Upgrade port audit now!

看板FB_security作者時間14年前 (2012/03/12 06:01), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串1/1
Hey, Bleh, even I forget at times that security@ !=3D freebsd-security@ :-). Begin forwarded message: > From: "Simon L. B. Nielsen" <simon@FreeBSD.org> > Subject: Upgrade port audit now! > Date: 11 March 2012 21:40:26 GMT > To: ports@FreeBSD.org, security@FreeBSD.org >=20 > Hey, >=20 > If you have portaudit installed, you should upgrade sooner rather than = later! >=20 > Begin forwarded message: >=20 >> From: "Simon L. Nielsen" <simon@FreeBSD.org> >> Subject: cvs commit: ports/ports-mgmt/portaudit Makefile pkg-plist = ports/ports-mgmt/portaudit/files portaudit-cmd.sh >> Date: 11 March 2012 21:32:58 GMT >> To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, = cvs-all@FreeBSD.org >>=20 >> simon 2012-03-11 21:32:58 UTC >>=20 >> FreeBSD ports repository >>=20 >> Modified files: >> ports-mgmt/portaudit Makefile pkg-plist=20 >> ports-mgmt/portaudit/files portaudit-cmd.sh=20 >> Log: >> Portaudit 0.6.0: >>=20 >> Fix remote code execution which can occur with a specially crafted >> audit file. The attacker would need to get the portaudit(1) to >> download the bad audit database, e.g. by performing a man in the >> middle attack. >>=20 >> Add signature verification of the portaudit database. The public key >> is for the database generated for portaudit.FreeBSD.org is included >> in the distribution. >>=20 >> Submitted by: Michael Gmelin <freebsd@grem.de> >> Reported by: Michael Gmelin <freebsd@grem.de>, Joerg Scheinert >> Security: Remote code execution >> Security: = http://vuxml.FreeBSD.org/6d329b64-6bbb-11e1-9166-001e4f0fb9b1.html >> Feature safe: yes >> With hat: so >=20 > --=20 > Simon L. B. Nielsen > FreeBSD Deputy Security Officer >=20 > _______________________________________________________ > Please think twice when forwarding, cc:ing, or bcc:ing > security-team messages. Ask if you are unsure. --=20 Simon L. B. Nielsen FreeBSD Deputy Security Officer _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 simon. 的文章
文章代碼(AID): #1FNI2Vcr (FB_security)