From owner-freebsd-announce@freebsd.org Tue Dec 1 20:45:49 2020 Return-Path: Delivered-To: freebsd-announce@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id BAA7D4B3D7C for ; Tue, 1 Dec 2020 20:45:49 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4ClvJF4yGfz4rjB; Tue, 1 Dec 2020 20:45:49 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1606855549; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=3xHTOHdeFBr6Ohp9NOE9h4GteJCwQePll1fDUbDYX+Q=; b=D8yyuKGA7+HysQiFE+v1t1bVKiYZ7TaXpsLA3rL2GkDaI6tudfgFoISl+4kyNm4RTmw5zO IBQTIkFJELsZjnSrrIrHMPlzARaY/qn1QI4FT/aS6bCRzTkKoyvABPrlr8faGTkbdJPx1l 4ON5j8aE1knpD+BYqYtDsAaHBY3mBYwtgkBZeoe58YCqNNrt0smjn6Aa/qVGaEdrHZWRWZ JHz3mJNHrmAJyBOEme/XBTl1S+pHx+iKQuMYEOFwT/y28bxkSi6jHpeB7H9BaL6Oi3s0vJ Qfm9Sf6WZHHHSzFn3Gx3xvsE2GHcXeDrOqwo3u7S7IoMOxKKuciFltbrz4p5mw== Received: by freefall.freebsd.org (Postfix, from userid 945) id 9C16519AD8; Tue, 1 Dec 2020 20:45:49 +0000 (UTC) From: FreeBSD Errata Notices To: FreeBSD Errata Notices Reply-To: freebsd-stable@freebsd.org Precedence: bulk Message-Id: <20201201204549.9C16519AD8@freefall.freebsd.org> Date: Tue, 1 Dec 2020 20:45:49 +0000 (UTC) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1606855549; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=3xHTOHdeFBr6Ohp9NOE9h4GteJCwQePll1fDUbDYX+Q=; b=ZsSZf2kXKfe8sONhgKhuS4j7y2jiicX/mbNoh0B0K++lcjq9boGMaLp06iWmzCApyUL40y ujBKlFeipHV1k1w/RDAYHq+08wzGgaOQV+RlJZXyGAqRu3+aowImFJmSwrO98dr/M7i4rf mYxhjnJ7QzRlHVXFB8i6qwSKU5V8DU5PAqaejWKu1XZ3K+G3mKGpSSV/01FHxXOC4WKvnK swSy8SIMeIz+voqvE4lZJPYb02jBNZt/UXZB1iksqbZj+I1ZI9pE1w0FixakJNueMUzzQ/ qCqfl9/uout09WY0Kkwd6djiI4rL6raSPMCjBrVBK91DNBDOFc9uyZaOxAx58A== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1606855549; a=rsa-sha256; cv=none; b=W3R/3f8imsUCVsFGbnymU0+W7q7rJBYREpIMh5GPlbyKu3v7S/XrlU2NdwtNf+lAgXPBOz 4C/IB9HSOY0MGrUFSq6WLy9vRXkP42TR+UYGoZZ2dej8jkzyRbcTpgALeaCh+5+OCs1Tx+ 3BbWa2TtzBt6LIz8mf0YlSC4NwAWLdOL0FIaXWnVQ5D+prL6G9exxiXx0bWqQyUZp2OTJ6 pCVW4/X1WHK4BaatCSBCVcoUY4gzAo/8bnVKLHlx64knQy7y0/WVMhkyOfUYRmqsKeFM9t q1/TD2/mvcqXWbdi9G965i7elLEQ6Nid1x39Q3ats/HZQotwbX6IfxSRSW6Q6w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-20:19.audit X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.34 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Dec 2020 20:45:49 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-20:19.audit Errata Notice The FreeBSD Project Topic: execve/fexecve system call auditing Category: core Module: kernel Announced: 2020-12-01 Affects: FreeBSD 12.1 and later. Corrected: 2020-10-27 13:13:04 UTC (stable/12, 12.2-STABLE) 2020-12-01 19:34:45 UTC (releng/12.2, 12.2-RELEASE-p1) 2020-12-01 19:34:45 UTC (releng/12.1, 12.1-RELEASE-p11) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The audit(4) facility allows a system administrator to audit security-relevant events. System calls are one such security-related event, and the audit(4) facility will record whether the system call was successful along with other important details. II. Problem Description All execve/fexecve system calls in affected versions will be reported as a failure, even upon successful execution. For affected kernels, the exact error reported is EJUSTRETURN, 201, or "Just return" depending on the tooling used. These can safely be considered successful returns for the fexecve and execve system calls. Note that audit trails that were produced by kernels starting with FreeBSD 12.0 will exhibit this problem. III. Impact It is important to be able to determine when a process is, for instance, executing a shell. Such events may be indicative of an intrusion if they are not expected. Failure to report such an execution as successful may result in intrusions that are no longer detectable. IV. Workaround No workaround is available. This error is irrelevant for system administrators that do not use the audit(4) facility. Users of the audit(4) facility could detect the specific error that is being returned as success, but this may complicate auditing as all failures must be recorded. V. Solution Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date and reboot. Perform one of the following: 1) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Rebooting for errata update" 2) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 12.2] # fetch https://security.FreeBSD.org/patches/EN-20:19/audit.12.2.patch # fetch https://security.FreeBSD.org/patches/EN-20:19/audit.12.2.patch.asc # gpg --verify audit.12.2.patch.asc [FreeBSD 12.1] # fetch https://security.FreeBSD.org/patches/EN-20:19/audit.12.1.patch # fetch https://security.FreeBSD.org/patches/EN-20:19/audit.12.1.patch.asc # gpg --verify audit.12.1.