Date: Thu, 19 Mar 2020 18:00:34 +0000 (UTC) From: Gordon Tetlow <gordon@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r528737 - head/security/vuxml Message-ID: <202003191800.02JI0YBX067999@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: gordon (src committer) Date: Thu Mar 19 18:00:34 2020 New Revision: 528737 URL: https://svnweb.freebsd.org/changeset/ports/528737 Log: Add details for today's SAs. Approved by: so Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Thu Mar 19 17:56:40 2020 (r528736) +++ head/security/vuxml/vuln.xml Thu Mar 19 18:00:34 2020 (r528737) @@ -58,6 +58,158 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="6b90acba-6a0a-11ea-92ab-00163e433440"> + <topic>FreeBSD -- Kernel memory disclosure with nested jails</topic> + <affects> + <package> + <name>FreeBSD-kernel</name> + <range><ge>12.1</ge><lt>12.1_3</lt></range> + <range><ge>11.3</ge><lt>11.3_7</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Problem Description:</h1> + <p>A missing NUL-termination check for the jail_set(2) configration + option "osrelease" may return more bytes when reading the jail + configuration back with jail_get(2) than were originally set.</p> + <h1>Impact:</h1> + <p>For jails with a non-default setting of children.max > 0 ("nested + jails") a superuser inside a jail can create a jail and may be able to + read and take advantage of exposed kernel memory.</p> + </body> + </description> + <references> + <cvename>CVE-2020-7453</cvename> + <freebsdsa>SA-20:08.jail</freebsdsa> + </references> + <dates> + <discovery>2020-03-19</discovery> + <entry>2020-03-19</entry> + </dates> + </vuln> + + <vuln vid="0cc7e547-6a0a-11ea-92ab-00163e433440"> + <topic>FreeBSD -- Incorrect user-controlled pointer use in epair</topic> + <affects> + <package> + <name>FreeBSD-kernel</name> + <range><ge>12.1</ge><lt>12.1_3</lt></range> + <range><ge>11.3</ge><lt>11.3_7</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Problem Description:</h1> + <p>Incorrect use of a potentially user-controlled pointer in the kernel + allowed vnet jailed users to panic the system and potentially execute + aribitrary code in the kernel.</p> + <h1>Impact:</h1> + <p>Users with root level access (or the PRIV_NET_IFCREATE privilege) + can panic the system, or potentially escape the jail or execute + arbitrary code with kernel priviliges.</p> + </body> + </description> + <references> + <cvename>CVE-2020-7452</cvename> + <freebsdsa>SA-20:07.epair</freebsdsa> + </references> + <dates> + <discovery>2020-03-19</discovery> + <entry>2020-03-19</entry> + </dates> + </vuln> + + <vuln vid="b2b83761-6a09-11ea-92ab-00163e433440"> + <topic>FreeBSD -- Insufficient ixl(4) ioctl(2) privilege checking</topic> + <affects> + <package> + <name>FreeBSD-kernel</name> + <range><ge>12.1</ge><lt>12.1_3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Problem Description:</h1> + <p>The driver-specific ioctl(2) command handlers in ixl(4) failed to + check whether the caller has sufficient privileges to perform the + corresponding operation.</p> + <h1>Impact:</h1> + <p>The ixl(4) handler permits unprivileged users to trigger updates to + the device's non-volatile memory (NVM).</p> + </body> + </description> + <references> + <cvename>CVE-2019-15877</cvename> + <freebsdsa>SA-20:06.if_ixl_ioctl</freebsdsa> + </references> + <dates> + <discovery>2020-03-19</discovery> + <entry>2020-03-19</entry> + </dates> + </vuln> + + <vuln vid="3c10ccdf-6a09-11ea-92ab-00163e433440"> + <topic>FreeBSD -- Insufficient oce(4) ioctl(2) privilege checking</topic> + <affects> + <package> + <name>FreeBSD-kernel</name> + <range><ge>12.1</ge><lt>12.1_3</lt></range> + <range><ge>11.3</ge><lt>11.3_7</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Problem Description:</h1> + <p>The driver-specific ioctl(2) command handlers in oce(4) failed to + check whether the caller has sufficient privileges to perform the + corresponding operation.</p> + <h1>Impact:</h1> + <p>The oce(4) handler permits unprivileged users to send passthrough + commands to device firmware.</p> + </body> + </description> + <references> + <cvename>CVE-2019-15876</cvename> + <freebsdsa>SA-20:05.if_oce_ioctl</freebsdsa> + </references> + <dates> + <discovery>2020-03-19</discovery> + <entry>2020-03-19</entry> + </dates> + </vuln> + + <vuln vid="0e06013e-6a06-11ea-92ab-00163e433440"> + <topic>FreeBSD -- TCP IPv6 SYN cache kernel information disclosure</topic> + <affects> + <package> + <name>FreeBSD-kernel</name> + <range><ge>12.1</ge><lt>12.1_3</lt></range> + <range><ge>11.3</ge><lt>11.3_7</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Problem Description:</h1> + <p>When a TCP server transmits or retransmits a TCP SYN-ACK segment + over IPv6, the Traffic Class field is not initialized. This also + applies to challenge ACK segments, which are sent in response to + received RST segments during the TCP connection setup phase.</p> + <h1>Impact:</h1> + <p>For each TCP SYN-ACK (or challenge TCP-ACK) segment sent over IPv6, + one byte of kernel memory is transmitted over the network.</p> + </body> + </description> + <references> + <cvename>CVE-2020-7451</cvename> + <freebsdsa>SA-20:04.tcp</freebsdsa> + </references> + <dates> + <discovery>2020-03-19</discovery> + <entry>2020-03-19</entry> + </dates> + </vuln> + <vuln vid="3d19c776-68e7-11ea-91db-0050562a4d7b"> <topic>www/py-bleach -- multiple vulnerabilities</topic> <affects> @@ -489,7 +641,6 @@ compromised.</p> <package> <name>FreeBSD</name> <range><ge>11.3</ge><lt>11.3_7</lt></range> - <range><ge>12.0</ge><lt>12.0_14</lt></range> <range><ge>12.1</ge><lt>12.1_3</lt></range> </package> <package> @@ -503,7 +654,7 @@ compromised.</p> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml"> - <p>nwtine.org reports:</p> + <p>nwtime.org reports:</p> <blockquote cite="https://support.ntp.org/bin/view/Main/SecurityNotice"> <p>Three ntp vulnerabilities, Depending on configuration, may have little impact up to termination of the ntpd process.</p> @@ -531,7 +682,7 @@ compromised.</p> </body> </description> <references> - <url>INSERT BLOCKQUOTE URL HERE</url> + <freebsdsa>SA-20:09.ntp</freebsdsa> </references> <dates> <discovery>2019-05-30</discovery>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202003191800.02JI0YBX067999>