Release date: 2019-07-23
Update Date: 2019-07-23
Affected Systems:
FreeBSD FreeBSD 12.0-RELEASE p1
FreeBSD FreeBSD 12.0
FreeBSD FreeBSD 11.2
FreeBSD FreeBSD 11.0
Systems affected:
FreeBSD FreeBSD 12.0-STABLE
FreeBSD FreeBSD 12.0-RELEASE-p3
FreeBSD FreeBSD 11.2-STABLE
description:
ID BUGTRAQ: 107 472
CVE (the CAN) ID: CVE-2019-5596
FreeBSD FreeBSD Foundation is a UNIX-like operating system.
FreeBSD 11.2-STABLE version before and after r343786 r338618, 12.0-STABLE version before r343781, and a reference to the presence of a local privilege elevation vulnerability 12.0-RELEASE versions prior to 12.0-RELEASE-p3, the vulnerability stems from UNIX domain socket implementation of a counting error, it may lead to erroneous release file structure. Local malicious attacker could exploit the vulnerability to gain root privileges or escape jail.
<* Source: Peter Holm
Link: https://www.freebsd.org/security/advisories/FreeBSD-SA-19:02.fd.asc
*>
suggestions:
Manufacturers patch:
FreeBSD
-------
FreeBSD has released a security bulletin (CVE-2019-5596) and the corresponding patch:
CVE-2019-5596: the Description Reference File COUNT Leak
link: HTTPS: // the WWW. freebsd.org/security/advisories/FreeBSD-SA-19:02.fd.asc