svn commit: r518000 - head/security/vuxml
Niclas Zeising
zeising at FreeBSD.org
Wed Nov 20 10:57:41 UTC 2019
Author: zeising
Date: Wed Nov 20 10:57:40 2019
New Revision: 518000
URL: https://svnweb.freebsd.org/changeset/ports/518000
Log:
Document intel drm driver vulnerabilities
Document intel drm driver vulnerabilities related to Intel 2019.2 IPU [1].
[1] https://blogs.intel.com/technology/2019/11/ipas-november-2019-intel-platform-update-ipu
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Wed Nov 20 10:23:05 2019 (r517999)
+++ head/security/vuxml/vuln.xml Wed Nov 20 10:57:40 2019 (r518000)
@@ -58,6 +58,48 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="ecb7fdec-0b82-11ea-874d-0c9d925bbbc0">
+ <topic>drm graphics drivers -- Local privilege escalation and denial of serivce</topic>
+ <affects>
+ <package>
+ <name>drm-current-kmod</name>
+ <range><lt>4.16.g20191120</lt></range>
+ </package>
+ <package>
+ <name>drm-devel-kmod</name>
+ <range><lt>5.0.g20191120</lt></range>
+ </package>
+ <package>
+ <name>drm-fbsd12.0-kmod</name>
+ <range><lt>4.16.g20191120</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Intel reports:</p>
+ <blockquote cite="https://blogs.intel.com/technology/2019/11/ipas-november-2019-intel-platform-update-ipu">
+ <p>As part of IPU 2019.2, INTEL-SA-00242 advises that insufficient
+ access control may allow an authenticated user to potentially
+ enable escalation of privilege via local access.</p>
+ <p>INTEL-SA-00260 advises that insufficient access control may
+ allow an authenticated user to potentially enable denial of
+ service via local access.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://blogs.intel.com/technology/2019/11/ipas-november-2019-intel-platform-update-ipu</url>
+ <url>https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00242.html</url>
+ <url>https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00260.html</url>
+ <cvename>CVE-2019-0154</cvename>
+ <cvename>CVE-2019-11112</cvename>
+ </references>
+ <dates>
+ <discovery>2019-11-12</discovery>
+ <entry>2019-11-20</entry>
+ </dates>
+ </vuln>
+
<vuln vid="620685d6-0aa3-11ea-9673-4c72b94353b5">
<topic>squid -- Vulnerable to HTTP Digest Authentication</topic>
<affects>
More information about the svn-ports-head
mailing list