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/12/ r367080 releng/12.2/ r368249 releng/12.1/ r368249 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl/GnclfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n 5cKqdBAAjBubNRAnzviekLybf9W6QnFT+9LrdoHEKM0epXT7GxHeGdKSbWwJPvaO PmogRZ88uPOvaRVYIjGLXjJf48zA6D5LuQrVre0BEICVsLEaKcoQpwqOgtSKroI4 LguI26tLC/TmzWMid7CUeDOxzY0yg+t8QWPvrc9kDCZVqDFjrWtUDurLYM50p8Rm FHfbWgFg0g3ytPF6k7DuafDrSJIs0lULwOtAPBrYR5chTr3/quc6onU99B6oxo4K rRe4Se458M3Gm637lADAqqyRXtzwMXZ+bJBRFjdMZb3gn6QSRphHluXosv9EWwZe FV5muyouYzxObkE4ev8dXF8Xx6LyuWfYLj5r064DRS7oFIZjIc/5F3wUITmkzCSc iqOPZ545JO2Mxd5JwgA6QMy1YagHJb4MKDpwoQG5EHdNSSIRxRy9SEnyyxB/boMw c65iw+SXM6ln+iAoFO9tyoLF5ek9OFRMH/1hemkY82eECcMA2m8/taSHb3++YOQr 7tmGjBZpynj/xDLQKwQiOrz5bVSPkWFc/4q9yQWAg/IoRPs+j/bsu1QoFlZX5b/8 /161dxwjs5ZLsTj+/oV/cBKQSWIFkSkbaK61ZAdrysXmGHB1jJ6OZDlsXK9kptHr XavfRbYVCs8tB6NmWWEcfRQvLso20u+9zLO2X0yGz0+XEpKNU4k= =QTo/ -----END PGP SIGNATURE----- From owner-freebsd-announce@freebsd.org Tue Dec 1 20:45:54 2020 Return-Path: Delivered-To: freebsd-announce@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id BDF344B3D7E for ; Tue, 1 Dec 2020 20:45:54 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4ClvJL2VTZz4rgB; Tue, 1 Dec 2020 20:45:54 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1606855554; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=Au4fGRZHAIvzpyVvu8VSoQyvSyRJ6Xz/ngEtNpXQ6b4=; b=dALYFZcRHrHFQCn0porb3o/WYMlVF2ljM1ukZMeEZLXQ4+9muuU8yzXgs6l96fKcCNF8fs e1iloI1b7MmX9UPNyjEFoHUVh6dxjkbBX0BbpjFkdYKTSjn5y4fA9t9B1pnwPwaaEEEvZv glSljbaaI/1/y/07WiUrhtAeGEYfHpRatakvwO2qg+vZWQ6k5mQCiS3n6r1msVDoHUCn/c k4qRxBIuZiVBEIyjjXD7thenPEW+ZQhU52Yeltus8i6UEWj1mro363u2cFXHPo4jtQmHC1 pGhONyB/XDvLZQDtir8lR7QyIQosT5cdWWKwIBZy9oYC8mDbOV46l0LX+qXkVA== Received: by freefall.freebsd.org (Postfix, from userid 945) id 0FA2119C92; Tue, 1 Dec 2020 20:45:54 +0000 (UTC) From: FreeBSD Errata Notices To: FreeBSD Errata Notices Reply-To: freebsd-stable@freebsd.org Precedence: bulk Message-Id: <20201201204554.0FA2119C92@freefall.freebsd.org> Date: Tue, 1 Dec 2020 20:45:54 +0000 (UTC) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1606855554; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=Au4fGRZHAIvzpyVvu8VSoQyvSyRJ6Xz/ngEtNpXQ6b4=; b=LCCRCn93SmfR8bpPohgA1c1VffpQFefeFIIMNwYh7943JvvqW0r9EJiBVSOAjYFz1gtceV qrDMKrA+U94Hh5u07Ke0ZqW/ljiBLpeTaMHoH1j3avOUlTaCgZ85v7zq4NAOjdW5NnwPWX c+948zjgieYotP8wg42XVXU/6HOTvHia9D50epD2omVuqfTx2kdNzAHkMRdTiL7dKOEDwL wsuCOniFvSdNFdCPFJxGwm/Fwp8FWYHeUu8uC0gUesoDg+Uv7KAGS2fUGbxd3t9hC5aS2+ wz4bRQjQJKAYiAVzsiSUaHBLfnA3o7N5s4RLbER2fXo0R2NLB1xHyBrxae/eCQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1606855554; a=rsa-sha256; cv=none; b=B+nquToBWZb3nrzlicYWtOgI4BbhaF5OE/i7jbGi4f5TOUz5ShjZwqbzxhxYTP0PVSINN6 3B23yh3zMc1XU4Nx9E7tEUn6I8E9lijR5EgprJaki5TXT9xLWiq8lsRy+5pu0YfkRI9WG0 XEcqC7TgEH31XJqIyFBUnytjRtsrR2sLMPDVKPSAIiwUVjjUZ571/kzJ2gvEQBJZyJ/ESq t8uE5lZkEfYdQd63yxi4JM06SICZawxejmR4/bDVkHNL8p9miVwhej0mHPbnB0V65EAs8v 9nvL1ZvLof4Yh6202zBRxc+agTfgfyrXPhlP59Cc9zd/davbfCRCbW710S1YzQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-20:20.tzdata X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.34 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Dec 2020 20:45:54 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-20:20.tzdata Errata Notice The FreeBSD Project Topic: Timezone database information update Category: contrib Module: zoneinfo Announced: 2020-12-01 Affects: All supported versions of FreeBSD. Corrected: 2020-10-23 01:06:33 UTC (stable/12, 12.1-STABLE) 2020-12-01 19:35:48 UTC (releng/12.2, 12.2-RELEASE-p1) 2020-12-01 19:35:48 UTC (releng/12.1, 12.1-RELEASE-p11) 2020-10-23 01:06:42 UTC (stable/11, 11.4-STABLE) 2020-12-01 19:35:48 UTC (releng/11.4, 11.4-RELEASE-p5) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The tzsetup(8) program allows the user to specify the default local timezone. Based on the selected timezone, tzsetup(8) copies one of the files from /usr/share/zoneinfo to /etc/localtime. This file actually controls the conversion. II. Problem Description Several changes in Daylight Saving Time happened after previous FreeBSD releases were released that would affect many people who live in different parts of the world. Because of these changes, the data in the zoneinfo files need to be updated, and if the local timezone on the running system is affected, tzsetup(8) needs to be run so the /etc/localtime is updated. III. Impact An incorrect time will be displayed on a system configured to use one of the affected timezones if the /usr/share/zoneinfo and /etc/localtime files are not updated, and all applications on the system that rely on the system time, such as cron(8) and syslog(8), will be affected. IV. Workaround The system administrator can install an updated timezone database from the misc/zoneinfo port and run tzsetup(8) to get the timezone database corrected. Applications that store and display times in Coordinated Universal Time (UTC) are not affected. V. Solution Please note that some third party software, for instance PHP, Ruby, Java and Perl, may be using different zoneinfo data source, in such cases this software must be updated separately. For software packages that is installed via binary packages, they can be upgraded by executing `pkg upgrade'. Following the instructions in this Errata Notice will update all of the zoneinfo files to be the same as what was released with FreeBSD release. Perform one of the following: 1) Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Restart all the affected applications and daemons, or reboot the system. 2) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install Restart all the affected applications and daemons, or reboot the system. 3) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-20:20/tzdata-2020d.patch # fetch https://security.FreeBSD.org/patches/EN-20:20/tzdata-2020d.patch.asc # gpg --verify tzdata-2020d.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart all the affected applications and daemons, or reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/12/ r366956 releng/12.2/ r368251 releng/12.1/ r368251 stable/11/ r366957 releng/11.4/ r368251 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl/GndRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n 5cLWBw/9HeAWb+xuxt8CdZUD+99vXFdHb8gLSFrlFZbHnjDwrGhz4yrAzO/3NFxh j+DQugxxUgLvJpm3W+sYAwqO7TjJE2DkG2BV2r4vdMCax3YpkPqvuk/3oYdVy+nm c0LTJDwHLWhluO7nrA3v49yOPICMGW1Xb7S7hNPHQaRCEVfP3hI61LM9sHAEp3zW Q44qWfeXK46grCCbviDI+GVYmQr3/b5QJbvLidzIAz+XTToD88+DDgaowwg8GuUn 9v29aT8LjLB2XNYxRr3CZ5khdZTT5q+CGWSb0VvKHKaRgFMNLYw7gTKDOFTBQi0x utonkT5Jsxq6kqHbp9drA6LMvUzWOThrabxCaJEk5p7t5FQWtYUfDTsspThwS54e 6n2cSCNg8j3eW6YVF7CVvCrUEsXejA/bv0ZW0M896oy5xizTKa6Yjh1llqNvpJ1h jW9UrxtI4oGQ+Q2cUc7+85P7ddNQ/wO/SHIRVcKPHVBbs8u0YAikGjUzEhWR/pDD tzUpNR3UTOIq96h1J+sK+jxk7arw6gCIksNDCKo3AI2DoXTe12K2OdG88OKW/t5P iZZZufbAvY88SdKSGlBHbSXZLiMB+uH1NTI2Fab4XIetXdZq/5TPX7rRmlINS8nd LMqCDSsVhjaUR6E1D3pOamo3n8IZgiluxqx7JZ2m9p0nKMjHDZo= =gsQm -----END PGP SIGNATURE----- From owner-freebsd-announce@freebsd.org Tue Dec 1 20:46:00 2020 Return-Path: Delivered-To: freebsd-announce@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 917C54B3ECA for ; Tue, 1 Dec 2020 20:46:00 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4ClvJS3q6Mz4rl6; Tue, 1 Dec 2020 20:46:00 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1606855560; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=j8pHKkZyyIFUlWl6LKZMVSFWuPcR0u2L8EepmYzhhbg=; b=SFRRLUMO++SY0YLwWSsl6y9BsyE772lZMw31wf/kCdvfHJ4+HpiUjojs/XWD3eFj6T+yd3 kt1kQ1CF6cTniGVa210hMZvtyvANsbDUPQbdUbW+fdxXGTb5XkGhf16a5pVMEnXsze2N5d aAZpTjp9O1umj2P/RuSPr9QDrgmTfAfB+7+HcS9OJqxNuSQNgyLgIAAwJUZx9k3Ex9TjU/ riyYsgf3Hzhe2CBjHy9j+1sqyvmgyTZ2I2bkzdfik+SQ1E035OdFeaPtUKY4ofhADMqBdn whBr99avIwvEJ3MVj9AQvBfS1ibaNh6RN78mBkcqtgaoxlX+pwVcvtCkSxWCVw== Received: by freefall.freebsd.org (Postfix, from userid 945) id 7021019D10; Tue, 1 Dec 2020 20:46:00 +0000 (UTC) From: FreeBSD Errata Notices To: FreeBSD Errata Notices Reply-To: freebsd-stable@freebsd.org Precedence: bulk Message-Id: <20201201204600.7021019D10@freefall.freebsd.org> Date: Tue, 1 Dec 2020 20:46:00 +0000 (UTC) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1606855560; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=j8pHKkZyyIFUlWl6LKZMVSFWuPcR0u2L8EepmYzhhbg=; b=Dmp9iZeDqDteHZVZeuAO6ArlBUwhqMmDZeRypj2uuXpdTLDHbgR8cV1wiIQ4CP98RHau38 QTLtv1zftgeM38gGojFXdn5utfjPMgkS42SR6rhC0xwAabbz3Xjh/PsI9HiwAZWfFi5ajR SPfZzdqLk8NPvtiL1ULw/yZdSPMUM+MMy/fFgAaeeVwJ1A7SfH8ym4sy4OqOkKemtLZqrR ffcLqR7BpYS0qI2IHqje6zVFEjDLGWZa24PXXUBZm9UMqET9rvRhf+e1oD6g6Jjq3Yo24l u3p3vXgrbEVeGY71W7NF6+1nNdtdkPBFehuWHmAZg+I1ivOiSMbn1X3eMEX78A== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1606855560; a=rsa-sha256; cv=none; b=FP8oAZZzGf/Bb3FV44T7WPnrXSHeKZ8BcQlnTCpzA27CemfujZ49gyxBMClqEjls7obwap DTrYm8SBVRqRSVdvB6qFtFtPlojsV+b5xgDgw7zVXxMWyR+jpJCSu2JlLiUaZA/7M4+M1f 0QRG1/lPC+XtzWQDRGMlXbGRZGRluJL5FhwwRAHpvacRrlGnpXo7Fjl30ihJ6qOyq9wlha 4Jxtki4JJY4Ze4cNFVjsgXC+cGGgL70gNYewd+3MPv2tjMF7zlxsVH4poUTKerdsT34nlK z6apzuxGcyb2LniFe2H4A1rPAblsT1ABJvWZyHDm1Ca++7CQEL9IzwZdumSH8g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-20:21.ipfw X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.34 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Dec 2020 20:46:00 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-20:21.ipfw Errata Notice The FreeBSD Project Topic: Uninitialized variable in ipfw Category: core Module: ipfw Announced: 2020-12-01 Affects: FreeBSD 12.2 Corrected: 2020-10-18 20:54:15 UTC (stable/12, 12.2-STABLE) 2020-12-01 19:36:36 UTC (releng/12.2, 12.2-RELEASE-p1) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background ipfw(8) is the command-line utility used to configure the ipfw(4) firewall. II. Problem Description A regression in FreeBSD 12.2 meant that ipfw(8) fwd commands referencing specific port numbers may configure the firewall incorrectly. III. Impact Forwarding rules referencing port numbers may not work as configured. IV. Workaround No workaround is available. V. Solution Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Perform one of the following: 1) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 2) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-20:21/ipfw.patch # fetch https://security.FreeBSD.org/patches/EN-20:21/ipfw.patch.asc # gpg --verify ipfw.