FreeBSD Port: paraview-2.4.2 - security vulnerabilities
Mark Lubratt
mark.lubratt at indeq.com
Wed Feb 1 19:10:14 PST 2006
Hello!
I originally posted this to the questions list. But, now I realize
that it's probably better posted here.
I'm trying to install the OpenFoam port on 6.0 Stable with the
current ports tree. During the install, I get the following errors
from the paraview dependency:
Verifying install for /usr/local/lib/paraview-2.4/
ParaViewConfig.cmake i
n /usr/ports/science/paraview
===> paraview-2.4.2 has known vulnerabilities:
=> tiff -- buffer overflow vulnerability.
Reference: <http://www.FreeBSD.org/ports/portaudit/
68222076-010b-11da-bc08-00
01020eed82.html>
=> tiff -- divide-by-zero denial-of-service.
Reference: <http://www.FreeBSD.org/ports/portaudit/
b58ff497-6977-11d9-ae49-00
0c41e2cdad.html>
=> tiff -- directory entry count integer overflow vulnerability.
Reference: <http://www.FreeBSD.org/ports/portaudit/
fc7e6a42-6012-11d9-a9e7-00
01020eed82.html>
=> tiff -- multiple integer overflows.
Reference: <http://www.FreeBSD.org/ports/portaudit/
3897a2f8-1d57-11d9-bc4a-00
0c41e2cdad.html>
=> tiff -- RLE decoder heap overflows.
Reference: <http://www.FreeBSD.org/ports/portaudit/
f6680c03-0bd8-11d9-8a8a-00
0c41e2cdad.html>
=> Please update your ports tree and try again.
I've updated the ports tree multiple times. I've perused the
archives and found that all of these vulnerabilities should already
be fixed (to the best of my understanding). Portaudit doesn't report
the current linux-tiff-3.6.1_5 has having these vulnerabilities.
I've tried deinstalling and reinstalling linux-tiff. Portversion
reports that linux-tiff is up to date.
I'm not sure what to do next, or how to get around this error. Any
help would be appreciated!
Thanks!
Mark
More information about the freebsd-ports
mailing list