Date: Wed, 10 Aug 2022 09:55:58 GMT From: Philip Paeps <philip@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: bc0f150ed35a - main - security/vuxml: add FreeBSD SA-22:09.elf Message-ID: <202208100955.27A9twdP066778@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by philip: URL: https://cgit.FreeBSD.org/ports/commit/?id=bc0f150ed35a9c689090f9cab356a5a4db6e4978 commit bc0f150ed35a9c689090f9cab356a5a4db6e4978 Author: Philip Paeps <philip@FreeBSD.org> AuthorDate: 2022-08-10 09:53:28 +0000 Commit: Philip Paeps <philip@FreeBSD.org> CommitDate: 2022-08-10 09:53:28 +0000 security/vuxml: add FreeBSD SA-22:09.elf --- security/vuxml/vuln-2022.xml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml index 97428fd8d4c8..bb382f68587b 100644 --- a/security/vuxml/vuln-2022.xml +++ b/security/vuxml/vuln-2022.xml @@ -1,3 +1,34 @@ + <vuln vid="5028c1ae-1890-11ed-9b22-002590c1f29c"> + <topic>FreeBSD -- Out of bound read in elf_note_prpsinfo()</topic> + <affects> + <package> + <name>FreeBSD-kernel</name> + <range><ge>13.1</ge><lt>13.1_1</lt></range> + <range><ge>13.0</ge><lt>13.0_12</lt></range> + <range><ge>12.3</ge><lt>12.3_6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <h1>Problem Description:</h1> + <p>When dumping core and saving process information, proc_getargv() + might return an sbuf which have a sbuf_len() of 0 or -1, which is not + properly handled.</p> + <h1>Impact:</h1> + <p>An out-of-bound read can happen when user constructs a specially + crafted ps_string, which in turn can cause the kernel to crash.</p> + </body> + </description> + <references> + <cvename>CVE-2022-23089</cvename> + <freebsdsa>SA-22:09.elf</freebsdsa> + </references> + <dates> + <discovery>2022-08-09</discovery> + <entry>2022-08-10</entry> + </dates> + </vuln> + <vuln vid="21f43976-1887-11ed-9911-40b034429ecf"> <topic>rsync -- client-side arbitrary file write vulnerability</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202208100955.27A9twdP066778>