security/vuxml: sync with upstream

Taken from: FreeBSD
2025-02-06 12:46:38 +01:00 · 2025-02-06 12:46:38 +01:00 · d6bfd6ee75
commit d6bfd6ee75
parent 999ea232fe
1 changed files with 312 additions and 2 deletions
--- a/security/vuxml/vuln/2025.xml
+++ b/security/vuxml/vuln/2025.xml
@ -1,5 +1,304 @@
+  <vuln vid="9761af78-e3e4-11ef-9f4a-589cfc10a551">
+    <topic>nginx-devel -- SSL session reuse vulnerability</topic>
+    <affects>
+      <package>
+	<name>nginx-devel</name>
+	<range><lt>1.27.4</lt></range>
+      </package>
+      <package>
+	<name>nginx</name>
+	<range><lt>1.26.3</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>The nginx development team reports:</p>
+	<blockquote cite="http://nginx.org/en/security_advisories.html">
+	  <p>This update fixes the SSL session reuse vulnerability.</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2025-23419</cvename>
+    </references>
+    <dates>
+      <discovery>2025-02-05</discovery>
+      <entry>2025-02-05</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="72b8729e-e134-11ef-9e76-4ccc6adda413">
+    <topic>qt6-webengine -- Multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>qt6-webengine</name>
+	<range><lt>6.8.2</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Qt qtwebengine-chromium repo reports:</p>
+	<blockquote cite="https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=122-based">
+	  <p>Backports for 9 security bugs in Chromium:</p>
+	  <ul>
+	    <li>CVE-2024-12693: Out of bounds memory access in V8</li>
+	    <li>CVE-2024-12694: Use after free in Compositing</li>
+	    <li>CVE-2025-0436: Integer overflow in Skia</li>
+	    <li>CVE-2025-0437: Out of bounds read in Metrics</li>
+	    <li>CVE-2025-0438: Stack buffer overflow in Tracing</li>
+	    <li>CVE-2025-0441: Inappropriate implementation in Fenced Frames</li>
+	    <li>CVE-2025-0443: Insufficient data validation in Extensions</li>
+	    <li>CVE-2025-0447: Inappropriate implementation in Navigation</li>
+	    <li>CVE-2025-0611: Object corruption in V8</li>
+	  </ul>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2024-12693</cvename>
+      <cvename>CVE-2024-12694</cvename>
+      <cvename>CVE-2025-0436</cvename>
+      <cvename>CVE-2025-0437</cvename>
+      <cvename>CVE-2025-0438</cvename>
+      <cvename>CVE-2025-0441</cvename>
+      <cvename>CVE-2025-0443</cvename>
+      <cvename>CVE-2025-0447</cvename>
+      <cvename>CVE-2025-0611</cvename>
+      <url>https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=122-based</url>
+    </references>
+    <dates>
+      <discovery>2025-01-09</discovery>
+      <entry>2025-02-02</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="186101b4-dfa6-11ef-8c1c-a8a1599412c6">
+    <topic>chromium -- multiple security fixes</topic>
+    <affects>
+      <package>
+       <name>chromium</name>
+       <range><lt>132.0.6834.159</lt></range>
+      </package>
+      <package>
+       <name>ungoogled-chromium</name>
+       <range><lt>132.0.6834.159</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+       <p>Chrome Releases reports:</p>
+       <blockquote cite="https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_28.html">
+	 <p>This update includes 2 security fixes:</p>
+	 <ul>
+	    <li>[384844003] Medium CVE-2025-0762: Use after free in DevTools. Reported by Sakana.S on 2024-12-18</li>
+	 </ul>
+       </blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2025-0762</cvename>
+      <url>https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_28.html</url>
+    </references>
+    <dates>
+      <discovery>2025-01-18</discovery>
+      <entry>2025-01-31</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="cd2ace09-df23-11ef-a205-901b0e9408dc">
+    <topic>dendrite -- Server-side request forgery vulnerability</topic>
