From owner-freebsd-announce@freebsd.org Tue Aug 24 20:51:54 2021 Return-Path: Delivered-To: freebsd-announce@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C4CEF6602F1 for ; Tue, 24 Aug 2021 20:51:54 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4GvLrV3Jv3z4pfX; Tue, 24 Aug 2021 20:51:54 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1629838314; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=vLd7iWWm5N10XpumPcFobVp07EBNwHoU+29xDeQmDJk=; b=fMCqQoF93BklWFD/W7Nlu+BVn/cuVAaDk870rHanX55Alhzz4lG16X2XXutJ26/T5n7AoC PVQLkvQ3Izi32PFT9/7mDmkoKJUEDkBDbgcpPbpMamalkIi9mFJtTWz7S7tAm3ZLbvYy5S igMGgGQUqKEFX448vah5l6FiIVBofP+s/LqZ44wXdGLls9ka8xYetssQgyA6hbhbwZKCYD HmmJHiH/ZqgEl0ra358ouPHEaCOOOUDknpHRbF1aiS3wI1a9NTwDNpfoCIb6C1Fqy1mLMa n2mC2yccfvsZbWCkgwHoz5qXwSP5rbfyd9T4Ulk0qGCfV6hFCN2GDrrYtOVkzQ== Received: by freefall.freebsd.org (Postfix, from userid 945) id 5585F734A; Tue, 24 Aug 2021 20:51:54 +0000 (UTC) From: FreeBSD Errata Notices To: FreeBSD Errata Notices Reply-To: freebsd-stable@freebsd.org Precedence: bulk Message-Id: <20210824205154.5585F734A@freefall.freebsd.org> Date: Tue, 24 Aug 2021 20:51:54 +0000 (UTC) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1629838314; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=vLd7iWWm5N10XpumPcFobVp07EBNwHoU+29xDeQmDJk=; b=sJFd7OB94v/NCFW70vdaohCB6hZ62n76YaqjR/IEPfCukSD/xfLp2H929LUTd2JMiTq33d aY37B7C8e7KMv0y9vlqyxoq4s7AeHBTkWNG+yYi6NQDAz6Hl9ucqbEUZOGM4mN2vQEWwDZ QPY39QRWaejstm27w/Tu6L7LUIpgeDKtDeOI1yAIv/vZ8yytRX3JEqTeZzf1qU78C1cp0H SMro8mrqTub7L1p5K/R5qxEDBoVQ7HOJnN10IDunatuTJaoIRwBkKuYOMgJEATHq5iSr+x Iuyqyn65GncVksXPmP54oK4uNyn5ynMLbYTY/JfeCEk//0Ka87viKGQpQVMJHw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1629838314; a=rsa-sha256; cv=none; b=pm85jh6/nUiTvjyLiy48Z66tkfKrM645vF0rF6/wTOhYfgWYMGPq3Lm79tYlS1/0jT6Gbu DTXh8fnHSGi6IThyJ44YpGBaShq2b9BgwdHqrmSoGu7Amn0xPTD8kVdbwcDJMpcBsfYYy0 Gc+UjeBXfrBJJaP9mHMTNM5hEXJUNvwhyroy/iLIokytjTX2GD4UWDBoL3RcyaygMf2G4C 7PBgqvTMdrIgoAV2Y2+Pc5CPRjLU+11sagwrQXlfZbZU9UzokO7NOH5k2Qrs8Ga/uAgC6V wHibqTEEZo5/u9BxkKN8QL+27Gv1K+I78zBUTAlUVyoaSxzR2wfGja1UcZ8OZw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-21:23.virtio_blk X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.34 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Aug 2021 20:51:54 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-21:23.virtio_blk Errata Notice The FreeBSD Project Topic: virtio_blk(4) fails to attach on some hypervisors Category: core Module: virtio_blk Announced: 2021-08-24 Affects: FreeBSD 13.0 Corrected: 2021-06-28 15:16:29 UTC (stable/13, 13.0-STABLE) 2021-08-24 16:36:55 UTC (releng/13.0, 13.0-RELEASE-p4) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background VirtIO is a specification for para-virtualized I/O in a virtual machine (VM). It defines an interface for efficient I/O between the hypervisor and VM. virtio_blk(4) is a driver handling VirtIO block devices. II. Problem Description The virtio_blk(4) driver sends commands to the host to query disk identifiers before acknowledging to the host that the driver is ready. III. Impact Affected versions of FreeBSD will not boot under some hypervisors, or under the presence of modern and non-transitional VirtIO block devices. IV. Workaround No workaround is available. FreeBSD running in QEMU emulator is not affected by this issue. V. Solution Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date and reboot. Perform one of the following: 1) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64, i386, or (on FreeBSD 13 and later) arm64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Rebooting for an erratum update" 2) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-21:23/virtio_blk.patch # fetch https://security.FreeBSD.org/patches/EN-21:23/virtio_blk.patch.asc # gpg --verify virtio_blk.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details This issue is corrected by the corresponding Git commit hash or Subversion revision number in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/13/ 6fd5a4a6f3ac stable/13-n246114 releng/13.0/ f66e34809906 releng/13.0-n244753 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmElV04ACgkQ05eS9J6n 5cK9NQ//cT8k06JwzqJ1rh09OK/XM9GWxXDuI/YHV4bQ8zc15aSM+PoS2FHgpcDy BaoyDBp1pFgvx/QxbWdHUYam1SZac3vqbe7qfw/QKQopC8sjgdbqTxcCPmk8qh/r upfqaLmtlxYBxxKEPtr1DUVUzt+qqT6jWK6cCR6KjXKFGQNh0DiYGopmiwPbQzYQ s2nLnQqX5UwgSLNPgY95Aam1RsKiQcSgPkegmKvbhHdgYoal7EDJ8htMnSHBYkhV K/tQ98572xKwpywpQEXvDehaGgov7XQellvA9LchKnONfrRDu23I3Ud7WmA/APwk YFRQs6S2kQGjmUIOLYb+Ey+xROOSmiIePA7e1/hVOtdkhkaeUNqXbBVyQKmHBv6k oipHzgnDQ87wlCV9NT77TevvGc7uzJ4iI9nwvecnLDeLEL8Fuuy7QaBd3KGgbEaN p2C4jBWkfjppvNovR4bCIj6uhgwKuxR6m/IH9oM38I/vtIsr03/ozX6fJT5SGrk3 XbxhXC7suolWZcKKlIQc+ReZnHOrR/4p1sHG3DcKYzP3Y9NjBUYwR+uf6WCB+v+y /jADR/Co88bEkKTK7Dexfz8cK9QQO8NvK6jkNkx7Q46ZagHgQaNVYKASsYeLcW13 ns3qKL8E7lOgJtcSX+1l39iJ9nYGdERMP7BwkuFO3iSAQP5e1mM= =Cc2A -----END PGP SIGNATURE----- From owner-freebsd-announce@freebsd.org Tue Aug 24 20:51:59 2021 Return-Path: Delivered-To: freebsd-announce@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 28AC866072C for ; Tue, 24 Aug 2021 20:51:59 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4GvLrb0kfXz4pfj; Tue, 24 Aug 2021 20:51:59 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1629838319; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=CfeQm8CFTwisnDDrVYzGkQmJZ2o+oG9sF7EV4+9ZHz8=; b=vZ/ZHXKWzMQBKel9RESPo7UUv7k0DG0MNvQdiVlkZSVC22I3rEGpT8q3NMBvCfer/llAul wuml+FL3NxfVpfyHzq9MmF8vpEX3C7vu59F+VyNz5gTPZx3w+QNnghZ93z//y4CIyj6gnf if9LGvrK8RSsdV8Sh4nVYod1C1Ti7x3h24L+eIxwztm9J8TnO8DosDXhv7rs5aDvtfpxx3 K3yxRIvJY9/0t/EL14l2QDmTR4oFLPKARmAKe8wuG+k3gSbnwswrOIxORs1nQiXa5dlZiZ Z+4UYJq+mMCH5duIHNTd+Y315ADPhg0BSIDOgNF5o0Fsqc2E5Ak9i2Q20pyRyg== Received: by freefall.freebsd.org (Postfix, from userid 945) id F004D742D; Tue, 24 Aug 2021 20:51:58 +0000 (UTC) From: FreeBSD Errata Notices To: FreeBSD Errata Notices Reply-To: freebsd-stable@freebsd.org Precedence: bulk Message-Id: <20210824205158.F004D742D@freefall.freebsd.org> Date: Tue, 24 Aug 2021 20:51:58 +0000 (UTC) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1629838319; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=CfeQm8CFTwisnDDrVYzGkQmJZ2o+oG9sF7EV4+9ZHz8=; b=jATTe7+cQVrCFcxvhYLjR8p4GUfBJ8xFCe3hkkLzyPyQYXOLP0sYcXlcqIElFs3QvbWHLw ij3YERUNo/wdT/a0QPOJRRi1bkLLPbHCyDju9dnsF36Cy/B4GUCOj8LEp/RNK1ik0Nhfau sq5u7o+4RqkEwaDg0Gqx1trHc6FoHvJbWCElUosxRi3C66rnjF+zYszWXx6Ks29M9Ppd1p LMr28HZa7NrwA/1Da/ySIKLLnA++e9b3NkmIr5k0ReYgj943lB3puAHAvwlE3+FsKnpi3+ EYlOoZSFRLaQ1Jaw/ZeBxqB5lrEgb7iAkuxBxtXM3NlCOcs/LFIPOxcbEH7vRw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1629838319; a=rsa-sha256; cv=none; b=hLjY7/Cgagl6vDQsICQfjd1xIxYf0OX3KsonjZGKtvmLw4rurJq1RoADfvbGFIzQeeIHQP qlPYXRbqWayOKjX2UWTXDL26gQ56QDySI+LQtds++QhDD3jVCxr08dRRi7K6bSp9RrBJ3V a69Mc+fZy9iZVSIeOWjqvy+0d5sooZNQlAOUWlAUWQZO+9YjgPoAxUU0hT6zSCqB4y+cxQ Evkn+uKIgeIhbdsvo09dgzibfidpJb4US2PoS/3aXrneDRk6eR0GEdcCRUVxBD12fJF5rh FAYQpgUMlc7DXy8GQbz8AQZQJn+EBEg+vRvrVwchpHl6Hpmh0hVN1YG6IN268Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-21:24.libcrypto X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.34 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Aug 2021 20:51:59 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-21:24.libcrypto Errata Notice The FreeBSD Project Topic: OpenSSL 1.1.1e API functions not exported Category: core Module: libcrypto Announced: 2021-08-24 Affects: FreeBSD 12.2 and later. Corrected: 2021-06-09 21:53:42 UTC (stable/13, 13.0-STABLE) 2021-08-24 17:25:47 UTC (releng/13.0, 13.0-RELEASE-p4) 2021-06-09 21:54:13 UTC (stable/12, 12.2-STABLE) 2021-08-24 18:32:08 UTC (releng/12.2, 12.2-RELEASE-p10) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background libcrypto is part of the OpenSSL distribution and provides APIs to various low-level cryptographic services. II. Problem Description New API functions added in OpenSSL 1.1.1e and later were not publicly exported to applications. III. Impact Applications trying to use new API functions added in OpenSSL 1.1.1e or later would fail to build with a link error. IV. Workaround No workaround is available. However, the APIs added in OpenSSL 1.1.1e and later are obscure and not used by many applications. In particular, none of the affected APIs are used by applications using libssl from OpenSSL for Transport Layer Security (TLS). V. Solution Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Perform one of the following: 1) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64, i386, or (on FreeBSD 13 and later) arm64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 2) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-21:17/libcrypto.patch # fetch https://security.FreeBSD.org/patches/EN-21:17/libcrypto.patch.asc # gpg --verify libcrypto.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . VI. Correction details This issue is corrected by the corresponding Git commit hash or Subversion revision number in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/13/ f8edb3f9c725 stable/13-n245963 releng/13.0/ 3ef67fed446a releng/13.0-n244754 stable/12/ r369974 releng/12.2/ r370391 - ------------------------------------------------------------------------- For FreeBSD 13 and later: Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD For FreeBSD 12 and earlier: Run the following command to see which files were modified by a particular revision, replacing NNNNNN with the revision number: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmElV10ACgkQ05eS9J6n 5cLiZxAAlg4s2mnbSDWTcyyDFSiriek2RFyqT6SR0FkHAod+zYzIrZNfLGM5431N 0Wr15eSkLqUKpbG88eE44N3aqVQSDnhmgGw5R4v+n//y4M8YywiW78inIB09Wpvl XvfckpBgj8hAHvh2P54nP52m5Vxo0/WUHCNXi7VQFfjWyFxwUxcUnlumC/CpEqGI GWNB9ZzVg9x7U7ykDd+MtRFRoURYHzZyTUlfpcJD0eS9bWi4JzYWmJElkwehSvI2 Ey0Mf2ynslbhEmUlFrnBRMmFVg1D12aVQApfn69+AB2twYyScjZXMoz6P1vwAEmg wrNE1yVb27MB1MK9+t6yuRVgd/S7BFrQ7NLnl/jOa21eAHBE1Ac21BvifrYiJr3I D2BH859RxUXzer/MU1vGGoTdZkujubaDsVWJqobFcnHC+flnfkzTLNiJxT65eI7n fqwz1UoeHdeDs6hpkGH5uecsae3GOZSNW307eEvJKeQg6JbzaREKh4cth+0fCA32 xzxVD4BiMgjdCkRe0mESQUSrW3jsHqNm0L721iY71TqF4/FRylkvHIseIljEW1cp zmt37+buvEtHuYHsmhNRvdJLJVPRnA6Lhn+VQ0IKObZW5WVxo3dbqSITPg/SuzLu CWjUVXb3uUFc1xM3CtSQL+6k3cy6EYIw713rbrq+hApnCEf2/UE= =T9UL -----END PGP SIGNATURE----- From owner-freebsd-announce@freebsd.org Tue Aug 24 20:52:06 2021 Return-Path: Delivered-To: freebsd-announce@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 38E2165FEE1 for ; Tue, 24 Aug 2021 20:52:06 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4GvLrk0zTWz4pj4; Tue, 24 Aug 2021 20:52:06 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1629838326; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=fmji6Zw0HJzcIWxughKsEzc22nxQJDiBpRQC6muwWVY=; b=nOoX8mC37ZtZrsuNzhcPUY+4Hr6FA3K3gqVMz2K6w7vogVdGDUGF2RkuY1XSv1q6WA6hJl N7wykRgifwg0liVo+z2soQWJrccrRmHwRu/G3fdHxjohqR005aCUbqHy/23sLd+4nK9aAW 9T0W0UT8qyhqadrnLdhak6hobJjfSVZ37zKYJWPzb1SV68FDaSHv65JU4qDOSXdTnLs0Cw sowColxojOKwLZfQKekqBVyFQGu+AkFVsbf499JQ1RnafMRabOVqSsn4LQEQZEC8BzxnSE oe03KrbkxElNnVyUldnRbhqlYY3Di0rRpfgw12zJ4DfZF2b4lqmHOGpEws/4WA== Received: by freefall.freebsd.org (Postfix, from userid 945) id 0FA927510; Tue, 24 Aug 2021 20:52:06 +0000 (UTC) From: FreeBSD Errata Notices To: FreeBSD Errata Notices Reply-To: freebsd-stable@freebsd.org Precedence: bulk Message-Id: <20210824205206.0FA927510@freefall.freebsd.org> Date: