Date: Tue, 12 May 2020 18:37:02 +0000 (UTC) From: Gordon Tetlow <gordon@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r535002 - head/security/vuxml Message-ID: <202005121837.04CIb2SR026416@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: gordon (src committer) Date: Tue May 12 18:37:02 2020 New Revision: 535002 URL: https://svnweb.freebsd.org/changeset/ports/535002 Log: Add data for today's SA batch. Approved by: so Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue May 12 18:15:06 2020 (r535001) +++ head/security/vuxml/vuln.xml Tue May 12 18:37:02 2020 (r535002) @@ -58,6 +58,160 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="0bfcae0b-947f-11ea-92ab-00163e433440"> + <topic>FreeBSD -- Insufficient cryptodev MAC key length check</topic> + <affects> + <package> + <name>FreeBSD-kernel</name> + <range><ge>12.1</ge><lt>12.1_5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Problem Description:</h1> + <p>Requests to create cryptography sessions using a MAC did not validate the + user-supplied MAC key length. The cryptodev module allocates a buffer whose + size is this user-suppled length.</p> + <h1>Impact:</h1> + <p>An unprivileged process can trigger a kernel panic.</p> + </body> + </description> + <references> + <cvename>CVE-2019-15879</cvename> + <freebsdsa>SA-20:15.cryptodev</freebsdsa> + </references> + <dates> + <discovery>2020-01-20</discovery> + <entry>2020-05-12</entry> + </dates> + </vuln> + + <vuln vid="9f15c2da-947e-11ea-92ab-00163e433440"> + <topic>FreeBSD -- Use after free in cryptodev module</topic> + <affects> + <package> + <name>FreeBSD-kernel</name> + <range><ge>12.1</ge><lt>12.1_5</lt></range> + <range><ge>11.3</ge><lt>11.3_9</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Problem Description:</h1> + <p>A race condition permitted a data structure in the kernel to be used + after it was freed by the cryptodev module.</p> + <h1>Impact:</h1> + <p>An unprivileged process can overwrite arbitrary kernel memory.</p> + </body> + </description> + <references> + <cvename>CVE-2019-15879</cvename> + <freebsdsa>SA-20:15.cryptodev</freebsdsa> + </references> + <dates> + <discovery>2020-01-20</discovery> + <entry>2020-05-12</entry> + </dates> + </vuln> + + <vuln vid="253486f5-947d-11ea-92ab-00163e433440"> + <topic>FreeBSD -- Improper checking in SCTP-AUTH shared key update</topic> + <affects> + <package> + <name>FreeBSD-kernel</name> + <range><ge>11.3</ge><lt>11.3_9</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Problem Description:</h1> + <p>The SCTP layer does improper checking when an application tries to update + a shared key. Therefore an unprivileged local user can trigger a use-after- + free situation, for example by specific sequences of updating shared keys and + closing the SCTP association.</p> + <h1>Impact:</h1> + <p>Triggering the use-after-free situation may result in unintended kernel + behaviour including a kernel panic.</p> + </body> + </description> + <references> + <cvename>CVE-2019-15878</cvename> + <freebsdsa>SA-20:14.sctp</freebsdsa> + </references> + <dates> + <discovery>2019-09-19</discovery> + <entry>2020-05-12</entry> + </dates> + </vuln> + + <vuln vid="78992249-947c-11ea-92ab-00163e433440"> + <topic>FreeBSD -- Memory disclosure vulnerability in libalias</topic> + <affects> + <package> + <name>FreeBSD-kernel</name> + <range><ge>12.1</ge><lt>12.1_5</lt></range> + <range><ge>11.4</ge><lt>11.4_1</lt></range> + <range><ge>11.3</ge><lt>11.3_9</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Problem Description:</h1> + <p>The FTP packet handler in libalias incorrectly calculates some packet + lengths. This may result in disclosing small amounts of memory from the + kernel (for the in-kernel NAT implementation) or from the process space for + natd (for the userspace implementation).</p> + <h1>Impact:</h1> + <p>A malicious attacker could send specially constructed packets that exploit the + erroneous calculation allowing the attacker to disclose small amount of memory + either from the kernel (for the in-kernel NAT implementation) or from the + process space for natd (for the userspace implementation).</p> + </body> + </description> + <references> + <cvename>CVE-2020-7455</cvename> + <freebsdsa>SA-20:13.libalias</freebsdsa> + </references> + <dates> + <discovery>2020-05-12</discovery> + <entry>2020-05-12</entry> + </dates> + </vuln> + + <vuln vid="30ce591c-947b-11ea-92ab-00163e433440"> + <topic>FreeBSD -- Insufficient packet length validation in libalias</topic> + <affects> + <package> + <name>FreeBSD-kernel</name> + <range><ge>12.1</ge><lt>12.1_5</lt></range> + <range><ge>11.4</ge><lt>11.4_1</lt></range> + <range><ge>11.3</ge><lt>11.3_9</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Problem Description:</h1> + <p>libalias(3) packet handlers do not properly validate the packet length before + accessing the protocol headers. As a result, if a libalias(3) module does + not properly validate the packet length before accessing the protocol header, + it is possible for an out of bound read or write condition to occur.</p> + <h1>Impact:</h1> + <p>A malicious attacker could send specially constructed packets that exploit + the lack of validation allowing the attacker to read or write memory either + from the kernel (for the in-kernel NAT implementation) or from the process + space for natd (for the userspace implementation).</p> + </body> + </description> + <references> + <cvename>CVE-2020-7454</cvename> + <freebsdsa>SA-20:12.libalias</freebsdsa> + </references> + <dates> + <discovery>2020-05-12</discovery> + <entry>2020-05-12</entry> + </dates> + </vuln> + <vuln vid="452d16bb-920d-11ea-9d20-18a6f7016652"> <topic>qutebrowser -- Reloading page with certificate errors shows a green URL</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202005121837.04CIb2SR026416>