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/12/ r366816 releng/12.2/ r368252 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl/GndRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n 5cLY3w/8DpeBoG7dMm3m60BFStxuQMkUKwuMNiYXVOADLIACLW5F8fRxleAiMh1n 09YHHO/OfoGuuI8FkviqUfwBQsX9ljY8x35/UUZtf19YTllKvmz8gTTAVYmkO0g/ ohEZBMsA9h9Wfnn51/CVziTtO597mbLsJrt+lXnYVJLUIFdf6VNbK719ZtUOq53v 5mMKaFqyZJzDTouXePPVirvsiM5a2S7qVSoWTDEgog6iYxvEeXhd4Mtbaxbl2UW5 JJ1ZUycIUECCu2MI09JxZhRaRLnUA4RfzGIu63wxUJtfiKyIK0Afn3Gm/nyF+Sop X/rm7jg1DDdqMd55QdG9AchI4D4C0DcJbTo4r8OSRFzmwQlTAsfOAlrH3ov+E+0f rZ8SN2gjR/y+cdWQJxQ04pGh9NJkdrWMZJdZ047NnO8jF25rSN3iMgY6PydhE5TT JKZXcfjTUqGeFveeMqdaZ5uoUyKaE/DnrNimv7Y4tcY0dsRIVIZQb6ml1dJdrkCG 6R5/yboAp2m9dtkplGUOo7cRae8bxXTQteANhZJYT3dqKDMKUJCw6ZShmr0pg2Of KASqUMdHYSIyGoUaQ+Pd3s5UweuG8NEZt+p302qbn8cBCncMioibZqUJyo0lt/zn jVFCZuepLOSGH7u0hYvlizkpbsXkUraBkQOTelqYyxXGoWF7WQg= =N2u/ -----END PGP SIGNATURE----- From owner-freebsd-announce@freebsd.org Tue Dec 1 20:46:07 2020 Return-Path: Delivered-To: freebsd-announce@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7F31F4B4127 for ; Tue, 1 Dec 2020 20:46:07 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4ClvJb2Jd0z4rZx; Tue, 1 Dec 2020 20:46:07 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1606855567; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=bPVew7VWs3a0O6Vt2HKpcMIcBvjRWlcWWEVubyqqq/k=; b=F9HKCcHnYb22tUGvc8unjFwjWx2fgxcBbFJR173/mZvgIwufGMU857PiqCqM5cFWa4X1Ms HKlQ4DtA36SDDIKqpEZZncF9KqzPTsvS4ycM+uL96XVClUQeoNyfSlXG3XSSqY3GiQGpWG dQ0gaF9LiqZlSszzs8/CKVjXYuXGQPNJxl76jSFlbKGERdTdvYqrW1vykGtqHO23Hl0Oli d6BKz7wr/hxFfxCnwj/L+j0og0MCkzu1+P3qg05HLHbJzefV+/jtLiJ6DIKSrGBHaObwck GTgU11E7Q/bG5mWf9N2t2Tt7QBbOHv3CauKxELZQZv3m2aOX7zL43DypyD3Etw== Received: by freefall.freebsd.org (Postfix, from userid 945) id 2526D19C37; Tue, 1 Dec 2020 20:46:07 +0000 (UTC) From: FreeBSD Errata Notices To: FreeBSD Errata Notices Reply-To: freebsd-stable@freebsd.org Precedence: bulk Message-Id: <20201201204607.2526D19C37@freefall.freebsd.org> Date: Tue, 1 Dec 2020 20:46:07 +0000 (UTC) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1606855567; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=bPVew7VWs3a0O6Vt2HKpcMIcBvjRWlcWWEVubyqqq/k=; b=O2YVBKiCOZQIetLeHXcCZOWjdibD/Qn3mksqjDoFHNKxQrtfgZZp87HGVv+4T5q8grbAi9 8TO8ReBrqsY1Ee723egY/OyGhbCLKPJwe3czFFuGAsmZIdQwpM1I+p+ugFBWj37BilPlf8 N+GrFS77Qr9TWVktLvDRwiyQ9W2QYwkOprt+DGWg49Idhy3rVYh3O/2ZluwFKewYTr/zh2 ww4gQajoJpDve0JokJKVdSx6D7xlx/M946Uw3j3NR1sWmQppHQfZb2vogaOhbe6KX2X8OB ZnOVjBWYIyhm9WCmHqSctOwqg5IkLiixvqTdcCmibRclTsIk+/3q8bgVe5YkiA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1606855567; a=rsa-sha256; cv=none; b=WGf68T20gqU0Hn+SwaO5EVEW98MEMIixIUTUzEr5MM7m9RNiFDrBn+KcrHBBmnl0O0QucO 7u1wUvVvGkBcqo+h9ZdQRyXhdnq9qUHEgph2e8MVFzEkS2S6G7GvV0nHL1Lz1/UsKiiOd8 WD71ATd0mODvi2EfRETk9InwQ01cGZY7PTZc+X+woGvDeAFLYVjvIC2hITzYGmz9x3LtOx sz7MImbHPD4Mde/89GCeFQcW4E8IJ0vq6a9pH2dRH9Qe/M12p29QqgvOL8VMWLScYjkmou UdrigeB64n3aKFj5cH30OPdWnwGAzxIDVS1Ee/pgsX7ZPf9yhEhKJnYO6QuJ4w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-20:22.callout X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.34 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Dec 2020 20:46:07 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-20:22.callout Errata Notice The FreeBSD Project Topic: Race condition in callout CPU migration Category: core Module: callout Announced: 2020-12-01 Affects: FreeBSD 12.1 and 12.2 Corrected: 2020-11-26 14:57:30 UTC (stable/12, 12.2-STABLE) 2020-12-01 19:37:33 UTC (releng/12.2, 12.2-RELEASE-p1) 2020-12-01 19:37:33 UTC (releng/12.1, 12.1-RELEASE-p11) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The callout(9) kernel subsystem is used by other kernel subsystems to request execution of a function following a specified timeout. callout(9) implements an interface which allows a pending callout to be stopped. II. Problem Description Callouts may be bound to a specific CPU, in which case that CPU is responsible for raising the timer interrupt which schedules execution of the callout. A kernel