ports/73699: Update: security/samhain 2.0.1 -> 2.0.2 (security update)

David Thiel lx at redundancy.redundancy.org
Tue Nov 9 02:10:31 UTC 2004 

>Number:         73699
>Category:       ports
>Synopsis:       Update: security/samhain 2.0.1 -> 2.0.2 (security update)
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Tue Nov 09 02:10:30 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     David Thiel
>Release:        FreeBSD 4.9-STABLE i386
>Organization:
>Environment:
System: FreeBSD redundancy.redundancy.org 4.9-STABLE FreeBSD 4.9-STABLE #15: Wed Nov 19 21:41:32 PST 2003 lx at redundancy.redundancy.org:/usr/obj/usr/src/sys/REDUNDANCY i386


>Description:

Updating the Samhain integrity checking system to 2.0.2, a security bugfix
release. All users are advised to upgrade.

Changes:

* A buffer overflow in the database update code has been fixed that
was found during an internal code review. It can (only) be triggered if
samhain is running in 'update' mode (command line option '-t update'),
and may be exploitable by a local user, if this user controls a
directory checked by samhain.

Versions affected: samhain 1.8.9 - 2.0.1 (inclusive).

* A segfault in the email code caused by an uninitialized variable has
been fixed.

* A segfault caused by a NULL pointer dereference has been fixed.

>How-To-Repeat:
>Fix:

diff -ruN samhain.old/Makefile samhain/Makefile
--- samhain.old/Makefile	Mon Nov  8 11:31:33 2004
+++ samhain/Makefile	Mon Nov  8 11:32:05 2004
@@ -17,7 +17,7 @@
 #
 
 PORTNAME=	samhain
-PORTVERSION=	2.0.1
+PORTVERSION=	2.0.2
 CATEGORIES=	security
 MASTER_SITES=	http://la-samhna.de/archive/ \
 		http://cold.darkambient.net/
diff -ruN samhain.old/distinfo samhain/distinfo
--- samhain.old/distinfo	Mon Nov  8 11:31:33 2004
+++ samhain/distinfo	Mon Nov  8 11:32:37 2004
@@ -1,2 +1,2 @@
-MD5 (samhain_signed-2.0.1.tar.gz) = 604b242ff4069bb6b14913e1a862c102
-SIZE (samhain_signed-2.0.1.tar.gz) = 1024211
+MD5 (samhain_signed-2.0.2.tar.gz) = d7a5604a7cba939bf9c683784f501d0e
+SIZE (samhain_signed-2.0.2.tar.gz) = 1024411

>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list