Three vulnerabilities have been fixed in FreeBSD that could allow code to execute when using libfetch, resend IPsec packets, or access kernel data. Issues are fixed in updates 12.1-RELEASE-p2, 12.0-RELEASE-p13 and 11.3-RELEASE-p6.
- - A buffer overflow in the libfetch library used to load files in the fetch command, the pkg package manager, and other utilities. The vulnerability could lead to code execution when processing a specially styled URL. An attack can be carried out by accessing a site controlled by an attacker, which, through an HTTP redirect, is capable of initiating the processing of a malicious URL;
- β a vulnerability in the mechanism for generating core-dumps of processes. Due to a bug, up to 20 bytes of data from the kernel stack were written to core dumps, which could potentially contain confidential information processed by the kernel. As a security workaround, you can disable the generation of core files via sysctl kern.coredump=0;
- - A bug in the IPsec resend blocking code made it possible to resend previously captured packets. Depending on the high-level protocol passed over IPsec, the identified problem allows, for example, re-sending previously transmitted commands.
Source: opennet.ru