From nobody Thu Aug 3 23:32:45 2023 X-Original-To: freebsd-announce@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RH4rs1mTtzZMv5 for ; Thu, 3 Aug 2023 23:32:45 +0000 (UTC) (envelope-from security-officer@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RH4rs1N1jz4Lcp for ; Thu, 3 Aug 2023 23:32:45 +0000 (UTC) (envelope-from security-officer@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1691105565; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=05QGphY1jvQ8ZewxReFrYbvi2BNaOGVRthXElFIXPsY=; b=QCNo9A8acxUo+nXt24OM4u9zkcRbZvabvpyyzV78hWStkmzg9/NIU7v4b6yQ6i2fc6Om6/ GkVx1O0pN+PgEXPx6w3Kz6MRLTzbBw/+RyjFOSInT9nOBdbkFMd51uoqanGDqrDy+OMydd Qq4PEXiXW4m/V11TMiyRiC/m48mo1zjZdVRkkw+IOvbfySONSBb9qOpBffuXyHaT9Z/eB2 Oj6kPKFA5FTo5eNqrn0/9PWBjTifmRFRsglMpUMrz+hrQWRE8079NvKn3sYqARcEOFZLJu Hg2ksOMnv68m6axKxGgqss0hk+U5Gj1nfgh00tbXplH5SG4f0gTh+C1rlPNiFg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1691105565; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=05QGphY1jvQ8ZewxReFrYbvi2BNaOGVRthXElFIXPsY=; b=fG6xvL0gXjWkSt42UR5pr8cibtjimhCpjxfIr5Apt8B+eKIvZ+2WvuDF+GifIQMgXCJJAQ qAr5YOwvyOgYpkvN2HlwwjdiIB3dHlTtf7PoFPAurl3EsdFcuOIwhKBsmLZk+/mwug61Uw PFZFL85N2Q/8oKFtrDn3TI7z8ty3X3nj3IANz8brGFedIS7q74Ap3ad2hn4w3aqYdfsX3t KtEDafAxtcCvw5U9W765DMSitXfgvEUUuiUg0KMr+P2pYSltOcnLvJs4mcizov8jX/kHLx m13/zRpwGlICj0fYLad87JUfBTxevxCM0fBRbc8yS30G7NeehGJoKfPsHtFqWA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1691105565; a=rsa-sha256; cv=none; b=C9MRKmZRjBWDlZ6oSNxsaAgI7aC/cwzfMkO6Is4C2vc5p3EFiJeQcBWDvmyNGDhLyfSXG9 XQSqxG9clZ/W1PRB0sDo+FgIfQN09KHqxq4cOOWCejt+aHeGke7TDt6y1bA67a/2AjcHIY Fwj8O6WuOJyRRf/0Hb9RL1MynXj6uWvengsbuArO1xdi1A7FACr/oP/OegdF58OMv+dBj2 6yhd+X6wYaEw/H1vIk6gO7bQwK4zVIOL+zmV3eI2ol1x47AfiX7sQmb8SnlweYnV75xQE6 eZsowXUYicFdVMYQVIWemX2LqLAXsDSLLpKJFUaiOqroUm0ZLjvgJVqNbqG0VA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: by freefall.freebsd.org (Postfix, from userid 945) id 13BE6A0C; Thu, 3 Aug 2023 23:32:45 +0000 (UTC) From: FreeBSD Security Officer To: freebsd-announce@freebsd.org Subject: FreeBSD 13.1 end-of-life Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20230803233245.13BE6A0C@freefall.freebsd.org> Date: Thu, 3 Aug 2023 23:32:45 +0000 (UTC) List-Id: Project Announcements [moderated] List-Archive: https://lists.freebsd.org/archives/freebsd-announce List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-announce@freebsd.org X-BeenThere: freebsd-announce@freebsd.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Dear FreeBSD community, As of August 2nd, 2023, FreeBSD 13.1 reached end-of-life and is no longer supported by the FreeBSD Security Team. Users of FreeBSD 13.1 are strongly encouraged to upgrade to a newer release as soon as possible. The currently supported branches and releases and their expected end-of-life dates are: +-------------------------------------------------------------------------+ | Branch | Release | Release Date | Estimated EoL | +-------------+--------------+------------------+-------------------------+ | stable/13 | N/A | N/A | January 31, 2026 | +-------------+--------------+------------------+-------------------------+ | releng/13.2 | 13.2-RELEASE | April 11, 2023 | 13.3-RELEASE + 3 months | +-------------+--------------+------------------+-------------------------+ | stable/12 | N/A | N/A | December 31, 2023 | +-------------+--------------+------------------+-------------------------+ | releng/12.4 | 12.4-RELEASE | December 5, 2022 | December 31, 2023 | +-------------------------------------------------------------------------+ Please refer to https://security.freebsd.org/ for an up-to-date list of supported releases and the latest security advisories. - -- The FreeBSD Security Team -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmTMD+MACgkQbljekB8A Gu+daQ//fzhPS7lzEw/fuxOgMOgBb7lSy6gkXGR/CaYsbVjdBqabmYFygXQcrMQj kjwsD/sC+b3x6UOWj/yRbz+IvPu8CTivqUE7JCf0VVcbLza50jDVJ4f+XB+G/1Y1 EdvMGlpwVB7INOtnlZDoNyblfvrDQlH5Spe/e78nVbaCDeyJtFZswY11mrhfZrCP