svn commit: r447969 - head/security/vuxml

Mark Felder feld at FreeBSD.org
Mon Aug 14 22:42:54 UTC 2017 

Author: feld
Date: Mon Aug 14 22:42:53 2017
New Revision: 447969
URL: https://svnweb.freebsd.org/changeset/ports/447969

Log:
  Document freeradius vulnerabilities

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Mon Aug 14 22:36:24 2017	(r447968)
+++ head/security/vuxml/vuln.xml	Mon Aug 14 22:42:53 2017	(r447969)
@@ -58,6 +58,46 @@ Notes:
   * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="79bbec7e-8141-11e7-b5af-a4badb2f4699">
+    <topic>FreeRadius -- Multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>freeradius3</name>
+	<range><lt>3.0.15</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Guido Vranken reports:</p>
+	<blockquote cite="http://freeradius.org/security/fuzzer-2017.html">
+	  <p>Multiple vulnerabilities found via fuzzing:
+	    FR-GV-201 (v2,v3) Read / write overflow in make_secret()
+	    FR-GV-202 (v2) Write overflow in rad_coalesce()
+	    FR-GV-203 (v2) DHCP - Memory leak in decode_tlv()
+	    FR-GV-204 (v2) DHCP - Memory leak in fr_dhcp_decode()
+	    FR-GV-205 (v2) DHCP - Buffer over-read in fr_dhcp_decode_options()
+	    FR-GV-206 (v2,v3) DHCP - Read overflow when decoding option 63
+	    FR-GV-207 (v2) Zero-length malloc in data2vp()
+	    FR-GV-301 (v3) Write overflow in data2vp_wimax()
+	    FR-GV-302 (v3) Infinite loop and memory exhaustion with 'concat' attributes
+	    FR-GV-303 (v3) DHCP - Infinite read in dhcp_attr2vp()
+	    FR-GV-304 (v3) DHCP - Buffer over-read in fr_dhcp_decode_suboptions()
+	    FR-GV-305 (v3) Decode 'signed' attributes correctly
+	    FR-AD-001 (v2,v3) Use strncmp() instead of memcmp() for string data
+	    FR-AD-002 (v3) String lifetime issues in rlm_python
+	    FR-AD-003 (v3) Incorrect statement length passed into sqlite3_prepare</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <url>http://freeradius.org/security/fuzzer-2017.html</url>
+    </references>
+    <dates>
+      <discovery>2017-06-17</discovery>
+      <entry>2017-08-14</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="1d33cdee-7f6b-11e7-a9b5-3debb10a6871">
     <topic>Mercurial -- multiple vulnerabilities</topic>
     <affects>

More information about the svn-ports-head mailing list