FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  373433
Date:      2014-11-25
Time:      21:42:42Z
Committer: naddy

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
7a282e49-95b6-11e2-8433-0800273fe665dns/bind9* -- Malicious Regex Can Cause Memory Exhaustion

ISC reports:

A critical defect in BIND 9 allows an attacker to cause excessive memory consumption in named or other programs linked to libdns.


Discovery 2013-03-11
Entry 2013-03-27
bind99
lt 9.9.2.2

bind99-base
lt 9.9.2.2

bind98
lt 9.8.4.2

bind98-base
lt 9.8.4.2

CVE-2013-2266
2892a8e2-3d68-11e2-8e01-0800273fe665dns/bind9* -- servers using DNS64 can be crashed by a crafted query

ISC reports:

BIND 9 nameservers using the DNS64 IPv6 transition mechanism are vulnerable to a software defect that allows a crafted query to crash the server with a REQUIRE assertion failure. Remote exploitation of this defect can be achieved without extensive effort, resulting in a denial-of-service (DoS) vector against affected servers.


Discovery 2012-11-27
Entry 2012-12-04
bind99
lt 9.9.2.1

bind99-base
lt 9.9.2.1

bind98
lt 9.8.4.1

bind98-base
lt 9.8.4.1

CVE-2012-5688
cb252f01-7c43-11e3-b0a6-005056a37f68bind -- denial of service vulnerability

ISC reports:

Because of a defect in handling queries for NSEC3-signed zones, BIND can crash with an "INSIST" failure in name.c when processing queries possessing certain properties. By exploiting this defect an attacker deliberately constructing a query with the right properties could achieve denial of service against an authoritative nameserver serving NSEC3-signed zones.


Discovery 2014-01-08
Entry 2014-01-13
Modified 2014-04-30
bind99
lt 9.9.4.2

bind99-base
lt 9.9.4.2

bind98
lt 9.8.6.2

bind98-base
lt 9.8.6.2

bind96
lt 9.6.3.2.ESV.R10.2

bind96-base
lt 9.6.3.2.ESV.R10.2

FreeBSD
gt 9.2 lt 9.2_3

gt 9.1 lt 9.1_10

gt 8.4 lt 8.4_7

gt 8.3 lt 8.3_14

CVE-2014-0591
SA-13:07.bind
https://kb.isc.org/article/AA-01078/74/