diff options
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln/2025.xml | 71 | ||||
| -rw-r--r-- | security/xray-core/Makefile | 1 | ||||
| -rw-r--r-- | security/xray-core/files/xray.in | 3 |
3 files changed, 74 insertions, 1 deletions
diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml index 3e5428cd52a1..3fa157e87559 100644 --- a/security/vuxml/vuln/2025.xml +++ b/security/vuxml/vuln/2025.xml @@ -1,3 +1,74 @@ + <vuln vid="dc7e30db-de67-11f0-b893-5404a68ad561"> + <topic>traefik -- Inverted TLS Verification Logic in Kubernetes NGINX Provider</topic> + <affects> +<package> +<name>traefik</name> +<range><lt>3.6.3</lt></range> +</package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The traefik project reports:</p> + <blockquote cite="https://github.com/traefik/traefik/security/advisories/GHSA-7vww-mvcr-x6vj"> + <p> + There is a potential vulnerability in Traefik NGINX + provider managing the + nginx.ingress.kubernetes.io/proxy-ssl-verify annotation. + The provider inverts the semantics of the + nginx.ingress.kubernetes.io/proxy-ssl-verify annotation. + Setting the annotation to "on" (intending to enable + backend TLS certificate verification) actually disables + verification, allowing man-in-the-middle attacks against + HTTPS backends when operators believe they are + protected. + </p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-66491</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-66491</url> + </references> + <dates> + <discovery>2025-12-08</discovery> + <entry>2025-12-21</entry> + </dates> + </vuln> + + <vuln vid="91b9790e-de65-11f0-b893-5404a68ad561"> + <topic>traefik -- Bypassing security controls via special characters</topic> + <affects> +<package> +<name>traefik</name> +<range><lt>3.6.3</lt></range> +</package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The traefik project reports:</p> + <blockquote cite="https://github.com/traefik/traefik/security/advisories/GHSA-gm3x-23wp-hc2c"> + <p>There is a potential vulnerability in Traefik managing + the requests using a PathPrefix, Path or PathRegex + matcher. + When Traefik is configured to route the requests to a + backend using a matcher based on the path; if the + request path contains an encoded restricted character + from the following set ('/', '', 'Null', ';', '?', '#'), + it is possible to target a backend, exposed using + another router, by-passing the middlewares chain.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-66490</cvename> + <url>https://nvd.nist.gov/vuln/detail/CVE-2025-66490</url> + </references> + <dates> + <discovery>2025-12-08</discovery> + <entry>2025-12-21</entry> + </dates> + </vuln> + <vuln vid="c32cb4b7-ddcb-11f0-902c-b42e991fc52e"> <topic>smb4k -- Critical vulnerabilities in Mount Helper</topic> <affects> diff --git a/security/xray-core/Makefile b/security/xray-core/Makefile index 8874c68da3a4..744509ed5a3c 100644 --- a/security/xray-core/Makefile +++ b/security/xray-core/Makefile @@ -1,6 +1,7 @@ PORTNAME= xray-core DISTVERSIONPREFIX= v DISTVERSION= 25.12.8 +PORTREVISION= 1 CATEGORIES= security MASTER_SITES= https://github.com/v2fly/geoip/releases/download/202512050148/:geoip \ https://github.com/v2fly/domain-list-community/releases/download/20251212112114/:geosite diff --git a/security/xray-core/files/xray.in b/security/xray-core/files/xray.in index 87516c9759d0..18c9beeb4f5c 100644 --- a/security/xray-core/files/xray.in +++ b/security/xray-core/files/xray.in @@ -20,6 +20,8 @@ name="xray" rcvar="xray_enable" +load_rc_config "$name" + : ${xray_enable="NO"} : ${xray_config="%%PREFIX%%/etc/${name}-core"} : ${xray_logdir="/var/log/${name}-core"} @@ -43,5 +45,4 @@ xray_startprecmd() { chown -R ${xray_user}:${xray_group} "${xray_logdir}" } -load_rc_config "$name" run_rc_command "$1" |