Multiple advisories
3 September, 2020 by luke@foolishgames.com | midnightbsd
Yesterday, there were multiple advisories affecting MidnightBSD 1.2.x and current. First, the two directly reported to the project, and the CVEs are registered for MidnightBSD: CVE-2020-24863 http://www.midnightbsd.org/security/adv/MIDNIGHTBSD-SA-20:01.txt CVE-2020-24385 http://www.midnightbsd.org/security/adv/MIDNIGHTBSD-SA-20:02.txt Additionally, FreeBSD put out several yesterday that also affect MidnightBSD: dhclient - From FreeBSD advisory for CVE-2020-7461 When parsing option 119 data, dhclient(8) computes the uncompressed domain list length so that it can allocate an appropriately sized buffer to store the uncompressed list. The code to compute the length failed to handle certain malformed input, resulting in a heap overflow when the uncompressed list is copied into in inadequately sized buffer. sctp CVE-2020-7463 - Triggering the use-after-free situation may result in unintended kernel behaviour including a kernel panic. IPv6 Hop-by-Hop options use-after-free bug CVE-2020-7462 - Due to improper mbuf handling in the kernel, a use-after-free bug might be triggered by sending IPv6 Hop-by-Hop options over the loopback interface. Two of these have been patched in the stable/1.2 branch and are present in 1.2.8. The remaining have been patched in current (at the time of release was still 1.3-CURRENT, now 2.0-CURRENT) Lucas Holt Luke@FoolishGames.com ________________________________________________________ MidnightBSD.org (Free OS) JustJournal.com (Free blogging) _______________________________________________ Midnightbsd-security mailing list Midnightbsd-security@midnightbsd.org http://www.midnightbsd.org/mailman/listinfo/midnightbsd-security