diff options
author | Philip Paeps <philip@FreeBSD.org> | 2023-12-20 08:14:36 +0000 |
---|---|---|
committer | Philip Paeps <philip@FreeBSD.org> | 2023-12-20 08:14:36 +0000 |
commit | 42099f809c0bf562ab95cba9e1c08de78bba6434 (patch) | |
tree | 46f117178dc8d962dd7e9f1b8a254dd457b0cafb | |
parent | 258750c3a106ece99537dfadc9ed961c1571cf40 (diff) | |
download | doc-42099f809c.tar.gz doc-42099f809c.zip |
Add advisory affecting 12.4R, 13.2R and 14.0R
FreeBSD-SA-23:19.openssh affects all supported releases
Note: While this issue does affect 12.4-STABLE and 12.4-RELEASE, the version
of OpenSSH in 12.4 is old enough the vendor provided patch does not cleanly
apply. As 12.4 goes out of support at the end of December and in order to
quickly get fixes out for 14.0 and 13.2, the FreeBSD Security Team is issuing
this advisory now while feasibility of a 12.4 backport is investigated. Users
with 12.4 are encouraged to either implement the documented workaround or
leverage an up to date version of OpenSSH from the ports/pkg collection.
-rw-r--r-- | website/content/en/releases/12.4R/errata.adoc | 1 | ||||
-rw-r--r-- | website/content/en/releases/13.2R/errata.adoc | 1 | ||||
-rw-r--r-- | website/content/en/releases/14.0R/errata.adoc | 1 |
3 files changed, 3 insertions, 0 deletions
diff --git a/website/content/en/releases/12.4R/errata.adoc b/website/content/en/releases/12.4R/errata.adoc index 42f288d9ca..4a180fff9a 100644 --- a/website/content/en/releases/12.4R/errata.adoc +++ b/website/content/en/releases/12.4R/errata.adoc @@ -56,6 +56,7 @@ For a list of all FreeBSD CERT security advisories, see https://www.FreeBSD.org/ |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-23:12.msdosfs.asc[FreeBSD-SA-23:12.msdosfs] |3 October 2023 |msdosfs data disclosure |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-23:15.stdio.asc[FreeBSD-SA-23:15.stdio] |8 November 2023 |libc stdio buffer overflow |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-23:17.pf.asc[FreeBSD-SA-23:17.pf] |5 December 2023 |TCP spoofing vulnerability in pf(4) +|link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-23:19.openssh.asc[FreeBSD-SA-23:19.openssh] |19 December 2023 |Prefix Truncation Attack in the SSH protocol |=== [[errata]] diff --git a/website/content/en/releases/13.2R/errata.adoc b/website/content/en/releases/13.2R/errata.adoc index be279652c3..272735dfd5 100644 --- a/website/content/en/releases/13.2R/errata.adoc +++ b/website/content/en/releases/13.2R/errata.adoc @@ -59,6 +59,7 @@ For a list of all FreeBSD CERT security advisories, see https://www.FreeBSD.org/ |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-23:16.cap_net.asc[FreeBSD-SA-23:16.cap_net] |8 November 2023 |Incorrect libcap_net limitation list manipulation |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-23:17.pf.asc[FreeBSD-SA-23:17.pf] |5 December 2023 |TCP spoofing vulnerability in pf(4) |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-23:18.nfsclient.asc[FreeBSD-SA-23:18.nfsclient] |12 December 2023 |NFS client data corruption and kernel memory disclosure +|link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-23:19.openssh.asc[FreeBSD-SA-23:19.openssh] |19 December 2023 |Prefix Truncation Attack in the SSH protocol |=== [[errata]] diff --git a/website/content/en/releases/14.0R/errata.adoc b/website/content/en/releases/14.0R/errata.adoc index df5fb7d94d..4ce0f28f01 100644 --- a/website/content/en/releases/14.0R/errata.adoc +++ b/website/content/en/releases/14.0R/errata.adoc @@ -47,6 +47,7 @@ For a list of all FreeBSD CERT security advisories, see https://www.FreeBSD.org/ |Advisory |Date |Topic |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-23:17.pf.asc[FreeBSD-SA-23:17.pf] |5 December 2023 |TCP spoofing vulnerability in pf(4) |link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-23:18.nfsclient.asc[FreeBSD-SA-23:18.nfsclient] |12 December 2023 |NFS client data corruption and kernel memory disclosure +|link:https://www.FreeBSD.org/security/advisories/FreeBSD-SA-23:19.openssh.asc[FreeBSD-SA-23:19.openssh] |19 December 2023 |Prefix Truncation Attack in the SSH protocol |=== [[errata]] |