FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-05-02 10:37:19 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
bcbd3fe0-2b46-11e6-ae88-002590263bf5	openafs -- multiple vulnerabilities The OpenAFS development team reports: Foreign users can bypass access controls to create groups as system:administrators, including in the user namespace and the system: namespace. The contents of uninitialized memory are sent on the wire when clients perform certain RPCs. Depending on the RPC, the information leaked may come from kernel memory or userspace. Discovery 2016-03-16 Entry 2016-06-05 openafs < 1.6.17 CVE-2016-2860 CVE-2016-4536 ports/209534 http://www.openafs.org/pages/security/OPENAFS-SA-2016-001.txt http://www.openafs.org/pages/security/OPENAFS-SA-2016-002.txt
017a493f-7db6-11e5-a762-14dae9d210b8	openafs -- information disclosure The OpenAFS development team reports: When constructing an Rx acknowledgment (ACK) packet, Andrew-derived Rx implementations do not initialize three octets of data that are padding in the C language structure and were inadvertently included in the wire protocol (CVE-2015-7762). Additionally, OpenAFS Rx in versions 1.5.75 through 1.5.78, 1.6.0 through 1.6.14, and 1.7.0 through 1.7.32 include a variable-length padding at the end of the ACK packet, in an attempt to detect the path MTU, but only four octets of the additional padding are initialized (CVE-2015-7763). Discovery 2015-10-28 Entry 2015-10-28 openafs < 1.6.15 http://openafs.org/pages/security/OPENAFS-SA-2015-007.txt CVE-2015-7762 CVE-2015-7763
2e8fe57e-2b46-11e6-ae88-002590263bf5	openafs -- local DoS vulnerability The OpenAFS development team reports: Avoid a potential denial of service issue, by fixing a bug in pioctl logic that allowed a local user to overrun a kernel buffer with a single NUL byte. Discovery 2016-03-16 Entry 2016-06-05 openafs < 1.6.16 CVE-2015-8312 https://www.openafs.org/dl/1.6.16/RELNOTES-1.6.16

VuXML ID

Description

bcbd3fe0-2b46-11e6-ae88-002590263bf5

openafs -- multiple vulnerabilities

The OpenAFS development team reports:

Foreign users can bypass access controls to create groups as system:administrators, including in the user namespace and the system: namespace.

The contents of uninitialized memory are sent on the wire when clients perform certain RPCs. Depending on the RPC, the information leaked may come from kernel memory or userspace.

Discovery 2016-03-16
Entry 2016-06-05
openafs

< 1.6.17

CVE-2016-2860
CVE-2016-4536
ports/209534
http://www.openafs.org/pages/security/OPENAFS-SA-2016-001.txt
http://www.openafs.org/pages/security/OPENAFS-SA-2016-002.txt

017a493f-7db6-11e5-a762-14dae9d210b8

openafs -- information disclosure

The OpenAFS development team reports:

When constructing an Rx acknowledgment (ACK) packet, Andrew-derived Rx implementations do not initialize three octets of data that are padding in the C language structure and were inadvertently included in the wire protocol (CVE-2015-7762). Additionally, OpenAFS Rx in versions 1.5.75 through 1.5.78, 1.6.0 through 1.6.14, and 1.7.0 through 1.7.32 include a variable-length padding at the end of the ACK packet, in an attempt to detect the path MTU, but only four octets of the additional padding are initialized (CVE-2015-7763).

Discovery 2015-10-28
Entry 2015-10-28
openafs

< 1.6.15

http://openafs.org/pages/security/OPENAFS-SA-2015-007.txt
CVE-2015-7762
CVE-2015-7763

2e8fe57e-2b46-11e6-ae88-002590263bf5

openafs -- local DoS vulnerability

The OpenAFS development team reports:

Avoid a potential denial of service issue, by fixing a bug in pioctl logic that allowed a local user to overrun a kernel buffer with a single NUL byte.

Discovery 2016-03-16
Entry 2016-06-05
openafs

< 1.6.16

CVE-2015-8312
https://www.openafs.org/dl/1.6.16/RELNOTES-1.6.16