thread may attempt to stop a callout while it is actively executing, in which case the thread goes to sleep until execution has completed. In the meantime the callout may be re-scheduled and re-executed on a different CPU. In this scenario, when the sleeping thread finally completes removal of the callout from some internal data structures, it may modify the wrong CPU's data structures and thus leave them in an invalid state. III. Impact The bug may result in kernel panics under some workloads, typically in the softclock threads. IV. Workaround No workaround is available. V. Solution Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date and reboot. Perform one of the following: 1) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Rebooting for errata update" 2) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 12.2] # fetch https://security.FreeBSD.org/patches/EN-20:22/callout.12.2.patch # fetch https://security.FreeBSD.org/patches/EN-20:22/callout.12.2.patch.asc # gpg --verify callout.12.2.patch.asc [FreeBSD 12.1] # fetch https://security.FreeBSD.org/patches/EN-20:22/callout.12.1.patch # fetch https://security.FreeBSD.org/patches/EN-20:22/callout.12.1.patch.asc # gpg --verify callout.12.1.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/12/ r368057 releng/12.2/ r368254 releng/12.1/ r368254 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl/GndVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n 5cJUHxAAg1Mw+GeweWrKv/qaDymHW6YTGF8/y1qJ9YQKhVZ4QCtFMX2E467Slh35 sVOtfVsfUxKmwsKfdEM93sw9uSjj6///TodhF9vJMKGk/uVpF+PHrnFLtD+2VONs jhAtH1R5tatIQEZeijaGBGizxXQRN2y2PqUQfKBNIqO5u06rG3KonNI+Cx1TGKm1 4R0ua06s0i2WpTsdW6AMszJqD3WbvlV7W5aM5pRfWtGM/OFksBKp/ScJ4J/MdOhh 11g4RsbvPvxGwBMad32TDV9Npjmkcjy65Ro92RUHAkDOT9Eftt18w1JYNaOxl+/p fcS7cLBjdXJgvARJ57turXEiQT03SemG7yu9mr3SB//2Kh/RNVE5KFZev+i1kZOe 98NS8+AYNyN3ovg5ceESuXBpVM+T+mFMu6NLfNFSfgfd0OneNSiiB0uDt2B07TWN LM0bz3vrq91GSnf7EZWppx/f3e8wIT0lBXcpJMJo9T56096ewoPMx9C5/RNqcrpL LskXRnwi8od0o8nw7nDWYlIGiAfWkwzXm5slvKA0v2c9qVsyB7OWtGtS+YonOb4c Eyc5b14MoRb9Y4J/fZHm3gWDVP9OQDWxyRTXvLZq8QCYmOYFoXspIM6kM5geOIZH S/X3Xl671coCtCJcQVQJShMwgEcEeUCtJcKEOJ+gC3f60E0aLS0= =l7SY -----END PGP SIGNATURE----- From owner-freebsd-announce@freebsd.org Tue Dec 1 20:46:20 2020 Return-Path: Delivered-To: freebsd-announce@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7E9DA4B3F2E for ; Tue, 1 Dec 2020 20:46:20 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4ClvJr1rb7z4rXW; Tue, 1 Dec 2020 20:46:20 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1606855580; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=IMIJOufek76V8YCbotU5h/Bo4o+QsmBS04nQLNmPPu8=; b=RbvJIUagXPFjKXkJHR77sZYQKeGIWZwEEr4Onivs7JXVJcMs24F+S7n4Ef9W8d23kPKY4J VDD6+PYtHEyfZ/dhL20LX/6BxtD3qwv5OWWeFokUdOSOs+HhvEIHy/QEa/ZcCPHFxiqq4N ro5k9KDZDZ3G8Rbi75YHVqrcrXFS4tBsHEk6PSTETJ+438JYFbrKxISD4ch51PKL/xhQsW FvU5bXTWNMNG0sDRDB842o/OvyzkP0/a5aT5S94pTFnp/YvYhJqcPO0OEHc5Xh6krQi98S UF5MLSifmh/lgvQvSftXkA75U216NsoNITyzv2b5m5ZnKJf85LQpPAibshHcLw== Received: by freefall.freebsd.org (Postfix, from userid 945) id ECA2919D9C; Tue, 1 Dec 2020 20:46:19 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20201201204619.ECA2919D9C@freefall.freebsd.org> Date: Tue, 1 Dec 2020 20:46:19 +0000 (UTC) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1606855580; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=IMIJOufek76V8YCbotU5h/Bo4o+QsmBS04nQLNmPPu8=; b=fiCzb4eK6Cn0V9AQUP4OGaypfQQvF+yMghkRZrAVsso5yybwIcG39hpoUUaJbHnwl/GMKt U9jEkn68s/VTy8cOkiAimyzNlQ8hryZ7DI8xN2Fbl7ctnEGnrCHLOeKngac+AG32W0Y3bL HGsAC8iYvbL0kuyBPYWZUTZmZd8TB9sbCmDZR+vb18fj8ZKsMUQkrDaDMuCej/CcRpPgRw 8QtgKM6dswC9FgZZh9VtPVQH3sD2O0ebEd1//4dtobFcg+cG4jqMtcGZ4Qwz3r4f18AS0E 9ld9Em3uFFuq4mXVdezO4z+N/SSfvgsoVB3qBwBls07fFs2mXacH+tN8SThU4g== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1606855580; a=rsa-sha256; cv=none; b=NxHnqMNXIzNBV4yvcm+0qQCO1cVQZgZcpoVGxdt2rMzo4Wx/bLqZa0uep9igxsGNz0ybuM g5rxZ+rRXRbtw07JeCxXERFy7dvr8dPaC0SiiBNylXm0PteZRVefSPM4KwwKuBvIEnAaFp Ky4IT3R5X3lRsap01i109lwCNJJ5xa5EbO0hZkmZXM0YLJ4Cx9zVZuJNZyYVXYkdtnz5LP bytWzSYlzVOiCQamu8RGEiPxIDHbIre4dizpdbStqxJKGP/K/UZclPtJJgMnZJwhNSranc j2/0Ice0zLaEIhSvN9j8ZJI/oPJs+3AY/UK1eLXDewLTONZfDEmGgU6yuu1sgg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-20:31.icmp6 X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.34 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Dec 2020 20:46:20 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-20:31.icmp6 Security Advisory The FreeBSD Project Topic: ICMPv6 use-after-free in error message handling Category: core Module: icmp6 Announced: 2020-12-01 Credits: Maxime Villard Affects: All supported versions of FreeBSD. Corrected: 2020-11-05 22:41:54 UTC (stable/12, 12.2-STABLE) 2020-12-01 19:38:52 UTC (releng/12.2, 12.2-RELEASE-p1) 