Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 22 Apr 2020 13:25:09 -0400
From:      "Dan Langille" <dan@langille.org>
To:        "Gordon Tetlow" <gordon@FreeBSD.org>, ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   Re: svn commit: r532291 - head/security/vuxml
Message-ID:  <cee1f409-a1e9-4df7-ad2c-5550d527e5ee@www.fastmail.com>
In-Reply-To: <202004211829.03LITxve044691@repo.freebsd.org>
References:  <202004211829.03LITxve044691@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, Apr 21, 2020, at 2:29 PM, Gordon Tetlow wrote:
> Author: gordon (src committer)
> Date: Tue Apr 21 18:29:59 2020
> New Revision: 532291
> URL: https://svnweb.freebsd.org/changeset/ports/532291
> 
> Log:
>   Add new entries for SA-20:10 and SA-20:11.
> 
> Modified:
>   head/security/vuxml/vuln.xml
> 
> Modified: head/security/vuxml/vuln.xml
> ==============================================================================
> --- head/security/vuxml/vuln.xml	Tue Apr 21 18:22:15 2020	(r532290)
> +++ head/security/vuxml/vuln.xml	Tue Apr 21 18:29:59 2020	(r532291)
> @@ -58,6 +58,71 @@ Notes:
>    * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
>  -->

[snip]

> +
> +  <vuln vid="33edcc56-83f2-11ea-92ab-00163e433440">
> +    <topic>FreeBSD -- ipfw invalid mbuf handling</topic>
> +    <affects>
> +      <package>
> +	<name>FreeBSD-kernel</name>
> +	<range><ge>12.1</ge><lt>12.1_4</lt></range>
> +	<range><ge>11.3</ge><lt>11.3_8</lt></range>
> +      </package>
> +    </affects>
> +    <description>
> +      <body xmlns="http://www.w3.org/1999/xhtml">;
> +	<h1>Problem Description:</h1>
> +	<p>Incomplete packet data validation may result in accessing
> +	out-of-bounds memory (CVE-2019-5614) or may access memory after it has
> +	been freed (CVE-2019-15874).</p>
> +	<h1>Impact:</h1>
> +	<p>Access to out of bounds or freed mbuf data can lead to a kernel panic or
> +	other unpredictable results.</p>
> +      </body>
> +    </description>
> +    <references>
> +      <cvename>CVE-2019-5614</cvename>
> +      <cvename>CVE-2019-15874</cvename>
> +      <freebsdsa>SA-20:10.ipfw</freebsdsa>
> +    </references>
> +    <dates>
> +      <discovery>2020-04-21</discovery>
> +      <entry>2020-04-21</entry>
> +    </dates>
> +  </vuln>
> +
>    <vuln vid="9fbaefb3-837e-11ea-b5b4-641c67a117d8">
>      <topic>py-twisted -- multiple vulnerabilities</topic>
>      <affects>
>

This entry is raising a false positive on patched systems. To reproduce:

freebsd-update fetch install
reboot
pkg install base-audit
add security_status_baseaudit_enable="YES" to /etc/periodic.conf
pkg audit -F
/usr/local/etc/periodic/security/405.pkg-base-audit

$ freebsd-version -uk
12.1-RELEASE-p3
12.1-RELEASE-p4

$ /usr/local/etc/periodic/security/405.pkg-base-audit

Checking for security vulnerabilities in base (userland & kernel):
Host system:
Database fetched: Wed Apr 22 11:30:00 UTC 2020
FreeBSD-kernel-12.1_3 is vulnerable:
FreeBSD -- ipfw invalid mbuf handling
CVE: CVE-2019-15874
CVE: CVE-2019-5614
WWW: https://vuxml.FreeBSD.org/freebsd/33edcc56-83f2-11ea-92ab-00163e433440.html

1 problem(s) in 1 installed package(s) found.
0 problem(s) in 0 installed package(s) found.

-- 
  Dan Langille
  dan@langille.org

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cee1f409-a1e9-4df7-ad2c-5550d527e5ee>