From nobody Thu Jan 30 04:02:43 2025
X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Yk52r0FqJz5lV4x;
	Thu, 30 Jan 2025 04:02:44 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4Yk52q5rBmz3vKN;
	Thu, 30 Jan 2025 04:02:43 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1738209763;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=t5gqphxWuEsQg5VX2YPMGuRpbNzSMxqWqlWubLIWCpk=;
	b=nCYyjTt+2pF6xuQQUYM6fph0SLhJ31uV7KVGuuJ99DGM2OsxQV74d00mYwFKdXtopcoD7u
	x+h/jWKo7orkBtKyJJFGNo3HYRmhax9ORF1ItVEJcISDym7hmVm2FN1hgTCe4+THLOPmBZ
	XiKTcUMlN7oXk8y534aWFZaFm/AHA+0MXFz1XGy7HKg7+Vfpr2kHuuyIu7O2h9r9UQ2vG8
	ZNwUKV1xqb2/GXGG/S/sQ60OffAcXBRZsbpFccnG17cNYm3Vp4RYcqOmU5AE1gvhBnIn8x
	2xr6E4/+tBTs0ajvzOtvpQ7ppl2ZgfcCjogkJXwuwtXVheERJW2eG9kwX5DcKA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1738209763;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=t5gqphxWuEsQg5VX2YPMGuRpbNzSMxqWqlWubLIWCpk=;
	b=Plp6ndnT61cxkt+J4OXSZdrtReOdcd9g8jG2Z4UeghY2hAGuhwuHucj6ALtupKJcZlKwMy
	42KQRCKC4LWV/LrKqvz8O/SdlN4MeD7r/mqDQ1EqGnIUGMzvKyZJQ8Zzsoqtc4hxe18Rrd
	W/1S8eCcmCy3EnOzim+5WzGX8LOxYF6cMmzj3h5dQIkirOVOpyhg0G6lltMONEL8uwvujf
	5lZwAtc6DhPG4vkGJlmNBkVmR1Plq0teiuBJ6pDc6KrkJaCj4SxqMqttVaiHAEVwvN7mh3
	vFgkzL98KEOygxAq6dKIwd00Y7zYhyUlFa73GH1/bGgNY502lU0kKHrmtYko/A==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1738209763; a=rsa-sha256; cv=none;
	b=FAxJDv0OHxldwpYBXVpE+FCoRzejcg0xZc8hYlHcDSKUuBMfejjfn+wzEotXaSnOQoULoL
	t4Zf8HYtX6uNJ4sDBd9s0557JAW76XcIFr7IK5/Ow0kIbxqJu2anwJMWkrn7KxA/X6zZFK
	PtU0jfbMBGGY9lMA4gvPE3t+eKSRQYcrdMlGyPF9+jsw8qzjiWU8DfhXbUQZ7wDLHRfTjl
	BHHXfnQvD/F8bUK8jiWlgpNfNdMNkDPvrdpJwQwIc9FRd3lwOyv+zQ0M4U8uA0nrkVtY49
	u6ovnC/hMqVmfzvfm30enLavYcqBaoE0jpJTYoGoGR2+dbHVtj/IguWrLYJ2bA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Yk52q5R0VzWgD;
	Thu, 30 Jan 2025 04:02:43 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 50U42hvB095156;
	Thu, 30 Jan 2025 04:02:43 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 50U42hgO095153;
	Thu, 30 Jan 2025 04:02:43 GMT
	(envelope-from git)
Date: Thu, 30 Jan 2025 04:02:43 GMT
Message-Id: <202501300402.50U42hgO095153@gitrepo.freebsd.org>
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org,
        dev-commits-ports-main@FreeBSD.org
From: Philip Paeps <philip@FreeBSD.org>
Subject: git: 327b7fac9bf6 - main - security/vuxml: add FreeBSD SAs
  issued on 2025-01-29
List-Id: Commit messages for all branches of the ports repository <dev-commits-ports-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all
List-Help: <mailto:dev-commits-ports-all+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-ports-all@freebsd.org
Sender: owner-dev-commits-ports-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: philip
X-Git-Repository: ports
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 327b7fac9bf6e3d47c38afc1e4dca6dad69e1fcc
Auto-Submitted: auto-generated

The branch main has been updated by philip:

URL: https://cgit.FreeBSD.org/ports/commit/?id=327b7fac9bf6e3d47c38afc1e4dca6dad69e1fcc

commit 327b7fac9bf6e3d47c38afc1e4dca6dad69e1fcc
Author:     Philip Paeps <philip@FreeBSD.org>
AuthorDate: 2025-01-30 04:02:20 +0000
Commit:     Philip Paeps <philip@FreeBSD.org>
CommitDate: 2025-01-30 04:02:20 +0000

    security/vuxml: add FreeBSD SAs issued on 2025-01-29
    
    FreeBSD-SA-25:01.openssh affects FreeBSD 14.1
    FreeBSD-SA-25:02.fs affects all supported versions of FreeBSD
    FreeBSD-SA-25:03.etcupdate affects all supported versions of FreeBSD
    FreeBSD-SA-25:04.ktrace affects FreeBSD 14.2
---
 security/vuxml/vuln/2025.xml | 138 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 138 insertions(+)

diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml
index 6d65b0a8170f..1206086935c9 100644
--- a/security/vuxml/vuln/2025.xml
+++ b/security/vuxml/vuln/2025.xml
@@ -1,3 +1,141 @@
+  <vuln vid="2830b374-debd-11ef-87ba-002590c1f29c">
+    <topic>FreeBSD -- Uninitialized kernel memory disclosure via ktrace(2)</topic>
+    <affects>
+      <package>
+	<name>FreeBSD-kernel</name>
+	<range><ge>14.2</ge><lt>14.2_1</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<h1>Problem Description:</h1>
+	<p>In some cases, the ktrace facility will log the contents of
+	kernel structures to userspace.  In one such case, ktrace dumps a
+	variable-sized sockaddr to userspace.  There, the full sockaddr is
+	copied, even when it is shorter than the full size.  This can result
+	in up to 14 uninitialized bytes of kernel memory being copied out
+	to userspace.</p>
+	<h1>Impact:</h1>
+	<p>It is possible for an unprivileged userspace program to leak
+	14 bytes of a kernel heap allocation to userspace.</p>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2025-0662</cvename>
+      <freebsdsa>SA-25:04.ktrace</freebsdsa>
+    </references>
+    <dates>
+      <discovery>2025-01-29</discovery>
+      <entry>2025-01-30</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="fa9ae646-debc-11ef-87ba-002590c1f29c">
+    <topic>FreeBSD -- Unprivileged access to system files</topic>
+    <affects>
+      <package>
+	<name>FreeBSD</name>
+	<range><ge>14.2</ge><lt>14.2_1</lt></range>
+	<range><ge>14.1</ge><lt>14.1_7</lt></range>
+	<range><ge>13.4</ge><lt>13.4_3</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<h1>Problem Description:</h1>
+	<p>When etcupdate encounters conflicts while merging files, it
+	saves a version containing conflict markers in /var/db/etcupdate/conflicts.
+	This version does not preserve the mode of the input file, and is
+	world-readable.  This applies to files that would normally have
+	restricted visibility, such as /etc/master.passwd.</p>
+	<h1>Impact:</h1>
+	<p>An unprivileged local user may be able to read encrypted root
+	and user passwords from the temporary master.passwd file created
+	in /var/db/etcupdate/conflicts.  This is possible only when conflicts
+	within the password file arise during an update, and the unprotected
+	file is deleted when conflicts are resolved.</p>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2025-0374</cvename>
+      <freebsdsa>SA-25:03.etcupdate</freebsdsa>
+    </references>
+    <dates>
+      <discovery>2025-01-29</discovery>
+      <entry>2025-01-30</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="ab0cbe3f-debc-11ef-87ba-002590c1f29c">
+    <topic>FreeBSD -- Buffer overflow in some filesystems via NFS</topic>
+    <affects>
+      <package>
+	<name>FreeBSD-kernel</name>
+	<range><ge>14.2</ge><lt>14.2_1</lt></range>
+	<range><ge>14.1</ge><lt>14.1_7</lt></range>
+	<range><ge>13.4</ge><lt>13.4_3</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<h1>Problem Description:</h1>
+	<p>In order to export a file system via NFS, the file system must
+	define a file system identifier (FID) for all exported files.  Each
+	FreeBSD file system implements operations to translate between FIDs
+	and vnodes, the kernel's in-memory representation of files.  These
+	operations are VOP_VPTOFH(9) and VFS_FHTOVP(9).</p>
+	<p>On 64-bit systems, the implementation of VOP_VPTOFH() in the
+	cd9660, tarfs and ext2fs filesystems overflows the destination FID
+	buffer by 4 bytes, a stack buffer overflow.</p>
+	<h1>Impact:</h1>
+	<p>A NFS server that exports a cd9660, tarfs, or ext2fs file system
+	can be made to panic by mounting and accessing the export with an
+	NFS client.  Further exploitation (e.g., bypassing file permission
+	checking or remote kernel code execution) is potentially possible,
+	though this has not been demonstrated.  In particular, release
+	kernels are compiled with stack protection enabled, and some instances
+	of the overflow are caught by this mechanism, causing a panic.</p>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2025-0373</cvename>
+      <freebsdsa>SA-25:02.fs</freebsdsa>
+    </references>
+    <dates>
+      <discovery>2025-01-29</discovery>
+      <entry>2025-01-30</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="69e19c0b-debc-11ef-87ba-002590c1f29c">
+    <topic>FreeBSD -- OpenSSH Keystroke Obfuscation Bypass</topic>
+    <affects>
+      <package>
+	<name>FreeBSD</name>
+	<range><ge>14.1</ge><lt>14.1_7</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<h1>Problem Description:</h1>
+	<p>A logic error in the ssh(1) ObscureKeystrokeTiming feature (on
+	by default) rendered this feature ineffective.</p>
+	<h1>Impact:</h1>
+	<p>A passive observer could detect which network packets contain
+	real keystrokes, and infer the specific characters being transmitted
+	from packet timing.</p>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2024-39894</cvename>
+      <freebsdsa>SA-25:01.openssh</freebsdsa>
+    </references>
+    <dates>
+      <discovery>2025-01-29</discovery>
+      <entry>2025-01-30</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="258a58a9-6583-4808-986b-e785c27b0a18">
     <topic>oauth2-proxy -- Non-linear parsing of case-insensitive content</topic>
     <affects>