Date: Fri, 25 Jul 2014 20:16:04 +0000 (UTC) From: Olli Hauer <ohauer@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r362929 - branches/2014Q3/security/vuxml Message-ID: <201407252016.s6PKG4Bx046741@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ohauer Date: Fri Jul 25 20:16:03 2014 New Revision: 362929 URL: http://svnweb.freebsd.org/changeset/ports/362929 QAT: https://qat.redports.org/buildarchive/r362929/ Log: MFH: r360546 - Add seamonkey to list of things affected by mozilla issue MFH: r362122 Document new vulnerabilities in www/chromium < 36.0.1985.125 Submitted by: Carlos Jacobo Puga Medina <cpm@fbsd.es> via freebsd-chromium Obtained from: http://googlechromereleases.blogspot.nl/ MFH: r362180 Yet another tranche of phpMyAdmin security alerts. In typical style there has been a software release with warnings that it contains security fixes, but the Security Advisories are not yet available and CVE numbers have not yet been published. MFH: r362379 Update the latest phpMyAdmin entry with CVE numbers and descriptive text from the security advisories, now that they have been published. Security: 3f09ca29-0e48-11e4-b17a-6805ca0b3d42 MFH: r362379 Update the latest phpMyAdmin entry with CVE numbers and descriptive text from the security advisories, now that they have been published. Security: 3f09ca29-0e48-11e4-b17a-6805ca0b3d42 MFH: r362262 - document apache24 CVE entries until now there is no official CHANGELOG and apache-2.4.10 is not released, so take summary from upstream SVN. MFH: r362496 security/vuxml: document security issue in mcollective MFH: r362632 Document Mozilla multiple vulnerabilities. MFH: r362708 - Document vulnerabilities in www/tomcat*: CVE-2014-0096, CVE-2014-0099, CVE-2014-0075 MFH: r362844 - document apache22 CVE entries MFH: r362910 - document bugzilla Cross Site Request Forgery (CVE-2014-1546) Approved by: portmgr (erwin) Modified: branches/2014Q3/security/vuxml/vuln.xml Directory Properties: branches/2014Q3/ (props changed) Modified: branches/2014Q3/security/vuxml/vuln.xml ============================================================================== --- branches/2014Q3/security/vuxml/vuln.xml Fri Jul 25 20:12:19 2014 (r362928) +++ branches/2014Q3/security/vuxml/vuln.xml Fri Jul 25 20:16:03 2014 (r362929) @@ -57,6 +57,266 @@ Notes: --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="9defb2d6-1404-11e4-8cae-20cf30e32f6d"> + <topic>bugzilla -- Cross Site Request Forgery</topic> + <affects> + <package> + <name>bugzilla44</name> + <range><lt>4.4.5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>A Bugzilla Security Advisory reports:</h1> + <blockquote cite="http://www.bugzilla.org/security/4.0.13/"> + <p>Adobe does not properly restrict the SWF file format, + which allows remote attackers to conduct cross-site + request forgery (CSRF) attacks against Bugzilla's JSONP + endpoint, possibly obtaining sensitive bug information, + via a crafted OBJECT element with SWF content satisfying + the character-set requirements of a callback API.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2014-1546</cvename> + </references> + <dates> + <discovery>2014-07-24</discovery> + <entry>2014-07-25</entry> + </dates> + </vuln> + + <vuln vid="f927e06c-1109-11e4-b090-20cf30e32f6d"> + <topic>apache22 -- several vulnerabilities</topic> + <affects> + <package> + <name>apache22</name> + <range><gt>2.2.0</gt><lt>2.2.27_6</lt></range> + </package> + <package> + <name>apache22-event-mpm</name> + <range><gt>2.2.0</gt><lt>2.2.27_6</lt></range> + </package> + <package> + <name>apache22-itk-mpm</name> + <range><gt>2.2.0</gt><lt>2.2.27_6</lt></range> + </package> + <package> + <name>apache22-peruser-mpm</name> + <range><gt>2.2.0</gt><lt>2.2.27_6</lt></range> + </package> + <package> + <name>apache22-worker-mpm</name> + <range><gt>2.2.0</gt><lt>2.2.27_6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Apache HTTP SERVER PROJECT reports:</p> + <blockquote cite="http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?revision=1611816&view=markup"> + <p> mod_deflate: The DEFLATE input filter (inflates request bodies) now + limits the length and compression ratio of inflated request bodies to + avoid denial of service via highly compressed bodies. See directives + DeflateInflateLimitRequestBody, DeflateInflateRatioLimit, and + DeflateInflateRatioBurst.</p> + <p>mod_cgid: Fix a denial of service against CGI scripts that do not consume + stdin that could lead to lingering HTTPD child processes filling up the + scoreboard and eventually hanging the server. By default, the client I/O + timeout (Timeout directive) now applies to communication with scripts. The + CGIDScriptTimeout directive can be used to set a different timeout for + communication with scripts.</p> + <p>Fix a race condition in scoreboard handling, which could lead to a heap + buffer overflow.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2014-0118</cvename> + <cvename>CVE-2014-0231</cvename> + <cvename>CVE-2014-0226</cvename> + </references> + <dates> + <discovery>2014-07-19</discovery> + <entry>2014-07-24</entry> + </dates> + </vuln> + + <vuln vid="81fc1076-1286-11e4-bebd-000c2980a9f3"> + <topic>tomcat -- multiple vulnerabilities</topic> + <affects> + <package> + <name>tomcat6</name> + <range><lt>6.0.40</lt></range> + </package> + <package> + <name>tomcat7</name> + <range><lt>7.0.53</lt></range> + </package> + <package> + <name>tomcat8</name> + <range><lt>8.0.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Tomcat Security Team reports:</p> + <blockquote cite="https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.54"> + <p>Tomcat does not properly restrict XSLT stylesheets, which allows + remote attackers to bypass security-manager restrictions and read + arbitrary files via a crafted web application that provides an XML + external entity declaration in conjunction with an entity + reference, related to an XML External Entity (XXE) issue.</p> + <p>An integer overflow, when operated behind a reverse proxy, allows + remote attackers to conduct HTTP request smuggling attacks via a + crafted Content-Length HTTP header.</p> + <p>An integer overflow in parseChunkHeader allows remote attackers + to cause a denial of service (resource consumption) via a malformed + chunk size in chunked transfer coding of a request during the + streaming of data.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2014-0096</cvename> + <cvename>CVE-2014-0099</cvename> + <cvename>CVE-2014-0075</cvename> + <url>https://tomcat.apache.org/security-6.html</url> + <url>https://tomcat.apache.org/security-7.html</url> + <url>https://tomcat.apache.org/security-8.html</url> + </references> + <dates> + <discovery>2014-05-23</discovery> + <entry>2014-07-23</entry> + </dates> + </vuln> + + <vuln vid="978b0f76-122d-11e4-afe3-bc5ff4fb5e7b"> + <topic>mozilla -- multiple vulnerabilities</topic> + <affects> + <package> + <name>firefox</name> + <range><lt>31.0,1</lt></range> + </package> + <package> + <name>firefox-esr</name> + <range><lt>24.7.0,1</lt></range> + </package> + <package> + <name>linux-firefox</name> + <range><lt>31.0,1</lt></range> + </package> + <package> + <name>linux-thunderbird</name> + <range><lt>24.7.0</lt></range> + </package> + <package> + <name>thunderbird</name> + <range><lt>24.7.0</lt></range> + </package> + <package> + <name>nss</name> + <range><lt>3.16.1_2</lt></range> + <!