From miwi at FreeBSD.org Sun Dec 7 04:14:35 2008
From: miwi at FreeBSD.org (miwi@FreeBSD.org)
Date: Sun Dec 7 04:14:42 2008
Subject: ports/128956: [patch] [vuxml] lang/php5 - multiple
vulnerabilities in PHP 5.2.6
Message-ID: <200812071214.mB7CEZA0027510@freefall.freebsd.org>
Synopsis: [patch] [vuxml] lang/php5 - multiple vulnerabilities in PHP 5.2.6
State-Changed-From-To: open->closed
State-Changed-By: miwi
State-Changed-When: Sun Dec 7 12:14:35 UTC 2008
State-Changed-Why:
all documented. Thanks for our submission
http://www.freebsd.org/cgi/query-pr.cgi?pr=128956
From ale at FreeBSD.org Sun Dec 7 03:58:14 2008
From: ale at FreeBSD.org (ale@FreeBSD.org)
Date: Sun Dec 7 04:40:48 2008
Subject: ports/128956: [patch] [vuxml] lang/php5 - multiple
vulnerabilities in PHP 5.2.6
Message-ID: <200812071158.mB7BwE0U012127@freefall.freebsd.org>
Synopsis: [patch] [vuxml] lang/php5 - multiple vulnerabilities in PHP 5.2.6
Responsible-Changed-From-To: ale->miwi
Responsible-Changed-By: ale
Responsible-Changed-When: Sun Dec 7 11:57:42 UTC 2008
Responsible-Changed-Why:
PHP updated.
http://www.freebsd.org/cgi/query-pr.cgi?pr=128956
From miwi at FreeBSD.org Sun Dec 7 11:42:16 2008
From: miwi at FreeBSD.org (miwi@FreeBSD.org)
Date: Sun Dec 7 11:42:23 2008
Subject: ports/129050: [vuxml] [patch] audio/libcdaudio: fix
CVE-2005-0706 and CVE-2008-5030
Message-ID: <200812071942.mB7JgGOE082487@freefall.freebsd.org>
Synopsis: [vuxml] [patch] audio/libcdaudio: fix CVE-2005-0706 and CVE-2008-5030
Responsible-Changed-From-To: novel->miwi
Responsible-Changed-By: miwi
Responsible-Changed-When: Sun Dec 7 19:42:16 UTC 2008
Responsible-Changed-Why:
I will handle this.
http://www.freebsd.org/cgi/query-pr.cgi?pr=129050
From novel at FreeBSD.org Sun Dec 7 11:41:01 2008
From: novel at FreeBSD.org (novel@FreeBSD.org)
Date: Sun Dec 7 12:33:36 2008
Subject: ports/128868: [vuxml] security/gnutls: CVE-2008-4989 and update
to 2.4.2
Message-ID: <200812071940.mB7JexxC082354@freefall.freebsd.org>
Synopsis: [vuxml] security/gnutls: CVE-2008-4989 and update to 2.4.2
State-Changed-From-To: open->closed
State-Changed-By: novel
State-Changed-When: Sun Dec 7 19:40:58 UTC 2008
State-Changed-Why:
Committed, thanks!
http://www.freebsd.org/cgi/query-pr.cgi?pr=128868
From security-advisories at freebsd.org Mon Dec 22 17:39:23 2008
From: security-advisories at freebsd.org (FreeBSD Security Advisories)
Date: Mon Dec 22 17:39:36 2008
Subject: FreeBSD Security Advisory FreeBSD-SA-08:13.protosw
Message-ID: <200812230139.mBN1dNHO029504@freefall.freebsd.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-08:13.protosw Security Advisory
The FreeBSD Project
Topic: netgraph / bluetooth privilege escalation
Category: core
Module: sys_kern
Announced: 2008-12-23
Credits: Christer Oberg
Affects: All FreeBSD releases
Corrected: 2008-12-23 01:23:09 UTC (RELENG_7, 7.1-PRERELEASE)
2008-12-23 01:23:09 UTC (RELENG_7_1, 7.1-RC2)
2008-12-23 01:23:09 UTC (RELENG_7_0, 7.0-RELEASE-p7)
2008-12-23 01:23:09 UTC (RELENG_6, 6.4-STABLE)
2008-12-23 01:23:09 UTC (RELENG_6_4, 6.4-RELEASE-p1)
2008-12-23 01:23:09 UTC (RELENG_6_3, 6.3-RELEASE-p7)
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit .
I. Background
The FreeBSD kernel provides support for a variety of different types of
communications sockets, including IPv4, IPv6, ISDN, ATM, routing protocol,
link-layer, netgraph(4), and bluetooth sockets. As an early form of
object-oriented design, much of the functionality specific to different
types of sockets is abstracted via function pointers.
II. Problem Description
Some function pointers for netgraph and bluetooth sockets are not
properly initialized.
III. Impact
A local user can cause the FreeBSD kernel to execute arbitrary code.
This could be used by an attacker directly; or it could be used to gain
root privilege or to escape from a jail.
IV. Workaround
No workaround is available, but systems without local untrusted users
are not vulnerable. Furthermore, systems are not vulnerable if they
have neither the ng_socket nor ng_bluetooth kernel modules loaded or
compiled into the kernel.
Systems with the security.jail.socket_unixiproute_only sysctl set to
1 (the default) are only vulnerable if they have local untrusted users
outside of jails.
If the command
# kldstat -v | grep ng_
produces no output, the system is not vulnerable.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the
RELENG_7_0, RELENG_6_4, or RELENG_6_3 security branch dated after the
correction date.
2) To patch your present system:
The following patches have been verified to apply to FreeBSD 6.3, 6.4,
and 7.0 systems.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 6.x]
# fetch http://security.FreeBSD.org/patches/SA-08:13/protosw6x.patch
# fetch http://security.FreeBSD.org/patches/SA-08:13/protosw6x.patch.asc
[FreeBSD 7.x]
# fetch http://security.FreeBSD.org/patches/SA-08:13/protosw.patch
# fetch http://security.FreeBSD.org/patches/SA-08:13/protosw.patch.asc
b) Apply the patch.
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
and reboot the
system.
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
CVS:
Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_6
src/sys/kern/uipc_domain.c 1.44.2.4
RELENG_6_4
src/UPDATING 1.416.2.40.2.4
src/sys/conf/newvers.sh 1.69.2.18.2.7
src/sys/kern/uipc_domain.c 1.44.2.3.6.2
RELENG_6_3
src/UPDATING 1.416.2.37.2.12
src/sys/conf/newvers.sh 1.69.2.15.2.11
src/sys/kern/uipc_domain.c 1.44.2.3.4.1
RELENG_7
src/sys/kern/uipc_domain.c 1.51.2.2
RELENG_7_1
src/UPDATING 1.507.2.13.2.2
src/sys/kern/uipc_domain.c 1.51.2.1.2.2
RELENG_7_0
src/UPDATING 1.507.2.3.2.11
src/sys/conf/newvers.sh 1.72.2.5.2.11
src/sys/kern/uipc_domain.c 1.51.4.1
- -------------------------------------------------------------------------
Subversion:
Branch/path Revision
- -------------------------------------------------------------------------
stable/6/ r186405
releng/6.4/ r186405
releng/6.3/ r186405
stable/7/ r186405
releng/7.1/ r186405
releng/7.0/ r186405
- -------------------------------------------------------------------------
VII. References
The latest revision of this advisory is available at
http://security.FreeBSD.org/advisories/FreeBSD-SA-08:13.protosw.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (FreeBSD)
iEYEARECAAYFAklQP9QACgkQFdaIBMps37KL2gCfRlQ7kTB24DYnDEGRUC+px4bX
214AoJJrJjaeS6ITyk73AL/OK+rNAM4u
=7qyU
-----END PGP SIGNATURE-----
From security-advisories at freebsd.org Mon Dec 22 17:39:29 2008
From: security-advisories at freebsd.org (FreeBSD Security Advisories)
Date: Mon Dec 22 17:39:56 2008
Subject: FreeBSD Security Advisory FreeBSD-SA-08:12.ftpd
Message-ID: <200812230139.mBN1dTSX029547@freefall.freebsd.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-08:12.ftpd Security Advisory
The FreeBSD Project
Topic: Cross-site request forgery in ftpd(8)
Category: core
Module: ftpd
Announced: 2008-12-23
Credits: Maksymilian Arciemowicz
Affects: All supported versions of FreeBSD.
Corrected: 2008-12-23 01:23:09 UTC (RELENG_7, 7.1-PRERELEASE)
2008-12-23 01:23:09 UTC (RELENG_7_1, 7.1-RC2)
2008-12-23 01:23:09 UTC (RELENG_7_0, 7.0-RELEASE-p7)
2008-12-23 01:23:09 UTC (RELENG_6, 6.4-STABLE)
2008-12-23 01:23:09 UTC (RELENG_6_4, 6.4-RELEASE-p1)
2008-12-23 01:23:09 UTC (RELENG_6_3, 6.3-RELEASE-p7)
CVE Name: CVE-2008-4247
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit .
I. Background
ftpd(8) is a general-purpose implementation of File Transfer Protocol (FTP)
server that is shipped with the FreeBSD base system. It is not enabled
in default installations but can be enabled as either an inetd(8) server,
or a standard-alone server.
A cross-site request forgery attack is a type of malicious exploit that is
mainly targeted to a web browser, by tricking a user trusted by the site
into visiting a specially crafted URL, which in turn executes a command
which performs some privileged operations on behalf of the trusted user
on the victim site.
II. Problem Description
The ftpd(8) server splits long commands into several requests. This
may result in the server executing a command which is hidden inside
another very long command.
III. Impact
This could, with a specifically crafted command, be used in a
cross-site request forgery attack.
FreeBSD systems running ftpd(8) server could act as a point of privilege
escalation in an attack against users using web browser to access trusted
FTP sites.
IV. Workaround
No workaround is available, but systems not running FTP servers are
not vulnerable. Systems not running the FreeBSD ftp(8) server are not
affected, but users of other ftp daemons are advised to take care
since several other ftp daemons are known to have related bugs.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the
RELENG_7_1, RELENG_7_0, RELENG_6_4, or RELENG_6_3 security branch
dated after the correction date.
2) To patch your present system:
The following patches have been verified to apply to FreeBSD 6.3, 6.4,
7.0, and 7.1 systems.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch http://security.FreeBSD.org/patches/SA-08:12/ftpd.patch
# fetch http://security.FreeBSD.org/patches/SA-08:12/ftpd.patch.asc
b) Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
# cd /usr/src/libexec/ftpd
# make obj && make depend && make && make install
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
CVS:
Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_6
src/libexec/ftpd/ftpcmd.y 1.64.2.3
src/libexec/ftpd/extern.h 1.19.14.1
src/libexec/ftpd/ftpd.c 1.206.2.4
RELENG_6_4
src/UPDATING 1.416.2.40.2.4
src/sys/conf/newvers.sh 1.69.2.18.2.7
src/libexec/ftpd/ftpcmd.y 1.64.2.2.4.2
src/libexec/ftpd/extern.h 1.19.30.2
src/libexec/ftpd/ftpd.c 1.206.2.3.4.2
RELENG_6_3
src/UPDATING 1.416.2.37.2.12
src/sys/conf/newvers.sh 1.69.2.15.2.11
src/libexec/ftpd/ftpcmd.y 1.64.2.2.2.1
src/libexec/ftpd/extern.h 1.19.26.1
src/libexec/ftpd/ftpd.c 1.206.2.3.2.1
RELENG_7
src/libexec/ftpd/ftpcmd.y 1.66.2.1
src/libexec/ftpd/extern.h 1.19.24.1
src/libexec/ftpd/ftpd.c 1.212.2.1
RELENG_7_1
src/UPDATING 1.507.2.13.2.2
src/libexec/ftpd/ftpcmd.y 1.66.6.2
src/libexec/ftpd/extern.h 1.19.32.2
src/libexec/ftpd/ftpd.c 1.212.6.2
RELENG_7_0
src/UPDATING 1.507.2.3.2.11
src/sys/conf/newvers.sh 1.72.2.5.2.11
src/libexec/ftpd/ftpcmd.y 1.66.4.1
src/libexec/ftpd/extern.h 1.19.28.1
src/libexec/ftpd/ftpd.c 1.212.4.1
- -------------------------------------------------------------------------
Subversion:
Branch/path Revision
- -------------------------------------------------------------------------
stable/6/ r186405
releng/6.4/ r186405
releng/6.3/ r186405
stable/7/ r186405
releng/7.1/ r186405
releng/7.0/ r186405
- -------------------------------------------------------------------------
VII. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4247
The latest revision of this advisory is available at
http://security.FreeBSD.org/advisories/FreeBSD-SA-08:12.ftpd.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (FreeBSD)
iEYEARECAAYFAklQP8wACgkQFdaIBMps37ITvgCePP8oVI6cffvQu229Qg7eNshN
A0kAn3A6kjr+QovEwOVKNzjow1aCtU8K
=sDxD
-----END PGP SIGNATURE-----