|
Lines 58-63
Link Here
|
| 58 |
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.) |
58 |
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.) |
| 59 |
--> |
59 |
--> |
| 60 |
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> |
60 |
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> |
|
|
61 |
<vuln vid="6025d173-4279-11ea-b184-f8b156ac3ff9"> |
| 62 |
<topic>FreeBSD -- kernel stack data disclosure</topic> |
| 63 |
<affects> |
| 64 |
<package> |
| 65 |
<name>FreeBSD-kernel</name> |
| 66 |
<range><ge>12.1</ge><lt>12.1_2</lt></range> |
| 67 |
<range><ge>12.0</ge><lt>12.0_13</lt></range> |
| 68 |
<range><ge>11.3</ge><lt>11.3_6</lt></range> |
| 69 |
</package> |
| 70 |
</affects> |
| 71 |
<description> |
| 72 |
<body xmlns="http://www.w3.org/1999/xhtml"> |
| 73 |
<h1>Problem Description:</h1> |
| 74 |
<p>Due to incorrect initialization of a stack data structure, up to 20 |
| 75 |
bytes of kernel data stored previously stored on the stack will be |
| 76 |
exposed to a crashing user process.</p> |
| 77 |
<h1>Impact:</h1> |
| 78 |
<p>Sensitive kernel data may be disclosed.</p> |
| 79 |
</body> |
| 80 |
</description> |
| 81 |
<references> |
| 82 |
<cvename>CVE-2019-15875</cvename> |
| 83 |
<freebsdsa>SA-20:03.thrmisc</freebsdsa> |
| 84 |
</references> |
| 85 |
<dates> |
| 86 |
<discovery>2020-01-28</discovery> |
| 87 |
<entry>2020-01-29</entry> |
| 88 |
</dates> |
| 89 |
</vuln> |
| 90 |
|
| 91 |
<vuln vid="5797c807-4279-11ea-b184-f8b156ac3ff9"> |
| 92 |
<topic>FreeBSD -- Missing IPsec anti-replay window check</topic> |
| 93 |
<affects> |
| 94 |
<package> |
| 95 |
<name>FreeBSD-kernel</name> |
| 96 |
<range><ge>12.0</ge><lt>12.0_13</lt></range> |
| 97 |
</package> |
| 98 |
</affects> |
| 99 |
<description> |
| 100 |
<body xmlns="http://www.w3.org/1999/xhtml"> |
| 101 |
<h1>Problem Description:</h1> |
| 102 |
<p>A missing check means that an attacker can reinject an old packet and |
| 103 |
it will be accepted and processed by the IPsec endpoint.</p> |
| 104 |
<h1>Impact:</h1> |
| 105 |
<p>The impact depends on the higher-level protocols in use over IPsec. |
| 106 |
For example, an attacker who can capture and inject packets could |
| 107 |
cause an action that was intentionally performed once to be repeated.</p> |
| 108 |
</body> |
| 109 |
</description> |
| 110 |
<references> |
| 111 |
<cvename>CVE-2019-5613</cvename> |
| 112 |
<freebsdsa>SA-20:02.ipsec</freebsdsa> |
| 113 |
</references> |
| 114 |
<dates> |
| 115 |
<discovery>2020-01-28</discovery> |
| 116 |
<entry>2020-01-29</entry> |
| 117 |
</dates> |
| 118 |
</vuln> |
| 119 |
|
| 120 |
<vuln vid="22b41bc5-4279-11ea-b184-f8b156ac3ff9"> |
| 121 |
<topic>FreeBSD -- libfetch buffer overflow</topic> |
| 122 |
<affects> |
| 123 |
<package> |
| 124 |
<name>FreeBSD</name> |
| 125 |
<range><ge>12.1</ge><lt>12.1_2</lt></range> |
| 126 |
<range><ge>12.0</ge><lt>12.0_13</lt></range> |
| 127 |
<range><ge>11.3</ge><lt>11.3_6</lt></range> |
| 128 |
</package> |
| 129 |
</affects> |
| 130 |
<description> |
| 131 |
<body xmlns="http://www.w3.org/1999/xhtml"> |
| 132 |
<h1>Problem Description:</h1> |
| 133 |
<p>A programming error allows an attacker who can specify a URL with a |
| 134 |
username and/or password components to overflow libfetch(3) buffers.</p> |
| 135 |
<h1>Impact:</h1> |
| 136 |
<p>An attacker in control of the URL to be fetched (possibly via HTTP |
| 137 |
redirect) may cause a heap buffer overflow, resulting in program |
| 138 |
misbehavior or malicious code execution.</p> |
| 139 |
</body> |
| 140 |
</description> |
| 141 |
<references> |
| 142 |
<cvename>CVE-2020-7450</cvename> |
| 143 |
<freebsdsa>SA-20:01.libfetch</freebsdsa> |
| 144 |
</references> |
| 145 |
<dates> |
| 146 |
<discovery>2020-01-28</discovery> |
| 147 |
<entry>2020-01-29</entry> |
| 148 |
</dates> |
| 149 |
</vuln> |
| 150 |
|
| 61 |
<vuln vid="5f0dd349-40a2-11ea-8d8c-005056a311d1"> |
151 |
<vuln vid="5f0dd349-40a2-11ea-8d8c-005056a311d1"> |
| 62 |
<topic>samba -- multiple vulnerabilities</topic> |
152 |
<topic>samba -- multiple vulnerabilities</topic> |
| 63 |
<affects> |
153 |
<affects> |