-- CVE-2014-1544/Bug 963150 --> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Mozilla Project reports:</p> + <blockquote cite="http://www.mozilla.org/security/known-vulnerabilities/"> + <p>MFSA 2014-66 IFRAME sandbox same-origin access through + redirect</p> + <p>MFSA 2014-65 Certificate parsing broken by non-standard + character encoding</p> + <p>MFSA 2014-64 Crash in Skia library when scaling high + quality images</p> + <p>MFSA 2014-63 Use-after-free while when manipulating + certificates in the trusted cache</p> + <p>MFSA 2014-62 Exploitable WebGL crash with Cesium + JavaScript library</p> + <p>MFSA 2014-61 Use-after-free with FireOnStateChange + event</p> + <p>MFSA 2014-60 Toolbar dialog customization event + spoofing</p> + <p>MFSA 2014-59 Use-after-free in DirectWrite font + handling</p> + <p>MFSA 2014-58 Use-after-free in Web Audio due to + incorrect control message ordering</p> + <p>MFSA 2014-57 Buffer overflow during Web Audio + buffering for playback</p> + <p>MFSA 2014-56 Miscellaneous memory safety hazards + (rv:31.0 / rv:24.7)</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2014-1544</cvename> + <cvename>CVE-2014-1547</cvename> + <cvename>CVE-2014-1548</cvename> + <cvename>CVE-2014-1549</cvename> + <cvename>CVE-2014-1550</cvename> + <cvename>CVE-2014-1551</cvename> + <cvename>CVE-2014-1552</cvename> + <cvename>CVE-2014-1555</cvename> + <cvename>CVE-2014-1556</cvename> + <cvename>CVE-2014-1557</cvename> + <cvename>CVE-2014-1558</cvename> + <cvename>CVE-2014-1559</cvename> + <cvename>CVE-2014-1560</cvename> + <cvename>CVE-2014-1561</cvename> + <url>https://www.mozilla.org/security/announce/2014/mfsa2014-56.html</url> + <url>https://www.mozilla.org/security/announce/2014/mfsa2014-57.html</url> + <url>https://www.mozilla.org/security/announce/2014/mfsa2014-58.html</url> + <url>https://www.mozilla.org/security/announce/2014/mfsa2014-59.html</url> + <url>https://www.mozilla.org/security/announce/2014/mfsa2014-60.html</url> + <url>https://www.mozilla.org/security/announce/2014/mfsa2014-61.html</url> + <url>https://www.mozilla.org/security/announce/2014/mfsa2014-62.html</url> + <url>https://www.mozilla.org/security/announce/2014/mfsa2014-63.html</url> + <url>https://www.mozilla.org/security/announce/2014/mfsa2014-64.html</url> + <url>https://www.mozilla.org/security/announce/2014/mfsa2014-65.html</url> + <url>https://www.mozilla.org/security/announce/2014/mfsa2014-66.html</url> + <url>https://www.mozilla.org/security/announce/</url> + </references> + <dates> + <discovery>2014-07-22</discovery> + <entry>2014-07-23</entry> + </dates> + </vuln> + + <vuln vid="ecea9e92-0be5-4931-88da-8772d044972a"> + <topic>mcollective -- cert valication issue</topic> + <affects> + <package> + <name>mcollective</name> + <range><lt>2.5.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Melissa Stone reports:</p> + <blockquote cite="https://groups.google.com/forum/#!topic/puppet-announce/cPykqUXMmK4"> + <p>The MCollective aes_security public key plugin does not correctly + validate certs against the CA. By exploiting this vulnerability + within a race/initialization window, an attacker with local access + could initiate an unauthorized MCollective client connection with a + server, and thus control the mcollective plugins running on that + server. This vulnerability requires a collective be configured to + use the aes_security plugin. Puppet Enterprise and open source + MCollective are not configured to use the plugin and are not + vulnerable by default.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2014-3251</cvename> + <url>https://groups.google.com/forum/#!topic/puppet-announce/cPykqUXMmK4</url> + </references> + <dates> + <discovery>2014-07-09</discovery> + <entry>2014-07-21</entry> + </dates> + </vuln> + <vuln vid="904d78b8-0f7e-11e4-8b71-5453ed2e2b49"> <topic>qt4-imageformats, qt5-gui -- DoS vulnerability in the GIF image handler</topic> <affects> @@ -92,6 +352,105 @@ Notes: </dates> </vuln> + <vuln vid="4364e1f1-0f44-11e4-b090-20cf30e32f6d"> + <topic>apache24 -- several vulnerabilities</topic> + <affects> + <package> + <name>apache24</name> + <range><lt>2.4.10</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Apache HTTP SERVER PROJECT reports:</h1> + <blockquote cite="http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?view=markup&pathrev=1610737"> + <p>mod_proxy: Fix crash in Connection header handling which allowed a + denial of service attack against a reverse proxy with a threaded MPM.