FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  454426
Date:      2017-11-18
Time:      11:38:23Z
Committer: brnrd

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
5709d244-4873-11e3-8a46-000d601460a4OpenSSH -- Memory corruption in sshd

The OpenSSH development team reports:

A memory corruption vulnerability exists in the post- authentication sshd process when an AES-GCM cipher ( or is selected during kex exchange.

If exploited, this vulnerability might permit code execution with the privileges of the authenticated user and may therefore allow bypassing restricted shell/command configurations.

Either upgrade to 6.4 or disable AES-GCM in the server configuration. The following sshd_config option will disable AES-GCM while leaving other ciphers active:

Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc

Discovery 2013-11-07
Entry 2013-11-08
Modified 2013-11-13
ge 6.2.p2,1 lt 6.4.p1,1

ge 6.2.p2,1 lt 6.4.p1,1