pDRll0pjNhadqpTTdv725W7GD9oJu8RRYeiTnAAPbySDjPgnPkuALdtwY+aMbQII pbms0Gmq9EWoPTXH1GoPgxSpe8cddJ+nU9BLj0BrPBVZfatdDhaaY2u3c6a9bM+Y B1gP34A7YiQlL99PgC351Vt9HDEoyjVT9KgbvTrYhTidwdjLWuUm4MeMXHbFw/27 RusdSFFgaX5xJWTpsdbQ2CWi9Fme4HZgAi08O6uP4zz6jCJZo5QMKf+WTR8/kYcX i7XWtcitmJaHOQ7tK8xw8DxRz0C3lw0bSDAzTk2P7h1feEMSWWbLKkiaNESC38Ft EIjF2hgSvCzKlIhYpynjvEaZPE22cNUpyctiivSL1GYAZpU5Di9KXeQdjuiQ2jdq p03+BcsR8lXgab42YdG2/Yen7KM8Q7PFqrAlJ2pF9dd6Qq9BZaL5PGsl4mEnyzt7 FTXkXeXNhtz7NDaphgcxWUph3UvecLHFGUwpK2F7nh7DG3DgXIs= =JKOb -----END PGP SIGNATURE----- From nobody Wed Sep 6 19:13:07 2023 X-Original-To: freebsd-announce@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RgsTb5gsYz4s0rw for ; Wed, 6 Sep 2023 19:13:07 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RgsTb3QsGz4dpp; Wed, 6 Sep 2023 19:13:07 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1694027587; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=4UpSSQL9E5DJq0uAwKjy0kwjcR1BcmBSnlRGLqWhQC0=; b=EsRO+PQCEvjOvRsHc8IZWEhQI3DQrND/92AnpBH7TZMvqVXmYOnYOaJao+Q2nqh6FDRJUY 6abYqTLurP8KbmAwZRH7dcTNFRlIG54jD8aAfrECmMSVukHILta/b6BvVVDYF2DMaRijZn k8yuIfRakJjykHZVmIUhyB/OK2/qwBDQEfoayKJ2RwuhNZfrIm9ou9hvL8j/An1FSBIQHH ap8hHvp7fEDcvnAvUMX5Fl3VfnVXpqr2gqsU44CO6hsT5x20XjobhqXG1kZUBzK3EE3C5d KbiWOI8eyY2lz0APEwIVmPyVGZK7KxQKw4Ck/5OL/DBNtakh8FjDvPKK+ry9NA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1694027587; a=rsa-sha256; cv=none; b=hp9/bRFI1fi0f0aRHxIyQOnPnmBOPDDY+vpx/aaxkCSyWASwiF0eplypIihELzydVnKtJT tS8i0Hxt9tRTJyaJLtDdMTQzZ4nWL1UHkZI+pXu9HWyHbEsumIvGXRUcEA+oTyG/brhIhq tLvY6NvV0u9JpEGOVIaJ1k6gCSBw5CqF+5BnYJrrFMVgY4KApk6A8a6AgsIMSDaEgKMI40 LcdJwkCmGIWvbO4JK5dLZDTfYMAT5KOr8/Ee32KCkEpGJ1/q+xeuKnL2SVwYbWcB7eW+CV N8KafSCWkEaoghOyWfQGDsgY3zzr7119oM4e0TabdwCQ2pFLp9G8MOujiTPJlA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1694027587; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=4UpSSQL9E5DJq0uAwKjy0kwjcR1BcmBSnlRGLqWhQC0=; b=muMAFUOLz8bbDelmFavE52IBBLaXlpjzS62kDziYq0Yb2F+znCf3mRagabH2ySoLvkfi/C 5rBE7IYbnvhVIBd5mkh/+NQbReh0mhEP9dqlbzGBfIiooMwy3Uo1SSBIbVzs4GuZLvKF5s 7/vSOuls07PCaYB+tJNyADd1V2fZ6mEqVMPYxxY6dgTIBKyz/Oq0nCXJWKJbLaJZ77z3hG oVaOmuaU2YgQpOzh993oZWw1+3YSnz5sp9VxhBL5i5RpLXjvydVc/t1QXIHkc227nQqtkG AhIJw+GRbMkt9mjMfKozq+4dQCyMRK3eFbpIbigUsUmOp/HlTDOj+ieDT4xjDw== Received: by freefall.freebsd.org (Postfix, from userid 945) id 5E44011E82; Wed, 6 Sep 2023 19:13:07 +0000 (UTC) From: FreeBSD Errata Notices To: FreeBSD Errata Notices Subject: FreeBSD Errata Notice FreeBSD-EN-23:09.freebsd-update Reply-To: freebsd-stable@freebsd.org Precedence: bulk Message-Id: <20230906191307.5E44011E82@freefall.freebsd.org> Date: Wed, 6 Sep 2023 19:13:07 +0000 (UTC) List-Id: Project Announcements [moderated] List-Archive: https://lists.freebsd.org/archives/freebsd-announce List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-announce@freebsd.org X-BeenThere: freebsd-announce@freebsd.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-23:09.freebsd-update Errata Notice The FreeBSD Project Topic: freebsd-update incorrectly merges files on upgrade Category: core Module: freebsd-update Announced: 2023-09-06 Affects: FreeBSD 13.2 Corrected: 2023-05-16 21:34:10 UTC (stable/13, 13.2-STABLE) 2023-09-06 16:56:24 UTC (releng/13.2, 13.2-RELEASE-p3) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background freebsd-update provides binary updates for supported releases of FreeBSD on amd64, arm64, and i386. II. Problem Description freebsd-update incorrectly deleted files in /etc/ in the event the file to be updated matched the new release and was different than the old release. This has not been an issue previously because the $FreeBSD$ tag expansion from subversion virtually guaranteed the existing file was going to be different from the new release. With the conversion to git in the 13.x releases, $FreeBSD$ is no longer expanded, making it much more likely that a file would find this issue. III. Impact Unmodified files in /etc/ may be deleted on running freebsd-update upgrade. IV. Workaround No workaround is available. V. Solution Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Perform one of the following: 1) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64, i386, or (on FreeBSD 13 and later) arm64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 2) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-23:09/freebsd-update.patch # fetch https://security.FreeBSD.org/patches/EN-23:09/freebsd-update.patch.asc # gpg --verify freebsd-update.