2020-12-01 19:38:52 UTC (releng/12.1, 12.1-RELEASE-p11) 2020-12-01 03:07:26 UTC (stable/11, 11.4-STABLE) 2020-12-01 19:38:52 UTC (releng/11.4, 11.4-RELEASE-p5) CVE Name: CVE-2020-7469 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background ICMPv6 is the ICMP protocol for IPv6. It is used to transmit informational and error messages between IPv6 hosts. II. Problem Description When an ICMPv6 error message is received, the FreeBSD ICMPv6 stack may extract information from the message to hand to upper-layer protocols. As a part of this operation, it may parse IPv6 header options from a packet embedded in the ICMPv6 message. The handler for a routing option caches a pointer into the packet buffer holding the ICMPv6 message. However, when processing subsequent options the packet buffer may be freed, rendering the cached pointer invalid. The network stack may later dereference the pointer, potentially triggering a use-after-free. III. Impact A remote host may be able to trigger a read of freed kernel memory. This may trigger a kernel panic if the address had been unmapped. IV. Workaround Systems with IPv6 disabled are not affected. No workaround is available except to disable IPv6 on the system's network interfaces. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date and reboot. Perform one of the following: 1) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Rebooting for a security update" 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 12.2] # fetch https://security.FreeBSD.org/patches/SA-20:31/icmp6.12.2.patch # fetch https://security.FreeBSD.org/patches/SA-20:31/icmp6.12.2.patch.asc # gpg --verify icmp6.12.2.patch.asc [FreeBSD 12.1] # fetch https://security.FreeBSD.org/patches/SA-20:31/icmp6.12.1.patch # fetch https://security.FreeBSD.org/patches/SA-20:31/icmp6.12.1.patch.asc # gpg --verify icmp6.12.1.patch.asc [FreeBSD 11.4] # fetch https://security.FreeBSD.org/patches/SA-20:31/icmp6.11.4.patch # fetch https://security.FreeBSD.org/patches/SA-20:31/icmp6.11.4.patch.asc # gpg --verify icmp6.11.4.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/12/ r367402 releng/12.2/ r368255 releng/12.1/ r368255 stable/11/ r368202 releng/11.4/ r368255 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl/GndVfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n 5cIE8g//d4TXo4cXH4H0k6Et5lCoKz7R+x/wE6EuTymvKOiYyvwGwk3TZnLwhSSr +FmwYMa0nQfHl3JdbUFYcQdA8Q/mvh0OZf55icRRHwchA+V9ENzuN8DqP1FPbL09 Ar3Q7osE2LyblTX9vOF0KYNWT+OmUZE5BDHEJ+OD5TKV2xWMkrksVOylXdKKgNyK Umc3uccud3nvBlrIeP5SiNewCP06/SEZkSovFI1QKCVJGs4hCO97Es0RWiY9MkPG JcUOdCsYVrvfcWNeRkcAqnH/vgWQYBumSW15ldNGIrMaUAi0DiDTisFIifPI1z8T j+WmxN2IGvjYQzLBLhpJqq9Ox1OUD2R6Q0YSsndMHgf2bo1HheVUtQlBPMOq/V/8 I74Ppu2NPxdh2ocUzk60XaNZ2PuZhqkDMOLqZLcKNEe7m94ImzfNxtDGyRkEwpbw /Vu4ysFrHQR4derU3c9TV+LJwCYaoNw//0WKpcycnqfvb/y5dWgOc3sBf5zwiuRL NNwRnnRK/gaGoigJxm/Ev2SNsJDLs0g7IuscwYPRtadi1eUTeKeJFg3yvSVTYRov tGPIhWYmWvOmKSg8ZGIAnTcXeNleyymw+vi6l0gHtwcLJ0AjdbVEWZ3FCy7XvD3c yRbkJ4ORllto95caGGtzHDj0CMShYaOMNhrf+QrEYDRMB8jfXh0= =a0pv -----END PGP SIGNATURE----- From owner-freebsd-announce@freebsd.org Tue Dec 1 20:46:26 2020 Return-Path: Delivered-To: freebsd-announce@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C60934B3E7E for ; Tue, 1 Dec 2020 20:46:26 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4ClvJy1D1gz4rpP; Tue, 1 Dec 2020 20:46:26 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1606855586; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=JecEU+GZSyw3kHglCi811M8VH/1sAzLPef9mhlPmRfo=; b=Fn/b9hqutF/5gJ0XVwNqb/7NfinpMNeQya9sC98Pw07nify08Wh2OKrJKrmAJqNvcn/2E7 LPCOPJT2vD+c8a2u6SixQEnppBxl3AXwoQOSLxP0aIaFSj7MWHZPn2jEwETXb1QYSbTGk0 Zii9r4P3tA9ySjPEb+BcWVHn67oMaxIuUrDJuXPnWA6NTF5twza63QWn2W2TClxYiYs0Bt ZAtyxMTG5duSCEfgkOv0rJ1NhAfz9KMQsUxFVuXHLtQyrOdOEmE2mITqXUCqMsx2sKBiow CIrmAUiuA+dO+nK9hI0TOYZ5KSDMuadOzx/6XUa6g1GtTkTTI7K3JFRAdphJkA== Received: by freefall.freebsd.org (Postfix, from userid 945) id 883FE19C65; Tue, 1 Dec 2020 20:46:25 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20201201204625.883FE19C65@freefall.freebsd.org> Date: Tue, 1 Dec 2020 20:46:25 +0000 (UTC) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1606855586; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=JecEU+GZSyw3kHglCi811M8VH/1sAzLPef9mhlPmRfo=; b=BO7C8It4oZc9L9mrOJsh4rgeBS8UQ/+ZNzKyU2bJt0SIW4KBPclN/pLj9BDZdqT8W8UDuF /z/PiDYZOXOp7RXp3HKRuSguv3ICdZI3qESSchbAXstDNjfJnW2p1je2axF3DIF5wVzNh0 4l8kcY6543o8LaME6EKsc6YgHIhhbBUPqmgCpZ20FgV5yt49tnX6jxOXxMAxVsmHf8AtMk kKbGH9nPk6NI29WoJbx42Gmc2qGvqpQ83zsmjjzxIWA+KD30K/gVOuvx9zg10jC7TQKyOX mjb2MJeFtrtldlCTaQf7+ZD01DgrxZVOz10AApQrWZXjMWlKAX4YehwrbfJQyA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1606855586; a=rsa-sha256; cv=none; b=Y30++an0JPz9v54uiX3LGbBwE+lpPyPxm92kh7gM3VnYqiNfE7lA4gooRNiZGcrMALn1BI