BSD Link Roundup 2.20

Here is February’s long link list of security warnings, drivers, software, blogs, insights, and discussions on getting BSD to work on various hardware. Enjoy and happy BSDing!

KDE FreeBSD updates (february 2020)  via bobulate

RCE in OpenSMTPD library impacts BSD and Linux distros via ZDNet

FreeBSD Display Driver 440.59 2020.2.3 – x64 via NVIDIA

CWE-119 – Improper Restriction of Operations within the Bounds of a Memory Buffer via CyberSecurity-Help

CWE-254 – Security Features via CyberSecurity-Help

CWE-200 – Information Exposure via CyberSecurity-Help

FreeBSD : sudo — Potential bypass of Runas user restrictions (b4e5f782-442d-11ea-9ba9-206a8a720317) via Tenable

FreeBSD : libssh — Unsanitized location in scp could lead to unwanted command execution (1e7fa41b-f6ca-4fe8-bd46-0e176b42b14f) via Tenable

FreeBSD : Gitlab — Multiple Vulnerabilities (c5bd9068-440f-11ea-9cdb-001b217b3468) via Tenable

FreeBSD : Django — potential SQL injection vulnerability (5a45649a-4777-11ea-bdec-08002728f74c) via Tenable

FreeBSD : clamav — Denial-of-Service (DoS) vulnerability (e7bc2b99-485a-11ea-bff9-9c5c8e75236a) via Tenable

FreeBSD : ksh93 — certain environment variables interpreted as arithmetic expressions on startup, leading to code injection (8b20d716-49df-11ea-9f7b-206a8a720317) via Tenable

FreeBSD : libexif — privilege escalation (00f30cba-4d23-11ea-86ba-641c67a117d8) via Tenable

FreeBSD : Flash Player — arbitrary code execution (d460b640-4cdf-11ea-a59e-6451062f0f7a) via Tenable

CVE-2020-7450 via Tenable

FreeBSD : FreeBSD — kernel stack data disclosure (6025d173-4279-11ea-b184-f8b156ac3ff9) via Tenable

FreeBSD : dovecot — multiple vulnerabilities (74db0d02-b140-4c32-aac6-1f1e81e1ad30) via Tenable

FreeBSD : FreeBSD — libfetch buffer overflow (22b41bc5-4279-11ea-b184-f8b156ac3ff9) via Tenable

CVE-2019-5613 via Tenable

CVE-2019-15875 via Tenable

FreeBSD up to 12.0-RELEASE-p12 IPsec Packet Processor privilege escalation via VulDB

FreeBSD Security Advisory FreeBSD-SA-20:01.libfetch via FreeBSD-Announce

FreeBSD Security Advisory FreeBSD-SA-20:03.thrmisc via FreeBSD-Announce

Vulnerability of FreeBSD: privilege escalation via IPsec Replay Window Packet Injection via Vigil@nce

Vulnerability of FreeBSD: information disclosure via Core Dump Thrmisc Data Structure via Vigil@nce

FreeBSD: VID-C5BD9068-440F-11EA-9CDB-001B217B3468 (CVE-2019-18978): Gitlab — Multiple Vulnerabilities via Rapid7

FreeBSD: VID-08F5C27D-4326-11EA-AF8B-00155D0A0200 (CVE-2020-7247): OpenSMTPd — critical LPE / RCE vulnerability via Rapid7

FreeBSD: VID-A250539D-D1D4-4591-AFD3-C8BDFAC335D8 (CVE-2020-2101): jenkins — multiple vulnerabilities via Rapid7

grub2-bhyve — multiple privilege escalations via VuXML

Qt-Powered Lumina Desktop 1.6 Released For BSD/Linux Systems via Phoronix

The first FreeBSD conference in Australia (FreeBSD mini conf) via rubenerd

Choosing between OpenBSD and FreeBSD via unixsheikh

Insights into Why Hyperbola GNU/Linux is Turning into Hyperbola BSD via ItsFoss