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . VI. Correction details This issue is corrected by the corresponding Git commit hash or Subversion revision number in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/13/ 866e5c6b3ce7 stable/13-n255386 releng/13.2/ 0b39d9de2e71 releng/13.2-n254628 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmT4vxEACgkQbljekB8A Gu9gmA/7BjuRje8BCxVKXenlsL0FbOLzpQd1Ac6+pQ8sYCotl9Z/S/BF0kgWGEyP ezkgQDndc90tzGBkFwSh55utFPDxycRJy2ybhg1ownZDyfwtSokWPSp0qdbu2wYD XBW2xwzsIIemvIOVAvCrn3GagIRMlziaFE8brtwiFCqAB4p4x/Ga9SRKvVPS5fVc FHBjWRvcNYXanz5VPZA3wbm5CIiGUC+4x22A2DPovcXT8yO1nbIyQpMUnfj+BrJ3 QPxVmIZsWWbGtkGgplpPuOyP/BPivkDR/TN0TI6fGRKSK517aycCmwF+cgD9Th+S oISBwO4jZ50tyi36FtaTT9PnkLqX39McCq9T9kCQ5GBhztepSe7S31C8FLdH95TT wgkML9X/7zoh5Y2i8IWvbvSrAJ/eOaO8VR97aITmbOxLj4dRHB1gfc5FhNLlmeF4 fz+VbVzOUEta/8PkDkEbbkuG2ttPs///KQB1Lu6V3UkZfIl0L40mzS+X8xMjWL9P TZBN1skjRcrEx8zaeyzTXEL2e4LX46wrKvm3Gvy0x5JOKgYy8ZHZpT3llChr3yTz oSxdEZ+oTttfXieHeDtXrxSnFi8Bvgy8j3jFtam7QNbaWYgaURlc7mUC+aUbd+J8 hYwE+RQFlK3nBpMvGfrFJhbl9RglpYC9qvK69V1zwDQ1DLjHnfk= =GZ0v -----END PGP SIGNATURE----- From nobody Wed Sep 6 19:13:19 2023 X-Original-To: freebsd-announce@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RgsTq1yj0z4s14N for ; Wed, 6 Sep 2023 19:13:19 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RgsTq16Gfz4fxw; Wed, 6 Sep 2023 19:13:19 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1694027599; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=AdB3ZhRLDPnFyk/9mp14GCMm8nd2AecRf0wHhFpmz8c=; b=Oz2/H2OBTxkLKpk101lJRIYAUDW1leBk0HpSo9oPNc6R/LmK3cKVhLPHNOYfsgvtG0ob+e yqqE4+9+O8en7gK5yFkRhabMh8JM3pUCbD2CD/EtZuaea7INjtFqRGX5YevyygD1KXgqv0 +qNFvy7vp3kmhbEF1FVT5kYezAYlvCCVFgSjB17UpkzEb9wkf+2uvqxOoAMrvIbk5k1iiQ Pcn6WY6kEe27a54P7C6KZtQ15rWmBIFKhN07ZlYSZcibncvnFB0xYN3ZXygg9wO3qdiX4R p/zaeNyPnmodWBTM2uIazjdjilVeuIVz+ITzx4a87MpBFXrElD8EGNF4o532sw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1694027599; a=rsa-sha256; cv=none; b=QecBFrdnf/G84xOBMCFfBwdOHOOH1xk3ceufRo53ju0DBuYh+tMa4lEOlbi8wg+Htez0n8 sWNR+MjAyx9S0WbfhV1hk8gx11TyrlmDuFE63+3zcTgb4ONvrcjB6YeVnL4TZ3G8dXLa8S S2QYgFbSPFzOx7pCsp2OYsAm6Q4bbt+tZA+0oXsEEIQZuQg2WQfMP35KApI8XRhkSwH6xn w/4H2nT9E2MDGGfwmvfltutpwaVt67LmnLYFiQJ9w0J7puugXz5HaB6oQ2Qb0CZpvlTjA3 /j53FoDBJS2TS9xP0GMDL31vPE9hTkwLJAQYxKBZJHlGdaJQLz4J7gmbFfyFJA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1694027599; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=AdB3ZhRLDPnFyk/9mp14GCMm8nd2AecRf0wHhFpmz8c=; b=DcR2oPL6HJ4AKl2YONi17wRoU2DofvFoBa5M0rfOPDLsJD4Xxz8Yxy2PDezQXrSD8maVpz p6bdvJadg7/t0f6Z57Xw4tGQxJmvuTfZpOMnBCWCeYJcyT6pcIkbya8JN2DlDOjHSX9/pv BBnB2gU1z8XlH0Wokv1x/JK9kYhjUJ/7sOXJBIqAYFWOkW+23JYsAwSWI/eexJioavBOfH eT/9XhcaPSKJzZanRJ33tEZqk72yxwv62Nop+KxZ7ka5hkgbi8DpQdswgq6f6jWBg1wl2p Rywra7b6Xj8gEH0+c85fKhd3pQd4Ax23we8iaxZVxit0TaaiaL9rzM1piJ7Z+g== Received: by freefall.freebsd.org (Postfix, from userid 945) id 06AC611CAF; Wed, 6 Sep 2023 19:13:19 +0000 (UTC) From: FreeBSD Errata Notices To: FreeBSD Errata Notices Subject: FreeBSD Errata Notice FreeBSD-EN-23:10.pci Reply-To: freebsd-stable@freebsd.org Precedence: bulk Message-Id: <20230906191319.06AC611CAF@freefall.freebsd.org> Date: Wed, 6 Sep 2023 19:13:19 +0000 (UTC) List-Id: Project Announcements [moderated] List-Archive: https://lists.freebsd.org/archives/freebsd-announce List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-announce@freebsd.org X-BeenThere: freebsd-announce@freebsd.