FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-14 16:33:59 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
b6da24da-23f7-11e5-a4a5-002590263bf5	squid -- client-first SSL-bump does not correctly validate X509 server certificate Squid security advisory 2015:1 reports: Squid configured with client-first SSL-bump does not correctly validate X509 server certificate domain / hostname fields. The bug is important because it allows remote servers to bypass client certificate validation. Some attackers may also be able to use valid certificates for one domain signed by a global Certificate Authority to abuse an unrelated domain. However, the bug is exploitable only if you have configured Squid to perform SSL Bumping with the "client-first" or "bump" mode of operation. Sites that do not use SSL-Bump are not vulnerable. All Squid built without SSL support are not vulnerable to the problem. The FreeBSD port does not use SSL by default and is not vulnerable in the default configuration. Discovery 2015-05-01 Entry 2015-07-06 squid >= 3.5 lt 3.5.4 >= 3.4 lt 3.4.13 squid33 >= 3.3 lt 3.3.14 squid32 >= 3.2 lt 3.2.14 CVE-2015-3455 http://www.squid-cache.org/Advisories/SQUID-2015_1.txt
d3324c55-3f11-11e4-ad16-001999f8d30b	squid -- Buffer overflow in SNMP processing The squid-cache project reports: Due to incorrect buffer management Squid can be caused by an attacker to write outside its allocated SNMP buffer. Discovery 2014-09-15 Entry 2014-09-18 squid < 3.4.8 squid32 > 0 squid33 < 3.3.13_2 http://www.squid-cache.org/Advisories/SQUID-2014_3.txt CVE-2014-6270

VuXML ID

Description

b6da24da-23f7-11e5-a4a5-002590263bf5

squid -- client-first SSL-bump does not correctly validate X509 server certificate

Squid security advisory 2015:1 reports:

Squid configured with client-first SSL-bump does not correctly validate X509 server certificate domain / hostname fields.

The bug is important because it allows remote servers to bypass client certificate validation. Some attackers may also be able to use valid certificates for one domain signed by a global Certificate Authority to abuse an unrelated domain.

However, the bug is exploitable only if you have configured Squid to perform SSL Bumping with the "client-first" or "bump" mode of operation.

Sites that do not use SSL-Bump are not vulnerable.

All Squid built without SSL support are not vulnerable to the problem.

The FreeBSD port does not use SSL by default and is not vulnerable in the default configuration.

Discovery 2015-05-01
Entry 2015-07-06
squid

>= 3.5 lt 3.5.4

>= 3.4 lt 3.4.13

squid33

>= 3.3 lt 3.3.14

squid32

>= 3.2 lt 3.2.14

CVE-2015-3455
http://www.squid-cache.org/Advisories/SQUID-2015_1.txt

d3324c55-3f11-11e4-ad16-001999f8d30b

squid -- Buffer overflow in SNMP processing

The squid-cache project reports:

Due to incorrect buffer management Squid can be caused by an attacker to write outside its allocated SNMP buffer.

Discovery 2014-09-15
Entry 2014-09-18
squid

< 3.4.8

squid32

> 0

squid33

< 3.3.13_2

http://www.squid-cache.org/Advisories/SQUID-2014_3.txt
CVE-2014-6270