mG/QObhuoshRq2swXsVWFhW3zWrB5Kwcd90sLE71Dlcfvz92ld0nJlitY0DouVNJza9d+/ CrHNKnNtmaICqee90Yx6ntPZMcAZmcySObELd3twS5obatC767ZoC5vYRHVPG4T0P/DXFC 3NjAewWSA0uGH/qSH8zIhyPnQkGS62ork7BCKS1rSzlV2z2+HRio8ycq/ZdvehebAADTcQ SNSayfzWpJDVAveBbc+8n606pQuquE0yzwgjEU5K/SfA3KVAfMFqihJvz1XFVQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-20:32.rtsold X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.34 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Dec 2020 20:46:27 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-20:32.rtsold Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities in rtsold Category: core Module: rtsold Announced: 2020-12-01 Credits: Quarkslab Vulnerability Reports Affects: All supported versions of FreeBSD Corrected: 2020-12-01 19:35:48 UTC (stable/12, 12.2-STABLE) 2020-12-01 19:39:44 UTC (releng/12.2, 12.2-RELEASE-p1) 2020-12-01 19:39:44 UTC (releng/12.1, 12.1-RELEASE-p11) 2020-12-01 19:36:37 UTC (stable/11, 11.4-STABLE) 2020-12-01 19:39:44 UTC (releng/11.4, 11.4-RELEASE-p5) CVE Name: CVE-2020-25577 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background As part of the stateless address autoconfiguration (SLAAC) mechanism, IPv6 routers periodically broadcast router advertisement messages on attached networks to inform hosts of the correct network prefix, router address and MTU, as well as additional network parameters such as the DNS servers (RDNSS), DNS search list (DNSSL) and whether a stateful configuration service is available. Hosts that have recently joined the network can broadcast a router solicitation message to solicit an immediate advertisement instead of waiting for the next periodic advertisement. The router solicitation daemon, rtsold(8), broadcasts router solicitation messages at startup or when the state of an interface changes from passive to active. Incoming router advertisement messages are first processed by the kernel and then passed on to rtsold(8), which handles the DNS and stateful configuration options. II. Problem Description Two bugs exist in rtsold(8)'s RDNSS and DNSSL option handling. First, rtsold(8) failed to perform sufficient bounds checking on the extent of the option. In particular, it does not verify that the option does not extend past the end of the received packet before processing its contents. The kernel currently ignores such malformed packets but still passes them to userspace programs. Second, when processing a DNSSL option, rtsold(8) decodes domain name labels per an encoding specified in RFC 1035 in which the first octet of each label contains the label's length. rtsold(8) did not validate label lengths correctly and could overflow the destination buffer. III. Impact It is believed that these bugs could be exploited to gain remote code execution within the rtsold(8) daemon, which runs as root. Note that rtsold(8) only processes messages received from hosts attached to the same physical link as the interface(s) on which rtsold(8) is listening. In FreeBSD 12.2 rtsold(8) runs in a Capsicum sandbox, limiting the scope of a compromised rtsold(8) process. IV. Workaround No workaround is available, but systems that do not run rtsold(8) are not affected. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Perform one of the following: 1) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-20:32/rtsold.patch # fetch https://security.FreeBSD.org/patches/SA-20:32/rtsold.patch.asc # gpg --verify rtsold.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart the applicable daemons, or reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/12/ r368250 releng/12.2/ r368256 releng/12.1/ r368256 stable/11/ r368253 releng/11.4/ r368256 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl/GndZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n 5cIUXQ/+K/FAB22beBBiOUDaRMF0n4a/umwvwX2BAy7PsLIzRcYL8ydhvTWPXQnU KssmRoi0eobczpIYgIqTDNDTI46UErEvfoCBTIiY+uedER77FKxesfnO/9S3owvh 8uP+WCMzZXRfNvIYqEsK43ipm3LL4rDfUNLEdeFj0bLlwEwiTJaXsdLayJ3KpanN A3ykePDXnQD41BcDcotvzSV6r7o5dbCILI4K4zEOSCAXBP1Du16J/K/aHOWahJ20 Ex6YFg0llH3VkAVE9iGdHLGFqakjobUhm+LzV9ShAkXZqZs3Hx+p8dfM4w7aicCM f6Nn0rLlb4ZdSmMnbsexoZZwO0v2dQNHd1EEtQD6zjJfey1auJKJLTcLoWXH+3mm w5eOjjmqdOkab0h224q8jidhgyUm1c8By5H5aZ79y5SpRG0mfuS82Z6uIAf0KKZ3 uIzPswc0YtI30M638ZCKCug3gxwZu4EG7P08/Ab4B0fpyfqqLy6KVsMdH6w64R6+ 64twgiVPuM3DpokvTfdcQLp13IHeMJwkpdc/SICyg3NDAFJZMcIe6eqjko5FsNnH RSjA0SHRKyl303OLR+jUHe64m+LISyNne+fC1VoThbqQ1f5nWX9PlF4VjRu30Wz4 8VcmRCehMT1G1aIEGG74zKDeWDP6+bGeieBU7Pa/jfr/aI88Hw0= =5tIC -----END PGP SIGNATURE----- From owner-freebsd-announce@freebsd.org Wed Dec 2 06:28:53 2020 Return-Path: Delivered-To: freebsd-announce@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 37974471F80 for ; Wed, 2 Dec 2020 06:28:53 +0000 (UTC) (envelope-from wlosh@bsdimp.com) Received: from mail-qk1-x743.google.com (mail-qk1-x743.google.com [IPv6:2607:f8b0:4864:20::743]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Cm8F04n6Dz4Qtw for ; Wed, 2 Dec 2020 06:28:52 +0000 (UTC) (envelope-from wlosh@bsdimp.com) Received: by mail-qk1-x743.google.com with SMTP id n132so346788qke.1 for ; Tue, 01 Dec 2020 22:28:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bsdimp-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=UiFQ/CpjIlEaM2mQ/W7MtR60W2Zw/5s/Cim6NeOp/JY=; b=d3xlHPAdSBu+Kqu/Hl+NWJ4L/6bklEfs6F29HaMF62+Z7UF3p9e3Uw2bLOm0yiSapV ST0MrKqZNhOYqVS9692hNmitmjtyRUTpJJ9YhKqwGedg+XROfE0/VrDF6R0YD6JJox1Y APosPmCHT5qBnMOpAMPBO6wilQns7h0QmAeKHxwuJ37VAhglZqhpgovuPwzV9si9GPBI DlaxDBoyK7jto1sK8UVUV4OarN8V3AvlfQX4FYriCCEM5wz1Ro3GJKkiLzLb5z5Uw/vC 7s39Z289+AFUOGVa5rs7bFD4cJrzNiHBz6Q+GC74e1FmK/bp3Oxf6kooiD8Zq3ymSzOw KPjw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=UiFQ/CpjIlEaM2mQ/W7MtR60W2Zw/5s/Cim6NeOp/JY=; b=qKV3m7AXxe6XRl4yrJCq22QoyfZtsuCBkRn9zT7yRovCjDh1RRxO9xtlWUwy/G/PO6 30V0CFcBaQn+aiqFD4++A7HsmUAvOOkwaIniDTcfqbbhYmjabxtSY8zID0AytWst5D/f Wk/RXd5/qkA/d/kAeIvvwl1Nt0bkgBcCMRCN0trDyrde+7y9oKJ8E7C41uMZALms35hA 9qBiuO7Dr6rkb9fcqgE1rdgPPCke0uqdrVqtlSdvFe4fPXtGohi8CMvrdTg1dm6a58th aYJZPx45hbIBs0oDgFZisztTwPDxsuUxJJZlZkyfjJrZ8+tlPD6pPKxOwGJ5z7g7MjO+ UQhw== X-Gm-Message-State: AOAM5311mckZf/8Ab1PrTmtULJnZJW0aJvt0yWkBB8zuhY57ktCXHtrz fuCPPCIbaiRBRSRF7V0CUYz71Vx0sjlJdmLwJd5nHw== X-Google-Smtp-Source: ABdhPJzLIU7YpOKAxwE9bXchC3n6BPEmjhO5MtnEji0PVpYRZNGb7XnMvZJxiPBjDUl3ox/fPFcDjG0lQM9xMdqYPMA= X-Received: by 2002:a05:620a:88e:: with SMTP id b14mr1104455qka.195.1606890531570; Tue, 01 Dec 2020 22:28:51 -0800 (PST) MIME-Version: 1.0 From: Warner Losh Date: Tue, 1 Dec 2020 23:28:40 -0700 Message-ID: To: freebsd-doc@freebsd.org, freebsd-announce@freebsd.org X-Rspamd-Queue-Id: 4Cm8F04n6Dz4Qtw X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=bsdimp-com.20150623.gappssmtp.com header.s=20150623 header.b=d3xlHPAd; dmarc=none; spf=none (mx1.freebsd.org: domain of wlosh@bsdimp.com has no SPF policy when checking 2607:f8b0:4864:20::743) smtp.mailfrom=wlosh@bsdimp.com X-Spamd-Result: default: False [-3.00 / 15.00]; ARC_NA(0.00)[]; MAILMAN_DEST(0.00)[freebsd-announce]; R_DKIM_ALLOW(-0.20)[bsdimp-com.20150623.gappssmtp.com:s=20150623]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-announce@freebsd.org]; DMARC_NA(0.00)[bsdimp.com]; SPAMHAUS_ZRD(0.00)[2607:f8b0:4864:20::743:from:127.0.2.255]; TO_MATCH_ENVRCPT_SOME(0.00)[]; DKIM_TRACE(0.00)[bsdimp-com.20150623.gappssmtp.com:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::743:from]; NEURAL_HAM_SHORT(-1.00)[-1.000]; R_SPF_NA(0.00)[no SPF record]; FORGED_SENDER(0.30)[imp@bsdimp.com,wlosh@bsdimp.com]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RBL_DBL_DONT_QUERY_IPS(0.00)[2607:f8b0:4864:20::743:from]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; FROM_NEQ_ENVFROM(0.00)[imp@bsdimp.com,wlosh@bsdimp.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US] X-Mailman-Approved-At: Thu, 03 Dec 2020 01:11:16 +0000 Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.34 Subject: [FreeBSD-Announce] FreeBSD-doc Subversion to Git migration X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Dec 2020 06:28:53 -0000 The FreeBSD project is pleased to announce the first transition from Subversion to Git, for the doc repository. We will begin the migration sometime on December 5th and hope to be completed by December 8th. Please see https://github.com/bsdimp/freebsd-git-docs/blob/main/doc-cutover-schedule.md for a detailed schedule. Once this conversion is complete, Subversion will become read-only with no further updates to the doc tree. If you are fetching our documentation from source control, you will need to switch to the new git repository at the URL listed at https://github.com/bsdimp/freebsd-git-docs/blob/main/doc-cvt.md at the top. Prior to the cutover, the Subversion repository will be mirrored there. Please see http://github.com/bsdimp/freebsd-git-docs for documentation on this and other upcoming migrations. The FreeBSD handbook and website will update from the appropriate repository, and will be unaffected by this change over. As part of this conversion, we will be hosting office hours this Thursday 18:00 UTC, and at additional times in the future. For details please see https://wiki.freebsd.org/OfficeHours. In addition, we will be monitoring #gitcvt on EFnet (irc.efnet.org) and #git on the unofficial FreeBSD Discord server (https://discord.gg/WKEKSPtJGp) for people encountering problems during and after the cutover. For the history about this transition, please see the git@freebsd.org archives at https://lists.freebsd.org/pipermail/freebsd-git/. Warner Losh and Ed Maste, on behalf of the git conversion working group.