Date: Thu, 20 Apr 2017 15:29:21 +0000 (UTC) From: Jan Beich <jbeich@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r438968 - head/security/vuxml Message-ID: <201704201529.v3KFTL43055774@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jbeich Date: Thu Apr 20 15:29:21 2017 New Revision: 438968 URL: https://svnweb.freebsd.org/changeset/ports/438968 Log: security/vuxml: mark old sndfile/samplerate/tiff as vulnerable Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Thu Apr 20 14:58:47 2017 (r438967) +++ head/security/vuxml/vuln.xml Thu Apr 20 15:29:21 2017 (r438968) @@ -58,6 +58,216 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="2a96e498-3234-4950-a9ad-419bc84a839d"> + <topic>tiff -- multiple vulnerabilities</topic> + <affects> + <package> + <name>tiff</name> + <name>linux-f8-tiff</name> + <name>linux-f10-tiff</name> + <name>linux-c6-tiff</name> + <name>linux-c7-tiff</name> + <range><lt>4.0.8</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>NVD reports:</p> + <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-5225">; + <p>LibTIFF version 4.0.7 is vulnerable to a heap buffer + overflow in the tools/tiffcp resulting in DoS or code + execution via a crafted BitsPerSample value.</p> + </blockquote> + <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7592">; + <p>The putagreytile function in tif_getimage.c in LibTIFF + 4.0.7 has a left-shift undefined behavior issue, which + might allow remote attackers to cause a denial of service + (application crash) or possibly have unspecified other + impact via a crafted image.</p> + </blockquote> + <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7593">; + <p>tif_read.c in LibTIFF 4.0.7 does not ensure that + tif_rawdata is properly initialized, which might allow + remote attackers to obtain sensitive information from + process memory via a crafted image.</p> + </blockquote> + <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7594">; + <p>The OJPEGReadHeaderInfoSecTablesDcTable function in + tif_ojpeg.c in LibTIFF 4.0.7 allows remote attackers to + cause a denial of service (memory leak) via a crafted + image.</p> + </blockquote> + <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7595">; + <p>The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF + 4.0.7 allows remote attackers to cause a denial of service + (divide-by-zero error and application crash) via a crafted + image.</p> + </blockquote> + <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7596">; + <p>LibTIFF 4.0.7 has an "outside the range of + representable values of type float" undefined behavior + issue, which might allow remote attackers to cause a + denial of service (application crash) or possibly have + unspecified other impact via a crafted image.</p> + </blockquote> + <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7597">; + <p>tif_dirread.c in LibTIFF 4.0.7 has an "outside the + range of representable values of type float" undefined + behavior issue, which might allow remote attackers to + cause a denial of service (application crash) or possibly + have unspecified other impact via a crafted image.</p> + </blockquote> + <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7598">; + <p>tif_dirread.c in LibTIFF 4.0.7 might allow remote + attackers to cause a denial of service (divide-by-zero + error and application crash) via a crafted image.</p> + </blockquote> + <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7599">; + <p>LibTIFF 4.0.7 has an "outside the range of + representable values of type short" undefined behavior + issue, which might allow remote attackers to cause a + denial of service (application crash) or possibly have + unspecified other impact via a crafted image.</p> + </blockquote> + <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7600">; + <p>LibTIFF 4.0.7 has an "outside the range of + representable values of type unsigned char" undefined + behavior issue, which might allow remote attackers to + cause a denial of service (application crash) or possibly + have unspecified other impact via a crafted image.</p> + </blockquote> + <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7601">; + <p>LibTIFF 4.0.7 has a "shift exponent too large for + 64-bit type long" undefined behavior issue, which might + allow remote attackers to cause a denial of service + (application crash) or possibly have unspecified other + impact via a crafted image.