FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-14 16:33:59 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
d3324c55-3f11-11e4-ad16-001999f8d30bsquid -- Buffer overflow in SNMP processing

The squid-cache project reports:

Due to incorrect buffer management Squid can be caused by an attacker to write outside its allocated SNMP buffer.


Discovery 2014-09-15
Entry 2014-09-18
squid
< 3.4.8

squid32
> 0

squid33
< 3.3.13_2

http://www.squid-cache.org/Advisories/SQUID-2014_3.txt
CVE-2014-6270
b6da24da-23f7-11e5-a4a5-002590263bf5squid -- client-first SSL-bump does not correctly validate X509 server certificate

Squid security advisory 2015:1 reports:

Squid configured with client-first SSL-bump does not correctly validate X509 server certificate domain / hostname fields.

The bug is important because it allows remote servers to bypass client certificate validation. Some attackers may also be able to use valid certificates for one domain signed by a global Certificate Authority to abuse an unrelated domain.

However, the bug is exploitable only if you have configured Squid to perform SSL Bumping with the "client-first" or "bump" mode of operation.

Sites that do not use SSL-Bump are not vulnerable.

All Squid built without SSL support are not vulnerable to the problem.

The FreeBSD port does not use SSL by default and is not vulnerable in the default configuration.


Discovery 2015-05-01
Entry 2015-07-06
squid
>= 3.5 lt 3.5.4

>= 3.4 lt 3.4.13

squid33
>= 3.3 lt 3.3.14

squid32
>= 3.2 lt 3.2.14

CVE-2015-3455
http://www.squid-cache.org/Advisories/SQUID-2015_1.txt