cpet/freebsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add details for today's SAs.

Browse Source 
Approved by:	so
This commit is contained in:
Gordon Tetlow 2020-03-19 18:00:34 +00:00
parent ae964c28b0
commit 874ff25b8e
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=528737
1 changed files with 154 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

157
security/vuxml/vuln.xml
View File

@ -58,6 +58,158 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
<vuln vid="6b90acba-6a0a-11ea-92ab-00163e433440">
<topic>FreeBSD -- Kernel memory disclosure with nested jails</topic>
<affects>
<package>
<name>FreeBSD-kernel</name>
<range><ge>12.1</ge><lt>12.1_3</lt></range>
<range><ge>11.3</ge><lt>11.3_7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description:</h1>
<p>A missing NUL-termination check for the jail_set(2) configration
option "osrelease" may return more bytes when reading the jail
configuration back with jail_get(2) than were originally set.</p>
<h1>Impact:</h1>
<p>For jails with a non-default setting of children.max &gt; 0 ("nested
jails") a superuser inside a jail can create a jail and may be able to
read and take advantage of exposed kernel memory.</p>
</body>
</description>
<references>
<cvename>CVE-2020-7453</cvename>
<freebsdsa>SA-20:08.jail</freebsdsa>
</references>
<dates>
<discovery>2020-03-19</discovery>
<entry>2020-03-19</entry>
</dates>
</vuln>
<vuln vid="0cc7e547-6a0a-11ea-92ab-00163e433440">
<topic>FreeBSD -- Incorrect user-controlled pointer use in epair</topic>
<affects>
<package>
<name>FreeBSD-kernel</name>
<range><ge>12.1</ge><lt>12.1_3</lt></range>
<range><ge>11.3</ge><lt>11.3_7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description:</h1>
<p>Incorrect use of a potentially user-controlled pointer in the kernel
allowed vnet jailed users to panic the system and potentially execute
aribitrary code in the kernel.</p>
<h1>Impact:</h1>
<p>Users with root level access (or the PRIV_NET_IFCREATE privilege)
can panic the system, or potentially escape the jail or execute
arbitrary code with kernel priviliges.</p>
</body>
</description>
<references>
<cvename>CVE-2020-7452</cvename>
<freebsdsa>SA-20:07.epair</freebsdsa>
</references>
<dates>
<discovery>2020-03-19</discovery>
<entry>2020-03-19</entry>
</dates>
</vuln>
<vuln vid="b2b83761-6a09-11ea-92ab-00163e433440">
<topic>FreeBSD -- Insufficient ixl(4) ioctl(2) privilege checking</topic>
<affects>
<package>
<name>FreeBSD-kernel</name>
<range><ge>12.1</ge><lt>12.1_3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description:</h1>
<p>The driver-specific ioctl(2) command handlers in ixl(4) failed to
check whether the caller has sufficient privileges to perform the
corresponding operation.</p>
<h1>Impact:</h1>
<p>The ixl(4) handler permits unprivileged users to trigger updates to
the device's non-volatile memory (NVM).</p>
</body>
</description>
<references>
<cvename>CVE-2019-15877</cvename>
<freebsdsa>SA-20:06.if_ixl_ioctl</freebsdsa>
</references>
<dates>
<discovery>2020-03-19</discovery>
<entry>2020-03-19</entry>
</dates>
</vuln>
<vuln vid="3c10ccdf-6a09-11ea-92ab-00163e433440">
<topic>FreeBSD -- Insufficient oce(4) ioctl(2) privilege checking</topic>
<affects>
<package>
<name>FreeBSD-kernel</name>
<range><ge>12.1</ge><lt>12.1_3</lt></range>
<range><ge>11.3</ge><lt>11.3_7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description:</h1>
<p>The driver-specific ioctl(2) command handlers in oce(4) failed to
check whether the caller has sufficient privileges to perform the
corresponding operation.</p>
<h1>Impact:</h1>
<p>The oce(4) handler permits unprivileged users to send passthrough
commands to device firmware.</p>
</body>
</description>
<references>
<cvename>CVE-2019-15876</cvename>
<freebsdsa>SA-20:05.if_oce_ioctl</freebsdsa>
</references>
<dates>
<discovery>2020-03-19</discovery>
<entry>2020-03-19</entry>
</dates>
</vuln>
<vuln vid="0e06013e-6a06-11ea-92ab-00163e433440">
<topic>FreeBSD -- TCP IPv6 SYN cache kernel information disclosure</topic>
<affects>
<package>
<name>FreeBSD-kernel</name>
<range><ge>12.1</ge><lt>12.1_3</lt></range>
<range><ge>11.3</ge><lt>11.3_7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description:</h1>
<p>When a TCP server transmits or retransmits a TCP SYN-ACK segment
over IPv6, the Traffic Class field is not initialized. This also
applies to challenge ACK segments, which are sent in response to
received RST segments during the TCP connection setup phase.</p>
<h1>Impact:</h1>
<p>For each TCP SYN-ACK (or challenge TCP-ACK) segment sent over IPv6,
one byte of kernel memory is transmitted over the network.</p>
</body>
</description>
<references>
<cvename>CVE-2020-7451</cvename>
<freebsdsa>SA-20:04.tcp</freebsdsa>
</references>
<dates>
<discovery>2020-03-19</discovery>
<entry>2020-03-19</entry>
</dates>
</vuln>
<vuln vid="3d19c776-68e7-11ea-91db-0050562a4d7b">
<topic>www/py-bleach -- multiple vulnerabilities</topic>
<affects>
@ -489,7 +641,6 @@ compromised.</p>
<package>
<name>FreeBSD</name>
<range><ge>11.3</ge><lt>11.3_7</lt></range>
<range><ge>12.0</ge><lt>12.0_14</lt></range>
<range><ge>12.1</ge><lt>12.1_3</lt></range>
</package>
<package>
@ -503,7 +654,7 @@ compromised.</p>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>nwtine.org reports:</p>
<p>nwtime.org reports:</p>
<blockquote cite="https://support.ntp.org/bin/view/Main/SecurityNotice">
<p>Three ntp vulnerabilities, Depending on configuration, may have
little impact up to termination of the ntpd process.</p>
@ -531,7 +682,7 @@ compromised.</p>
</body>
</description>
<references>
<url>INSERT BLOCKQUOTE URL HERE</url>
<freebsdsa>SA-20:09.ntp</freebsdsa>
</references>
<dates>
<discovery>2019-05-30</discovery>