Tue, 24 Aug 2021 20:52:06 +0000 (UTC) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1629838326; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=fmji6Zw0HJzcIWxughKsEzc22nxQJDiBpRQC6muwWVY=; b=wBZ4OiFjrCkmhZ+ppm18cLmxGiiZN5SuMsT0pFo4J+KS9Qh5bMOLCAFLBiOQZyKzFyBfsb S41j1qvAIURAZn/JU3EG79cmg2qHNkhkVqWYU3v3zbxjs+ZKrNQnctrEu65o/WqfYXrDvF 0VLSI3eTDYDeh39m2BFun5OMmLmS/skAnRzwtDfHKs0oOJoiLT+CQijX5kneOygYfirzfL VwLWzAK2UndjmOMbWeRZsu51y1vMa/NQvYrhTptPEudSLtW1Mnh3sWqf3xbdsoqXa/vB7f iBJqSZizksyk+1ymcOs5jSpS5PWcvh2/Ka/YQSEYw8J1IDOtN9+4jklaH2hcLA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1629838326; a=rsa-sha256; cv=none; b=MDCtJsEUohZ3iTy8ph+frlnMuQozrZrgCuYdRsrtoWhnb3SjEw6nvFyZKv7J+C11iEnKb5 JRgXsJJEBRvcSOuPKlBC9ENK4wBkj+ai9RlVnSjDXkaw5ql2yPMde9cEM3DF3vYRkPO5Bn e9dKB4+Z6GS+Af0U5a0OHsLx7anBU3dRTDhCKE+VYKsaJClVYEdvVuOb5wBtLbG6kquql+ k+Wir5PwfUG/V5oJwYbVzpSi1+xkMdIdkI0zpy0t5RNN/3bVcKnqrtKG2wy1XNGqKGwboT 5yT1XrmITz0XLbd6O4mgBUtOpsXdKutjbdc5HflNGy4qV+FPmu548S6HrFHKTA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-21:25.bhyve X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.34 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Aug 2021 20:52:06 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-21:25.bhyve Errata Notice The FreeBSD Project Topic: Fix NVMe iovec construction for large IOs Category: core Module: bhyve Announced: 2021-08-24 Affects: FreeBSD 12.2 and later. Corrected: 2021-07-09 14:24:14 UTC (stable/13, 13.0-STABLE) 2021-08-24 17:25:47 UTC (releng/13.0, 13.0-RELEASE-p4) 2021-07-09 14:25:45 UTC (stable/12, 12.2-STABLE) 2021-08-24 18:32:11 UTC (releng/12.2, 12.2-RELEASE-p10) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background bhyve(8) is a hypervisor that supports running a variety of guest operating systems in virtual machines. Newer UEFI code in Red Hat Enterprise Linux (RHEL) 8.4 and later (as well as applicable variants) will not boot in newly installed guests. II. Problem Description By default, NVMe data transfer operations use a scatter-gather list in which all entries point to a fixed-size memory region. For example, if the memory page size is 4KB, a 2MB IO requires 512 entries. Lists themselves are also fixed in size (default is 512 entries). Because the list size is fixed, the last entry is special. If the IO requires more than 512 entries, the last entry in the list contains the address of the next list of entries. But if the IO requires exactly 512 entries, the last entry points to data. The NVMe emulation missed this logic and unconditionally treated the last entry as a pointer to the next list. III. Impact When a RHEL 8.4 and later (or variants) are installed as guests within bhyve(8) on emulated NVMe storage, the system will not boot due to a newer UEFI driver that is included with these distributions. IV. Workaround Installation of a RHEL 8.3 guest and performing an in-place upgrade. V. Solution Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Perform one of the following: 1) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64, i386, or (on FreeBSD 13 and later) arm64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 2) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-21:25/bhyve.patch # fetch https://security.FreeBSD.org/patches/EN-21:25/bhyve.patch.asc # gpg --verify bhyve.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . VI. Correction details This issue is corrected by the corresponding Git commit hash or Subversion revision number in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/13/ a7761d19dacd stable/13-n246220 releng/13.0/ 4f590ee3ed7e releng/13.0-n244755 stable/12/ r370107 releng/12.2/ r370392 - ------------------------------------------------------------------------- For FreeBSD 13 and later: Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD For FreeBSD 12 and earlier: Run the following command to see which files were modified by a particular revision, replacing NNNNNN with the revision number: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmElV10ACgkQ05eS9J6n 5cJQ6A//ad84xTf/SfMMEqlFaQbNtuh4egvTgWRIt8JkkzpTyO+VRMhJ9pJIW0LP G23xBQYOkUjjb8WvZpQ0iP4PsMHaKzzwiVO2qUZ10IgIJbxjyIbSo/LJxFSUl50K zwuxtM2LKIc6VDasMsg5B3FkCojlZEckN4HykzK1HHV9PvwCOGMQXdFDklmdKdwx kGr4tk5r3yG3sgfY98+TdT34Y1jioWzT6LFscXfEWhQQXFa02m+AKPFsXOl+eSVt O3mgaazyTT4LWiT9ZEj9dN6yJ3aseG4bpq/FIO4bXBOU35ttdsMxtn87muDvXRE3 rYHALHYhsgpNlP1Pa0FD0/syZ8VVV+L5hQ9+n7oPlHOmMVxoDIC/TireyCNtHM0C yEPWu3rWRBsK0YTuP57ezSRnnaAXqInSmLX1IkmzBSwAoySEED8ONlypPB4qh19M oUcOE661JAWA84ZP02gZsjjRaZOihv0BVmC0RXkCSe3VGAMuxCKYSLcupwFn34pA gEe+IL6WpR2fCiR3ncLjvhZrGlBfGDEfGmTRD5ceVMLaZKly8D9IpCuXK62Gi1DA pjAHJ9T6BmWW5Cxx5eJJESuhRldREf6KAVifB8K/DtWtp2BquILWj9pd4vuUYhz9 eYva+/shAJE5PGKva9k0Erk++bE3Cephnjh9SgnWlZnoeSLcJ3k= =1wKt -----END PGP SIGNATURE----- From owner-freebsd-announce@freebsd.org Tue Aug 24 20:52:43 2021 Return-Path: Delivered-To: freebsd-announce@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2D1C0660720 for ; Tue, 24 Aug 2021 20:52:43 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4GvLsR0WBMz4pd4; Tue, 24 Aug 2021 20:52:43 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1629838363; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=Lo9tyzYaQG7I+MFFtorFKoLAxZuI3ME4f3p/xWqY7qY=; b=hBdxnE/09CBHlmcbfmzNGhysEj7/XAYrsFVEPp0NmE1031WvdT62nS0PCwfncifM37mA2x yu9rhLkw8j3e60HTnv+odYyoY+txMdv4qDhSZrEENopwnXXGhKk9kOkily3KZSHiy8hTZR if9I0KXR9/a1UyzOHl9vPlYMWhjZdr4AHmRFPjInkfCrAdNZPkr6FQruhgW78XT4cyNV4n /moE2G+uBIDtQYXic9bxy0ySzIHmCxiC2hf2xucp6gSG+Z27Q33n1RPw4k3+WgbQbS2u+i VQUTh6YOkdTdniB/cvEbsOhWiRL2M1w8fRg5m76tvXnwcWeHjsAvJMEpWsUmEw== Received: by freefall.freebsd.org (Postfix, from userid 945) id 00D9972E8; Tue, 24 Aug 