+    <affects>
+      <package>
+	<name>dendrite</name>
+	<range><lt>0.14.1</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Dendrite team reports:</p>
+	<blockquote cite="https://github.com/matrix-org/gomatrixserverlib/security/advisories/GHSA-4ff6-858j-r822">
+	  <p>This is a security release, gomatrixserverlib was vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions.</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2024-52594</cvename>
+      <url>https://github.com/matrix-org/gomatrixserverlib/security/advisories/GHSA-4ff6-858j-r822</url>
+    </references>
+    <dates>
+      <discovery>2025-01-16</discovery>
+      <entry>2025-01-30</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="2830b374-debd-11ef-87ba-002590c1f29c">
+    <topic>FreeBSD -- Uninitialized kernel memory disclosure via ktrace(2)</topic>
+    <affects>
+      <package>
+	<name>FreeBSD-kernel</name>
+	<range><ge>14.2</ge><lt>14.2_1</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<h1>Problem Description:</h1>
+	<p>In some cases, the ktrace facility will log the contents of
+	kernel structures to userspace.  In one such case, ktrace dumps a
+	variable-sized sockaddr to userspace.  There, the full sockaddr is
+	copied, even when it is shorter than the full size.  This can result
+	in up to 14 uninitialized bytes of kernel memory being copied out
+	to userspace.</p>
+	<h1>Impact:</h1>
+	<p>It is possible for an unprivileged userspace program to leak
+	14 bytes of a kernel heap allocation to userspace.</p>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2025-0662</cvename>
+      <freebsdsa>SA-25:04.ktrace</freebsdsa>
+    </references>
+    <dates>
+      <discovery>2025-01-29</discovery>
+      <entry>2025-01-30</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="fa9ae646-debc-11ef-87ba-002590c1f29c">
+    <topic>FreeBSD -- Unprivileged access to system files</topic>
+    <affects>
+      <package>
+	<name>FreeBSD</name>
+	<range><ge>14.2</ge><lt>14.2_1</lt></range>
+	<range><ge>14.1</ge><lt>14.1_7</lt></range>
+	<range><ge>13.4</ge><lt>13.4_3</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<h1>Problem Description:</h1>
+	<p>When etcupdate encounters conflicts while merging files, it
+	saves a version containing conflict markers in /var/db/etcupdate/conflicts.
+	This version does not preserve the mode of the input file, and is
+	world-readable.  This applies to files that would normally have
+	restricted visibility, such as /etc/master.passwd.</p>
+	<h1>Impact:</h1>
+	<p>An unprivileged local user may be able to read encrypted root
+	and user passwords from the temporary master.passwd file created
+	in /var/db/etcupdate/conflicts.  This is possible only when conflicts
+	within the password file arise during an update, and the unprotected
+	file is deleted when conflicts are resolved.</p>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2025-0374</cvename>
+      <freebsdsa>SA-25:03.etcupdate</freebsdsa>
+    </references>
+    <dates>
+      <discovery>2025-01-29</discovery>
+      <entry>2025-01-30</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="ab0cbe3f-debc-11ef-87ba-002590c1f29c">
+    <topic>FreeBSD -- Buffer overflow in some filesystems via NFS</topic>
+    <affects>
+      <package>
+	<name>FreeBSD-kernel</name>
+	<range><ge>14.2</ge><lt>14.2_1</lt></range>
+	<range><ge>14.1</ge><lt>14.1_7</lt></range>
+	<range><ge>13.4</ge><lt>13.4_3</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<h1>Problem Description:</h1>
+	<p>In order to export a file system via NFS, the file system must
+	define a file system identifier (FID) for all exported files.  Each
+	FreeBSD file system implements operations to translate between FIDs
+	and vnodes, the kernel's in-memory representation of files.  These
