FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
f0e45968-faff-11ec-856e-d4c9ef517024	OpenSSL -- Heap memory corruption with RSA private key operation The OpenSSL project reports: The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue. Discovery 2022-07-01 Entry 2022-07-03 Modified 2022-07-05 openssl-devel ge 3.0.4 lt 3.0.5 CVE-2022-2274 https://www.openssl.org/news/secadv/20220705.txt
4eeb93bf-f204-11ec-8fbd-d4c9ef517024	OpenSSL -- Command injection vulnerability The OpenSSL project reports: Circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. Discovery 2022-06-21 Entry 2022-06-22 openssl < 1.1.1p,1 openssl-devel < 3.0.4 openssl-quictls < 3.0.4 CVE-2022-2068 https://www.openssl.org/news/secadv/20220621.txt

VuXML ID

Description

f0e45968-faff-11ec-856e-d4c9ef517024

OpenSSL -- Heap memory corruption with RSA private key operation

The OpenSSL project reports:

The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation.

SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue.

Discovery 2022-07-01
Entry 2022-07-03
Modified 2022-07-05
openssl-devel

ge 3.0.4 lt 3.0.5

CVE-2022-2274
https://www.openssl.org/news/secadv/20220705.txt

4eeb93bf-f204-11ec-8fbd-d4c9ef517024

OpenSSL -- Command injection vulnerability

The OpenSSL project reports:

Circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review.

Discovery 2022-06-21
Entry 2022-06-22
openssl

< 1.1.1p,1

openssl-devel

< 3.0.4

openssl-quictls

< 3.0.4

CVE-2022-2068
https://www.openssl.org/news/secadv/20220621.txt