Day: July 8, 2020

[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-20:19.unbound

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

=============================================================================
FreeBSD-SA-20:19.unbound Security Advisory
The FreeBSD Project

Topic: Multiple vulnerabilities in unbound

Category: contrib
Module: unbound
Announced: 2020-07-08
Affects: All supported versions of FreeBSD.
Corrected: 2020-05-24 16:47:27 UTC (stable/12, 12.1-STABLE)
2020-07-08 20:25:06 UTC (releng/12.1, 12.1-RELEASE-p7)
2020-05-24 11:47:27 UTC (stable/11, 11.4-STABLE)
2020-07-08 20:22:38 UTC (releng/11.4, 11.4-RELEASE-p1)
2020-07-08 20:20:59 UTC (releng/11.3, 11.3-RELEASE-p11)
CVE Name: CVE-2020-12662, CVE-2020-12663

(Read more...)

[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-20:20.ipv6

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

=============================================================================
FreeBSD-SA-20:20.ipv6 Security Advisory
The FreeBSD Project

Topic: IPv6 socket option race condition and use after free

Category: core
Module: network
Announced: 2020-07-08
Credits: syzkaller, Andy Nguyen
Affects: All supported versions of FreeBSD.
Corrected: 2020-04-02 15:30:51 UTC (stable/12, 12.1-STABLE)
2020-07-08 20:11:40 UTC (releng/12.1, 12.1-RELEASE-p7)
2020-07-06 20:23:14 UTC (stable/11, 11.4-STABLE)
2020-07-08 20:11:40 UTC (releng/11.4, 11.4-RELEASE-p1)

(Read more...)

[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-20:18.posix_spawnp

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

=============================================================================
FreeBSD-SA-20:18.posix_spawnp Security Advisory
The FreeBSD Project

Topic: posix_spawnp(3) buffer overflow

Category: core
Module: libc
Announced: 2020-07-08
Credits: Andrew Gierth
Affects: FreeBSD 11.4
Corrected: 2020-06-17 16:22:08 UTC (stable/12, 12.1-STABLE)
2020-06-17 16:22:08 UTC (stable/11, 11.4-STABLE)
2020-07-08 20:08:05 UTC (releng/11.4, 11.4-RELEASE-p1)
CVE Name: CVE-2020-7458

Note: This vulnerability was introduced after the release of FreeBSD 11.3 and

(Read more...)

[FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-20:14.linuxkpi

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

=============================================================================
FreeBSD-EN-20:14.linuxkpi Errata Notice
The FreeBSD Project

Topic: Kernel panic in LinuxKPI subsystem

Category: core
Module: linuxkpi
Announced: 2020-07-08
Affects: FreeBSD 12.1 and 11.3
Corrected: 2020-01-22 00:30:27 UTC (stable/12, 12.1-STABLE)
2020-07-08 19:57:24 UTC (releng/12.1, 12.1-RELEASE-p7)
2020-01-22 15:51:24 UTC (stable/11, 11.3-STABLE)
2020-07-08 19:57:24 UTC (releng/11.3, 11.3-RELEASE-p11)

Note: FreeBSD 11.4 was branched after the original commit

(Read more...)

[FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-20:15.mps

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

=============================================================================
FreeBSD-EN-20:15.mps Errata Notice
The FreeBSD Project

Topic: Kernel panic in mps(4) driver

Category: core
Module: mps
Announced: 2020-07-08
Affects: All supported version of FreeBSD.
Corrected: 2020-06-11 14:48:20 UTC (stable/12, 12.1-STABLE)
2020-07-08 19:58:00 UTC (releng/12.1, 12.1-RELEASE-p7)
2020-06-11 14:49:38 UTC (stable/11, 11.4-STABLE)
2020-07-08 19:58:00 UTC (releng/11.4, 11.4-RELEASE-p1)
2020-07-08 19:58:00 UTC (releng/11.3, 11.3-RELEASE-p11)

For general information

(Read more...)

[FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-20:13.bhyve

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

=============================================================================
FreeBSD-EN-20:13.bhyve Errata Notice
The FreeBSD Project

Topic: Host crash in bhyve with PCI device passthrough

Category: core
Module: bhyve
Announced: 2020-07-08
Credits: Peter Grehan
Affects: FreeBSD 12.1
Corrected: 2020-06-01 05:14:01 UTC (stable/12, 12.1-STABLE)
2020-07-08 19:56:34 UTC (releng/12.1, 12.1-RELEASE-p7)

For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields

(Read more...)

Games still go

I am entertained by the notion that adventure(6), backgammon(6), battlestar(6), hack(6) and trek(6) can still get updates.  I did not know, incidentally, that sendmail and trek share an author.