ports/164367: portaudit finds problem in a jail but not on a host
Henk van Oers
henk.van.oers at xs4all.nl
Sun Jan 22 08:00:22 UTC 2012
>Number: 164367
>Category: ports
>Synopsis: portaudit finds problem in a jail but not on a host
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sun Jan 22 08:00:21 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator: Henk van Oers
>Release: 7.4 , 8.2
>Organization:
None
>Environment:
FreeBSD dee.signature.nl 7.4-STABLE FreeBSD 7.4-STABLE #2: Sun Jan 8 17:22:05 CET 2012 root at bep.signature.nl:/usr/obj/usr/src/sys/BEP i386
>Description:
portaudit on a host does not find:
""
Affected package: ruby-1.8.7.352_2,1
Type of problem: Multiple implementations -- DoS via hash algorithm collision.
Reference: http://portaudit.FreeBSD.org/91be81e7-3fea-11e1-afc7-2c4138874f7d.html
""
jailaudit does find it:
(on a HOST)
""
[...]
portaudit for jail: <munged>(JID: 1)
Affected package: ruby+nopthreads-1.8.7.352_2,1
Type of problem: Multiple implementations -- DoS via hash algorithm collision.
Reference: http://portaudit.FreeBSD.org/91be81e7-3fea-11e1-afc7-2c4138874f7d.html
1 problem(s) found.
Checking for a current audit database:
Database created: Sun Jan 22 03:15:01 CET 2012
Checking for packages with security vulnerabilities:
0 problem(s) in your installed packages found.
-- End of security output --
""
portaudit in a jail works fine:
(in a JAIL)
""
[...]
Checking for a current audit database:
Downloading fresh database.
auditfile.tbz 72 kB 47 kBps
New database installed.
Database created: Sun Jan 22 03:00:00 CET 2012
Checking for packages with security vulnerabilities:
Affected package: ruby-1.8.7.352_2,1
Type of problem: Multiple implementations -- DoS via hash algorithm collision.
Reference: http://portaudit.FreeBSD.org/91be81e7-3fea-11e1-afc7-2c4138874f7d.html
1 problem(s) in your installed packages found.
You are advised to update or deinstall the affected package(s) immediately.
-- End of security output --
""
>How-To-Repeat:
periodic daily
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list