2021 20:52:42 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20210824205243.00D9972E8@freefall.freebsd.org> Date: Tue, 24 Aug 2021 20:52:42 +0000 (UTC) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1629838363; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=Lo9tyzYaQG7I+MFFtorFKoLAxZuI3ME4f3p/xWqY7qY=; b=Tj/AyAOZEBctVyA1PbvrTcLdRdRfaYEsKZrKe4GlSuZcaOKPHS8ssEtIG/nuo+7FAJDRXQ NAyTtT9x2+Y8yfw97EXduJ7M8/tVDF0g4A8LUKSDQ2iEd48pj3tTz+6s8p9zFb5MGEjaez 0VeaE/9oaOSb5S80xZAM99jqsWyO94D0IIjYus1sR01TDlHQOLdHHdpfT43X78mJIUMh1g qQAc4PACQivUiMK26X9lN3wqh5+aQeCUGBKgtUs0olR6abN/MEVP4FdAFNZQNcVXU9wu0w kepNz7ZQe1S1OrwgPx6FOJFCl1fM0mm+6zNWKgKH0ExP/wwQiBNX+EO5ZL5EhQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1629838363; a=rsa-sha256; cv=none; b=ERtNY/fVwP2Wpx3eCOeY/bgE0T0W8BMRED6nz0Mp+qIPtCh5xmR5ds8JnPVfUAjUM4YrDv M6QoWaibxNPc9Yi6ZiG/A0T9rO1JmnlGSWinO7mn0f2oPt3QWJHWU1y9kNuSaqU7WGFog2 kHvLAaXOJa0xj6peF2OwbBM+W7rN1QiiqVayxeL9qUC9t5H+NxGOFmYgItl2vuldlw1mkf 5+ZCx0KZ3DbRzm4bFmBLfQeuh578XUL42J172YFlVrxK5L40upoCKXXoBDGgKGoVy3LZvw WbswB5cyOU3coOd1h3zXTK3Hsz5QLFNeO/QRFyHdZSpcwsLSgk+YHGetQ93bNg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-21:13.bhyve X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.34 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Aug 2021 20:52:43 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-21:13.bhyve Security Advisory The FreeBSD Project Topic: Missing error handling in bhyve(8) device models Category: core Module: bhyve Announced: 2021-08-24 Credits: Agustin Gianni (GitHub Security Lab) Affects: All supported versions of FreeBSD. Corrected: 2021-08-24 18:29:48 UTC (stable/13, 13.0-STABLE) 2021-08-24 17:33:35 UTC (releng/13.0, 13.0-RELEASE-p4) 2021-08-24 18:33:04 UTC (stable/12, 12.2-STABLE) 2021-08-24 18:32:13 UTC (releng/12.2, 12.2-RELEASE-p10) 2021-08-24 18:33:02 UTC (stable/11, 11.4-STABLE) 2021-08-24 18:31:27 UTC (releng/11.4, 11.4-RELEASE-p13) CVE Name: CVE-2021-29631 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background bhyve(8) is a hypervisor that supports running a variety of guest operating systems in virtual machines. It implements a number of device models using the VirtIO interface to exchange data between the guest and the host. II. Problem Description Certain VirtIO-based device models failed to handle errors when fetching I/O descriptors. Such errors could be triggered by a malicious guest. As a result, the device model code could be tricked into operating on uninitialized I/O vectors, leading to memory corruption. III. Impact A malicious guest may be able to crash the bhyve process. It may be possible to exploit the memory corruption bugs to achieve arbitrary code execution in the bhyve process. IV. Workaround No workaround is available. Virtual machines are unaffected unless they use one or more of the following device models: * virtio-console * virtio-rnd * virtio-scsi (available starting in FreeBSD 12.0) * virtio-9p (available starting in FreeBSD 13.0) V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Perform one of the following: 1) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64, i386, or (on FreeBSD 13 and later) arm64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 13.0] # fetch https://security.FreeBSD.org/patches/SA-21:13/bhyve.13.patch # fetch https://security.FreeBSD.org/patches/SA-21:13/bhyve.13.patch.asc # gpg --verify bhyve.13.patch.asc [FreeBSD 12.2] # fetch https://security.FreeBSD.org/patches/SA-21:13/bhyve.12.patch # fetch https://security.FreeBSD.org/patches/SA-21:13/bhyve.12.patch.asc # gpg --verify bhyve.12.patch.asc [FreeBSD 11.4] # fetch https://security.FreeBSD.org/patches/SA-21:13/bhyve.11.patch # fetch https://security.FreeBSD.org/patches/SA-21:13/bhyve.11.patch.asc # gpg --verify bhyve.11.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . VI. Correction details This issue is corrected by the corresponding Git commit hash or Subversion revision number in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/13/ 20f96f215562 stable/13-n246941 releng/13.0/ ec08bc89d4b3 releng/13.0-n244756 stable/12/ r370400 releng/12.2/ r370393 stable/11/ r370399 releng/11.4/ r370386 - ------------------------------------------------------------------------- For FreeBSD 13 and later: Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD For FreeBSD 12 and earlier: Run the following command to see which files were modified by a particular revision, replacing NNNNNN with the revision number: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmElV10ACgkQ05eS9J6n 5cLrsw//SuInBQjVhNXa1OkC7FcBve+vQCmgThGAxJVrFpRdHxg/q3Vfyza3/V1w FGUiPPhAsF3wYwK9UqMS5a3dOI3WbaUvH8dDeLd3BLj4AfFE3uTOFC0xzmdBQcm0 2mFbTRkL0Wqb6FpDiswdu1s9jp1JggIa+SGuajl4XaoIyM/tek3PFuEOeE2v2N7E djKciPwFnsRneFQIOTHVqa0mut5AilNI9WwKZgv3qzqQNnAasBpbiZKG/BhA2mZm GLm0NtI40BdnIW3mfGYqK3r/tXUi/tcMSHzV2NDOGToB5wHj6Ah1lQ8pUEVnLo0d TeDrioK/z53wqLhHUSsxdifST6JX0CQ2kf7qb256mE3o9brRyD2s6AM2Bld3r/ov wzPTIzIGmtaxezCJhZpEPfaul/B2mCTjWkGrxOMROAzeocrIY4pJ5cGmH8XYfGA+ WQOwe+OKHb33qak3mrgGxECv72R/h2PUH5PV14HEj+PW5S03qIHm3iisvGWo6+3C efqZ9tsiWbPvbF3CFuECOgjUIu5YDf6K83H5/Lnaw9SnANuTj8t8I1yg/RmByWlx 9ucposBVht9h9TcFKNm+REfNCaYwQ3FukfGn/s3ih/iHNcGn1rGjh1t+vN4DNnLl Ew3GTlSzJqzeO3QvstdrRDvvBNFGDZV6yyZBu3ogPaZc4WAHnHQ= =suTg -----END PGP SIGNATURE----- From owner-freebsd-announce@freebsd.org Tue Aug 24 20:52:49 2021 Return-Path: Delivered-To: freebsd-announce@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D1ED4660C30 for ; Tue, 24 Aug 2021 20:52:49 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4GvLsY41bVz4qDK; Tue, 24 Aug 2021 20:52:49 