Skip site navigation (1)Skip section navigation (2) 
Date:      9 Nov 2004 02:10:10 -0000
From:      David Thiel <lx@redundancy.redundancy.org>
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   ports/73699: Update: security/samhain 2.0.1 -> 2.0.2 (security update)
Message-ID:  <20041109021010.99801.qmail@redundancy.redundancy.org>
Resent-Message-ID: <200411090210.iA92AUcW024500@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         73699
>Category:       ports
>Synopsis:       Update: security/samhain 2.0.1 -> 2.0.2 (security update)
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Tue Nov 09 02:10:30 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     David Thiel
>Release:        FreeBSD 4.9-STABLE i386
>Organization:
>Environment:
System: FreeBSD redundancy.redundancy.org 4.9-STABLE FreeBSD 4.9-STABLE #15: Wed Nov 19 21:41:32 PST 2003 lx@redundancy.redundancy.org:/usr/obj/usr/src/sys/REDUNDANCY i386


>Description:

Updating the Samhain integrity checking system to 2.0.2, a security bugfix
release. All users are advised to upgrade.

Changes:

* A buffer overflow in the database update code has been fixed that
was found during an internal code review. It can (only) be triggered if
samhain is running in 'update' mode (command line option '-t update'),
and may be exploitable by a local user, if this user controls a
directory checked by samhain.

Versions affected: samhain 1.8.9 - 2.0.1 (inclusive).

* A segfault in the email code caused by an uninitialized variable has
been fixed.

* A segfault caused by a NULL pointer dereference has been fixed.

>How-To-Repeat:
>Fix:

diff -ruN samhain.old/Makefile samhain/Makefile
--- samhain.old/Makefile	Mon Nov  8 11:31:33 2004
+++ samhain/Makefile	Mon Nov  8 11:32:05 2004
@@ -17,7 +17,7 @@
 #
 
 PORTNAME=	samhain
-PORTVERSION=	2.0.1
+PORTVERSION=	2.0.2
 CATEGORIES=	security
 MASTER_SITES=	http://la-samhna.de/archive/ \
 		http://cold.darkambient.net/
diff -ruN samhain.old/distinfo samhain/distinfo
--- samhain.old/distinfo	Mon Nov  8 11:31:33 2004
+++ samhain/distinfo	Mon Nov  8 11:32:37 2004
@@ -1,2 +1,2 @@
-MD5 (samhain_signed-2.0.1.tar.gz) = 604b242ff4069bb6b14913e1a862c102
-SIZE (samhain_signed-2.0.1.tar.gz) = 1024211
+MD5 (samhain_signed-2.0.2.tar.gz) = d7a5604a7cba939bf9c683784f501d0e
+SIZE (samhain_signed-2.0.2.tar.gz) = 1024411

>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041109021010.99801.qmail>