FreeBSD Security Advisory FreeBSD-SA-20:19.unbound - Malformed answers from upstream name servers can send Unbound into an infinite loop, resulting in denial of service. A malicious query can cause a traffic amplification attack against third party authoritative nameservers.
FreeBSD Security Advisory FreeBSD-SA-20:18.posix_spawnp - posix_spawnp spawns a new thread with a limited stack allocated on the heap
before delegating to execvp for the final execution within that thread. execvp would previously make unbounded allocations on the stack, directly proportional to the length of the user-controlled PATH environment variable.
FreeBSD Errata Notice FreeBSD-EN-20:15.mps - mps(4) implements a pass-through interface which allows privileged user processes to submit commands directly to disks behind the controller. A bug in the code which copies command results out to the requesting process could cause a kernel panic.
FreeBSD Errata Notice FreeBSD-EN-20:13.bhyve - When an attempt is made to pass through a PCI device to a bhyve(8) VM (causing initialization of IOMMU) on certain Intel chipsets using VT-d the PCI bus stops working entirely resulting in a host crash. This issue occurs at least on the Intel Skylake series processors and those released later. A device passed through to a guest VM running OpenBSD at least since version 6.4 on both AMD and Intel processors may not fully work in the guest. OpenBSD issues 4-byte PCI configuration-space register reads and writes to consecutive 2-byte fields, which were not handled correctly by bhyve(8).
The BSD community linklog
Made a script? Written a blog post? Found a useful tutorial?
Share it with the BSD community here or just enjoy what everyone else has found!
Subscribe to BSD Weekly, our free, once–weekly e-mail round-up of BSD news and articles.
It is currated from your content on DiscoverBSD and BSDSec (a deadsimple BSD Security Advisories and Announcements).
Errata patches for LibreSSL have been released for OpenBSD 6.7. The TLSv1.3 client could hang, crash, leak memory or not interoperate with some TLSv1.3 servers. Binary updates for the amd64, i386, and arm64 platforms are available via the syspatch utility.