svn commit: r535002 - head/security/vuxml
Gordon Tetlow
gordon at FreeBSD.org
Tue May 12 18:37:03 UTC 2020
Author: gordon (src committer)
Date: Tue May 12 18:37:02 2020
New Revision: 535002
URL: https://svnweb.freebsd.org/changeset/ports/535002
Log:
Add data for today's SA batch.
Approved by: so
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Tue May 12 18:15:06 2020 (r535001)
+++ head/security/vuxml/vuln.xml Tue May 12 18:37:02 2020 (r535002)
@@ -58,6 +58,160 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="0bfcae0b-947f-11ea-92ab-00163e433440">
+ <topic>FreeBSD -- Insufficient cryptodev MAC key length check</topic>
+ <affects>
+ <package>
+ <name>FreeBSD-kernel</name>
+ <range><ge>12.1</ge><lt>12.1_5</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>Requests to create cryptography sessions using a MAC did not validate the
+ user-supplied MAC key length. The cryptodev module allocates a buffer whose
+ size is this user-suppled length.</p>
+ <h1>Impact:</h1>
+ <p>An unprivileged process can trigger a kernel panic.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2019-15879</cvename>
+ <freebsdsa>SA-20:15.cryptodev</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2020-01-20</discovery>
+ <entry>2020-05-12</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="9f15c2da-947e-11ea-92ab-00163e433440">
+ <topic>FreeBSD -- Use after free in cryptodev module</topic>
+ <affects>
+ <package>
+ <name>FreeBSD-kernel</name>
+ <range><ge>12.1</ge><lt>12.1_5</lt></range>
+ <range><ge>11.3</ge><lt>11.3_9</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>A race condition permitted a data structure in the kernel to be used
+ after it was freed by the cryptodev module.</p>
+ <h1>Impact:</h1>
+ <p>An unprivileged process can overwrite arbitrary kernel memory.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2019-15879</cvename>
+ <freebsdsa>SA-20:15.cryptodev</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2020-01-20</discovery>
+ <entry>2020-05-12</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="253486f5-947d-11ea-92ab-00163e433440">
+ <topic>FreeBSD -- Improper checking in SCTP-AUTH shared key update</topic>
+ <affects>
+ <package>
+ <name>FreeBSD-kernel</name>
+ <range><ge>11.3</ge><lt>11.3_9</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>The SCTP layer does improper checking when an application tries to update
+ a shared key. Therefore an unprivileged local user can trigger a use-after-
+ free situation, for example by specific sequences of updating shared keys and
+ closing the SCTP association.</p>
+ <h1>Impact:</h1>
+ <p>Triggering the use-after-free situation may result in unintended kernel
+ behaviour including a kernel panic.</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2019-15878</cvename>
+ <freebsdsa>SA-20:14.sctp</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2019-09-19</discovery>
+ <entry>2020-05-12</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="78992249-947c-11ea-92ab-00163e433440">
+ <topic>FreeBSD -- Memory disclosure vulnerability in libalias</topic>
+ <affects>
+ <package>
+ <name>FreeBSD-kernel</name>
+ <range><ge>12.1</ge><lt>12.1_5</lt></range>
+ <range><ge>11.4</ge><lt>11.4_1</lt></range>
+ <range><ge>11.3</ge><lt>11.3_9</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>The FTP packet handler in libalias incorrectly calculates some packet
+ lengths. This may result in disclosing small amounts of memory from the
+ kernel (for the in-kernel NAT implementation) or from the process space for
+ natd (for the userspace implementation).</p>
+ <h1>Impact:</h1>
+ <p>A malicious attacker could send specially constructed packets that exploit the
+ erroneous calculation allowing the attacker to disclose small amount of memory
+ either from the kernel (for the in-kernel NAT implementation) or from the
+ process space for natd (for the userspace implementation).</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2020-7455</cvename>
+ <freebsdsa>SA-20:13.libalias</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2020-05-12</discovery>
+ <entry>2020-05-12</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="30ce591c-947b-11ea-92ab-00163e433440">
+ <topic>FreeBSD -- Insufficient packet length validation in libalias</topic>
+ <affects>
+ <package>
+ <name>FreeBSD-kernel</name>
+ <range><ge>12.1</ge><lt>12.1_5</lt></range>
+ <range><ge>11.4</ge><lt>11.4_1</lt></range>
+ <range><ge>11.3</ge><lt>11.3_9</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>libalias(3) packet handlers do not properly validate the packet length before
+ accessing the protocol headers. As a result, if a libalias(3) module does
+ not properly validate the packet length before accessing the protocol header,
+ it is possible for an out of bound read or write condition to occur.</p>
+ <h1>Impact:</h1>
+ <p>A malicious attacker could send specially constructed packets that exploit
+ the lack of validation allowing the attacker to read or write memory either
+ from the kernel (for the in-kernel NAT implementation) or from the process
+ space for natd (for the userspace implementation).</p>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2020-7454</cvename>
+ <freebsdsa>SA-20:12.libalias</freebsdsa>
+ </references>
+ <dates>
+ <discovery>2020-05-12</discovery>
+ <entry>2020-05-12</entry>
+ </dates>
+ </vuln>
+
<vuln vid="452d16bb-920d-11ea-9d20-18a6f7016652">
<topic>qutebrowser -- Reloading page with certificate errors shows a green URL</topic>
<affects>
More information about the svn-ports-all
mailing list