap, the CTR nonce value - is not incremented after each chunk is encrypted. (The CTR counter - is correctly incremented after each 16 bytes of data was processed, - but this counter is reset to zero for each new chunk.)</p> + is not incremented after each chunk is encrypted. (The CTR counter + is correctly incremented after each 16 bytes of data was processed, + but this counter is reset to zero for each new chunk.)</p> <p>Note that since the Tarsnap client-server protocol is encrypted, - being able to intercept Tarsnap client-server traffic does not - provide an attacker with access to the data.</p> + being able to intercept Tarsnap client-server traffic does not + provide an attacker with access to the data.</p> </blockquote> </body> </description> @@ -2617,9 +2617,9 @@ Note: Please add new entries to the beginning of this file. <p>The Tor Project reports:</p> <blockquote cite="http://archives.seul.org/or/announce/Jan-2011/msg00000.html"> <p>A remote heap overflow vulnerability that can allow remote - code execution. Other fixes address a variety of assert and crash - bugs, most of which we think are hard to exploit remotely. - All Tor users should upgrade.</p> + code execution. Other fixes address a variety of assert and crash + bugs, most of which we think are hard to exploit remotely. + All Tor users should upgrade.</p> </blockquote> </body> </description> @@ -2767,9 +2767,9 @@ Note: Please add new entries to the beginning of this file. <p>David Woodhouse reports:</p> <blockquote cite="https://bugzilla.redhat.com/show_bug.cgi?id=661756#c3"> <p>Secondly a privilege escalation where the trusted 'exim' - user is able to tell Exim to use arbitrary config files, - in which further ${run ...} commands will be invoked as - root.</p> + user is able to tell Exim to use arbitrary config files, + in which further ${run ...} commands will be invoked as + root.</p> </blockquote> </body> </description> @@ -2934,7 +2934,7 @@ Note: Please add new entries to the beginning of this file. parts of the page path without escaping, resulting in a relected Cross Site Scripting (XSS) vulnerability. An attacker could exploit this to gain full administrative access.</p> - <p>Mitigating factors: This vulnerability only occurs with a + <p>Mitigating factors: This vulnerability only occurs with a specific combination of configuration options for a specific View, but this combination is used in the default Views provided by some additional modules. A malicious user would @@ -3122,13 +3122,13 @@ Note: Please add new entries to the beginning of this file. <body xmlns="http://www.w3.org/1999/xhtml"> <p>The following DoS condition in filter extension was fixed in PHP 5.3.4 and PHP 5.2.15:</p> - <blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3710"> - <p>Stack consumption vulnerability in the filter_var - function in PHP 5.2.x through 5.2.14 and 5.3.x through - 5.3.3, when FILTER_VALIDATE_EMAIL mode is used, allows - remote attackers to cause a denial of service (memory - consumption and application crash) via a long e-mail - address string.</p> + <blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3710"> + <p>Stack consumption vulnerability in the filter_var + function in PHP 5.2.x through 5.2.14 and 5.3.x through + 5.3.3, when FILTER_VALIDATE_EMAIL mode is used, allows + remote attackers to cause a denial of service (memory + consumption and application crash) via a long e-mail + address string.</p> </blockquote> </body> </description> @@ -3160,12 +3160,12 @@ Note: Please add new entries to the beginning of this file. <p>The following DoS condition in IMAP extension was fixed in PHP 5.3.4 and PHP 5.2.15:</p> <blockquote cite="http://securitytracker.com/alerts/2010/Nov/1024761.html"> - <p>A remote user can send specially crafted IMAP user name - or password data to trigger a double free memory error - in 'ext/imap/php_imap.c' and cause the target service - to crash.</p> - <p>It may be possible to execute arbitrary code. - However, code execution was not confirmed.</p> + <p>A remote user can send specially crafted IMAP user name + or password data to trigger a double free memory error + in 'ext/imap/php_imap.c' and cause the target service + to crash.</p> + <p>It may be possible to execute arbitrary code. + However, code execution was not confirmed.</p> </blockquote> </body> </description> @@ -4176,7 +4176,6 @@ Note: Please add new entries to the beginning of this file. <p>This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ProFTPD. Authentication is not required to exploit this vulnerability.