From owner-freebsd-announce Wed Jun 19 14:51:47 2002 Delivered-To: freebsd-announce@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id AC18D37B476; Wed, 19 Jun 2002 14:50:20 -0700 (PDT) Received: (from nectar@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g5JLoKi06913; Wed, 19 Jun 2002 14:50:20 -0700 (PDT) (envelope-from security-advisories@freebsd.org) Date: Wed, 19 Jun 2002 14:50:20 -0700 (PDT) Message-Id: <200206192150.g5JLoKi06913@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: nectar set sender to security-advisories@freebsd.org using -f From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Notice FreeBSD-SN-02:04 Reply-To: security-advisories@freebsd.org Sender: owner-freebsd-announce@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org -----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SN-02:04 Security Notice The FreeBSD Project Topic: security issues in ports Announced: 2002-06-19 I. Introduction Several ports in the FreeBSD Ports Collection are affected by security issues. These are listed below with references and affected versions. All versions given refer to the FreeBSD port/package version numbers. The listed vulnerabilities are not specific to FreeBSD unless otherwise noted. These ports are not installed by default, nor are they ``part of FreeBSD'' as such. The FreeBSD Ports Collection contains thousands of third-party applications in a ready-to-install format. FreeBSD makes no claim about the security of these third-party applications. See for more information about the FreeBSD Ports Collection. II. Ports +------------------------------------------------------------------------+ Port name: apache13, apache13-modssl, apache13-ssl, apache13+ipv6, apache13-fp, apache2 Affected: versions < apache-2.0.39 (apache2) versions < apache-1.3.26 (apache13) versions < apache+mod_ssl-1.3.26+2.8.9 (apache13-modssl) All versions (others) Status: Fixed (apache2, apache13, apache13-modssl) Not fixed (others) Denial-of-service involving chunked encoding. +------------------------------------------------------------------------+ Port name: bind9 Affected: versions < bind9-9.2.1 Status: Fixed Denial-of-service vulnerability in named. +------------------------------------------------------------------------+ Port name: courier-imap Affected: versions < courier-imap-1.4.3_1 Status: Fixed Remote denial-of-service attack (CPU utilization). +------------------------------------------------------------------------+ Port name: ethereal Affected: versions < ethereal-0.9.4 Status: Fixed Buffer overflows in SMB, X11, DNS, and GIOP dissectors. +------------------------------------------------------------------------+ Port name: fakebo Affected: versions < fakebo-0.4.1_1 Status: Fixed Format string vulnerability. +------------------------------------------------------------------------+ Port name: fragroute Affected: versions < fragroute-1.2_1 Status: Fixed The distribution file with MD5 checksum 65edbfc51f8070517f14ceeb8f721075 was trojaned. +------------------------------------------------------------------------+ Port name: ghostscript-gnu Affected: versions < ghostscript-6.53 Status: Fixed A PostScript file can cause arbitrary commands to be executed as the user running ghostscript. +------------------------------------------------------------------------+ Port name: icmpmonitor Affected: versions < icmpmonitor-1.11_1 Status: Fixed Format string vulnerability (syslog). +------------------------------------------------------------------------+ Port name: imap-uw Affected: All versions Status: Not fixed Locally exploitable stack buffer overflow when compiled with WITH_RFC1730 (which is not the default). +------------------------------------------------------------------------+ Port name: mnews Affected: All versions Status: Not fixed Remotely exploitable buffer overflows. +------------------------------------------------------------------------+ Port name: nn Affected: versions < nn-6.6.2_1 Status: Fixed Remotely exploitable format string vulnerability. Reproduce using netcat: perl -e 'printf("100 %s\n", "%x" x 800);' | nc -l -p 119 env NNTPSERVER="localhost" nn +------------------------------------------------------------------------+ Port name: sharity-light Affected: versions < sharity-light-1.2_1 Status: Fixed Stack buffer overflow when copying the username and password from the environment (variables USER, LOGNAME, and PASSWD). Reported by Niels Heinen . +------------------------------------------------------------------------+ Port name: slurp Affected: versions < slurp-1.10_1 Status: Fixed Remotely exploitable format string vulnerability. +------------------------------------------------------------------------+ Port name: xchat Affected: versions < xchat-1.8.9 Status: Fixed An IRC server may execute arbitrary commands with the privileges of the user running xchat. +------------------------------------------------------------------------+ III. Upgrading Ports/Packages To upgrade a fixed port/package, perform one of the following: 1) Upgrade your Ports Collection and rebuild and reinstall the port. Several tools are available in the Ports Collection to make this easier. See: /usr/ports/devel/portcheckout /usr/ports/misc/porteasy /usr/ports/sysutils/portupgrade 2) Deinstall the old package and install a new package obtained from [i386] ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/All/ Packages are not automatically generated for other architectures at this time. +------------------------------------------------------------------------+ FreeBSD Security Notices are communications from the Security Officer intended to inform the user community about potential security issues, such as bugs in the third-party applications found in the Ports Collection, which will not be addressed in a FreeBSD Security Advisory. Feedback on Security Notices is welcome at . -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iQCVAwUBPRD6MlUuHi5z0oilAQFmSwP9Hs95CGjDL8PF95Z9bAxana0X9JTUYvaN qxPWiovTzED5Ityt46TySpoOcwdQkzO0ugu3/Q7zCppEDdIjXBUxARv8qvnLG7Oz f5SPItOW//5P7hmq6c9XGQrfq4XLYnv61JbgK9Cm0tGU8iVhOwm+ztpZS2FG5x+3 F4W/AphEyi8= =W9sm -----END PGP SIGNATURE----- This is the moderated mailing list freebsd-announce. The list contains announcements of new FreeBSD capabilities, important events and project milestones. See also the FreeBSD Web pages at http://www.freebsd.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-announce" in the body of the message