freebsd 4.10 security run output

Lem0nHead

Verified User
Joined
Nov 28, 2004
Messages
265
hello
i'm getting some "security problems" listed on nightly security test:

Checking for packages with security vulnerabilities:

Affected package: tiff-3.6.1_1
Type of problem: tiff -- tiffdump integer overflow vulnerability.
Reference: <http://people.freebsd.org/~eik/portaudit/8f86d8b5-6025-11d9-a9e7-0001020eed82.html>

Affected package: tiff-3.6.1_1
Type of problem: tiff -- directory entry count integer overflow vulnerability.
Reference: <http://people.freebsd.org/~eik/portaudit/fc7e6a42-6012-11d9-a9e7-0001020eed82.html>

Affected package: mysql-client-4.0.18_1
Type of problem: mysql -- mysql_real_connect buffer overflow vulnerability.
Reference: <http://people.freebsd.org/~eik/portaudit/835256b8-46ed-11d9-8ce0-00065be4b5b6.html>

Affected package: wget-1.8.2_6
Type of problem: wget -- multiple vulnerabilities.
Reference: <http://people.freebsd.org/~eik/portaudit/06f142ff-4df3-11d9-a9e7-0001020eed82.html>

Affected package: libxml2-2.6.9
Type of problem: libxml -- remote buffer overflows.
Reference: <http://people.freebsd.org/~eik/portaudit/9ff4c91e-328c-11d9-a9e7-0001020eed82.html>

Affected package: gd-2.0.22,1
Type of problem: gd -- integer overflow.
Reference: <http://people.freebsd.org/~eik/portaudit/62239968-2f2a-11d9-a9e7-0001020eed82.html>

Affected package: gd-1.8.4,2
Type of problem: gd -- integer overflow.
Reference: <http://people.freebsd.org/~eik/portaudit/62239968-2f2a-11d9-a9e7-0001020eed82.html>

Affected package: tiff-3.6.1_1
Type of problem: tiff -- multiple integer overflows.
Reference: <http://people.freebsd.org/~eik/portaudit/3897a2f8-1d57-11d9-bc4a-000c41e2cdad.html>

Affected package: tiff-3.6.1_1
Type of problem: tiff -- RLE decoder heap overflows.
Reference: <http://people.freebsd.org/~eik/portaudit/f6680c03-0bd8-11d9-8a8a-000c41e2cdad.html>

Affected package: linux_base-7.1_7
Type of problem: xpm -- image decoding vulnerabilities.
Reference: <http://people.freebsd.org/~eik/portaudit/ef253f8b-0727-11d9-b45d-000c41e2cdad.html>

Affected package: XFree86-libraries-4.3.0_7
Type of problem: xpm -- image decoding vulnerabilities.
Reference: <http://people.freebsd.org/~eik/portaudit/ef253f8b-0727-11d9-b45d-000c41e2cdad.html>

Affected package: mysql-client-4.0.18_1
Type of problem: MySQL insecure temporary file creation (mysqlbug).
Reference: <http://people.freebsd.org/~eik/portaudit/2e129846-8fbb-11d8-8b29-0020ed76ef5a.html>

Affected package: proftpd-1.2.9
Type of problem: proftpd IP address access control list breakage.
Reference: <http://people.freebsd.org/~eik/portaudit/cb6c6c29-9c4f-11d8-9366-0020ed76ef5a.html>

Affected package: png-1.2.5_3
Type of problem: libpng row buffer overflow.
Reference: <http://people.freebsd.org/~eik/portaudit/1b78d43f-d32b-11d8-b479-02e0185c0b53.html>

14 problem(s) in your installed packages found.
are them "normal"?

ie... i probably don't use proftpd package (since i use directadmin's one... i guess they aren't the same)

and others... well... anyone know if I should upgrade them without fear of breaking something?

thanks
 

Chrysalis

Verified User
Joined
Aug 25, 2004
Messages
1,584
Location
uk
upgrade with portupgrade then restart any daemons after.

Portupgrade will usually be safe it keeps existing configs intact and if install fails it will restore the previous version.

Just remember to add any custom settings to /usr/local/etc/pkgtools.conf
 
Top