svn commit: r431401 - head/security/vuxml
Mark Felder
feld at FreeBSD.org
Fri Jan 13 16:50:00 UTC 2017
Author: feld
Date: Fri Jan 13 16:49:59 2017
New Revision: 431401
URL: https://svnweb.freebsd.org/changeset/ports/431401
Log:
Consolidate duplicate openssh vuxml entries
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Fri Jan 13 16:25:58 2017 (r431400)
+++ head/security/vuxml/vuln.xml Fri Jan 13 16:49:59 2017 (r431401)
@@ -208,6 +208,10 @@ Notes:
<topic>FreeBSD -- OpenSSH multiple vulnerabilities</topic>
<affects>
<package>
+ <name>openssh-portable</name>
+ <range><lt>7.4.p1,1</lt></range>
+ </package>
+ <package>
<name>FreeBSD</name>
<range><ge>11.0</ge><lt>11.0_7</lt></range>
<range><ge>10.3</ge><lt>10.3_16</lt></range>
@@ -239,13 +243,14 @@ Notes:
</body>
</description>
<references>
- <cvename>CVE-2016-1000</cvename>
- <cvename>CVE-2016-1001</cvename>
+ <cvename>CVE-2016-10009</cvename>
+ <cvename>CVE-2016-10010</cvename>
<freebsdsa>SA-17:01.openssh</freebsdsa>
</references>
<dates>
<discovery>2017-01-11</discovery>
<entry>2017-01-11</entry>
+ <modified>2017-01-13</modified>
</dates>
</vuln>
@@ -1205,57 +1210,7 @@ Notes:
</vuln>
<vuln vid="2aedd15f-ca8b-11e6-a9a5-b499baebfeaf">
- <topic>openssh -- multiple vulnerabilities</topic>
- <affects>
- <package>
- <name>openssh-portable</name>
- <range><lt>7.4.p1,1</lt></range>
- </package>
- <package>
- <name>FreeBSD</name>
- <range><ge>11.0</ge><lt>11.0_7</lt></range>
- <range><ge>10.3</ge><lt>10.3_16</lt></range>
- <range><ge>10.2</ge><lt>10.2_29</lt></range>
- <range><ge>10.1</ge><lt>10.1_46</lt></range>
- <range><ge>9.3</ge><lt>9.3_54</lt></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>The OpenSSH project reports:</p>
- <blockquote cite="https://www.openssh.com/txt/release-7.4">
- <ul>
- <li>ssh-agent(1): Will now refuse to load PKCS#11 modules from
- paths outside a trusted whitelist (run-time configurable).
- Requests to load modules could be passed via agent forwarding
- and an attacker could attempt to load a hostile PKCS#11 module
- across the forwarded agent channel: PKCS#11 modules are shared
- libraries, so this would result in code execution on the system
- running the ssh-agent if the attacker has control of the
- forwarded agent-socket (on the host running the sshd server)
- and the ability to write to the filesystem of the host running
- ssh-agent (usually the host running the ssh client).
- (CVE-2016-10009)</li>
- <li>sshd(8): When privilege separation is disabled, forwarded
- Unix-domain sockets would be created by sshd(8) with the
- privileges of 'root' instead of the authenticated user. This
- release refuses Unix-domain socket forwarding when privilege
- separation is disabled (Privilege separation has been enabled by
- default for 14 years). CVE-2016-10010)</li>
- </ul>
- </blockquote>
- </body>
- </description>
- <references>
- <url>https://www.openssh.com/txt/release-7.4</url>
- <cvename>CVE-2016-10009</cvename>
- <cvename>CVE-2016-10010</cvename>
- </references>
- <dates>
- <discovery>2016-12-25</discovery>
- <entry>2016-12-25</entry>
- <modified>2017-01-09</modified>
- </dates>
+ <cancelled/>
</vuln>
<vuln vid="c40ca16c-4d9f-4d70-8b6c-4d53aeb8ead4">
More information about the svn-ports-head
mailing list