FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
4a4e9f88-491c-11e4-ae2c-c80aa9043978bash -- out-of-bounds memory access in parser

RedHat security team reports:

It was discovered that the fixed-sized redir_stack could be forced to overflow in the Bash parser, resulting in memory corruption, and possibly leading to arbitrary code execution when evaluating untrusted input that would not otherwise be run as code.

An off-by-one error was discovered in the way Bash was handling deeply nested flow control constructs. Depending on the layout of the .bss segment, this could allow arbitrary execution of code that would not otherwise be executed by Bash.

Discovery 2014-09-25
Entry 2014-10-01
lt 4.3.27_1
71ad81da-4414-11e4-a33e-3c970e169bc2bash -- remote code execution vulnerability

Chet Ramey reports:

Under certain circumstances, bash will execute user code while processing the environment for exported function definitions.

The original fix released for CVE-2014-6271 was not adequate. A similar vulnerability was discovered and tagged as CVE-2014-7169.

Discovery 2014-09-24
Entry 2014-09-24
Modified 2014-09-25
gt 3.0 le 3.0.17

gt 3.1 le 3.1.18

gt 3.2 le 3.2.52

gt 4.0 le 4.0.39

gt 4.1 le 4.1.12

gt 4.2 le 4.2.48

gt 4.3 lt 4.3.25_1

lt 6.5_1

512d1301-49b9-11e4-ae2c-c80aa9043978bash -- remote code execution

Note that this is different than the public "Shellshock" issue.

Specially crafted environment variables could lead to remote arbitrary code execution. This was fixed in bash 4.3.27, however the port was patched with a mitigation in 4.3.25_2.

Discovery 2014-09-27
Entry 2014-10-01
lt 4.3.25_2