Date: Wed, 16 Mar 2022 08:07:04 GMT From: Philip Paeps <philip@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: b8a6a61b87b7 - main - security/vuxml: add FreeBSD SA-22:02.wifi Message-ID: <202203160807.22G874wl092595@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by philip: URL: https://cgit.FreeBSD.org/ports/commit/?id=b8a6a61b87b7e51d368c36091d6f5a36bb4f4a94 commit b8a6a61b87b7e51d368c36091d6f5a36bb4f4a94 Author: Philip Paeps <philip@FreeBSD.org> AuthorDate: 2022-03-16 07:42:27 +0000 Commit: Philip Paeps <philip@FreeBSD.org> CommitDate: 2022-03-16 07:42:27 +0000 security/vuxml: add FreeBSD SA-22:02.wifi --- security/vuxml/vuln-2022.xml | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml index efedcc39aa5a..377563dbe782 100644 --- a/security/vuxml/vuln-2022.xml +++ b/security/vuxml/vuln-2022.xml @@ -1,3 +1,42 @@ + <vuln vid="8d20bd48-a4f3-11ec-90de-1c697aa5a594"> + <topic>FreeBSD-kernel -- Multiple WiFi issues</topic> + <affects> + <package> + <name>FreeBSD-kernel</name> + <range><ge>13.0</ge><lt>13.0_8</lt></range> + <range><ge>12.3</ge><lt>12.3_3</lt></range> + <range><ge>12.2</ge><lt>12.2_14</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <h1>Problem Description:</h1> + <p>The paper "Fragment and Forge: Breaking Wi-Fi Through Frame + Aggregation and Fragmentation" reported a number of security + vulnerabilities in the 802.11 specification related to frame + aggregation and fragmentation.</p> + <p>Additionally, FreeBSD 12.x missed length validation of SSIDs and + Information Elements (IEs).</p> + <h1>Impact:</h1> + <p>As reported on the FragAttacks website, the "design flaws are hard + to abuse because doing so requires user interaction or is only + possible when using uncommon network settings." Under suitable + conditions an attacker may be able to extract sensitive data or inject + data.</p> + </body> + </description> + <references> + <cvename>CVE-2020-26147</cvename> + <cvename>CVE-2020-24588</cvename> + <cvename>CVE-2020-26144</cvename> + <freebsdsa>SA-22:02.wifi</freebsdsa> + </references> + <dates> + <discovery>2022-03-15</discovery> + <entry>2022-03-16</entry> + </dates> + </vuln> + <vuln vid="857be71a-a4b0-11ec-95fc-3065ec8fd3ec"> <topic>chromium -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202203160807.22G874wl092595>