svn commit: r333217 - head/security/vuxml

Bryan Drewery bdrewery at FreeBSD.org
Fri Nov 8 12:56:58 UTC 2013 

On 11/8/2013 6:50 AM, Bryan Drewery wrote:
> Author: bdrewery
> Date: Fri Nov  8 12:50:28 2013
> New Revision: 333217
> URL: http://svnweb.freebsd.org/changeset/ports/333217
> 
> Log:
>   - Document memory corruption in security/openssh-portable
> 
> Modified:
>   head/security/vuxml/vuln.xml
> 
> Modified: head/security/vuxml/vuln.xml
> ==============================================================================
> --- head/security/vuxml/vuln.xml	Fri Nov  8 12:46:34 2013	(r333216)
> +++ head/security/vuxml/vuln.xml	Fri Nov  8 12:50:28 2013	(r333217)
> @@ -51,6 +51,51 @@ Note:  Please add new entries to the beg
>  
>  -->
>  <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
> +  <vuln vid="5709d244-4873-11e3-8a46-000d601460a4">
> +    <topic>OpenSSH -- Memory corruption in sshd</topic>
> +    <affects>
> +      <package>
> +	<name>openssh-portable</name>
> +	<range><lt>6.4p1,1</lt></range>
> +	<range><ge>6.2p2,1</ge></range>
> +      </package>
> +      <package>
> +	<name>openssh-portable-base</name>
> +	<range><lt>6.4p1,1</lt></range>
> +	<range><ge>6.2p2,1</ge></range>
> +      </package>
> +    </affects>
> +    <description>
> +      <body xmlns="http://www.w3.org/1999/xhtml">
> +	<p>OpenSSH development team reports:</p>
> +	<blockquote cite="http://www.openssh.com/txt/gcmrekey.adv">
> +	  <p>A memory corruption vulnerability exists in the post-
> +	    authentication sshd process when an AES-GCM cipher
> +	    (aes128-gcm at openssh.com or aes256-gcm at openssh.com) is
> +	    selected during kex exchange.
> +
> +	    If exploited, this vulnerability might permit code execution
> +	    with the privileges of the authenticated user and may
> +	    therefore allow bypassing restricted shell/command
> +	    configurations.</p>
> +	  <p>Either upgrade to 6.4 or disable AES-GCM in the server
> +	    configuration. The following sshd_config option will disable
> +	    AES-GCM while leaving other ciphers active:
> +
> +	    Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc
> +	  </p>

If there is a better way to note this please do modify.

> +	</blockquote>
> +      </body>
> +    </description>
> +    <references>
> +      <url>http://www.openssh.com/txt/gcmrekey.adv</url>
> +    </references>
> +    <dates>
> +      <discovery>2013-11-07</discovery>
> +      <entry>2013-11-08</entry>
> +    </dates>
> +  </vuln>
> +
>    <vuln vid="f969bad7-46fc-11e3-b6ee-00269ee29e57">
>      <topic>Quassel IRC -- SQL injection vulnerability</topic>
>      <affects>
> 


-- 
Regards,
Bryan Drewery

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 553 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/svn-ports-head/attachments/20131108/9928795e/attachment.sig>

More information about the svn-ports-head mailing list