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1629838369; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=SLTFutSfddXhbGN47tHpCiqeYUNc4DsBUilA4PTzyag=; b=d1JP1UIEpfmHT8KFnxpCxGDITIX6hBfM1zIipDQ3Bk+Ec+e6vcfD5PqgQLWTBKeqtUca71 2ENdFV539pD8eog8AR0rNXemvoRq4hOkZKf3Wefqmz1gBPUeQW6xX0dmhE0SEGI+oVqElP +xY9sfDbIAlwAbhxBV9BB+9xU8u0jcS/694tZzZUtSUouEce9bDSvzVuOUR31W105j3AR9 O0KxY6YBvuaKud/QHPqeqYjTcZqJqoIW3VzUOftwHz1Riz+tMGHPOYYTUr76Ml7oWpxxac mvnrztX1xeTn67e/tiPt4O8YLCr/pQrDP+NNzotaELWeegdVv/xb8NJuXQ095A== Received: by freefall.freebsd.org (Postfix, from userid 945) id 509DC74BD; Tue, 24 Aug 2021 20:52:49 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20210824205249.509DC74BD@freefall.freebsd.org> Date: Tue, 24 Aug 2021 20:52:49 +0000 (UTC) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1629838369; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=SLTFutSfddXhbGN47tHpCiqeYUNc4DsBUilA4PTzyag=; b=T5tcbvZ1oEL3Oxak0yiKuLcifXJb7Xx8ihqaXdK/kJq5yONThL/xE01CLfg9+nSjrWfglL +lpthEceBpKlf5R3iYVYSRexemPYHwUCMCZ0mIkQs72+z+SUUA6bYPdXAVY1lKUq67L90P C5AeqJlL4ey4FnzDmgWbEUW55FXhwvwOjWprgIvaTRYatasN5bnW1TChnR6iIrar68AJYd Hr5zJiPxH2OJGQD1ilrGaYT/7MpIi8lFfTvVka8E5oddTtnbzNKVDvhIK7YWVmYq4cTEyd 6nY2SrEvBWgazVAOmrwSvzlRLyIsYbD2SjpsIwSFiFMLSrCRkadCFqqkHPv5lQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1629838369; a=rsa-sha256; cv=none; b=UmXRgxEMeaCZH9/SM/Awb8mQ0NImfPGFssSUiCC5FFbaX4+SVp4QO39ddk/MhgSPcsyrs1 gDixPX6Nd11c8JcieoS0OS8rz7hIAreoHzG+1bNtzWXd0SJeGYOqZw7vsApXmUhBiu6UyX aAZCiIzR7uExblTBg4WX7uk+jOQ8FFf7beoepnvXCqfXK6hvGUCBscBDvBr3KLEdHkZ4iQ 0Q8sqbVnSoocoHsVmAZtOxqQ9WfL3sZdcHPYSsuS19LZgJl4xYtrHOhlevvRFRj+HoCy0M NFLAL5bRyC5keqPV8MJZxvFK3D+3yXWaCqwltxz6/cMfRAb1zv4J4R0hFu6sxA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-21:14.ggatec X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.34 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Aug 2021 20:52:50 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-21:14.ggatec Security Advisory The FreeBSD Project Topic: Remote code execution in ggatec(8) Category: core Module: ggatec Announced: 2021-08-24 Credits: Johannes Totz Affects: All supported versions of FreeBSD. Corrected: 2021-08-24 17:50:50 UTC (stable/13, 13.0-STABLE) 2021-08-24 17:37:45 UTC (releng/13.0, 13.0-RELEASE-p4) 2021-08-24 18:30:13 UTC (stable/12, 12.2-STABLE) 2021-08-24 18:32:15 UTC (releng/12.2, 12.2-RELEASE-p10) 2021-08-24 18:29:35 UTC (stable/11, 11.4-STABLE) 2021-08-24 18:31:29 UTC (releng/11.4, 11.4-RELEASE-p13) CVE Name: CVE-2021-29630 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background GEOM Gate is a GEOM module that reflects I/O requests into user mode where the ggatec(8) daemon fowards those requests to ggated(8), possibly over the network to another machine. II. Problem Description The ggatec(8) daemon does not validate the size of a response before writing it to a fixed-sized buffer. This allows to overwrite the stack of ggatec(8). III. Impact A malicious ggated(8) or an attacker in a priviledged network position can overwrite the stack with crafted content and potentially execute arbitrary code. IV. Workaround No workaround is available but systems not using ggatec(8) are not affected. Neither ggatec(8) nor ggated(8) are enabled by default and need explicit configuration by the super-user. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Restart any ggatec(8) instances. Existing ggate devices can be kept alive and restarted with `ggatec rescue`. Perform one of the following: 1) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64, i386, or (on FreeBSD 13 and later) arm64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-21:14/ggatec.patch # fetch https://security.FreeBSD.org/patches/SA-21:14/ggatec.patch.asc # gpg --verify ggatec.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart the applicable daemons, or reboot the system. VI. Correction details This issue is corrected by the corresponding Git commit hash or Subversion revision number in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/13/ 0729ba2f49c9 stable/13-n246938 releng/13.0/ c8a2cc4ba845 releng/13.0-n244757 stable/12/ r370383 releng/12.2/ r370394 stable/11/ r370381 releng/11.4/ r370387 - ------------------------------------------------------------------------- For FreeBSD 13 and later: Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD For FreeBSD 12 and earlier: Run the following command to see which files were modified by a particular revision, replacing NNNNNN with the revision number: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmElV14ACgkQ05eS9J6n 5cKyqBAAi7eHUJ5Ud4dNJac8zbaj5uIlYF1XUPBfm5XlevfW1b1vgrfrs0QM3Sw5 9efTVTESFUC+T9wVMYO3s9POEwiu3x0A/eRsH2tq9oaZPQKdpAhkEEQ/uqnNRKfm qHZ8YuSJGT+EWEFp1ib5O4Y78TvjL7ST0+IG/O5vBMKqgsxy29o6tOAy3q9+RVqj hNQNo7KbXBXEns/I7HN4JssQSjeWOmK65Ty5YAp1VsNGbD/7rSqsCp4P/CatvRQ7 0kzVMb/hkaDn1G7jYOXbAPk+XrUr9cFriChjLuAAyZRBfWcNlPmoxRgNoDVDY44x elnBAEmSPD9adwy2hoHeusiiUnN7Vrz6DJeox7BSnbQx1lbU+j6qev0EBaMAmEUJ POxn9wjfth3hdfRSx5p2jSVaD/086BBpMQ9KXojVONgqE7hFF402+ooCnorA2XTh s08cIy38TEyHoW/rqr3SoXwyvkM3vAjQBmYzocDqocfufQ7UCH+SDFSsORuof+4N 9T2j/UvGqmrQvnMhAsRfbdFImvwUut+ZLJzNqTEjYWlZv58QEKocU0OOvrd2Wb5i ok2CRIhCy08UnDItFSYI28TaMv8ZiCoWLx7H0+20mQeLaPF45dQWXz1o4FrFHVjx EdMZpmh9tFU8j5bm0J5l8CpoiTZsqZ41gTrFyEdSnOnS1uvT8jQ= =6Z2C -----END PGP SIGNATURE----- From owner-freebsd-announce@freebsd.org Tue Aug 24 20:52:55 2021 Return-Path: Delivered-To: freebsd-announce@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9358C660D19 for ; Tue, 24 Aug 2021 20:52:55 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4GvLsg269cz4q45; Tue, 24 Aug 2021 20:52:55 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1629838375; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=4r+fQaaFty7OGmza4TJMaS9bbuKqMtBhMVkkYfwB4MI=; b=rWHxm+ScHsAT36tVm+2aXGKjMiFUNDbeORlHlROkpZrLRmS7yKLPxQrewqxnET01f/Ak7z