MidnightBSD is a BSD-derived operating system developed with desktop users in mind. It includes all the software you'd expect for your daily tasks — email, web browsing, word processing, gaming, and much more.
With a small community of dedicated developers, MidnightBSD strives to create an easy-to-use operating system everyone can use, freely. Available for x86, AMD64 and as Virtual Machines.
September 2, 2020
Additionally a bug exists in dhclient.
From FreeBSD advisory for CVE-2020-7461
When parsing option 119 data, dhclient(8) computes the uncompressed domain list length so that it can allocate an appropriately sized buffer to store the uncompressed list. The code to compute the length failed to handle certain malformed input, resulting in a heap overflow when the uncompressed list is copied into in inadequately sized buffer.
sctp CVE-2020-7463 - Triggering the use-after-free situation may result in unintended kernel behaviour including a kernel panic.
IPv6 Hop-by-Hop options use-after-free bug CVE-2020-7462 - Due to improper mbuf handling in the kernel, a use-after-free bug might be triggered by sending IPv6 Hop-by-Hop options over the loopback interface.
All of these have been patched in 1.3-CURRENT, and the dhclient issue was corrected in 1.2 stable (1.2.8 release), and 1.3-CURRENT.
August 7, 2020
MidnightBSD 1.2.6 (in git) A missing length validation code common to these three drivers means that a malicious USB device could write beyond the end of an allocated network packet buffer.
- smsc(4), supporting SMSC (now Microchip) devices
- muge(4), supporting Microchip devices
- cdceem(4), supporting USB Communication Device Class compatible devices
sendmsg security fix
When handling a 32-bit sendmsg(2) call, the compat32 subsystem copies the control message to be transmitted (if any) into kernel memory, and adjusts alignment of control message headers. The code which performs this work contained a time-of-check to time-of-use (TOCTOU) vulnerability which allows a malicious userspace program to modify control message headers after they were validated by the kernel.