</p> - <p>The flaw exists within the proftpd server component which listens by default on TCP port 21. When reading user input if a TELNET_IAC escape sequence is encountered the process @@ -4317,15 +4316,15 @@ Note: Please add new entries to the beginning of this file. <p>Secunia reports:</p> <blockquote cite="http://secunia.com/advisories/41535"> <p>A vulnerability has been discovered in Wireshark, which can - be exploited by malicious people to cause a DoS (Denial of - Service).</p> + be exploited by malicious people to cause a DoS (Denial of + Service).</p> <p>The vulnerability is caused due to an infinite recursion - error in the "dissect_unknown_ber()" function in - epan/dissectors/packet-ber.c and can be exploited to cause a - stack overflow e.g. via a specially crafted SNMP packet.</p> + error in the "dissect_unknown_ber()" function in + epan/dissectors/packet-ber.c and can be exploited to cause a + stack overflow e.g. via a specially crafted SNMP packet.</p> <p>The vulnerability is confirmed in version 1.4.0 and - reported in version 1.2.11 and prior and version 1.4.0 and - prior.</p> + reported in version 1.2.11 and prior and version 1.4.0 and + prior.</p> </blockquote> </body> </description> @@ -4406,10 +4405,10 @@ Note: Please add new entries to the beginning of this file. <blockquote cite="http://otrs.org/advisory/OSA-2010-03-en/"> <p>AgentTicketZoom is vulnerable to XSS attacks from HTML e-mails:</p> <p>Whenever a customer sends an HTML e-mail and RichText is enabled - in OTRS, javascript contained in the email can do everything - in the OTRS agent interface that the agent himself could do.</p> + in OTRS, javascript contained in the email can do everything + in the OTRS agent interface that the agent himself could do.</p> <p>Most relevant is that this type of exploit can be used in such - a way that the agent won't even detect he is being exploited.</p> + a way that the agent won't even detect he is being exploited.</p> </blockquote> </body> </description> @@ -4834,9 +4833,9 @@ Note: Please add new entries to the beginning of this file. <body xmlns="http://www.w3.org/1999/xhtml"> <h1>Problem Description:</h1> <p>When running setuid programs rtld will normally remove potentially - dangerous environment variables. Due to recent changes in FreeBSD - environment variable handling code, a corrupt environment may - result in attempts to unset environment variables failing.</p> + dangerous environment variables. Due to recent changes in FreeBSD + environment variable handling code, a corrupt environment may + result in attempts to unset environment variables failing.</p> </body> </description> <references> @@ -4995,7 +4994,7 @@ Note: Please add new entries to the beginning of this file. <p>Gustavo Noronha Silva reports:</p> <blockquote cite="http://gitorious.org/webkitgtk/stable/blobs/master/WebKit/gtk/NEWS"> <p>The patches to fix the following CVEs are included with help from - Vincent Danen and other members of the Red Hat security team:</p> + Vincent Danen and other members of the Red Hat security team:</p> </blockquote> </body> </description> @@ -5351,7 +5350,7 @@ Note: Please add new entries to the beginning of this file. <p>Gustavo Noronha Silva reports:</p> <blockquote cite="http://gitorious.org/webkitgtk/stable/commit/9d07fda89aab7105962d933eef32ca15dda610d8"> <p>With help from Vincent Danen and other members of the Red Hat - security team, the following CVE's where fixed.</p> + security team, the following CVE's where fixed.</p> </blockquote> </body> </description> @@ -5391,9 +5390,9 @@ Note: Please add new entries to the beginning of this file. <p>Description for CVE-2008-3432 says:</p> <blockquote cite="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3432"> <p>Heap-based buffer overflow in the mch_expand_wildcards - function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted - attackers to execute arbitrary code via shell metacharacters - in filenames, as demonstrated by the netrw.v3 test case.</p> + function in os_unix.c in Vim 6.2 and 6.3 allows user-assisted + attackers to execute arbitrary code via shell metacharacters + in filenames, as demonstrated by the netrw.v3 test case.