hello
i'm getting some "security problems" listed on nightly security test:
are them "normal"?
ie... i probably don't use proftpd package (since i use directadmin's one... i guess they aren't the same)
and others... well... anyone know if I should upgrade them without fear of breaking something?
thanks
i'm getting some "security problems" listed on nightly security test:
Checking for packages with security vulnerabilities:
Affected package: tiff-3.6.1_1
Type of problem: tiff -- tiffdump integer overflow vulnerability.
Reference: <http://people.freebsd.org/~eik/portaudit/8f86d8b5-6025-11d9-a9e7-0001020eed82.html>
Affected package: tiff-3.6.1_1
Type of problem: tiff -- directory entry count integer overflow vulnerability.
Reference: <http://people.freebsd.org/~eik/portaudit/fc7e6a42-6012-11d9-a9e7-0001020eed82.html>
Affected package: mysql-client-4.0.18_1
Type of problem: mysql -- mysql_real_connect buffer overflow vulnerability.
Reference: <http://people.freebsd.org/~eik/portaudit/835256b8-46ed-11d9-8ce0-00065be4b5b6.html>
Affected package: wget-1.8.2_6
Type of problem: wget -- multiple vulnerabilities.
Reference: <http://people.freebsd.org/~eik/portaudit/06f142ff-4df3-11d9-a9e7-0001020eed82.html>
Affected package: libxml2-2.6.9
Type of problem: libxml -- remote buffer overflows.
Reference: <http://people.freebsd.org/~eik/portaudit/9ff4c91e-328c-11d9-a9e7-0001020eed82.html>
Affected package: gd-2.0.22,1
Type of problem: gd -- integer overflow.
Reference: <http://people.freebsd.org/~eik/portaudit/62239968-2f2a-11d9-a9e7-0001020eed82.html>
Affected package: gd-1.8.4,2
Type of problem: gd -- integer overflow.
Reference: <http://people.freebsd.org/~eik/portaudit/62239968-2f2a-11d9-a9e7-0001020eed82.html>
Affected package: tiff-3.6.1_1
Type of problem: tiff -- multiple integer overflows.
Reference: <http://people.freebsd.org/~eik/portaudit/3897a2f8-1d57-11d9-bc4a-000c41e2cdad.html>
Affected package: tiff-3.6.1_1
Type of problem: tiff -- RLE decoder heap overflows.
Reference: <http://people.freebsd.org/~eik/portaudit/f6680c03-0bd8-11d9-8a8a-000c41e2cdad.html>
Affected package: linux_base-7.1_7
Type of problem: xpm -- image decoding vulnerabilities.
Reference: <http://people.freebsd.org/~eik/portaudit/ef253f8b-0727-11d9-b45d-000c41e2cdad.html>
Affected package: XFree86-libraries-4.3.0_7
Type of problem: xpm -- image decoding vulnerabilities.
Reference: <http://people.freebsd.org/~eik/portaudit/ef253f8b-0727-11d9-b45d-000c41e2cdad.html>
Affected package: mysql-client-4.0.18_1
Type of problem: MySQL insecure temporary file creation (mysqlbug).
Reference: <http://people.freebsd.org/~eik/portaudit/2e129846-8fbb-11d8-8b29-0020ed76ef5a.html>
Affected package: proftpd-1.2.9
Type of problem: proftpd IP address access control list breakage.
Reference: <http://people.freebsd.org/~eik/portaudit/cb6c6c29-9c4f-11d8-9366-0020ed76ef5a.html>
Affected package: png-1.2.5_3
Type of problem: libpng row buffer overflow.
Reference: <http://people.freebsd.org/~eik/portaudit/1b78d43f-d32b-11d8-b479-02e0185c0b53.html>
14 problem(s) in your installed packages found.
are them "normal"?
ie... i probably don't use proftpd package (since i use directadmin's one... i guess they aren't the same)
and others... well... anyone know if I should upgrade them without fear of breaking something?
thanks