</p> + <p>Fix a race condition in scoreboard handling, which could lead to a + heap buffer overflow.</p> + <p>mod_deflate: The DEFLATE input filter (inflates request bodies) now + limits the length and compression ratio of inflated request bodies to avoid + denial of sevice via highly compressed bodies. See directives + DeflateInflateLimitRequestBody, DeflateInflateRatioLimit, + and DeflateInflateRatioBurst.</p> + <p>mod_cgid: Fix a denial of service against CGI scripts that do + not consume stdin that could lead to lingering HTTPD child processes + filling up the scoreboard and eventually hanging the server. By + default, the client I/O timeout (Timeout directive) now applies to + communication with scripts. The CGIDScriptTimeout directive can be + used to set a different timeout for communication with scripts.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2014-0117</cvename> + <cvename>CVE-2014-3523</cvename> + <cvename>CVE-2014-0226</cvename> + <cvename>CVE-2014-0118</cvename> + <cvename>CVE-2014-0231</cvename> + </references> + <dates> + <discovery>2014-07-15</discovery> + <entry>2014-07-19</entry> + </dates> + </vuln> + + <vuln vid="3f09ca29-0e48-11e4-b17a-6805ca0b3d42"> + <topic>phpMyAdmin -- multiple XSS vulnerabilities, missing validation</topic> + <affects> + <package> + <name>phpMyAdmin</name> + <range><ge>4.2.0</ge><lt>4.2.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The phpMyAdmin development team reports:</p> + <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-4.php"> + <p>Self-XSS due to unescaped HTML output in database + structure page.</p> + <p>With a crafted table comment, it is possible to trigger + an XSS in database structure page.</p> + </blockquote> + <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-5.php"> + <p>Self-XSS due to unescaped HTML output in database + triggers page.</p> + <p>When navigating into the database triggers page, it is + possible to trigger an XSS with a crafted trigger + name.</p> + </blockquote> + <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-6.php"> + <p>Multiple XSS in AJAX confirmation messages.</p> + <p>With a crafted column name it is possible to trigger an + XSS when dropping the column in table structure page. With + a crafted table name it is possible to trigger an XSS when + dropping or truncating the table in table operations + page.</p> + </blockquote> + <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php"> + <p>Access for an unprivileged user to MySQL user list.</p> + <p>An unpriviledged user could view the MySQL user list and + manipulate the tabs displayed in phpMyAdmin for them.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2014-4954</cvename> + <cvename>CVE-2014-4955</cvename> + <cvename>CVE-2014-4986</cvename> + <cvename>CVE-2014-4987</cvename> + <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-4.php</url> + <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-5.php</url> + <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-6.php</url> + <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php</url> + </references> + <dates> + <discovery>2014-07-18</discovery> + <entry>2014-07-18</entry> + <modified>2014-07-20</modified> + </dates> + </vuln> + <vuln vid="3718833e-0d27-11e4-89db-000c6e25e3e9"> <topic>chromium -- multiple vulnerabilities</topic> <affects> @@ -596,10 +955,18 @@ Notes: <range><lt>24.6.0,1</lt></range> </package> <package> + <name>seamonkey</name> + <range><lt>2.26.1</lt></range> + </package> + <package> <name>linux-firefox</name> <range><lt>30.0,1</lt></range> </package> <package> + <name>linux-seamonkey</name> + <range><lt>2.26.1</lt></range> + </package> + <package> <name>linux-thunderbird</name> <range><lt>24.6.0</lt></range> </package>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201407252016.s6PKG4Bx046741>