</p> + </blockquote> + <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7602">; + <p>LibTIFF 4.0.7 has a signed integer overflow, which + might allow remote attackers to cause a denial of service + (application crash) or possibly have unspecified other + impact via a crafted image.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2017-5225</cvename> + <cvename>CVE-2017-7592</cvename> + <cvename>CVE-2017-7593</cvename> + <cvename>CVE-2017-7594</cvename> + <cvename>CVE-2017-7595</cvename> + <cvename>CVE-2017-7596</cvename> + <cvename>CVE-2017-7597</cvename> + <cvename>CVE-2017-7598</cvename> + <cvename>CVE-2017-7599</cvename> + <cvename>CVE-2017-7600</cvename> + <cvename>CVE-2017-7601</cvename> + <cvename>CVE-2017-7602</cvename> + <url>https://github.com/vadz/libtiff/commit/5c080298d59e</url>; + <url>https://github.com/vadz/libtiff/commit/48780b4fcc42</url>; + <url>https://github.com/vadz/libtiff/commit/d60332057b95</url>; + <url>https://github.com/vadz/libtiff/commit/2ea32f7372b6</url>; + <url>https://github.com/vadz/libtiff/commit/8283e4d1b7e5</url>; + <url>https://github.com/vadz/libtiff/commit/47f2fb61a3a6</url>; + <url>https://github.com/vadz/libtiff/commit/3cfd62d77c2a</url>; + <url>https://github.com/vadz/libtiff/commit/3144e57770c1</url>; + <url>https://github.com/vadz/libtiff/commit/0a76a8c765c7</url>; + <url>https://github.com/vadz/libtiff/commit/66e7bd595209</url>; + </references> + <dates> + <discovery>2017-04-01</discovery> + <entry>2017-04-20</entry> + </dates> + </vuln> + + <vuln vid="d44129d6-b22e-4e9c-b200-6a46e8bd3e60"> + <topic>libsamplerate -- multiple vulnerabilities</topic> + <affects> + <package> + <name>libsamplerate</name> + <name>linux-c6-libsamplerate</name> + <name>linux-c7-libsamplerate</name> + <range><lt>0.1.9</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>NVD reports:</p> + <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7697">; + <p>In libsamplerate before 0.1.9, a buffer over-read + occurs in the calc_output_single function in src_sinc.c + via a crafted audio file.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2017-7697</cvename> + <url>https://github.com/erikd/libsamplerate/commit/c3b66186656d</url>; + </references> + <dates> + <discovery>2017-04-11</discovery> + <entry>2017-04-20</entry> + </dates> + </vuln> + + <vuln vid="5a97805e-93ef-4dcb-8d5e-dbcac263bfc2"> + <topic>libsndfile -- multiple vulnerabilities</topic> + <affects> + <package> + <name>libsndfile</name> + <name>linux-c6-libsndfile</name> + <name>linux-c7-libsndfile</name> + <range><lt>1.0.28</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>NVD reports:</p> + <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7585">; + <p>In libsndfile before 1.0.28, an error in the + "flac_buffer_copy()" function (flac.c) can be exploited to + cause a stack-based buffer overflow via a specially crafted + FLAC file.</p> + </blockquote> + <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7586">; + <p>In libsndfile before 1.0.28, an error in the + "header_read()" function (common.c) when handling ID3 tags + can be exploited to cause a stack-based buffer overflow + via a specially crafted FLAC file.</p> + </blockquote> + <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7741">; + <p>In libsndfile before 1.0.28, an error in the + "flac_buffer_copy()" function (flac.c) can be exploited to + cause a segmentation violation (with write memory access) + via a specially crafted FLAC file during a resample + attempt, a similar issue to CVE-2017-7585.</p> + </blockquote> + <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2017-7742">; + <p>In libsndfile before 1.0.28, an error in the + "flac_buffer_copy()" function (flac.c) can be exploited to + cause a segmentation violation (with read memory access) + via a specially crafted FLAC file during a resample + attempt, a similar issue to CVE-2017-7585.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2017-7585</cvename> + <cvename>CVE-2017-7586</cvename> + <cvename>CVE-2017-7741</cvename> + <cvename>CVE-2017-7742</cvename> + <url>https://github.com/erikd/libsndfile/commit/60b234301adf</url>; + <url>https://github.com/erikd/libsndfile/commit/708e996c87c5</url>; + <url>https://github.com/erikd/libsndfile/commit/f457b7b5ecfe</url>; + <url>https://github.com/erikd/libsndfile/commit/60b234301adf</url>; + </references> + <dates> + <discovery>2017-04-07</discovery> + <entry>2017-04-20</entry> + </dates> + </vuln> + <vuln vid="3e2e9b44-25ce-11e7-a175-939b30e0836d"> <topic>cURL -- TLS session resumption client cert bypass (again)</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201704201529.v3KFTL43055774>