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-23:10.pci Errata Notice The FreeBSD Project Topic: PCI-e hot-plug is broken with certain devices Category: core Module: pci Announced: 2023-09-06 Affects: FreeBSD 13.2 Corrected: 2023-06-28 01:32:47 UTC (stable/13, 13.2-STABLE) 2023-09-06 16:57:02 UTC (releng/13.2, 13.2-RELEASE-p3) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background FreeBSD's pcib(4) PCI-e bridge driver implements support for hot-plugging PCIe devices. When attaching to a hot-plug-capable slot, the pcib(4) driver allocates a MSI or MSI-X vector used to trigger handling of hot-plug events. II. Problem Description The code which allocated the hot-plug interrupt did not allocate MSI-X vectors properly. When attaching to devices which support only MSI-X messages, the interrupt would not be allocated. III. Impact PCIe hot-plug would fail to work for certain devices. In particular, this affects certain Amazon EC2 instance types which require functional hot-plug support in order to attach network devices. IV. Workaround No workaround is available for affected devices. V. Solution Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date and reboot. Perform one of the following: 1) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64, i386, or (on FreeBSD 13 and later) arm64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Rebooting for an erratum update" 2) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-23:10/pci.patch # fetch https://security.FreeBSD.org/patches/EN-23:10/pci.patch.asc # gpg --verify pci.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details This issue is corrected by the corresponding Git commit hash or Subversion revision number in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/13/ 12ce57e6d3e7 stable/13-n255700 releng/13.2/ e80d2d894ff1 releng/13.2-n254629 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIyBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmT4vyUACgkQbljekB8A Gu9jsQ/3cpks/UuN/HHjGQdnqwRbwwMI44jysniwnetaXwZ+z6JoDQYFZyRFZGGb BKNo7asZlPgfrRYCqaZ3sH6pwzj7aU/ImLvQyLuTWo14C/29nM8koFi0vCGnJD/2 oQK8GUZLR5PZfGIsW0swGcmPYQ7NQtBiBQj/B+xqpPIllIcrTK0vCyCf2JIIGohy o8YIvd//FOs738Yb8ZAX6wta3KUu92SiWZH49BI/dJjkXbXSfhshDupx9EP2cfx/ uxYzdcEvLPWvpd0KaaVqbYMpw05wRt/23ir/E1fj4uDBL9tDWEgn150uqVbErm8F /W+gP9DMjkA6IlredXLD1Q0pZpUlo/CbjNQLpojQcJcuQhzcy7msb9TP6oHjW2Gi JRed3MqBWxrZJ/KdmCttC5qlzEPVq05aejRQXM1F3+FG/hUXo5a7tSUNvZ2LIQYC CW4C+AbWsQwzPUdRxidAhUflRBM95p8ifKZC8qWZ0f67FBYvo3OB0hGo+5PReimc fIzJDVL05/XgaXX2dH+sUjZO2PgG07Q343uVPCqYwFYPx43PMYlfWkqT99G1dleV rWryNrO3WtLpzxWmY15h8f1I4sq8E+8rboN/HdVZm6vCLSOqfvAbnAN5Kf/hWMRj logaqv/WE7DX3qpoY9eZ/foMvF72Q+FXJ5atSIWJX3w6UrzKRA== =N9UQ -----END PGP SIGNATURE----- From nobody Wed Sep 6 19:13:25 2023 X-Original-To: freebsd-announce@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RgsTx5JHsz4s14q for ; Wed, 6 Sep 2023 19:13:25 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RgsTx4hrPz4g9N; Wed, 6 Sep 2023 19:13:25 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1694027605; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=XkUZxoVQaWu5RTCN/CvrajeCoX08jNDwyaP6g62RCI4=; b=ITk54rO3UW9xgwOjuZujaEscv8mMPUOO28aPPDAVJixuHvNW9MNYw0BuGg3k1WBDrH0Opb riGoDP0iG8YZEXA535pIvsBrkFz41yReHIJMwFJynsCJ2RKWnN1mI0k0aqt8U6/fbBCAUI dXcHSkTpVIkrzlz1jjMXJHPkU07dQcTlgQnDr5kp87saViZ7TSpsholvkXLasqqzzJETod gYDBiLx1TO526WsZ1wfwoykk7XxlanG/l7yP3EW64MMh73Rdpaqf4Qs11W1aT4Vjhmp2qE 7AouBcwBrAee2pcWsTGUuC7u4Iv5wqJ2e1cB1fb+P1weT05awOYXtZY7wS0YYQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1694027605; a=rsa-sha256; cv=none; b=BPoMEbwMbZnqwuAHt+E4gIQE0fyo8XENZ54FlzXtZupc5CeY5o7QLvr+6SCFw6JzMIlAX1 Ws46b66YMfu8a7kRdxbSVyUEd8VPLFPPF9tbXSURykrrhvnI1Vx/mvQonrxv/ZDVEGONwv naIcBfTn0MMuiS1YZ6mV5MRwpqwU1QHeVsf96WtHKAqagQDNLhTvJ+v8oUbi3Qlz8RAy2u jxWK6LuHPdbOt5Y3BmGa+IKq/xHx0OU85JGERm2CN9Oz9uouFENRcP2C7hEpiGP+y59O9C