tnp7xDb9Cbv0ZrSbIzteph+skUfblqAewLpbYlaXYzNtcetHEXX6CZpc1hymuU1jJQJ84g Ru+JjmhZWI6CKXSF8WRWG1hs1a3ZzGCVf50ZIsZQ3vpsp2T2cmeKVbza0NTR+LyOn1GPqr AHlOSNIoOEyRQR44l1temyChVhkskFUMBzsNsz3TwtE+W/eF1h4kmDRpSbxaA8KDbXtnpt 8JxMAFC4o8MbTx4WiAfj5TRWL+Zmiod3wrRMbEP1g65za1E7IMVaUwcpmZvHvA== Received: by freefall.freebsd.org (Postfix, from userid 945) id 2828A73E6; Tue, 24 Aug 2021 20:52:55 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20210824205255.2828A73E6@freefall.freebsd.org> Date: Tue, 24 Aug 2021 20:52:55 +0000 (UTC) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1629838375; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=4r+fQaaFty7OGmza4TJMaS9bbuKqMtBhMVkkYfwB4MI=; b=L08To+GnO2a6Cnops68SHIRXwFRYQfrCv5vCdhSqgt/j5b63ykBdKH06XUBl6BsVkVpAP0 T447zuktInfHihFS/CfHV7F71kbmKvpu3WtAmlN6zYqlseBkDw7n+E1LyQCUrKCdJTQScm D2hbNzBO1eoBxiGSc6fTXHJg5hfOZTBYW+SxQ4BKpEF1woJwCtelA8Aa4Pm+gYVAOl9Jeu 0B+6CKGheF7g4auizahe6plrtOmfIIcj+v17IR+m/1JujsCgTakB4B7cZ0PP6GHoMambEU 9U2EFYjr7efsOKsFxbKs0eF0gUo1daUtjvew9B4AyU9upcBpl192JYKCfRQdnA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1629838375; a=rsa-sha256; cv=none; b=U3W//LeGtO2s/Urfz18Q0KNXWVR8oN9VivFCvzkBkfuZInKxuyhlEVU0Vl2N1XHHeekwdS MsoNm4B0UUAMmYzociO4adH7NtMQbdL/9e1CU4SnoLK4AWWzOMTHlJaWJzm2lSIGCO0Piy sK2zeIJbPHw3ClZNMhdsSdZzYut1WP12vv7v4s6WVbCh5PyPNqs1TkC4kA5TGB9BD3zJ7i xX8J4fpSzoT8Pztqbj3fRBEvRjevRfjlCcsaLOFC3pwGykVO3I0timqteN7T89YVu7T67g 4qnGAqRD4kpDJxVl7uFUBOOXe3AHXUE+Oi1EoFHWaiQvKAeKSa/+MUd7yNTIOg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-21:15.libfetch X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.34 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Aug 2021 20:52:56 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-21:15.libfetch Security Advisory The FreeBSD Project Topic: libfetch out of bounds read Category: core Module: libfetch Announced: 2021-08-24 Credits: Samanta Navarro Affects: All supported versions of FreeBSD. Corrected: 2021-08-24 17:59:43 UTC (stable/13, 13.0-STABLE) 2021-08-24 18:00:47 UTC (releng/13.0, 13.0-RELEASE-p4) 2021-08-24 18:30:16 UTC (stable/12, 12.2-STABLE) 2021-08-24 18:32:17 UTC (releng/12.2, 12.2-RELEASE-p10) 2021-08-24 18:29:40 UTC (stable/11, 11.4-STABLE) 2021-08-24 18:31:31 UTC (releng/11.4, 11.4-RELEASE-p13) CVE Name: CVE-2021-36159 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background libfetch(3) is a multi-protocol file transfer library included with FreeBSD and used by the fetch(1) command-line tool, pkg(8) package manager, and others. II. Problem Description The passive mode in FTP communication allows an out of boundary read while libfetch uses strtol to parse the relevant numbers into address bytes. It does not check if the line ends prematurely. If it does, the for-loop condition checks for *p == '\0' one byte too late because p++ was already performed. III. Impact The connection buffer size can be controlled by a malicious FTP server because the size is increased until a newline is encountered (or no more characters are read). This also allows to move the buffer into more interesting areas within the address space, potentially parsing relevant numbers for the attacker. Since these bytes become available to the server in form of a new TCP connection to a constructed port number or even part of the IPv6 address this is a potential information leak. IV. Workaround No workaround is available. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Perform one of the following: 1) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64, i386, or (on FreeBSD 13 and later) arm64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-21:15/libfetch.patch # fetch https://security.FreeBSD.org/patches/SA-21:15/libfetch.patch.asc # gpg --verify libfetch.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . VI. Correction details This issue is corrected by the corresponding Git commit hash or Subversion revision number in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/13/ a75324d674f5 stable/13-n246939 releng/13.0/ 060510ba8bfb releng/13.0-n244758 stable/12/ r370384 releng/12.2/ r370395 stable/11/ r370382 releng/11.4/ r370388 - ------------------------------------------------------------------------- For FreeBSD 13 and later: Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD For FreeBSD 12 and earlier: Run the following command to see which files were modified by a particular revision, replacing NNNNNN with the revision number: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmElV14ACgkQ05eS9J6n 5cJpVBAApBRBKwxTpmLfH+JJP8JwDwpop407/A54uPFRXzl7ri6D0wlvlHgMb70T OPnD2pco3gI56GOvRLipnbtrkGZJT0ijsXHMqMK+3O44yoMP8BMNOZauPUVia6FW 6P0aLXqjiJDYZ8N2k+MnnsXQFJKvFt/Vv0D7aHOUettfgyx5YIQX2urjB/hGZIfM 93VMRCsLruixIRgsL6Jt2PvS004HxqJOsaNMg6unp0JWa/vrcCcr4AMzJmu+k0lg /XtUpNBWdClKSYvDFikNrCz9x8ae6V9wosz5gfeKL+1tctBMxhrMLwBEaWtB7YIc 4Vu9+ZsGRLBpapEE8aLRyApY1xFP0xcDutf1G/tuuz5zK8gObaTrxTcRm6fbyf8C ejspPabgM3lgKrWjGiI0T3WzYPWJKTZqtGEAtyMAutjpv9+N/p0YEDsCWkvG/zlt BZ+TbT33oL2N1odzLBNOlJkiR2LQnTcjBgci+jqCVx7CdnYmV2laGF1kIttBCcRN TOJoOJ1pbK1UXqek77+cCSeTKrlocU6oH3+1W68oLeWtemvzCTxlxLsT/pU/TetC 2fibVyN9P1PMI0VbaktjSN8HX8QWtr1u5kp2AIZPmq5RqL+S7+o90GVFr5f41D7M QjHGddO+DG77lGyd+KC7zMuG6p8OcDBkdy9Tc0aTVW4JPhnIeyA= =QN3R -----END PGP SIGNATURE----- From owner-freebsd-announce@freebsd.org Tue Aug 24 20:53:01 2021 Return-Path: Delivered-To: freebsd-announce@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 97536660972 for ; Tue, 24 Aug 2021 20:53:00 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4GvLsm2hP0z4qKJ; Tue, 24 Aug 2021 20:53:00 