On FreeBSD Several vulnerabilities fixed in 12.1-RELEASE-p8, 11.4-RELEASE-p2 and 11.3-RELEASE-p12 updates:
- - escalation of privileges in the system through
manipulating the 32-bit sendmsg call on a 64-bit system. The problem is not affected by 32-bit systems and systems with a kernel compiled without the COMPAT_FREEBSD32 option (enabled by default in GENERIC kernels). - - the lack of proper checks on the size of data copied to the buffer in the smsc (SMSC / Microchip), muge (Microchip) and cdceem (USB Communication Device Class) Ethernet drivers allows an attacker to execute code at the kernel level or in user space through connecting a malicious USB to the system devices. To exploit the vulnerability, it is necessary to have physical access to the equipment and the ability to achieve activation of the network interface.
- Vulnerabilities in SQLite fixed in SQLite 3.32.1 and 3.32.2 releases that could lead to crash or data corruption:
,
,
,
,
,
,
.
Source: opennet.ru