FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

chicken -- multiple vulnerabilities

Affected packages
chicken < 4.12,1

Details

VuXML ID c6932dd4-eaff-11e6-9ac1-a4badb2f4699
Discovery 2016-08-12
Entry 2017-02-04
Modified 2017-03-05

Peter Bex reports:

A buffer overflow error was found in the POSIX unit's procedures process-execute and process-spawn.

Additionally, a memory leak existed in this code, which would be triggered when an error is raised during argument and environment processing.

Irregex versions before 0.9.6 contain a resource exhaustion vulnerability: when compiling deeply nested regexes containing the "+" operator due to exponential expansion behaviour.

References

CVE Name CVE-2016-6830
CVE Name CVE-2016-6831
CVE Name CVE-2016-9954
FreeBSD PR ports/216661
URL http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html