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1629838380; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=PfcXaWD3tfJAjV1WWTE+qtdcWO8AlGyXbPL1ygbUD+c=; b=d3XvAiO7bJ+sqmhlwRAs+42Xg8hsBBivGcUDBDbhtQ7SVKJakLcBeIfQQrJdl3ujN+uiDJ c8noIk+2LKT8xprhCVjMOO90hdl9sPvpCAEnBdP4SgfSNoPjt0/Xju4+QU6qmjPiLONXlD gZ9UBqRLuaM/HElqtCWUuPzpzHXHsGki2/vDsyaVs85KiBw4vrfHqzcJN5oZHy1tfbLSNW eGtTlIGSqwvf01O4kIgbXdGIBIQ8ieJP8TnU89BVYzmP5FzLKFDquDBKcbAj5lYpxjeYbE h3JBtq2vA/+RLM5rWf4mj8xdthCFUCB6V6LjFRYbTrqxUwyfuqJc7pC7tx8XIA== Received: by freefall.freebsd.org (Postfix, from userid 945) id 2C53C7360; Tue, 24 Aug 2021 20:53:00 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20210824205300.2C53C7360@freefall.freebsd.org> Date: Tue, 24 Aug 2021 20:53:00 +0000 (UTC) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1629838380; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=PfcXaWD3tfJAjV1WWTE+qtdcWO8AlGyXbPL1ygbUD+c=; b=kbemwyxxfaNCvfkLqGfkp1GatXpczdbjFXJwmYwnoYqMJ0h+ZS8Hz6CrJ4T1YTnijNlGzc qFoj3iY/Hmq59BTXHWFl4nmNaW3D7D8wsyRYPRO8cu6HFt+46vZZR6ZOPbvvOEY3WMWZ5O BWRAj45kz/qSGWp9xKf2nvGfmGr93LRyzaiW7FaEvgZxXUAQCpSWC4Rjf9bEAHMCxwGlrB kRXLS8W+H4BRkeqLsEiaHcigVVi0UvUJ2T/ClZgJKQnBVC3Vk0lNeb0Olb1mP9/ZAa4Pzv h0ywwmAs3hj8jq9F1OmgGcoEuZ84va6vhcb2tWQj+kCEbogJAw1m0A5Q8HVFRA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1629838380; a=rsa-sha256; cv=none; b=v3k/i+rItMoImCC1cgi1b5u3i2+jdbPit3q7nUH9KQVt0S9h1FFiC21fb1jYy5DZ5iNMA4 /DnBh9fkudJNLLwCvRMKT8E4OtHqcehL5CnWFwF5oY1v/h7KjVQp6SHMi/WgS5bx8eC4pj f1HIeGuNAts5wJwoLtd6+XqGQf8aJji7FNFoQ+xFr2Q4GeoP89y4DBxExZ59wPy2cKbDoI 8YkQHyiA0zfDrEd8d8Gy6suSFtZ7nLz0uZOVop1QD+Pvse7PGu4lVSaQMQsJ2DulxBR7n3 5pm6lcgome3KeYGfung+xHkKC6Rn3rUogmPoGZQHpIAHlNWmv0NN8v1yNE1RjA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-21:16.openssl X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.34 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Aug 2021 20:53:01 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-21:16.openssl Security Advisory The FreeBSD Project Topic: Multiple OpenSSL vulnerabilities Category: contrib Module: openssl Announced: 2021-08-24 Credits: See OpenSSL advisory in references. Affects: FreeBSD 12.2 and later. Corrected: 2021-08-24 18:05:48 UTC (stable/13, 13.0-STABLE) 2021-08-24 18:08:04 UTC (releng/13.0, 13.0-RELEASE-p4) 2021-08-24 18:30:22 UTC (stable/12, 12.2-STABLE) 2021-08-24 18:32:19 UTC (releng/12.2, 12.2-RELEASE-p10) CVE Name: CVE-2021-3711, CVE-2021-3712 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit for the Transport Layer Security (TLS) protocol. It is also a general-purpose cryptography library. II. Problem Description There are two issues fixed in this security advisory: A bug in the SM2 decryption implementation incorrectly calculates a buffer needed to hold the plaintext leading to a potential buffer overflow. [CVE-2021-3711] ASN1_STRING structures directly constructed, instead of using library functions, may not be NULL-terminated resulting in library functions causing a read buffer overrun. [CVE-2021-3712] III. Impact Specially crafted decrypted SM2 content could cause attacker chosen data to overflow the buffer changing application behavior or causing the application to crash. [CVE-2021-3711] A specially crafted malicious string can cause an application that directly constructs the ASN1_STRING structure to crash or disclose memory contents. [CVE-2021-3712] IV. Workaround No workaround is available. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Perform one of the following: 1) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64, i386, or (on FreeBSD 13 and later) arm64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 13.0] # fetch https://security.FreeBSD.org/patches/SA-21:16/openssl.13.patch # fetch https://security.FreeBSD.org/patches/SA-21:16/openssl.13.patch.asc # gpg --verify openssl.13.patch.asc [FreeBSD 12.2] # fetch https://security.FreeBSD.org/patches/SA-21:16/openssl.12.patch # fetch https://security.FreeBSD.org/patches/SA-21:16/openssl.12.patch.asc # gpg --verify openssl.12.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart all daemons that use the library, or reboot the system. VI. Correction details This issue is corrected by the corresponding Git commit hash or Subversion revision number in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/13/ 9d31ae318711 stable/13-n246940 releng/13.0/ 2261c814b7fa releng/13.0-n244759 stable/12/ r370385 releng/12.2/ r370396 - ------------------------------------------------------------------------- For FreeBSD 13 and later: Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD For FreeBSD 12 and earlier: Run the following command to see which files were modified by a particular revision, replacing NNNNNN with the revision number: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmElV18ACgkQ05eS9J6n 5cLnrA//XoiClJmvm+5GKDzP6IbDIxRyS7NkDxMWY/7Q/QvPs8fFrFdXiD4qJOcz VTElfioKTv2X7j+X5TO4zRKjg86Lb94gSXtgOLeK2tWticksZ3o5WPLXXjI0ohBo M1VhMJoJc3p2Oam9yPOdfnllCTJYV5ZqmcBL2FZCYWdkebZWkpHgrImZ53yQ87jm IK4fy+El47l3Jb2K6P5S1eeW3e3CElbkUgNkSIJsl5Z9hdrTrd3We6FSE8QQjXn+ OsQw5s6VDhHzFG34x9CIhqpjWQTX5izdlaeSunMXHwe3Vp5CoRpl/sq1r53PJG1j nnY7X4Csgbv48rRm6KXOCHDzEatNvmdnBmEzcanIUXer//tra97Zd/wlWepV0hwK T4TcJly/74DH+tW6TQ78/UC0EkxeTqc/I1Qu41jBIH1KDfDs7OqKiftHo2wOJjQa 43DlAr6eEbRAZ2l1e+ATJs0r6ao1BCUnB+Fpc4cnBLaft9G3DYCAmWI4wUKRSRAU n880U3kjSTtVDfLTkUQ33QSg0uqduVEjt9XWe/SV9RoL8xHqtvk/CIS+aFAqPbR4 62yaTQCrUdidkeqn7/XVScCuZ27bWCJpqWHGtihTnm3yfM09NtYIjozyngf2duaJ 0RFuewl1kvYo5Xsu54TuO36dQQdmJU0qayKEpWZ1+NadgJUMAJY= =8I/t -----END PGP SIGNATURE----- From owner-freebsd-announce@freebsd.org Tue Aug 24 20:53:05 2021 Return-Path: Delivered-To: freebsd-announce@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 