Here is February’s long link list of security warnings, drivers, software, blogs, insights, and discussions on getting BSD to work on various hardware. Enjoy and happy BSDing!

KDE FreeBSD updates (february 2020)  via bobulate

RCE in OpenSMTPD library impacts BSD and Linux distros via ZDNet

FreeBSD Display Driver 440.59 2020.2.3 – x64 via NVIDIA

CWE-119 – Improper Restriction of Operations within the Bounds of a Memory Buffer via CyberSecurity-Help

CWE-254 – Security Features via CyberSecurity-Help

CWE-200 – Information Exposure via CyberSecurity-Help

FreeBSD : sudo — Potential bypass of Runas user restrictions (b4e5f782-442d-11ea-9ba9-206a8a720317) via Tenable

FreeBSD : libssh — Unsanitized location in scp could lead to unwanted command execution (1e7fa41b-f6ca-4fe8-bd46-0e176b42b14f) via Tenable

FreeBSD : Gitlab — Multiple Vulnerabilities (c5bd9068-440f-11ea-9cdb-001b217b3468) via Tenable

FreeBSD : Django — potential SQL injection vulnerability (5a45649a-4777-11ea-bdec-08002728f74c) via Tenable

FreeBSD : clamav — Denial-of-Service (DoS) vulnerability (e7bc2b99-485a-11ea-bff9-9c5c8e75236a) via Tenable

FreeBSD : ksh93 — certain environment variables interpreted as arithmetic expressions on startup, leading to code injection (8b20d716-49df-11ea-9f7b-206a8a720317) via Tenable

FreeBSD : libexif — privilege escalation (00f30cba-4d23-11ea-86ba-641c67a117d8) via Tenable

FreeBSD : Flash Player — arbitrary code execution (d460b640-4cdf-11ea-a59e-6451062f0f7a) via Tenable

CVE-2020-7450 via Tenable

FreeBSD : FreeBSD — kernel stack data disclosure (6025d173-4279-11ea-b184-f8b156ac3ff9) via Tenable

FreeBSD : dovecot — multiple vulnerabilities (74db0d02-b140-4c32-aac6-1f1e81e1ad30) via Tenable

FreeBSD : FreeBSD — libfetch buffer overflow (22b41bc5-4279-11ea-b184-f8b156ac3ff9) via Tenable

CVE-2019-5613 via Tenable

CVE-2019-15875 via Tenable

FreeBSD up to 12.0-RELEASE-p12 IPsec Packet Processor privilege escalation via VulDB

FreeBSD Security Advisory FreeBSD-SA-20:01.libfetch via FreeBSD-Announce

FreeBSD Security Advisory FreeBSD-SA-20:03.thrmisc via FreeBSD-Announce

Vulnerability of FreeBSD: privilege escalation via IPsec Replay Window Packet Injection via Vigil@nce

Vulnerability of FreeBSD: information disclosure via Core Dump Thrmisc Data Structure via Vigil@nce

FreeBSD: VID-C5BD9068-440F-11EA-9CDB-001B217B3468 (CVE-2019-18978): Gitlab — Multiple Vulnerabilities via Rapid7

FreeBSD: VID-08F5C27D-4326-11EA-AF8B-00155D0A0200 (CVE-2020-7247): OpenSMTPd — critical LPE / RCE vulnerability via Rapid7

FreeBSD: VID-A250539D-D1D4-4591-AFD3-C8BDFAC335D8 (CVE-2020-2101): jenkins — multiple vulnerabilities via Rapid7

grub2-bhyve — multiple privilege escalations via VuXML

Qt-Powered Lumina Desktop 1.6 Released For BSD/Linux Systems via Phoronix

The first FreeBSD conference in Australia (FreeBSD mini conf) via rubenerd

Choosing between OpenBSD and FreeBSD via unixsheikh

Insights into Why Hyperbola GNU/Linux is Turning into Hyperbola BSD via ItsFoss

CVE-2020-7247 RCE flaw in OpenSMTPD library affects many BSD and Linux distros

Building FreeBSD File Server

Finally got around to installing FreeBSD on an old machine. I’m now using it as a simple git server :) from freebsd

Is freebsd/bsd right for me? from freebsd

Torn between OpenBSD and FreeBSD from freebsd

What is the state of Vulkan support on FreeBSD? from freebsd

What are the technical differences between Linux, BSD and others? from linux

How can I use FreeBSD as my daily driver? from freebsd

Interested in FreeBSD from freebsd

ThinkPad T480 is my new main laptop which runs FreeBSD from freebsd

 

Netgate sponsoring FreeBSD in-kernel Wireguard work from PFSENSE

Good CPU benchmarks for FreeBSD? from freebsd