+	operations are VOP_VPTOFH(9) and VFS_FHTOVP(9).</p>
+	<p>On 64-bit systems, the implementation of VOP_VPTOFH() in the
+	cd9660, tarfs and ext2fs filesystems overflows the destination FID
+	buffer by 4 bytes, a stack buffer overflow.</p>
+	<h1>Impact:</h1>
+	<p>A NFS server that exports a cd9660, tarfs, or ext2fs file system
+	can be made to panic by mounting and accessing the export with an
+	NFS client.  Further exploitation (e.g., bypassing file permission
+	checking or remote kernel code execution) is potentially possible,
+	though this has not been demonstrated.  In particular, release
+	kernels are compiled with stack protection enabled, and some instances
+	of the overflow are caught by this mechanism, causing a panic.</p>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2025-0373</cvename>
+      <freebsdsa>SA-25:02.fs</freebsdsa>
+    </references>
+    <dates>
+      <discovery>2025-01-29</discovery>
+      <entry>2025-01-30</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="69e19c0b-debc-11ef-87ba-002590c1f29c">
+    <topic>FreeBSD -- OpenSSH Keystroke Obfuscation Bypass</topic>
+    <affects>
+      <package>
+	<name>FreeBSD</name>
+	<range><ge>14.1</ge><lt>14.1_7</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<h1>Problem Description:</h1>
+	<p>A logic error in the ssh(1) ObscureKeystrokeTiming feature (on
+	by default) rendered this feature ineffective.</p>
+	<h1>Impact:</h1>
+	<p>A passive observer could detect which network packets contain
+	real keystrokes, and infer the specific characters being transmitted
+	from packet timing.</p>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2024-39894</cvename>
+      <freebsdsa>SA-25:01.openssh</freebsdsa>
+    </references>
+    <dates>
+      <discovery>2025-01-29</discovery>
+      <entry>2025-01-30</entry>
+    </dates>
+  </vuln>
+
+  <vuln vid="258a58a9-6583-4808-986b-e785c27b0a18">
+    <topic>oauth2-proxy -- Non-linear parsing of case-insensitive content</topic>
+    <affects>
+      <package>
+	<name>oauth2-proxy</name>
+	<range><lt>7.8.0</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Golang reports:</p>
+	<blockquote cite="https://github.com/advisories/GHSA-w32m-9786-jp63">
+	  <p>This update include security fixes:</p>
+	  <ul>
+	    <li>CVE-2024-45338: Non-linear parsing of case-insensitive content</li>
+	  </ul>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2024-45338</cvename>
+    </references>
+    <dates>
+      <discovery>2025-01-14</discovery>
+      <entry>2025-01-30</entry>
+     </dates>
+  </vuln>
+
  <vuln vid="41711c0d-db27-11ef-873e-8447094a420f">
-    <topic>Vaultwarden -- Muiltiple vulnerabilities</topic>
+    <topic>Vaultwarden -- Multiple vulnerabilities</topic>
    <affects>
      <package>
 	<name>vaultwarden</name>
@ -17,7 +316,10 @@
 	</body>
    </description>
    <references>
-      <url>https://github.com/dani-garcia/vaultwarden/releases/tag/1.33.0</url>
+      <cvename>CVE-2025-24364</cvename>
+      <url>https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-j4h8-vch3-f797</url>
+      <cvename>CVE-2025-24365</cvename>
+      <url>https://github.com/dani-garcia/vaultwarden/security/advisories/GHSA-h6cc-rc6q-23j4</url>
    </references>
    <dates>
      <discovery>2025-01-25</discovery>
@ -578,6 +880,10 @@
 	<name>redis72</name>
 	<range><lt>7.2.7</lt></range>
      </package>
+      <package>
+	<name>redis-devel</name>
+	<range><lt>7.4.2.20250201</lt></range>
+      </package>
      <package>
 	<name>valkey</name>
 	<range><lt>8.0.2</lt></range>
@ -621,6 +927,10 @@
 	<name>redis62</name>
 	<range><lt>6.2.17</lt></range>
      </package>
+      <package>
+	<name>redis-devel</name>
+	<range><lt>7.4.2.20250201</lt></range>
+      </package>
      <package>
 	<name>valkey</name>
 	<range><lt>8.0.2</lt></range>