From owner-svn-ports-all@freebsd.org Fri Apr 24 14:28:07 2020 Return-Path: Delivered-To: svn-ports-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B22CC2B6E65; Fri, 24 Apr 2020 14:28:07 +0000 (UTC) (envelope-from dan@langille.org) Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 497xNQ5pK4z4RVk; Fri, 24 Apr 2020 14:28:06 +0000 (UTC) (envelope-from dan@langille.org) Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 142D85C0435; Fri, 24 Apr 2020 10:28:06 -0400 (EDT) Received: from imap36 ([10.202.2.86]) by compute2.internal (MEProxy); Fri, 24 Apr 2020 10:28:06 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=langille.org; h= mime-version:message-id:in-reply-to:references:date:from:to :subject:content-type; s=fm1; bh=ns7bJQJn/Dt3cD3PgvjtIVLFpx4Q1ds 4yvJtkdVx/Fs=; b=XA93cXLUBOk11arXf8KhX1sj5CoSW8y0UJuj+5brkd220C1 CA8oAQ0zemTt5wq8Rvca8SgbUWrNoLYOmThZacJ+tyoEH0xGy97NTbhwpeIfx+9E JviNUFBdeKgBgrxS+XTMJ0CsTrf1Rcforisy0bpVQWaXTN0h8f0r8WyE6BBcc/qh 7uXER57LDtOj1M/p63KNir+z0d3YPiNXTh52H//gZtQYDlgX6DUsZyQfNsrFphOo /5a4NKXMCudMEtigpeAv251PCK+kS8EQ7QGyrUTC5LL4hI4fqnYnUEu/2Kvv6Zef 9Jp2PzsNEQ9pnqCBWisRQBK7HOOS6Du3JhVxFTg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=ns7bJQ Jn/Dt3cD3PgvjtIVLFpx4Q1ds4yvJtkdVx/Fs=; b=05E6tCLfaNKNPfo7mMIgbD Uomh2fNMG4/G3ab2YgwSCW6CxXOeimWGS9YiMVJA2lLD+1wKT3zH8hI9rtAD4/D8 nYeCtQ2uQil1GO1U9CiWWZoF+G9EQcNorKEY6Y+3xHL1/JKyQz+vq2iXLtUScmZO oEcDdyP56ER5/R28/soRa8QzpeIrlaw1/TJ/jJhMqQvgxIwBVqDk8WCxfWwdM8gB iJeb9dhbB+RMcPHmb767xCBuzCqhH5nM76dzpPBB0shVIRraHvOjh4aheD9HeHbx EJ6IfdORe4icwPHY6I5tMw4ufher0uKCfALNOosZPtb0DpAzG9AaU9ukyPALK0IQ == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduhedrhedugdejvdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpefofgggkfgjfhffhffvufgtsehttdertderredtnecuhfhrohhmpedfffgrnhcu nfgrnhhgihhllhgvfdcuoegurghnsehlrghnghhilhhlvgdrohhrgheqnecuffhomhgrih hnpehfrhgvvggsshgurdhorhhgpdiffedrohhrghenucevlhhushhtvghrufhiiigvpedt necurfgrrhgrmhepmhgrihhlfhhrohhmpegurghnsehlrghnghhilhhlvgdrohhrgh X-ME-Proxy: Received: by mailuser.nyi.internal (Postfix, from userid 501) id 85F441880067; Fri, 24 Apr 2020 10:28:05 -0400 (EDT) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.3.0-dev0-351-g9981f4f-fmstable-20200421v1 Mime-Version: 1.0 Message-Id: In-Reply-To: References: <202004211829.03LITxve044691@repo.freebsd.org> Date: Fri, 24 Apr 2020 10:27:45 -0400 From: "Dan Langille" To: "Gordon Tetlow" , ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: Re: svn commit: r532291 - head/security/vuxml Content-Type: text/plain X-Rspamd-Queue-Id: 497xNQ5pK4z4RVk X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=langille.org header.s=fm1 header.b=XA93cXLU; dkim=pass header.d=messagingengine.com header.s=fm2 header.b=05E6tCLf; dmarc=pass (policy=none) header.from=langille.org; spf=pass (mx1.freebsd.org: domain of dan@langille.org designates 66.111.4.26 as permitted sender) smtp.mailfrom=dan@langille.org X-Spamd-Result: default: False [-5.58 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[langille.org:s=fm1,messagingengine.com:s=fm2]; XM_UA_NO_VERSION(0.01)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; R_SPF_ALLOW(-0.20)[+ip4:66.111.4.26]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; MV_CASE(0.50)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; TO_DN_SOME(0.00)[]; RCVD_COUNT_THREE(0.00)[4]; RWL_MAILSPIKE_GOOD(0.00)[26.4.111.66.rep.mailspike.net : 127.0.0.18]; DKIM_TRACE(0.00)[langille.org:+,messagingengine.com:+]; DMARC_POLICY_ALLOW(-0.50)[langille.org,none]; IP_SCORE(-3.49)[ip: (-9.82), ipnet: 66.111.4.0/24(-4.89), asn: 11403(-2.69), country: US(-0.05)]; RCVD_IN_DNSWL_LOW(-0.10)[26.4.111.66.list.dnswl.org : 127.0.5.1]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:11403, ipnet:66.111.4.0/24, country:US]; RCVD_TLS_LAST(0.00)[]; MID_RHS_WWW(0.50)[] X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Apr 2020 14:28:07 -0000 On Wed, Apr 22, 2020, at 1:25 PM, Dan Langille wrote: > On Tue, Apr 21, 2020, at 2:29 PM, Gordon Tetlow wrote: > > Author: gordon (src committer) > > Date: Tue Apr 21 18:29:59 2020 > > New Revision: 532291 > > URL: https://svnweb.freebsd.org/changeset/ports/532291 > > > > Log: > > Add new entries for SA-20:10 and SA-20:11. > > > > Modified: > > head/security/vuxml/vuln.xml > > > > Modified: head/security/vuxml/vuln.xml > > ============================================================================== > > --- head/security/vuxml/vuln.xml Tue Apr 21 18:22:15 2020 (r532290) > > +++ head/security/vuxml/vuln.xml Tue Apr 21 18:29:59 2020 (r532291) > > @@ -58,6 +58,71 @@ Notes: > > * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) > > --> > > [snip] > > > + > > + > > + FreeBSD -- ipfw invalid mbuf handling > > + > > + > > + FreeBSD-kernel > > + 12.112.1_4 > > + 11.311.3_8 > > + > > + > > + > > + > > +

