diff options
| author | Philip Paeps <philip@FreeBSD.org> | 2025-12-17 09:43:45 +0800 |
|---|---|---|
| committer | Philip Paeps <philip@FreeBSD.org> | 2025-12-17 09:43:45 +0800 |
| commit | de60c20fa79bd41465dd373f777c0e37df0cf7ca (patch) | |
| tree | bb2d56837fb32ff45775c7d1e50226ff5985d8b2 | |
| parent | astro/stellarium: Bump PORTREVISION. devel/indi was updated to 2.1.7 (diff) | |
security/vuxml: add FreeBSD SAs issued on 2025-12-17
FreeBSD-SA-25:11.ipfw affects FreeBSD 13.5 and FreeBSD 14.3
FreeBSD-SA-25:12.rtsold affects all supported versions of FreeBSD
| -rw-r--r-- | security/vuxml/vuln/2025.xml | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml index a93382a51d76..5e142e5d9e79 100644 --- a/security/vuxml/vuln/2025.xml +++ b/security/vuxml/vuln/2025.xml @@ -1,3 +1,73 @@ + <vuln vid="6c9318c7-dae9-11f0-80b8-bc241121aa0a"> + <topic>FreeBSD -- Remote code execution via ND6 Router Advertisements</topic> + <affects> + <package> + <name>FreeBSD</name> + <range><ge>15.0</ge><lt>15.0_1</lt></range> + <range><ge>14.3</ge><lt>14.3_7</lt></range> + <range><ge>13.5</ge><lt>13.5_8</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Problem Description:</h1> + <p>The rtsol(8) and rtsold(8) programs do not validate the domain + search list options provided in router advertisement messages; the + option body is passed to resolvconf(8) unmodified.</p> + <p>resolvconf(8) is a shell script which does not validate its input. + A lack of quoting meant that shell commands pass as input to + resolvconf(8) may be executed.</p> + <h1>Impact:</h1> + <p>Systems running rtsol(8) or rtsold(8) are vulnerable to remote + code execution from systems on the same network segment. In + particular, router advertisement messages are not routable and + should be dropped by routers, so the attack does not cross network + boundaries.</p> + </body> + </description> + <references> + <cvename>CVE-2025-14558</cvename> + <freebsdsa>SA-25:12.rtsold</freebsdsa> + </references> + <dates> + <discovery>2025-12-16</discovery> + <entry>2025-12-17</entry> + </dates> + </vuln> + + <vuln vid="0b22e22a-dae9-11f0-80b8-bc241121aa0a"> + <topic>FreeBSD -- ipfw denial of service</topic> + <affects> + <package> + <name>FreeBSD-kernel</name> + <range><ge>15.0</ge><lt>15.0_1</lt></range> + <range><ge>14.3</ge><lt>14.3_7</lt></range> + <range><ge>13.5</ge><lt>13.5_8</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Problem Description:</h1> + <p>In some cases, the `tcp-setmss` handler may free the packet + data and throw an error without halting the rule processing engine. + A subsequent rule can then allow the traffic after the packet data + is gone, resulting in a NULL pointer dereference.</p> + <h1>Impact:</h1> + <p>Maliciously crafted packets sent from a remote host may result + in a Denial of Service (DoS) if the `tcp-setmss` directive is used + and a subsequent rule would allow the traffic to pass.</p> + </body> + </description> + <references> + <cvename>CVE-2025-14769</cvename> + <freebsdsa>SA-25:11.ipfw</freebsdsa> + </references> + <dates> + <discovery>2025-12-16</discovery> + <entry>2025-12-17</entry> + </dates> + </vuln> + <vuln vid="3a59024c-d8cf-11f0-af8c-8447094a420f"> <topic>Roundcube -- Multiple vulnerabilities</topic> <affects> |