From owner-freebsd-ports-bugs@FreeBSD.ORG Sat Jun 1 08:50:00 2013 Return-Path: Delivered-To: freebsd-ports-bugs@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 82B03269 for ; Sat, 1 Jun 2013 08:50:00 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 6946A767 for ; Sat, 1 Jun 2013 08:50:00 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id r518o077093685 for ; Sat, 1 Jun 2013 08:50:00 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.7/8.14.7/Submit) id r518o0LO093684; Sat, 1 Jun 2013 08:50:00 GMT (envelope-from gnats) Resent-Date: Sat, 1 Jun 2013 08:50:00 GMT Resent-Message-Id: <201306010850.r518o0LO093684@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Olli Hauer Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 4B67423B; Sat, 1 Jun 2013 08:44:52 +0000 (UTC) (envelope-from ohauer@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 2483774C; Sat, 1 Jun 2013 08:44:52 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id r518iqx6093479; Sat, 1 Jun 2013 08:44:52 GMT (envelope-from ohauer@freefall.freebsd.org) Received: (from ohauer@localhost) by freefall.freebsd.org (8.14.7/8.14.7/Submit) id r518ip1U093478; Sat, 1 Jun 2013 08:44:51 GMT (envelope-from ohauer) Message-Id: <201306010844.r518ip1U093478@freefall.freebsd.org> Date: Sat, 1 Jun 2013 08:44:51 GMT From: Olli Hauer To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.113 Subject: ports/179167: [patch] www/mod_security update to 2.7.4 (CVE-2013-2765) Cc: araujo@FreeBSD.org X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 01 Jun 2013 08:50:00 -0000 >Number: 179167 >Category: ports >Synopsis: [patch] www/mod_security update to 2.7.4 (CVE-2013-2765) >Confidential: no >Severity: non-critical >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sat Jun 01 08:50:00 UTC 2013 >Closed-Date: >Last-Modified: >Originator: Olli Hauer >Release: FreeBSD 8.3-RELEASE-p3 amd64 >Organization: >Environment: >Description: - update mod_security to version 2.7.4 10 May 2013 - 2.7.4 ------------------- Improvements: * Added Libinjection project http://www.client9.com/projects/libinjection/ as a new operator @detectSQLi. (Thanks Nick Galbreath). * Added new variable SDBM_DELETE_ERROR that will be set to 1 when sdbm engine fails to delete entries. * NGINX is now set to STABLE. Thanks chaizhenhua and all the people in community who help the project testing, sending feedback and patches. Bug Fixes: * Fixed SecRulePerfTime storing unnecessary rules performance times. * Fixed Possible SDBM deadlock condition. * Fixed Possible @rsub memory leak. * Fixed REMOTE_ADDR content will receive the client ip address when mod_remoteip.c is present. * Fixed NGINX Audit engine in Concurrent mode was overwriting existing alert files because a issue with UNIQUE_ID. * Fixed CPU 100% issue in NGINX port. This is also related to an memory leak when loading response body. Security Issues: * Fixed Remote Null Pointer DeReference (CVE-2013-2765). WhenÂ| forceRequestBodyVariable action is triggered and a unknown Content-Type is used, mod_security will crash trying to manipulate msr->msc_reqbody_chunks->elts however msr->msc_reqbody_chunks is NULL. (Thanks Younes JAAIDI). POC for CVE-2013-2765: https://github.com/shookalabs/exploits/blob/master/modsecurity_cve_2013_2765_check.py >How-To-Repeat: >Fix: --- mod_security.diff begins here --- Index: mod_security/Makefile =================================================================== --- mod_security/Makefile (revision 319557) +++ mod_security/Makefile (working copy) @@ -1,7 +1,7 @@ # $FreeBSD$ PORTNAME= mod_security -PORTVERSION= 2.7.3 +PORTVERSION= 2.7.4 CATEGORIES= www security MASTER_SITES= http://www.modsecurity.org/tarball/${PORTVERSION}/ PKGNAMEPREFIX= ${APACHE_PKGNAMEPREFIX} Index: mod_security/distinfo =================================================================== --- mod_security/distinfo (revision 319557) +++ mod_security/distinfo (working copy) @@ -1,2 +1,2 @@ -SHA256 (modsecurity-apache_2.7.3.tar.gz) = fa5b0a2fabe9cd6c7b35ae09a433a60da183b2cabcf26479ec40fc4a419693e4 -SIZE (modsecurity-apache_2.7.3.tar.gz) = 981947 +SHA256 (modsecurity-apache_2.7.4.tar.gz) = 605d6f1b03e648001ef1c7db7b18d51c01edd443b57cbbd4e298770ffdcd0eb9 +SIZE (modsecurity-apache_2.7.4.tar.gz) = 1014983 --- mod_security.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted: