deadsimple BSD Security Advisories and Announcements

Multiple advisories

Yesterday, there were multiple advisories affecting MidnightBSD 1.2.x and current.  

First, the two directly reported to the project, and the CVEs are registered for MidnightBSD: 



Additionally, FreeBSD put out several yesterday that also affect MidnightBSD:

dhclient - From FreeBSD advisory for CVE-2020-7461
When parsing option 119 data, dhclient(8) computes the uncompressed domain list length so that it can allocate an appropriately sized buffer to store the uncompressed list. The code to compute the length failed to handle certain malformed input, resulting in a heap overflow when the uncompressed list is copied into in inadequately sized buffer.

sctp CVE-2020-7463 - Triggering the use-after-free situation may result in unintended kernel behaviour including a kernel panic.

IPv6 Hop-by-Hop options use-after-free bug CVE-2020-7462 - Due to improper mbuf handling in the kernel, a use-after-free bug might be triggered by sending IPv6 Hop-by-Hop options over the loopback interface.

Two of these have been patched in the stable/1.2 branch and are present in 1.2.8.  The remaining have been patched in current (at the time of release was still 1.3-CURRENT, now 2.0-CURRENT) 

Lucas Holt
________________________________________________________ (Free OS) (Free blogging)

Midnightbsd-security mailing list