eg9knaCn3fUDMyaXcFJQjQbtUlyhpc2flkgSxIUPPOL/AOozUaKCc/8lvuxpYw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1694027605; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=XkUZxoVQaWu5RTCN/CvrajeCoX08jNDwyaP6g62RCI4=; b=mTpahx+NTvBkEbBYymL/FGceydW6XVxleyJ8/Hlgbi0C3MC5ODePSik7CScvsIOsGelMOy 774zdyJfUSGsbffvmQ2L74+XW7Oc8jsOrSduKzUBckp/XZc5oyQEIje6ivkd/OKqwHLFvt X5TyNraNLYiZsRq88mwY/Y4oH2rPddx4pJKV5WFXGyJA94FIz/xoXS/orjbqwpYNLPvnja tNPmewddiQ9a3z9BQF0mRlVpXGwq+db/0uOENQ4ieV1kYZWt00JUPhwKr6QYyLupQbrv4j xfEL1InsdlvMTtxl3wW+3Xuz5T1MLGLEbuFVSQpY4S8th8SEZqoHfh1dwe75vQ== Received: by freefall.freebsd.org (Postfix, from userid 945) id 8D4A211AF2; Wed, 6 Sep 2023 19:13:25 +0000 (UTC) From: FreeBSD Errata Notices To: FreeBSD Errata Notices Subject: FreeBSD Errata Notice FreeBSD-EN-23:11.caroot Reply-To: freebsd-stable@freebsd.org Precedence: bulk Message-Id: <20230906191325.8D4A211AF2@freefall.freebsd.org> Date: Wed, 6 Sep 2023 19:13:25 +0000 (UTC) List-Id: Project Announcements [moderated] List-Archive: https://lists.freebsd.org/archives/freebsd-announce List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-announce@freebsd.org X-BeenThere: freebsd-announce@freebsd.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-23:11.caroot Errata Notice The FreeBSD Project Topic: Root certificate bundle update Category: core Module: caroot Announced: 2023-09-06 Affects: FreeBSD 13.2 Corrected: 2023-07-11 15:05:57 UTC (stable/13, 13.2-STABLE) 2023-09-06 16:57:41 UTC (releng/13.2, 13.2-RELEASE-p3) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The root certificate bundle is the trust store that is used by OpenSSL programs and libraries to aid in determining whether it should trust a given TLS certificate. II. Problem Description Several certificates were added to the bundle after the latest release of FreeBSD 13.2. III. Impact TLS connections using the missing root certificates as a trust anchor would not be trusted causing an error. IV. Workaround No workaround is available. Software that uses an internal trust store is not affected. V. Solution Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Perform one of the following: 1) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64, i386, or (on FreeBSD 13 and later) arm64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 2) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-23:11/caroot.patch # fetch https://security.FreeBSD.org/patches/EN-23:11/caroot.patch.asc # gpg --verify caroot.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart all daemons that use OpenSSL, or reboot the system. VI. Correction details This issue is corrected by the corresponding Git commit hash or Subversion revision number in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/13/ 565712db0dfa stable/13-n255804 releng/13.2/ 902c13c4cf68 releng/13.2-n254630 - ------------------------------------------------------------------------- Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmT4vycACgkQbljekB8A Gu+f5BAAytNLuwte1XCdFW+5I+4Y4TC2crzZ1Om3xmC9bp1DoI8oVaCO8m7bkUr5 9K1afCqj8+rPt0uPUwyqONuVDSusQtmUte3mLUH78BStf0kLJDEUS4dLIUJ27liI CuBDsUyEK+bh8oiQhOmw7OqM+bZfpekTJbe6C/VuBDGBkCY4HNhjg5QHBehLFPxz oaCvNMJy/71kSPrgtqOGZJMEZ4LHmosJPu9mHzjCuwBBnzV+uCt7zvAnt2hybMt0 itYaBlGX4r3NmknHDz271+1VT4xkfw01oN5FgsAYAezzaP71+nNgxmo0cAAfLs+0 4mZ4O4LFMbXIdjqvxduqpX9BII8ZxU+XFE7hJRGyyENuROWBt0rs4e2/M5ljneew IhxTut38cBCHBwQgDFM84HeramYwYwx92LpkAxj+Honsn4V3e4aoygnpJJvYw0TR jqO5wBe8XKwUgBdf6Jttaz4JpPTxG2Sjf2yvJDD7Q5vrdu9kxjKS/X+5pJb+0xvp w1bSoPF+KtXTmr3sZJy018GT7v8LbvlNXSRZmciJEi3958MHOaLPdyqhqYnvear7 Fk9GUzb182Zm0uNGDNqEg+kDUUSs9M6pEWbKa+hqyWg3M5ySgCiirpseQnneNN+K q6sSdlj25+12bIUMRLtb3WTSWM0/HsuxUo8YBNjmbpI/Uo7zEJ4= =QFAS -----END PGP SIGNATURE----- From nobody Wed Sep 6 19:13:35 2023 X-Original-To: freebsd-announce@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RgsV74zzZz4s1PP for ; Wed, 6 Sep 2023 19:13:35 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RgsV74757z3C53; Wed, 6 Sep 2023 19:13:35 