search for: 0020ed76ef5a

As was accidently posted here earlier by Ralf :-), you should be aware of this issue: http://vuxml.freebsd.org/d8769838-8814-11d8-90d1-0020ed76ef5a.html racoon fails to verify signature during Phase 1 Affected packages racoon < 20040407b Details VuXML ID d8769838-8814-11d8-90d1-0020ed76ef5a Discovery 2004-04-05 Entry 2004-04-07 Ralf Spenneberg discovered a serious flaw in racoon. When using Phase 1 main or aggr...

Attached is a security alert from Gentoo pertaining to clam antivirus. It seems that as of this morning, FreeBSD's ports still contain the affected version. Thank in advance, Tom Veldhouse -------------- next part -------------- An embedded message was scrubbed... From: Tim Yamin <plasmaroo@gentoo.org> Subject: [gentoo-announce] [ GLSA 200402-07 ] Clamav 0.65 DoS vulnerability Date:

....org yesterday. But when i try to install the updated port to remplace the vulnerable one this is what i am told : # make install ===> png-1.2.5_4 has known vulnerabilities: >> libpng denial-of-service. Reference: <http://people.freebsd.org/~eik/portaudit/3a408f6f-9c52-11d8-9366-0020ed76ef5a.html> >> Please update your ports tree and try again. *** Error code 1 The 4-STABLE ports tree is up-to-date. Isn't it a problem to be unable to update a vulnerable port ? -- Best regards, Artur Pydo.

...orts a security problem when I try to install it: neely:/usr/ports/databases/mysql40-client$ make ===> mysql-client-4.0.18_1 has known vulnerabilities: >> MySQL insecure temporary file creation (mysqlbug). Reference: <http://people.freebsd.org/~eik/portaudit/2e129846-8fbb-11d8-8b29-0020ed76ef5a.html> >> Please update your ports tree and try again. This is a minor problem affecting only the 'mysqlbug' script, not core mysql client functionality. We may not see a fix in the MySQL distribution until 4.0.19. Is there a way to force installation of a port, even though porta...

...scripts. > I suppose we could consider a very coarse-grained severity rating, but > I'd rather not. I guess such a discussion should take place over on > freebsd-security@. Follow-up to security@ then. >>>>http://people.freebsd.org/~eik/portaudit/fde53204-7ea6-11d8-9645-0020ed76ef5a.html >>> >>>By the way, I'd appreciate it if you'd point to the VuXML site instead >>>(the URLs are `permanent'). >>> >>> http://vuxml.freebsd.org/ >>> http://vuxml.freebsd.org/fde53204-7ea6-11d8-9645-0020ed76ef5a.html >> &gt...

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Has anyone see this alert? http://www.securityfocus.com/archive/1/353352 It seems to work on Linux, but when I tried the proof of concept on 4.3.0,1 running 5.2 RELEASE, I couldn't get the X server to core dump or segmentation fault. So, it seems likely to me that FreeBSD is not vulnerable to this. Any other thoughts on this matter? John