From nobody Sat Mar 9 15:07:17 2024 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TsRGZ13Ktz5DNq1; Sat, 9 Mar 2024 15:07:18 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TsRGZ0QPqz4kmH; Sat, 9 Mar 2024 15:07:18 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1709996838; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=CQYttyho8E45TT7J51OYCugUZJW0DDiXmvbc59SHudE=; b=sGH4scNYMoSrLQdM9Fx3b+6gIVq7jINtWSv1OniS2TrfJX/8yQptEJd6m7EJlcwrUSbda5 pC+LIuz8Qy3cAXcDzIoNg2TJnFzKTacuX7RvrUkurgCHHfwrqvYsdzH7VZa3OzDQZuXn9l a771MFgEvppmmOlOxNdBW46MBnBxAOjx/e8mLRdcfvc91Nl0qoi+AcPD5UI0MbrfoZfB2v kwd14Xf8ApPsDCVnpgm33ufv8jzobyBMiPeWLWFHwF54cCMVY8iU35x9iiSEYLELAF0HPd D3mm/rm04hXLpjGJnvODFiho6Ku9A9C1Ou6wRacgVYD/b3fb/7A2HLO07VQRZA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1709996838; a=rsa-sha256; cv=none; b=TZnJuR91bSohxe4klS3bRYJB1B0odkTlhODjKOrXN+ivuDLlxehetVRJsVgPICDE2qSbab NOImTJMStPlPgA4TiGk6od5VfUrAod9mLTllL1oWqAhfE5ZtdLXQXBfkrtfETFJnWtUssm hn3UfgxHiUo/YCuIWleuYzVoP8qnF/U+Q1+BbIJ2JqnKWGSqnklhWKFtgws3dZB5DIpGph 34xQOIkaGHw6WDE44WN2lKIetmnIQDCroNCOkD3BTutRpTUL8yZZx8Q4GyFwTbMGYmHcnj an2+AFvB1Zts0s/ejc/E62PZgRl8APtC2r5THCe+NJvD4UjDdASd4HKk87O40A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1709996838; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=CQYttyho8E45TT7J51OYCugUZJW0DDiXmvbc59SHudE=; b=MdsUwbTtGOsDxotb3zC8ESW9v51M05YBZM2j/ARHLYDUjl/2pfG1ITSsty07AagP6kURK5 CTblSKehXZ2H64W90L1KyevWE8u6EdAQtuJwXqOTk1lBxeTz7IOGoTNZkhi7Amy24ukxMB 8m8/mlBl204W0ZKqXk4EROwp7FBfqq1izWW0A/eTqqEqSfWjwQ2n2WI7x7wuRjXV8WZdB0 Flel/oZOHQNccQ+Lr0xF9AOAlriRyzX9oJcIWotZyqPQYEug9yHPMAZham9t+mM4jire5n tWpWYwR3TaJFMMlZQI9jYLE1r9igxQrjuKWAYvZrRu9ShWHZvg9k9Fyc4N9DGA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4TsRGY6mLTz16dX; Sat, 9 Mar 2024 15:07:17 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 429F7HvL015444; Sat, 9 Mar 2024 15:07:17 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 429F7Hbb015441; Sat, 9 Mar 2024 15:07:17 GMT (envelope-from git) Date: Sat, 9 Mar 2024 15:07:17 GMT Message-Id: <202403091507.429F7Hbb015441@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Bernard Spil Subject: git: 9d09574f1d25 - main - security/vuxml: Document Unbound vulnerability List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: brnrd X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 9d09574f1d2529bb34545642d2f27d8ba6dfa773 Auto-Submitted: auto-generated The branch main has been updated by brnrd: URL: https://cgit.FreeBSD.org/ports/commit/?id=9d09574f1d2529bb34545642d2f27d8ba6dfa773 commit 9d09574f1d2529bb34545642d2f27d8ba6dfa773 Author: Bernard Spil AuthorDate: 2024-03-09 15:07:15 +0000 Commit: Bernard Spil CommitDate: 2024-03-09 15:07:15 +0000 security/vuxml: Document Unbound vulnerability --- security/vuxml/vuln/2024.xml | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml index 8a4b3ed3783d..9d70362a16c9 100644 --- a/security/vuxml/vuln/2024.xml +++ b/security/vuxml/vuln/2024.xml @@ -1,3 +1,40 @@ + + Unbound -- Denial-of-Service vulnerability + + + unbound + 1.18.01.19.2 + + + + +

NLNet Labs reports:

+
+

Unbound 1.18.0 introduced a feature that removes EDE records from + responses with size higher than the client's advertised buffer size. + Before removing all the EDE records however, it would try to see if + trimming the extra text fields on those records would result in an + acceptable size while still retaining the EDE codes. Due to an + unchecked condition, the code that trims the text of the EDE records + could loop indefinitely. This happens when Unbound would reply with + attached EDE information on a positive reply and the client's buffer + size is smaller than the needed space to include EDE records. + + The vulnerability can only be triggered when the 'ede: yes' option + is used; non default configuration.

+
+ + + + CVE-2024-1931 + https://www.nlnetlabs.nl/downloads/unbound/CVE-2024-1931.txt + + + 2024-03-07 + 2024-03-09 + + + electron{27,28} -- vulnerability in libxml2