From nobody Mon Jan 30 11:32:10 2023 X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4P55cp2Nznz3cKt3; Mon, 30 Jan 2023 11:32:10 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4P55cp1yQxz47Ks; Mon, 30 Jan 2023 11:32:10 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1675078330; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=b0Fmhhy5WTdd9REctTeaDbEcnBTX/c5EdXtEBz+cMQY=; b=RD1X8qKEsseNhAztn096aeZWaaxz0tkiDnzUCdvQVJEOCg2gVX87bGKVYf6/fbyjuLas/K HyEG2A7u7bCxul8avCEKksjAAb/lDAzs81+fRG4S5ERinNAYMN++5WhgDOuzwtmQ4O+Syr 39Jw352VQHq5791Is+d5vO3uDN+XhjlpMQnGMTJdb0meUxWA4Efs7vCfQKuMrg+iP88BpB vFeHjHCEJd8zwZveOFwe7TOcuJTZNYdyp4WD/P+lKnaucBgO9E+6UwdeXqBl1ukwELOt5z 5YXul+u2ki455QfvnIFl4fbmn6vYr7h07xwBqRC6Tz1CP6AYtf6EqSdQgHVtNw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1675078330; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=b0Fmhhy5WTdd9REctTeaDbEcnBTX/c5EdXtEBz+cMQY=; b=aBFcq1EB0uEw5AhPgLroep49uirgA0Iru5OKrfC/pofQueUY833nrd/YFAhC4cdCxt8bv0 RTxBLUkPmCUBXLpruCRybPPKvT6WMdF7q91GwKrNG4M/1NV4Ixw38JJK9VmqfsqT6osOpI oTFVfWMkPLmOGwVvkVwdCfTVEPz5vrW1PbKfX9Vr2uM3KcopWRGOKuyD7OSRlUzbLqjkx6 +hbfRGV4lyp63JsjnK+yDtHdpuI8GTc5F9xXKuC+VVmET52V3is7IJjqwca4MY3x58+zoC FlgG5fgwvIjC8WAqm2Eddp9ygKr6nCCIZdKe3DnAOBWJdbQmj7JqZnQEk9UGIw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1675078330; a=rsa-sha256; cv=none; b=XTsOQtnypzku1AbIYjcXxGKLWwyVjdOcyy+f9VcohhSYzlZhb8gi2TcKTJayzDpOFixiu8 u5ermR4Y86n9xFhwsLnzcc1NubFAwgzCV/Q88wJpQjSiTzWP+F84zzmHhDdFtBg0fSSMB/ Uo8qHogsQ9HeRIi5zb7649TMePXkM3nPp0E0ljg4UCm1S13Cjeu6LH6/Z2sIfW311Vl5H2 sl5kArpSomxnU9m+8qsPCIi6aTT8w2aQQm6YMpk5I7YTR3V+ZSbbfe26wfWAY4KPe5oRqC cs4RQVK+oJV5Rw3fth/cNTWJAsf2hLoofKM5e9m+r5tqNjslYSi8hGlkCmRt9g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4P55cp10nGz16BP; Mon, 30 Jan 2023 11:32:10 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 30UBWAnQ015161; Mon, 30 Jan 2023 11:32:10 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 30UBWADj015160; Mon, 30 Jan 2023 11:32:10 GMT (envelope-from git) Date: Mon, 30 Jan 2023 11:32:10 GMT Message-Id: <202301301132.30UBWADj015160@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Nuno Teixeira Subject: git: 620614c60f94 - main - security/vuxml: Document CVE-2021-42835 for multimedia/plexmediaserver{-plexpass} < 1.25.0 List-Id: Commit messages for all branches of the ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-all@freebsd.org X-BeenThere: dev-commits-ports-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: eduardo X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 620614c60f94324f19c33d109199f1f026b41b1f Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by eduardo: URL: https://cgit.FreeBSD.org/ports/commit/?id=620614c60f94324f19c33d109199f1f026b41b1f commit 620614c60f94324f19c33d109199f1f026b41b1f Author: Nuno Teixeira AuthorDate: 2023-01-30 11:28:30 +0000 Commit: Nuno Teixeira CommitDate: 2023-01-30 11:28:30 +0000 security/vuxml: Document CVE-2021-42835 for multimedia/plexmediaserver{-plexpass} < 1.25.0 PR: 269226 Reported by: grahamperrin --- security/vuxml/vuln/2023.xml | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml index 69a71f064588..048c383e8c1c 100644 --- a/security/vuxml/vuln/2023.xml +++ b/security/vuxml/vuln/2023.xml @@ -1,3 +1,31 @@ + + Plex Media Server -- security vulnerability + + + plexmediaserver + plexmediaserver-plexpass + 1.25.0 + + + + +

Plex Security Team reports:

+
+

We have recently been made aware of a security vulnerability in Plex Media Server versions prior to 1.25.0 that could allow a local Windows user to obtain administrator privileges without authorization. To be clear, this required the user to already have local, physical access to the computer (just with a different user account on Windows). There are no indications that this exploit could be used from a remote machine.

+

Plex Media Server versions 1.25.0.5282 and newer are not subject to this vulnerability, and feature additional hardening to prevent similar issues from occurring in the future. Users running older server versions are encouraged to update their Plex Media Server installations.

+
+ + + + CVE-2021-42835 + https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42835 + + + 2021-10-22 + 2023-01-30 + + + prometheus2 -- basic authentication bypass