FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-12-11 04:12:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
58750d49-7302-11ef-8c95-195d300202b3	OpenSSH -- Pre-authentication async signal safety issue The FreeBSD Project reports: A signal handler in sshd(8) may call a logging function that is not async- signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by default). This signal handler executes in the context of the sshd(8)'s privileged code, which is not sandboxed and runs with full root privileges. This issue is another instance of the problem in CVE-2024-6387 addressed by FreeBSD-SA-24:04.openssh. The faulty code in this case is from the integration of blacklistd in OpenSSH in FreeBSD. Discovery 2024-08-06 Entry 2024-09-15 Modified 2024-09-20 openssh-portable < 9.8.p1_1,1 FreeBSD >= 14.1 lt 14.1_3 >= 14.0 lt 14.0_9 >= 13.3 lt 13.3_5 CVE-2024-7589 https://nvd.nist.gov/vuln/detail/CVE-2024-7589 SA-24:08.openssh
a8f1ee74-f267-11ef-87ba-002590c1f29c	FreeBSD -- Multiple vulnerabilities in OpenSSH Problem Description: OpenSSH client host verification error (CVE-2025-26465) ssh(1) contains a logic error that allows an on-path attacker to impersonate any server during certain conditions when the VerifyHostKeyDNS option is enabled. OpenSSH server denial of service (CVE-2025-26466) The OpenSSH client and server are both vulnerable to a memory/CPU denial of service while handling SSH2_MSG_PING packets. Impact: OpenSSH client host verification error (CVE-2025-26465) Under specific circumstances, a machine-in-the-middle may impersonate any server when the client has the VerifyHostKeyDNS option enabled. OpenSSH server denial of service (CVE-2025-26466) During the processing of SSH2_MSG_PING packets, a server may be subject to a memory/CPU denial of service. Discovery 2025-02-21 Entry 2025-02-24 Modified 2025-03-08 FreeBSD >= 14.2 lt 14.2_2 >= 14.1 lt 14.1_8 >= 13.4 lt 13.4_4 openssh-portable < 9.9.p2_1,1 openssh-portable-hpn < 9.9.p2_1,1 openssh-portable-gssapi < 9.9.p2_1,1 CVE-2025-26465 CVE-2025-26466 SA-25:05.openssh https://nvd.nist.gov/vuln/detail/CVE-2025-26465 https://nvd.nist.gov/vuln/detail/CVE-2025-26466

VuXML ID

Description

58750d49-7302-11ef-8c95-195d300202b3

OpenSSH -- Pre-authentication async signal safety issue

The FreeBSD Project reports:

A signal handler in sshd(8) may call a logging function that is not async- signal-safe. The signal handler is invoked when a client does not authenticate within the LoginGraceTime seconds (120 by default). This signal handler executes in the context of the sshd(8)'s privileged code, which is not sandboxed and runs with full root privileges.

This issue is another instance of the problem in CVE-2024-6387 addressed by FreeBSD-SA-24:04.openssh. The faulty code in this case is from the integration of blacklistd in OpenSSH in FreeBSD.

Discovery 2024-08-06
Entry 2024-09-15
Modified 2024-09-20
openssh-portable

< 9.8.p1_1,1

FreeBSD

>= 14.1 lt 14.1_3

>= 14.0 lt 14.0_9

>= 13.3 lt 13.3_5

CVE-2024-7589
https://nvd.nist.gov/vuln/detail/CVE-2024-7589
SA-24:08.openssh

a8f1ee74-f267-11ef-87ba-002590c1f29c

FreeBSD -- Multiple vulnerabilities in OpenSSH

Problem Description:

OpenSSH client host verification error (CVE-2025-26465)

ssh(1) contains a logic error that allows an on-path attacker to impersonate any server during certain conditions when the VerifyHostKeyDNS option is enabled.

OpenSSH server denial of service (CVE-2025-26466)

The OpenSSH client and server are both vulnerable to a memory/CPU denial of service while handling SSH2_MSG_PING packets.

Impact:

OpenSSH client host verification error (CVE-2025-26465)

Under specific circumstances, a machine-in-the-middle may impersonate any server when the client has the VerifyHostKeyDNS option enabled.

OpenSSH server denial of service (CVE-2025-26466)

During the processing of SSH2_MSG_PING packets, a server may be subject to a memory/CPU denial of service.

Discovery 2025-02-21
Entry 2025-02-24
Modified 2025-03-08
FreeBSD

>= 14.2 lt 14.2_2

>= 14.1 lt 14.1_8

>= 13.4 lt 13.4_4

openssh-portable

< 9.9.p2_1,1

openssh-portable-hpn

< 9.9.p2_1,1

openssh-portable-gssapi

< 9.9.p2_1,1

CVE-2025-26465
CVE-2025-26466
SA-25:05.openssh
https://nvd.nist.gov/vuln/detail/CVE-2025-26465
https://nvd.nist.gov/vuln/detail/CVE-2025-26466