diff options
Diffstat (limited to 'share/security/advisories/FreeBSD-SN-02:02.asc')
-rw-r--r-- | share/security/advisories/FreeBSD-SN-02:02.asc | 182 |
1 files changed, 0 insertions, 182 deletions
diff --git a/share/security/advisories/FreeBSD-SN-02:02.asc b/share/security/advisories/FreeBSD-SN-02:02.asc deleted file mode 100644 index 57c2a2efee..0000000000 --- a/share/security/advisories/FreeBSD-SN-02:02.asc +++ /dev/null @@ -1,182 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- - -============================================================================= -FreeBSD-SN-02:02 Security Notice - The FreeBSD Project - -Topic: security issues in ports -Announced: 2002-05-13 - -I. Introduction - -Several ports in the FreeBSD Ports Collection are affected by security -issues. These are listed below with references and affected versions. -All versions given refer to the FreeBSD port/package version numbers. -The listed vulnerabilities are not specific to FreeBSD unless -otherwise noted. - -These ports are not installed by default, nor are they ``part of -FreeBSD'' as such. The FreeBSD Ports Collection contains thousands of -third-party applications in a ready-to-install format. FreeBSD makes -no claim about the security of these third-party applications. See -<URL:http://www.freebsd.org/ports/> for more information about the -FreeBSD Ports Collection. - -II. Ports - -+------------------------------------------------------------------------+ -Port name: analog -Affected: versions < analog-5.22 -Status: Fixed -Cross-site scripting attack. -<URL:http://www.analog.cx/security4.html> -+------------------------------------------------------------------------+ -Port name: ascend-radius, freeradius-devel, icradius, radius-basic, - radiusclient, radiusd-cistron, xtradius -Affected: versions < radiusd-cistron-1.6.6 - all versions of ascend-radius, freeradius-devel, icradius, - radius-basic, radiusclient -Status: Fixed: radiusd-cistron - Not fixed: all others -Digest Calculation buffer overflow and/or insufficient validation of -attribute lengths. -<URL:http://www.security.nnov.ru/advisories> -+------------------------------------------------------------------------+ -Port name: dnews -Affected: versions < dnews-5.5h2 -Status: Fixed -``Security fault.'' -<URL:http://netwinsite.com/cgi/dnewsweb.cgi?cmd=article&group=netwin.dnews&item=7223&utag=> -+------------------------------------------------------------------------+ -Port name: ethereal -Affected: versions < ethereal-0.9.3 -Status: Fixed -SNMP vulnerability: malformed SNMP packets may cause ethereal to crash. -<URL:http://www.ethereal.com/appnotes/enpa-sa-00003.html> -+------------------------------------------------------------------------+ -Port name: icecast -Affected: versions < icecast-1.3.12 -Status: Fixed -Directory traversal vulnerability. -Remote attackers may cause a denial of service via a URL that ends in -. (dot), / (forward slash), or \ (backward slash). -Buffer overflows may allow remote attackers to execute arbitrary code or -cause a denial of service. -<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0784> -<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1083> -<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1229> -<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1230> -<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0177> -+------------------------------------------------------------------------+ -Port name: isc-dhcp3 -Affected: versions < dhcp-3.0.1.r8_1 -Status: Fixed -Format string vulnerability when logging DNS-update request transactions. -<URL:http://www.cert.org/advisories/CA-2002-12.html> -<URL:http://www.ngsec.com/docs/advisories/NGSEC-2002-2.txt> -+------------------------------------------------------------------------+ -Port name: jdk, jdk12-beta -Affected: all versions -Status: Not fixed -``A vulnerability in the Java(TM) Runtime Environment may allow an -untrusted applet to monitor requests to and responses from an HTTP -proxy server when a persistent connection is used between a client and -an HTTP proxy server.'' -<URL:http://sunsolve.sun.com/security> (Bulletin 216) -+------------------------------------------------------------------------+ -Port name: linux-mozilla, mozilla -Affected: versions < linux-mozilla-0.9.9.2002050810 - versions < mozilla-1.0.rc1_3,1 -Status: Fixed -Buffer overflow in Chatzilla. XMLHttpRequest allows reading of local -files. -<URL:http://online.securityfocus.com/archive/1/270807> -+------------------------------------------------------------------------+ -Port name: mod_python -Affected: versions < mod_python-2.7.8 -Status: Fixed -A publisher may access an indirectly imported module allowing a remote -attacker to call functions from that module. -<URL:http://www.modpython.org/pipermail/mod_python/2002-April/001991.html> -+------------------------------------------------------------------------+ -Port name: ntop -Affected: all versions -Status: Not fixed -``Preauthentication Remote Root Hole in NTOP'' -<URL:http://online.securityfocus.com/archive/1/267053> -<URL:http://online.securityfocus.com/archive/1/267180> -+------------------------------------------------------------------------+ -Port name: p5-SOAP-Lite -Affected: versions < p5-SOAP-Lite-0.55 -Status: Fixed -Client may call any procedure on server. -<URL:http://use.perl.org/articles/02/04/09/000212.shtml?tid=5> -<URL:http://www.phrack.com/show.php?p=58&a=9> -<URL:http://www.soaplite.com/> -+------------------------------------------------------------------------+ -Port name: puf -Affected: versions < puf-0.93.1 -Status: Fixed -Format string vulnerability in error output. -<URL:http://puf.sourceforge.net/ChangeLog> -+------------------------------------------------------------------------+ -Port name: sudo -Affected: versions < sudo-1.6.6 -Status: Fixed -Heap overflow may allow local users to gain root access. -<URL:http://www.globalintersec.com/adv/sudo-2002041701.txt> -+------------------------------------------------------------------------+ -Port name: webalizer -Affected: versions < webalizer-2.1.10 -Status: Fixed -Buffer overflow in the DNS resolver code. -<URL:http://www.mrunix.net/webalizer/news.html> -<URL:http://online.securityfocus.com/archive/1/267551> -<URL:http://online.securityfocus.com/bid/4504> -+------------------------------------------------------------------------+ -Port name: xpilot -Affected: versions < xpilot-4.5.2 -Status: Fixed -Stack buffer overflow in server. -<URL:http://www.debian.org/security/2002/dsa-127> -+------------------------------------------------------------------------+ - -III. Upgrading Ports/Packages - -To upgrade a fixed port/packages, perform one of the following: - -1) Upgrade your Ports Collection and rebuild and reinstall the port. -Several tools are available in the Ports Collection to make this -easier. See: - /usr/ports/devel/portcheckout - /usr/ports/misc/porteasy - /usr/ports/sysutils/portupgrade - -2) Deinstall the old package and install a new package obtained from - -[i386] -ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/All/ - -Packages are not automatically generated for other architectures at -this time. - - -+------------------------------------------------------------------------+ -FreeBSD Security Notices are communications from the Security Officer -intended to inform the user community about potential security issues, -such as bugs in the third-party applications found in the Ports -Collection, which will not be addressed in a FreeBSD Security -Advisory. - -Feedback on Security Notices is welcome at <security-officer@FreeBSD.org>. - ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.0.7 (FreeBSD) -Comment: FreeBSD: The Power To Serve - -iQCVAwUBPN/CwlUuHi5z0oilAQERywP/dSqt97FPlLlDJE7tYpA5625FSjqbrWod -KsoKIBHM2ZIHAjnhAyF82tUT4ivMvJwepk1NE+W9YX77K7n5LHkfqY4kzCaVZJrY -gkaR63Dw+M5gqJ5FjO0RkSDxsltsKjSa6ZzKxWdAeRwDPbE7CwsjTI2AoS/kzaLw -ex+PhdbYjbc= -=fK1t ------END PGP SIGNATURE----- |