87E15660AF5 for ; Tue, 24 Aug 2021 20:53:05 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4GvLsr5q2xz4q6F; Tue, 24 Aug 2021 20:53:04 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1629838385; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=r3BmyrdJRpdLRHBRQkPgkGTn7h4XflSpOPnVp1ymhmM=; b=Esw0sSqAijDh95VAQo7IVryD1JwonNv1ZT0GoCh3d6zIKG2FJ5ZTIBt5mzjWe5wULjMh7T s/iSVRGJ4mGrhmwX7vnWUtXyJd78JHM8pw6WvlwKwdyZX8ZKJNNjR8WgmI+DeQS8wPtV9n SG930qovaXewVsgcsWPhXYM37kqgs7fGL8HhLvqsTqDvEeMiY4U9fK0H2i24vZXFYQZLHy sT0+SPpXUN1aSgIqBzEeBw2X+OlB2R3liIWxHFhs0zGKPvT+urhfWQWfv2Zowr1gv8kN5z n34MiEc2F85zmc4pAkGnLvv+etYw+HkTYrAmUufmf5q7epDUUYUgUub0cARsKQ== Received: by freefall.freebsd.org (Postfix, from userid 945) id 3C9017444; Tue, 24 Aug 2021 20:53:04 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20210824205304.3C9017444@freefall.freebsd.org> Date: Tue, 24 Aug 2021 20:53:04 +0000 (UTC) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1629838385; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=r3BmyrdJRpdLRHBRQkPgkGTn7h4XflSpOPnVp1ymhmM=; b=BKPm0mK+QghCCmUziQZe2l4d9BliGJ6YgNzzNAoEnp/Jy6qUHqNojSpSBBdxbpb+0Vz+p2 fPZnLzecaix+9NP/88w68bTBzEehLEMnJxK49W3+keI66FuUryoWnKY740YNEUR4TqzTjL WRFdEmVnwu6eajsaB7B1ZPvFRnVDSKSEgSagwaa1FFzW+0jQtYGwjVsD1/bi1ZkyBY0PAn El4V++vQ6QShD//Q9bWYYLwGGR3O/lgAhhP8UACsro8K7JRBmKpeIKeJLLCtfPdSIHKE94 CdPzvkSD9fEVUxHpwGq1KaS27IwrFQBPTofq2E4Fqa7b+Oy9EYF5QDpush6bHg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1629838385; a=rsa-sha256; cv=none; b=x1hw1zlCuaQTBfiixiKqDicbJLtZlEE7a2kzrEzZmvAxyCJTBaCesWSc4eS+ZapOxBmfNW Ko+W8WGEg3mXQPv4Seo2vAUlrXBkrvkG7vOyjL7G0nK/UVLPqNQUmWc1gCOcfFoEua2aCW /aVlVPdhqZxZvBmcmZD/DS1yGblSpgKGic4Dlp4ojupYVKV9T+x6rYTcMxCkT+cqKFmwX5 CQX0oal+7mtyhvnupdJrJCJdjfngqvrg6gK3sOFt8qRGncP2MBi+7io0k5hcxyYk7APIoJ wDF1tZv61J33Ln7aJetWZB34ogsM+xmvfaoLUEpcoA//qhexhXUN04ZRqjm2lA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-21:17.openssl X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.34 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Aug 2021 20:53:05 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-21:17.openssl Security Advisory The FreeBSD Project Topic: Multiple vulnerabilities in OpenSSL Category: contrib Module: openssl Announced: 2021-08-24 Affects: FreeBSD 12.2 and FreeBSD 11.4 Corrected: 2021-02-18 23:55:09 UTC (stable/12, 12.2-STABLE) 2021-08-24 18:32:22 UTC (releng/12.2, 12.2-RELEASE-p10) 2021-02-19 16:21:03 UTC (stable/11, 11.4-STABLE) 2021-08-24 18:31:34 UTC (releng/11.4, 11.4-RELEASE-p13) CVE Name: CVE-2021-23840, CVE-2021-23841 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit for the Transport Layer Security (TLS) protocol. It is also a general-purpose cryptography library. II. Problem Description This advisory covers two distinct OpenSSL issues: Calls to EVP_CipherUpdate(), EVP_EncryptUpdate() and EVP_DecryptUpdate() may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. [CVE-2021-23840] The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number data contained within an X509 certificate. However it fails to correctly handle any errors that may occur while parsing the issuer field (which might occur if the issuer field is maliciously constructed). [CVE-2021-23841] III. Impact The integer overflow in EVP_*Update() could cause applications to behave incorrectly or crash leading to a potential denial of service attack. The X509_issuer_and_serial_hash() issue may result in a NULL pointer dereference and a crash leading to a potential denial of service attack. IV. Workaround No workaround is available. The function X509_issuer_and_serial_hash() is never directly called by OpenSSL itself so applications are only vulnerable if they use this function directly and they use it on certificates that may have been obtained from untrusted sources. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Perform one of the following: 1) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64, i386, or (on FreeBSD 13 and later) arm64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 12.2] # fetch https://security.FreeBSD.org/patches/SA-21:17/openssl.12.patch # fetch https://security.FreeBSD.org/patches/SA-21:17/openssl.12.patch.asc # gpg --verify openssl.12.patch.asc [FreeBSD 11.4] # fetch https://security.FreeBSD.org/patches/SA-21:17/openssl.11.patch # fetch https://security.FreeBSD.org/patches/SA-21:17/openssl.11.patch.asc # gpg --verify openssl.11.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart all daemons that use the library, or reboot the system. VI. Correction details This issue is corrected by the corresponding Git commit hash or Subversion revision number in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/12/ r369284 releng/12.2/ r370397 stable/11/ r369299 releng/11.4/ r370389 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular revision, replacing NNNNNN with the revision number: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmElV18ACgkQ05eS9J6n 5cIngA/9Hncs91cNHSVTuvNvrATmpxpnCyiphivR297oiDKRCOoHxA7W8AAigSQH gNM8XGZ8aANmoGfh7M86V5Dvlq0qeRn0Pe8cEus53OumEqpbSkMu97ftv7gFkM/S +uEEoNA+pK/lrupQQ7gAHwWbzaNumJwGXpH/FLh865TjngvI2hFW41TfMxHQvymf tAIzRdg/QYASnXTXBn56ad0i34v+/Z4Cz6XFJ4bBkqPJpiCvzJPWB37CSxw1D6YM 4w5yBhu7db1VJKLP89/YnRnsB4ryOE5cCGtg086pa2DdacB63XTEgc/m90UtfHYl Dk6LVr79SqFPDRukNCTBozcwkHr8aKSg1eR4o2vV3yfq5OUhHmCA9FXstyxXPYe+ DjtSG8X9m/XKiz4Eok2EIv3PwBT29M3lVnKG20kvpxoguOUTg4VLtyyDIZxKmNpY XC3OAmUViDS9iEA8uqKjUEt5YEsNvs6qIKasZHdznST04nuEimIiMUOD57odwL7M rAeJu4GBPHJqNQsfFPRddjrVimnUtGHFDW5r4JtqPP5sZZCIBplWuMzay875EYCL amYGuewZhsacUSgUktsFPrM9z8rd24k86IPn3PEIwsVbubDDz40Q1/v1McgquZ0n boUnhYSRG5qVgOItsikahk1OpQMQhsXDRo6RotGdl90pqdngNjQ= =T3/+ -----END PGP SIGNATURE-----