Problem Description:

> > +

Incomplete packet data validation may result in accessing > > + out-of-bounds memory (CVE-2019-5614) or may access memory after it has > > + been freed (CVE-2019-15874).

> > +

Impact:

> > +

Access to out of bounds or freed mbuf data can lead to a kernel panic or > > + other unpredictable results.

> > + > > + > > + > > + CVE-2019-5614 > > + CVE-2019-15874 > > + SA-20:10.ipfw > > + > > + > > + 2020-04-21 > > + 2020-04-21 > > + > > + > > + > > > > py-twisted -- multiple vulnerabilities > > > > > > This entry is raising a false positive on patched systems. To reproduce: > > freebsd-update fetch install > reboot > pkg install base-audit > add security_status_baseaudit_enable="YES" to /etc/periodic.conf > pkg audit -F > /usr/local/etc/periodic/security/405.pkg-base-audit > > $ freebsd-version -uk > 12.1-RELEASE-p3 > 12.1-RELEASE-p4 > > $ /usr/local/etc/periodic/security/405.pkg-base-audit > > Checking for security vulnerabilities in base (userland & kernel): > Host system: > Database fetched: Wed Apr 22 11:30:00 UTC 2020 > FreeBSD-kernel-12.1_3 is vulnerable: > FreeBSD -- ipfw invalid mbuf handling > CVE: CVE-2019-15874 > CVE: CVE-2019-5614 > WWW: https://vuxml.FreeBSD.org/freebsd/33edcc56-83f2-11ea-92ab-00163e433440.html > > 1 problem(s) in 1 installed package(s) found. > 0 problem(s) in 0 installed package(s) found. PR raised: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=245878 -- Dan Langille dan@langille.org