FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
8b20d716-49df-11ea-9f7b-206a8a720317ksh93 -- certain environment variables interpreted as arithmetic expressions on startup, leading to code injection

Upstream ksh93 maintainer Siteshwar Vashisht reports:

A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely.


Discovery 2019-10-01
Entry 2020-02-07
ksh93
ge 2020.0.0 lt 2020.0.1_1,1

ksh93-devel
lt 2020.02.07

https://bugzilla.redhat.com/show_bug.cgi?id=1757324
https://access.redhat.com/security/cve/CVE-2019-14868
https://access.redhat.com/errata/RHSA-2020:0431