FreeBSD fixes several vulnerabilities that could allow a local user to elevate their privileges on the system:
- - a vulnerability in the posix_spawnp mechanism provided in libc for creating processes, exploited by specifying too large a value in the PATH environment variable. The vulnerability could cause data to be written outside of the stack-allocated memory area and make it possible to overwrite the contents of adjacent buffers with a controlled value.
- - A vulnerability in the IPv6 stack that allows a local user to organize the execution of his code at the kernel level through manipulation using the IPV6_2292PKTOPTIONS option for a network socket.
- Eliminated (CVE-2020-12662, CVE-2020-12663) on the included DNS server , allowing you to cause a remote denial of service when accessing a server controlled by an attacker or use a DNS server as a traffic amplifier when performing DDoS attacks.
In addition, three non-security issues (errata) that could cause the kernel to crash while using the driver have been fixed. (when executing the sas2ircu command), subsystems (when X11 redirected) and hypervisor (when forwarding PCI devices).
Source: opennet.ru