ports/136859: vuxml update for security vulnerability: ports:mono
Romain Tartiere
romain at blogreen.org
Fri Jul 17 08:30:07 UTC 2009
>Number: 136859
>Category: ports
>Synopsis: vuxml update for security vulnerability: ports:mono
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Fri Jul 17 08:30:06 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: Romain Tartiere
>Release: FreeBSD 7.2-STABLE i386
>Organization:
>Environment:
System: FreeBSD marvin.blogreen.org 7.2-STABLE FreeBSD 7.2-STABLE #5 r194822M: Wed Jun 24 14:10:46 CEST 2009 root at marvin.blogreen.org:/usr/obj/usr/src/sys/MARVIN i386
>Description:
>How-To-Repeat:
>Fix:
--- vuln.xml.patch1 begins here ---
--- vuln.xml.orig 2009-07-17 10:18:36.000000000 +0200
+++ vuln.xml 2009-07-17 10:08:33.000000000 +0200
@@ -34,6 +34,32 @@
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="46999e2e-72a7-11de-a334-0008a14dbca1">
+ <topic>mono -- XML signature HMAC truncation authentication bypass</topic>
+ <affects>
+ <package>
+ <name>mono</name>
+ <range><lt>2.4.2.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>US-CERT reports:</p>
+ <blockquote cite="http://www.kb.cert.org/vuls/id/466161">
+ <p>The XML Signature specification allows for HMAC truncation, which
+ may allow a remote attacker to bypass authentication.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2009-0217</cvename>
+ </references>
+ <dates>
+ <discovery>2009-07-14</discovery>
+ <entry>2009-07-17</entry>
+ </dates>
+ </vuln>
+
<vuln vid="70372cda-6771-11de-883a-00e0815b8da8">
<topic>nfsen -- remote command execution</topic>
<affects>
--- vuln.xml.patch1 ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list