</p> </blockquote> </body> </description> @@ -5545,12 +5544,12 @@ Note: Please add new entries to the beginning of this file. <description> <body xmlns="http://www.w3.org/1999/xhtml"> <p>The get1 command, as used by lftpget, in LFTP before 4.0.6 does - not properly validate a server-provided filename before determining - the destination filename of a download, which allows remote servers - to create or overwrite arbitrary files via a Content-Disposition - header that suggests a crafted filename, and possibly execute - arbitrary code as a consequence of writing to a dotfile in a home - directory.</p> + not properly validate a server-provided filename before determining + the destination filename of a download, which allows remote servers + to create or overwrite arbitrary files via a Content-Disposition + header that suggests a crafted filename, and possibly execute + arbitrary code as a consequence of writing to a dotfile in a home + directory.</p> </body> </description> <references> @@ -5575,12 +5574,12 @@ Note: Please add new entries to the beginning of this file. <description> <body xmlns="http://www.w3.org/1999/xhtml"> <p>GNU Wget version 1.12 and earlier uses a server-provided filename - instead of the original URL to determine the destination filename of - a download, which allows remote servers to create or overwrite - arbitrary files via a 3xx redirect to a URL with a .wgetrc filename - followed by a 3xx redirect to a URL with a crafted filename, and - possibly execute arbitrary code as a consequence of writing to a - dotfile in a home directory.</p> + instead of the original URL to determine the destination filename of + a download, which allows remote servers to create or overwrite + arbitrary files via a 3xx redirect to a URL with a .wgetrc filename + followed by a 3xx redirect to a URL with a crafted filename, and + possibly execute arbitrary code as a consequence of writing to a + dotfile in a home directory.</p> </body> </description> <references> @@ -5734,10 +5733,10 @@ Note: Please add new entries to the beginning of this file. <p>OpenTTD project reports:</p> <blockquote cite="http://security.openttd.org/en/CVE-2010-2534"> <p>When multiple commands are queued (at the server) for execution - in the next game tick and an client joins the server can get into - an infinite loop. With the default settings triggering this bug - is difficult (if not impossible), however the larger value of - the "frame_freq" setting is easier it is to trigger the bug.</p> + in the next game tick and an client joins the server can get into + an infinite loop. With the default settings triggering this bug + is difficult (if not impossible), however the larger value of + the "frame_freq" setting is easier it is to trigger the bug.</p> </blockquote> </body> </description> @@ -6085,11 +6084,11 @@ Note: Please add new entries to the beginning of this file. libmspack code is built into cabextract, so it is also vulnerable.</p> <p>Secunia reports:</p> - <blockquote cite="http://secunia.com/advisories/40719/"> - <p>The vulnerability is caused due to an error when copying data - from an uncompressed block (block type 0) and can be exploited - to trigger an infinite loop by tricking an application using the - library into processing specially crafted MS-ZIP archives.</p> + <blockquote cite="http://secunia.com/advisories/40719/"> + <p>The vulnerability is caused due to an error when copying data + from an uncompressed block (block type 0) and can be exploited + to trigger an infinite loop by tricking an application using the + library into processing specially crafted MS-ZIP archives.</p> </blockquote> </body> </description> @@ -6314,10 +6313,10 @@ Note: Please add new entries to the beginning of this file. <body xmlns="http://www.w3.org/1999/xhtml"> <p>Gustavo Noronha reports:</p> <blockquote cite="http://blog.kov.eti.br/?p=116"> - <p>Debian's Michael Gilbert has done a great job going - through all CVEs released about WebKit, and including patches in - the Debian package. 1.2.3 includes all of the commits from trunk - to fix those, too.</p> + <p>Debian's Michael Gilbert has done a great job going through all + CVEs released about WebKit, and including patches in the Debian + package. 1.2.3 includes all of the commits from trunk to fix those, + too.</p> </blockquote> </body> </description> @@ -6737,7 +6736,7 @@ Note: Please add new entries to the beginning of this file. <p>Daniel Mealha Cabrita reports:</p> <blockquote cite="http://ziproxy.sourceforge.net/#news"> <p>Fixed security vulnerability (heap-related) in PNG decoder. - (new bug from 3.1.0)</p> + (new bug from 3.1.0)</p> </blockquote> </body> </description> |