freebsd 4.10 security run output
i'm getting some "security problems" listed on nightly security test:
Checking for packages with security vulnerabilities:
Affected package: tiff-3.6.1_1
Type of problem: tiff -- tiffdump integer overflow vulnerability.
Reference: <http://people.freebsd.org/~eik/porta...1020eed82.html>
Affected package: tiff-3.6.1_1
Type of problem: tiff -- directory entry count integer overflow vulnerability.
Reference: <http://people.freebsd.org/~eik/porta...1020eed82.html>
Affected package: mysql-client-4.0.18_1
Type of problem: mysql -- mysql_real_connect buffer overflow vulnerability.
Reference: <http://people.freebsd.org/~eik/porta...65be4b5b6.html>
Affected package: wget-1.8.2_6
Type of problem: wget -- multiple vulnerabilities.
Reference: <http://people.freebsd.org/~eik/porta...1020eed82.html>
Affected package: libxml2-2.6.9
Type of problem: libxml -- remote buffer overflows.
Reference: <http://people.freebsd.org/~eik/porta...1020eed82.html>
Affected package: gd-2.0.22,1
Type of problem: gd -- integer overflow.
Reference: <http://people.freebsd.org/~eik/porta...1020eed82.html>
Affected package: gd-1.8.4,2
Type of problem: gd -- integer overflow.
Reference: <http://people.freebsd.org/~eik/porta...1020eed82.html>
Affected package: tiff-3.6.1_1
Type of problem: tiff -- multiple integer overflows.
Reference: <http://people.freebsd.org/~eik/porta...c41e2cdad.html>
Affected package: tiff-3.6.1_1
Type of problem: tiff -- RLE decoder heap overflows.
Reference: <http://people.freebsd.org/~eik/porta...c41e2cdad.html>
Affected package: linux_base-7.1_7
Type of problem: xpm -- image decoding vulnerabilities.
Reference: <http://people.freebsd.org/~eik/porta...c41e2cdad.html>
Affected package: XFree86-libraries-4.3.0_7
Type of problem: xpm -- image decoding vulnerabilities.
Reference: <http://people.freebsd.org/~eik/porta...c41e2cdad.html>
Affected package: mysql-client-4.0.18_1
Type of problem: MySQL insecure temporary file creation (mysqlbug).
Reference: <http://people.freebsd.org/~eik/porta...0ed76ef5a.html>
Affected package: proftpd-1.2.9
Type of problem: proftpd IP address access control list breakage.
Reference: <http://people.freebsd.org/~eik/porta...0ed76ef5a.html>
Affected package: png-1.2.5_3
Type of problem: libpng row buffer overflow.
Reference: <http://people.freebsd.org/~eik/porta...0185c0b53.html>
14 problem(s) in your installed packages found.
Affected package: tiff-3.6.1_1
Type of problem: tiff -- tiffdump integer overflow vulnerability.
Reference: <http://people.freebsd.org/~eik/porta...1020eed82.html>
Affected package: tiff-3.6.1_1
Type of problem: tiff -- directory entry count integer overflow vulnerability.
Reference: <http://people.freebsd.org/~eik/porta...1020eed82.html>
Affected package: mysql-client-4.0.18_1
Type of problem: mysql -- mysql_real_connect buffer overflow vulnerability.
Reference: <http://people.freebsd.org/~eik/porta...65be4b5b6.html>
Affected package: wget-1.8.2_6
Type of problem: wget -- multiple vulnerabilities.
Reference: <http://people.freebsd.org/~eik/porta...1020eed82.html>
Affected package: libxml2-2.6.9
Type of problem: libxml -- remote buffer overflows.
Reference: <http://people.freebsd.org/~eik/porta...1020eed82.html>
Affected package: gd-2.0.22,1
Type of problem: gd -- integer overflow.
Reference: <http://people.freebsd.org/~eik/porta...1020eed82.html>
Affected package: gd-1.8.4,2
Type of problem: gd -- integer overflow.
Reference: <http://people.freebsd.org/~eik/porta...1020eed82.html>
Affected package: tiff-3.6.1_1
Type of problem: tiff -- multiple integer overflows.
Reference: <http://people.freebsd.org/~eik/porta...c41e2cdad.html>
Affected package: tiff-3.6.1_1
Type of problem: tiff -- RLE decoder heap overflows.
Reference: <http://people.freebsd.org/~eik/porta...c41e2cdad.html>
Affected package: linux_base-7.1_7
Type of problem: xpm -- image decoding vulnerabilities.
Reference: <http://people.freebsd.org/~eik/porta...c41e2cdad.html>
Affected package: XFree86-libraries-4.3.0_7
Type of problem: xpm -- image decoding vulnerabilities.
Reference: <http://people.freebsd.org/~eik/porta...c41e2cdad.html>
Affected package: mysql-client-4.0.18_1
Type of problem: MySQL insecure temporary file creation (mysqlbug).
Reference: <http://people.freebsd.org/~eik/porta...0ed76ef5a.html>
Affected package: proftpd-1.2.9
Type of problem: proftpd IP address access control list breakage.
Reference: <http://people.freebsd.org/~eik/porta...0ed76ef5a.html>
Affected package: png-1.2.5_3
Type of problem: libpng row buffer overflow.
Reference: <http://people.freebsd.org/~eik/porta...0185c0b53.html>
14 problem(s) in your installed packages found.
ie... i probably don't use proftpd package (since i use directadmin's one... i guess they aren't the same)
and others... well... anyone know if I should upgrade them without fear of breaking something?
thanks
