diff options
| author | Nikolai Lifanov <lifanov@FreeBSD.org> | 2017-01-09 14:24:49 +0000 |
|---|---|---|
| committer | Nikolai Lifanov <lifanov@FreeBSD.org> | 2017-01-09 14:24:49 +0000 |
| commit | bed5cf18418398e8b7d0f0e2f80da11385e15341 (patch) | |
| tree | 391cb3e786fed0f16c92f58479456569c8b506e8 | |
| parent | dc0387b84d016f15875f8a9627310008528ffc13 (diff) | |
| download | freebsd-ports-bed5cf18418398e8b7d0f0e2f80da11385e15341.zip | |
security/vuxml: document pcsc-lite vulnerabilities
PR: 215834
Submitted by: Mahdi Mokhtari <mokhi64@gmail.com> (maintainer)
Reviewed by: matthew
Approved by: matthew (mentor)
MFH: 2017Q1
| -rw-r--r-- | security/vuxml/vuln.xml | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index e4bd1a6d42da..81cb1b800303 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,37 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="c218873d-d444-11e6-84ef-f0def167eeea"> + <topic>Use-After-Free Vulnerability in pcsc-lite</topic> + <affects> + <package> + <name>pcsc-lite</name> + <range><ge>1.6.0</ge><lt>1.8.20</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Peter Wu on Openwall mailing-list reports:</p> + <blockquote cite="http://www.openwall.com/lists/oss-security/2017/01/03/2"> + <p>The issue allows a local attacker to cause a Denial of Service, + but can potentially result in Privilege Escalation since + the daemon is running as root. while any local user can + connect to the Unix socket. + Fixed by patch which is released with hpcsc-lite 1.8.20.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CWE-415</cvename> + <cvename>CWE-416</cvename> + <url>http://www.openwall.com/lists/oss-security/2017/01/03/2</url> + </references> + <dates> + <discovery>2017-01-03</discovery> + <entry>2017-01-06</entry> + </dates> + </vuln> + <vuln vid="0c5369fc-d671-11e6-a9a5-b499baebfeaf"> <topic>GnuTLS -- Memory corruption vulnerabilities</topic> <affects> |