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1694027615; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=rUXsyxpu5d5bnWPVsPdT0yFdENFlQFUOl3C5sfpum3Y=; b=KQPJIhJ+RP0A0xQdEeJeDjYyGXnVWiBJStrHtQj1f0p8MO0Otakm58i4OZ1x19MoVbQTJL PeD760XC16IYWdmY8ubNc5i8NVOZocnrSpzidGix93/4vjoN+QugQA/5cSdPTJTtlr6sRo ZvJTt5tSTDscEQ9QPeMRYzu/jhXRM+F37SJCzsEu9qpeAqSBFdVsmcG3MpArpqrGQSrR6d g5C2o3gNUw2Qg/Yub1pr93hy50K+MjXoFtoLrgEm3EF6Ll5LbpU2eMrtnm2nyLEorZNY9K ACr5BxYWOhhQ/4tsVoOse9VsvJGEQg1bpNXXwILaDFnAJAJLgCAs3+tmyBvy6Q== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1694027615; a=rsa-sha256; cv=none; b=yREJylyZCUCDMA5kqZC95sQ+qA8mhbRkf/97Fbun+eIiEl7eTIWQKx9yjp3yL0fK03DC/L hU5F+AoRJrCdr7EaNALMOtgsrSwS8LJLIwsmvl3/thxqRirecz3DrcFFJT2eZ7B5IB8nyT M+DZA9JwWnGy9wE2b51wn4KmE2O5Xoj5zivdRtFPAH5H2TT6e/Nxasa/gVE/ifr1vDgZcP b/1quHsi0ZzQMwR58q6kge+2kBdSNbNN/2Kdhf5kpCv0UqI7wWMWY7CpAZwfeHCf6rbXBK 5OUKpR5e2h0W6+JvYBOYGyloi7T9GZs76dEvVsiP/eJlo+0EsKXXyBVnTAVlzg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1694027615; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=rUXsyxpu5d5bnWPVsPdT0yFdENFlQFUOl3C5sfpum3Y=; b=dIt6jOS9+0HbPqplRGA3rr9voD9Pq2hNMCRZOmAm+kCW8bairDpKVnZTN0Lf8TAGQONuvs fpk0bnGvG33uWUQck9LZGNypTh3YXrIhyW+ivx2jc/Au2fKHHlR+MgncoKwE8qsFOxpsIg rP3szhassnU1KF/jVln5OWy40YQV0Cfpl2zJE5gzebURt6NO9OoDO9ktoUedKaqypE0Q8w T5yzdBdWanTNM9tnbbM5Eyw5WqC+PCwGfgYVhcaOpImoFxqkxF2DrQWGQm66JrxKHMlX92 HhOW9Mo+U6TodQhZcWdwhHHOCvsXxKN0JsqKfK+/YdjQt/2OTqO8l08aZTYTTQ== Received: by freefall.freebsd.org (Postfix, from userid 945) id 7882911C47; Wed, 6 Sep 2023 19:13:35 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-23:10.pf Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20230906191335.7882911C47@freefall.freebsd.org> Date: Wed, 6 Sep 2023 19:13:35 +0000 (UTC) List-Id: Project Announcements [moderated] List-Archive: https://lists.freebsd.org/archives/freebsd-announce List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-announce@freebsd.org X-BeenThere: freebsd-announce@freebsd.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-23:10.pf Security Advisory The FreeBSD Project Topic: pf incorrectly handles multiple IPv6 fragment headers Category: core Module: pf Announced: 2023-09-06 Credits: Enrico Bassetti bassetti@di.uniroma1.it (NetSecurityLab @ Sapienza University of Rome) Affects: All supported versions of FreeBSD. Corrected: 2023-08-04 14:08:05 UTC (stable/13, 13.2-STABLE) 2023-09-06 16:58:39 UTC (releng/13.2, 13.2-RELEASE-p3) 2023-08-04 14:14:08 UTC (stable/12, 12.4-STABLE) 2023-09-06 17:38:31 UTC (releng/12.4, 12.4-RELEASE-p5) CVE Name: CVE-2023-4809 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background pf is an Internet Protocol packet filter originally written for OpenBSD. pf can reassemble fragmented IPv6 packets in order to apply rules on the reassembled packet. This allows pf to filter based on the upper layer protocol (e.g. TCP, UDP) information. IPv6 packets may be fragmented by the originating node, and will then contain a fragment extension header. An IPv6 packet will normally contain only one fragment extension header. II. Problem Description With a 'scrub fragment reassemble' rule, a packet containing multiple IPv6 fragment headers would be reassembled, and then immediately processed. That is, a packet with multiple fragment extension headers would not be recognized as the correct ultimate payload. Instead a packet with multiple IPv6 fragment headers would unexpectedly be interpreted as a fragmented packet, rather than as whatever the real payload is. III. Impact IPv6 fragments may bypass firewall rules written on the assumption all fragments have been reassembled and, as a result, be forwarded or processed by the host. IV. Workaround No workaround is available but systems not using the pf firewall are not affected. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date and reboot. Perform one of the following: 1) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64, i386, or (on FreeBSD 13 and later) arm64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Rebooting for a security update" 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 13.2] # fetch https://security.FreeBSD.org/patches/SA-23:10/pf.13.patch # fetch https://security.FreeBSD.org/patches/SA-23:10/pf.13.patch.asc # gpg --verify pf.13.patch.asc [FreeBSD 12.4] # fetch https://security.FreeBSD.org/patches/SA-23:10/pf.12.patch # fetch https://security.FreeBSD.org/patches/SA-23:10/pf.12.patch.asc # gpg --verify pf.12.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details This issue is corrected by the corresponding Git commit hash or Subversion revision number in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/13/ 3a0461f23a4f stable/13-n255953 releng/13.2/ 41b7760991ef releng/13.2-n254631 stable/12/ r373157 releng/12.4/ r373186 - ------------------------------------------------------------------------- For FreeBSD 13 and later: Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD For FreeBSD 12 and earlier: Run the following command to see which files were modified by a particular revision, replacing NNNNNN with the revision number: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmT4vykACgkQbljekB8A Gu9Mow//ZodkaAf0AGC2T+CSDco592Mq7+T8V5YyqIZxGXRn55sFuVKS8cQ8a0cT DJ98QV0ht0WITYrBPGbllzVvT4w3bos1U0SB2z3tPjrbfNL8vaXgVl/Du3KZaPAs 0h4fNR/R3b6XzHgFhqYKG8Q7/u21fLmwu9HpYHQ7nplWg2mS2uQeuTMtr+uoOBS2 XPc/FpYtL2VXO2aEY3K1A/QCY6lBRxqKTTEi01j9gnyuK4L3QoLWqDdrAKM3RoDc wmstnn/KQAJkeMnmIOmDh0GdnAVdVyPBdI0KM86pz5L0AT0uQib0sal0yj72kCsg oi6flocqESDNzYPgh/nZEjCHzcRhGWxcsjhTzjBQSTW/HSarQ+wbZuIpUlUQG3A6 oEhRBj201t4+FUSwCQfr5QdivxwtMHHJYSXqo4nyD3AsRQ2HTnFNcqq26h+bgjhR HmdBvffQ5lQUrtDKDb4XXr8RLFbk2RmjeD/zZfb1zhezSmJi4cD6LrClxer5aRFo djoqVwjzKsg/9gLaDqr/UDObF6Ke6hs03yTs1Hjrp/DV29wWjJ8NKShezIEJOPTm lgK+jhcEbs5vR4woG3vll7Jfaz7W8vniM9cOz/7bvWOp924cHMmwWFod4DMVf9ry USB3v/ClFl5caJnoYYwKiIfc/EyYrprTvMLcO6yzDkhWUlaws88= =bpCy -----END PGP SIGNATURE----- From nobody Wed Sep 6 19:13:40 2023 X-Original-To: freebsd-announce@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RgsVD57pLz4s1Vn for ; Wed, 6 Sep 2023 19:13:40 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RgsVD3XWKz3CL6; Wed, 6 Sep 2023 19:13:40 +0000 (UTC) (envelope-from security-advisories@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1694027620; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=Ha3i2fj+MRIRX/lDWH/cZ+ejgP1sVORJma0GNsWC5zU=; b=pccIbscA/kYulQ6AfFQLyK1ZE9LbgiGzS7w2eoXJoUr9/czQjzyOeW7FZ6UxD8oUi4t6kG qoinJkI5UU10UmEvwrBGcCOHw/WCHlhpK3wD86KQaAZF/a/IYrl3vvysjbG5QnrxKiqwC7 etsVuTN/MPPfkzH5Z+b5AcCsnYZ3TQBC4Cgnx3/9mIscIde/U5V9v+OvP4VfM7g+1PzQEA 8MUieox5gBHpv3bOBe4HNGHKtUfv35fGe986DEToUcXp4v25K4saTdl5tO0RMm3M0U1Fuf VgjhMytjs9Oultj16lfwO5gDQ9guNghGHzZ3zx7c342/rgts8yJOaftkRVRG3w== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1694027620; a=rsa-sha256; cv=none; b=hFxhq3Uo0YPaKs27KpCNoWaN9I3QJ+EbRlY38zX2d9Il6/OxcnWON4UtIOlFCwltj8xaM5 wU8AchECL/K+rNT7fX8NX5E850VpRBqlidDr1ppyze8w47ygExuJhXPTNQtdWXWxdMzSv2 bmDDSF+z8C8HqlqEkE0lQs7DOSICoHWBuwPTNOWIqqMwhVaBSRSrSZMqhiqc/UN7lJN6sl BJgNYviS43XQCI+w9V/Vv8LTkdoc39CTT4I3UEATpE4g5fXBebbR07ECsIX/WWf2yNfR/g DhhEOI/IFWmzdZGgjNhP2SQq8ERdHZ3591janrSDUqDsa77XMZSERXHQdBLxAQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1694027620; h=from:from:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc; bh=Ha3i2fj+MRIRX/lDWH/cZ+ejgP1sVORJma0GNsWC5zU=; b=fzD1aASFj3dpC/UikeapdXrKw4cWy+L/cCv2hp7HJIqfSiYYUZoh2EzQCM8Wg+L8lzG8kT zxAuWJg5ZwwX6wdti6fU9HlZULHotSm8BgradeRUQ/c2z+GmG6fC9k7pxBVW2XRcX78bu0 Dqer2tPsqu9L8SH7RhKPyuaa95gTfRsYzdgFBNpDiLgNS1h5zpTwg3uyXxKwSy6Qr5sRQK 42gEF3CegjemnlBLHY8y59ZjB0NLQJ3fMI7jQniGLSbi+jqn8CUhN6dtdCxKzubXmmAKX7 aiWdGb+0Cj2N6mfgQRX5+E7BPdClqxwSKrAekQ+N4a60VIl/I/Squ9MjZaglew== Received: by freefall.freebsd.org (Postfix, from userid 945) id 55EB111D92; Wed, 6 Sep 2023 19:13:40 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-23:11.wifi Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20230906191340.55EB111D92@freefall.freebsd.org> Date: Wed, 6 Sep 2023 19:13:40 +0000 (UTC) List-Id: Project Announcements [moderated] List-Archive: https://lists.freebsd.org/archives/freebsd-announce List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-announce@freebsd.org X-BeenThere: freebsd-announce@freebsd.