Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 22 Jan 2012 07:58:34 GMT
From:      Henk van Oers <henk.van.oers@xs4all.nl>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   ports/164367: portaudit finds problem in a jail but not on a host
Message-ID:  <201201220758.q0M7wY3O053674@red.freebsd.org>
Resent-Message-ID: <201201220800.q0M80L4k004937@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         164367
>Category:       ports
>Synopsis:       portaudit finds problem in a jail but not on a host
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jan 22 08:00:21 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator:     Henk van Oers
>Release:        7.4 , 8.2
>Organization:
None
>Environment:
FreeBSD dee.signature.nl 7.4-STABLE FreeBSD 7.4-STABLE #2: Sun Jan  8 17:22:05 CET 2012     root@bep.signature.nl:/usr/obj/usr/src/sys/BEP  i386
>Description:
portaudit on a host does not find:
""
Affected package: ruby-1.8.7.352_2,1
Type of problem: Multiple implementations -- DoS via hash algorithm collision.
Reference: http://portaudit.FreeBSD.org/91be81e7-3fea-11e1-afc7-2c4138874f7d.html
""
jailaudit does find it:
(on a HOST)
""
[...]
portaudit for jail: <munged>(JID: 1)

Affected package: ruby+nopthreads-1.8.7.352_2,1
Type of problem: Multiple implementations -- DoS via hash algorithm collision.
Reference: http://portaudit.FreeBSD.org/91be81e7-3fea-11e1-afc7-2c4138874f7d.html

1 problem(s) found.

Checking for a current audit database:

Database created: Sun Jan 22 03:15:01 CET 2012

Checking for packages with security vulnerabilities:

0 problem(s) in your installed packages found.

-- End of security output --
""

portaudit in a jail works fine:
(in a JAIL)
""
[...]

Checking for a current audit database:

Downloading fresh database.
auditfile.tbz                                           72 kB   47 kBps
New database installed.
Database created: Sun Jan 22 03:00:00 CET 2012

Checking for packages with security vulnerabilities:

Affected package: ruby-1.8.7.352_2,1
Type of problem: Multiple implementations -- DoS via hash algorithm collision.
Reference: http://portaudit.FreeBSD.org/91be81e7-3fea-11e1-afc7-2c4138874f7d.html

1 problem(s) in your installed packages found.

You are advised to update or deinstall the affected package(s) immediately.

-- End of security output --
""

>How-To-Repeat:
periodic daily
>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201201220758.q0M7wY3O053674>