FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
4a4e9f88-491c-11e4-ae2c-c80aa9043978	bash -- out-of-bounds memory access in parser RedHat security team reports: It was discovered that the fixed-sized redir_stack could be forced to overflow in the Bash parser, resulting in memory corruption, and possibly leading to arbitrary code execution when evaluating untrusted input that would not otherwise be run as code. An off-by-one error was discovered in the way Bash was handling deeply nested flow control constructs. Depending on the layout of the .bss segment, this could allow arbitrary execution of code that would not otherwise be executed by Bash. Discovery 2014-09-25 Entry 2014-10-01 bash bash-static < 4.3.27_1 https://access.redhat.com/security/cve/CVE-2014-7186 CVE-2014-7186 CVE-2014-7187
512d1301-49b9-11e4-ae2c-c80aa9043978	bash -- remote code execution Note that this is different than the public "Shellshock" issue. Specially crafted environment variables could lead to remote arbitrary code execution. This was fixed in bash 4.3.27, however the port was patched with a mitigation in 4.3.25_2. Discovery 2014-09-27 Entry 2014-10-01 bash bash-static < 4.3.25_2 http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html CVE-2014-6277 CVE-2014-6278

VuXML ID

Description

4a4e9f88-491c-11e4-ae2c-c80aa9043978

bash -- out-of-bounds memory access in parser

RedHat security team reports:

It was discovered that the fixed-sized redir_stack could be forced to overflow in the Bash parser, resulting in memory corruption, and possibly leading to arbitrary code execution when evaluating untrusted input that would not otherwise be run as code.

An off-by-one error was discovered in the way Bash was handling deeply nested flow control constructs. Depending on the layout of the .bss segment, this could allow arbitrary execution of code that would not otherwise be executed by Bash.

Discovery 2014-09-25
Entry 2014-10-01
bash
bash-static

< 4.3.27_1

https://access.redhat.com/security/cve/CVE-2014-7186
CVE-2014-7186
CVE-2014-7187

512d1301-49b9-11e4-ae2c-c80aa9043978

bash -- remote code execution

Note that this is different than the public "Shellshock" issue.

Specially crafted environment variables could lead to remote arbitrary code execution. This was fixed in bash 4.3.27, however the port was patched with a mitigation in 4.3.25_2.

Discovery 2014-09-27
Entry 2014-10-01
bash
bash-static

< 4.3.25_2

http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html
CVE-2014-6277
CVE-2014-6278