FreeBSD Port: paraview-2.4.2 - security vulnerabilities

Kris Kennaway kris at obsecurity.org
Wed Feb 1 21:53:05 PST 2006


On Wed, Feb 01, 2006 at 09:10:07PM -0600, Mark Lubratt wrote:
> Hello!
> 
> I originally posted this to the questions list.  But, now I realize  
> that it's probably better posted here.
> 
> I'm trying to install the OpenFoam port on 6.0 Stable with the  
> current ports tree.  During the install, I get the following errors  
> from the paraview dependency:
> 
>    Verifying install for /usr/local/lib/paraview-2.4/ 
> ParaViewConfig.cmake i
> n /usr/ports/science/paraview
> ===>  paraview-2.4.2 has known vulnerabilities:
> => tiff -- buffer overflow vulnerability.
>    Reference: <http://www.FreeBSD.org/ports/portaudit/ 
> 68222076-010b-11da-bc08-00
> 01020eed82.html>
> => tiff -- divide-by-zero denial-of-service.
>    Reference: <http://www.FreeBSD.org/ports/portaudit/ 
> b58ff497-6977-11d9-ae49-00
> 0c41e2cdad.html>
> => tiff -- directory entry count integer overflow vulnerability.
>    Reference: <http://www.FreeBSD.org/ports/portaudit/ 
> fc7e6a42-6012-11d9-a9e7-00
> 01020eed82.html>
> => tiff -- multiple integer overflows.
>    Reference: <http://www.FreeBSD.org/ports/portaudit/ 
> 3897a2f8-1d57-11d9-bc4a-00
> 0c41e2cdad.html>
> => tiff -- RLE decoder heap overflows.
>    Reference: <http://www.FreeBSD.org/ports/portaudit/ 
> f6680c03-0bd8-11d9-8a8a-00
> 0c41e2cdad.html>
> => Please update your ports tree and try again.
> 
> 
> I've updated the ports tree multiple times.  I've perused the  
> archives and found that all of these vulnerabilities should already  
> be fixed (to the best of my understanding).  Portaudit doesn't report  
> the current linux-tiff-3.6.1_5 has having these vulnerabilities.   
> I've tried deinstalling and reinstalling linux-tiff.  Portversion  
> reports that linux-tiff is up to date.
> 

Did you update your portaudit database?

Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20060202/9d9c329a/attachment.bin


More information about the freebsd-ports mailing list