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-23:11.wifi Security Advisory The FreeBSD Project Topic: Wi-Fi encryption bypass Category: core Module: net80211 Announced: 2023-09-06 Credits: See the paper linked in the References section. Affects: All supported versions of FreeBSD. Corrected: 2023-06-26 12:02:00 UTC (stable/13, 13.2-STABLE) 2023-09-06 17:13:25 UTC (releng/13.2, 13.2-RELEASE-p3) 2023-06-26 12:30:23 UTC (stable/12, 12.4-STABLE) 2023-09-06 17:38:34 UTC (releng/12.4, 12.4-RELEASE-p5) CVE Name: CVE-2022-47522 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background FreeBSD's net80211 kernel subsystem provides infrastructure and drivers for IEEE 802.11 wireless (Wi-Fi) communications. Wi-Fi communications rely on both unicast and multicast keys to secure transmissions. II. Problem Description The net80211 subsystem would fallback to the multicast key for unicast traffic in the event the unicast key was removed. This would result in buffered unicast traffic being exposed to any stations with access to the multicast key. III. Impact As described in the "Framing Frames: Bypassing Wi-Fi Encryption by Manipulating Transmit Queues" paper, an attacker can induce an access point to buffer frames for a client, deauthenticate the client (causing the unicast key to be removed from the access point), and subsequent flushing of the buffered frames now encrypted with the multicast key. This would give the attacker access to the data. IV. Workaround No workaround is available. Systems not using Wi-Fi are not affected. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date and reboot Perform one of the following: 1) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64, i386, or (on FreeBSD 13 and later) arm64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Rebooting for a security update" 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-23:11/wifi.patch # fetch https://security.FreeBSD.org/patches/SA-23:11/wifi.patch.asc # gpg --verify wifi.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details This issue is corrected by the corresponding Git commit hash or Subversion revision number in the following stable and release branches: Branch/path Hash Revision - ------------------------------------------------------------------------- stable/13/ 6c9bcecfb296 stable/13-n255680 releng/13.2/ 7f34ee7cc56b releng/13.2-n254632 stable/12/ r373115 releng/12.4/ r373187 - ------------------------------------------------------------------------- For FreeBSD 13 and later: Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NNNNNN with the hash: To determine the commit count in a working tree (for comparison against nNNNNNN in the table above), run: # git rev-list --count --first-parent HEAD For FreeBSD 12 and earlier: Run the following command to see which files were modified by a particular revision, replacing NNNNNN with the revision number: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmT4vywACgkQbljekB8A Gu+GuRAA1BydNZjSchRULzII3OtSfiF2Q3fF+d6bXOuUKuEOgKJvguTdeg1vqlOK 4V/1pEOUfYQE+nn+7s4Dc8L3TKLcPECYo8nvaO+5JvhEDpEbmHZRf9P6vz9Isi5X jjDP+ybY5pl1Gv74AkPeWzp9OZxBBAp/CJcpAMS/y3Onn3J6Okwsns5TXlaPA401 /iamphDSBhH1fUP0OeE9fFAWZrVnFHkrDNr+T+dd7vFyr964g/xRCQaCI5mDf+Z3 dYIydrOgdvmev/7h460bygz+NOQ5Hd+YAgHmNbXZd9WUvE0iJtFZh2EPWshSNmRj 5Tw+VocK8xRNCL0w6owC5Ag/pAAHURY7ffJbgMv5N4xAp6js9MSggIsyJ0YV1Own 4JfAXPib6YTlhdfHWoUaaFSRBPCOoF72mj7jTMCz/iFJj78XMtp/rk9iGT5cfKsF RQ7zfqm6qbg9lEbjGAM2OR4SWvW2umiiXDZDTKHyGzdWoFA6WNlkKIxYi8e7ti9E ksvqDN1v9A6FD3KD+ygPCVvAZwxbFmInAd5HPZFi8UjdhFZ4ql5HYFfjTVBmE1co H+I1apa+9Ssq7CRQmAc/blY03i/SmhTNNNnNoIbwAC4DLI9nx/orYdoJksaneYkP QcOT19Jh83UYGHx2bqlVZGfggvXQgwffXhLliLwwUxtCJhGwElQ= =lSpK -----END PGP SIGNATURE-----