deadsimple BSD Security Advisories and Announcements

[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-20:30.ftpd

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

=============================================================================
FreeBSD-SA-20:30.ftpd Security Advisory
The FreeBSD Project

Topic: ftpd privilege escalation via ftpchroot feature

Category: core
Module: ftpd
Announced: 2020-09-15
Credits: Anonymous working with Trend Micro Zero Day Initiative
Affects: All supported versions of FreeBSD.
Corrected: 2020-09-15 20:55:13 UTC (stable/12, 12.2-STABLE)
2020-09-15 21:47:44 UTC (releng/12.2, 12.2-BETA1-p1)
2020-09-15 21:47:44 UTC (releng/12.1, 12.1-RELEASE-p10)
2020-09-15 20:56:14 UTC

(Read more...)

[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-20:29.bhyve_svm

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

=============================================================================
FreeBSD-SA-20:29.bhyve_svm Security Advisory
The FreeBSD Project

Topic: bhyve SVM guest escape

Category: core
Module: bhyve
Announced: 2020-09-15
Credits: Maxime Villard
Affects: All supported versions of FreeBSD.
Corrected: 2020-09-15 20:25:30 UTC (stable/12, 12.2-STABLE)
2020-09-15 21:46:39 UTC (releng/12.2, 12.2-BETA1-p1)
2020-09-15 21:46:39 UTC (releng/12.1, 12.1-RELEASE-p10)
2020-09-15 20:26:31 UTC (stable/11, 11.4-STABLE)
2020-09-15 21:46:39 UTC (releng/11.4, 11.4-RELEASE-p4)
2020-09-15

(Read more...)

[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-20:28.bhyve_vmcs

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

=============================================================================
FreeBSD-SA-20:28.bhyve_vmcs Security Advisory
The FreeBSD Project

Topic: bhyve privilege escalation via VMCS access

Category: core
Module: bhyve
Announced: 2020-09-15
Credits: Patrick Mooney
Affects: All supported versions of FreeBSD.
Corrected: 2020-09-15 21:28:47 UTC (stable/12, 12.2-STABLE)
2020-09-15 21:43:41 UTC (releng/12.2, 12.2-BETA1-p1)
2020-09-15 21:43:41 UTC (releng/12.1, 12.1-RELEASE-p10)
2020-09-15 21:28:47 UTC (stable/11, 11.4-STABLE)
2020-09-15 21:43:41 UTC (releng/11.4,

(Read more...)

[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-20:27.ure

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

=============================================================================
FreeBSD-SA-20:27.ure Security Advisory
The FreeBSD Project

Topic: ure device driver susceptible to packet-in-packet attack

Category: core
Module: ure
Announced: 2020-09-15
Credits: John-Mark Gurney
Affects: All supported versions of FreeBSD.
Corrected: 2020-09-14 19:39:43 UTC (stable/12, 12.2-STABLE)
2020-09-15 21:42:05 UTC (releng/12.2, 12.2-BETA1-p1)
2020-09-15 21:42:05 UTC (releng/12.1, 12.1-RELEASE-p10)
2020-09-15 00:22:30 UTC (stable/11, 11.4-STABLE)
2020-09-15 21:42:05 UTC

(Read more...)