ports/73699: Update: security/samhain 2.0.1 -> 2.0.2 (security update)
David Thiel
lx at redundancy.redundancy.org
Tue Nov 9 02:10:31 UTC 2004
>Number: 73699
>Category: ports
>Synopsis: Update: security/samhain 2.0.1 -> 2.0.2 (security update)
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Tue Nov 09 02:10:30 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator: David Thiel
>Release: FreeBSD 4.9-STABLE i386
>Organization:
>Environment:
System: FreeBSD redundancy.redundancy.org 4.9-STABLE FreeBSD 4.9-STABLE #15: Wed Nov 19 21:41:32 PST 2003 lx at redundancy.redundancy.org:/usr/obj/usr/src/sys/REDUNDANCY i386
>Description:
Updating the Samhain integrity checking system to 2.0.2, a security bugfix
release. All users are advised to upgrade.
Changes:
* A buffer overflow in the database update code has been fixed that
was found during an internal code review. It can (only) be triggered if
samhain is running in 'update' mode (command line option '-t update'),
and may be exploitable by a local user, if this user controls a
directory checked by samhain.
Versions affected: samhain 1.8.9 - 2.0.1 (inclusive).
* A segfault in the email code caused by an uninitialized variable has
been fixed.
* A segfault caused by a NULL pointer dereference has been fixed.
>How-To-Repeat:
>Fix:
diff -ruN samhain.old/Makefile samhain/Makefile
--- samhain.old/Makefile Mon Nov 8 11:31:33 2004
+++ samhain/Makefile Mon Nov 8 11:32:05 2004
@@ -17,7 +17,7 @@
#
PORTNAME= samhain
-PORTVERSION= 2.0.1
+PORTVERSION= 2.0.2
CATEGORIES= security
MASTER_SITES= http://la-samhna.de/archive/ \
http://cold.darkambient.net/
diff -ruN samhain.old/distinfo samhain/distinfo
--- samhain.old/distinfo Mon Nov 8 11:31:33 2004
+++ samhain/distinfo Mon Nov 8 11:32:37 2004
@@ -1,2 +1,2 @@
-MD5 (samhain_signed-2.0.1.tar.gz) = 604b242ff4069bb6b14913e1a862c102
-SIZE (samhain_signed-2.0.1.tar.gz) = 1024211
+MD5 (samhain_signed-2.0.2.tar.gz) = d7a5604a7cba939bf9c683784f501d0e
+SIZE (samhain_signed-2.0.2.tar.gz) = 1024411
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list