Date: Wed, 29 Jan 2025 20:20:45 GMT From: Gordon Tetlow <gordon@FreeBSD.org> To: doc-committers@FreeBSD.org, dev-commits-doc-all@FreeBSD.org Subject: git: 46c1baa951 - main - Add EN-25:01 through EN-25:03 and SA-25:01 through SA-25:04. Message-ID: <202501292020.50TKKjl5027362@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by gordon: URL: https://cgit.FreeBSD.org/doc/commit/?id=46c1baa951ca34c2c9279f2a727836df902c0082 commit 46c1baa951ca34c2c9279f2a727836df902c0082 Author: Gordon Tetlow <gordon@FreeBSD.org> AuthorDate: 2025-01-29 20:19:44 +0000 Commit: Gordon Tetlow <gordon@FreeBSD.org> CommitDate: 2025-01-29 20:19:44 +0000 Add EN-25:01 through EN-25:03 and SA-25:01 through SA-25:04. Approved by: so --- website/data/security/advisories.toml | 16 + website/data/security/errata.toml | 12 + .../security/advisories/FreeBSD-EN-25:01.rpc.asc | 137 + .../security/advisories/FreeBSD-EN-25:02.audit.asc | 137 + .../advisories/FreeBSD-EN-25:03.tzdata.asc | 167 + .../advisories/FreeBSD-SA-25.03.etcupdate.asc | 141 + .../advisories/FreeBSD-SA-25:01.openssh.asc | 136 + .../security/advisories/FreeBSD-SA-25:02.fs.asc | 151 + .../advisories/FreeBSD-SA-25:04.ktrace.asc | 135 + website/static/security/patches/EN-25:01/rpc.patch | 10 + .../static/security/patches/EN-25:01/rpc.patch.asc | 16 + .../static/security/patches/EN-25:02/audit.patch | 47 + .../security/patches/EN-25:02/audit.patch.asc | 16 + .../patches/EN-25:03/tzdata-2024b-2025a.patch | 5905 ++++++++++++++++++++ .../patches/EN-25:03/tzdata-2024b-2025a.patch.asc | 16 + .../security/patches/EN-25:03/tzdata-2025a.patch | 929 +++ .../patches/EN-25:03/tzdata-2025a.patch.asc | 16 + .../static/security/patches/SA-25:01/openssh.patch | 14 + .../security/patches/SA-25:01/openssh.patch.asc | 16 + .../static/security/patches/SA-25:02/fs-13.patch | 45 + .../security/patches/SA-25:02/fs-13.patch.asc | 16 + .../static/security/patches/SA-25:02/fs-14.patch | 67 + .../security/patches/SA-25:02/fs-14.patch.asc | 16 + .../security/patches/SA-25:03/etcupdate.patch | 12 + .../security/patches/SA-25:03/etcupdate.patch.asc | 16 + .../static/security/patches/SA-25:04/ktrace.patch | 21 + .../security/patches/SA-25:04/ktrace.patch.asc | 16 + 27 files changed, 8226 insertions(+) diff --git a/website/data/security/advisories.toml b/website/data/security/advisories.toml index f7562432bd..8e676bbf20 100644 --- a/website/data/security/advisories.toml +++ b/website/data/security/advisories.toml @@ -1,6 +1,22 @@ # Sort advisories by year, month and day # $FreeBSD$ +[[advisories]] +name = "FreeBSD-SA-25:04.ktrace" +date = "2025-01-29" + +[[advisories]] +name = "FreeBSD-SA-25:03.etcupdate" +date = "2025-01-29" + +[[advisories]] +name = "FreeBSD-SA-25:02.fs" +date = "2025-01-29" + +[[advisories]] +name = "FreeBSD-SA-25:01.openssh" +date = "2025-01-29" + [[advisories]] name = "FreeBSD-SA-24:19.fetch" date = "2024-10-29" diff --git a/website/data/security/errata.toml b/website/data/security/errata.toml index fc4760d668..d26f0bf3f2 100644 --- a/website/data/security/errata.toml +++ b/website/data/security/errata.toml @@ -1,6 +1,18 @@ # Sort errata notices by year, month and day # $FreeBSD$ +[[notices]] +name = "FreeBSD-EN-25:03.tzdata" +date = "2025-01-29" + +[[notices]] +name = "FreeBSD-EN-25:02.audit" +date = "2025-01-29" + +[[notices]] +name = "FreeBSD-EN-25:01.rpc" +date = "2025-01-29" + [[notices]] name = "FreeBSD-EN-24:17.pam_xdg" date = "2024-10-29" diff --git a/website/static/security/advisories/FreeBSD-EN-25:01.rpc.asc b/website/static/security/advisories/FreeBSD-EN-25:01.rpc.asc new file mode 100644 index 0000000000..08373eeea2 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-25:01.rpc.asc @@ -0,0 +1,137 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-25:01.rpc Errata Notice + The FreeBSD Project + +Topic: NULL pointer dereference in the NFSv4 client + +Category: core +Module: kernel +Announced: 2024-12-23 +Affects: FreeBSD 14.1 +Corrected: 2024-05-28 02:22:04 UTC (stable/14, 14.1-STABLE) + 2025-01-29 18:55:17 UTC (releng/14.1, 14.1-RELEASE-p7) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +The Network File System (NFS) allows a host to export some or all of its file +systems so that other hosts can access them over the network and mount them +as if they were on local disks. NFS is built on top of the Sun Remote +Procedure Call (RPC) framework. FreeBSD includes server and client +implementations of NFS. + +NFS version 4 provides both client support and server support for delegation. +Delegation is a technique by which the server delegates the management of a +file to a client. + +II. Problem Description + +When a NFSv4.1/4.2 client callback related to delegations is handled, a +missing NULL pointer check can cause a kernel panic. + +III. Impact + +FreeBSD systems mounting a NFSv4 server with delegations enabled may cause a +kernel panic. + +IV. Workaround + +None, although NFSv4 clients mounting a server that has delegations disabled +are not affected. + +If running a FreeBSD NFSv4 server, disabling delegations by setting the +sysctl vfs.nfsd.issue_delegations to 0 (which is the default) will prevent +any affected clients from crashing. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date and reboot. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) +utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-25:01/rpc.patch +# fetch https://security.FreeBSD.org/patches/EN-25:01/rpc.patch.asc +# gpg --verify rpc.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the +system. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash in the +following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ 4c136aad80e6 stable/14-n269984 +releng/14.1/ 4fdb8d1ab316 releng/14.1-n267728 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>; + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=282156>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-25:01.rpc.asc>; +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmeajKEACgkQbljekB8A +Gu+TKA/6AiM4K+rkbQVEIq7DP/Kodnl/HH03t3oMX+O6McIYnPPc0AtBflxjcGTK +JatRl4tFAkn/umXOLHw9ljqtIBz3Czj7i9mNvQ/z0j6oBZXnQLGXJdVcQLj5sZ2b +GbMFe8Pf6yhL+HZqRDK+AP0x8gx9fCRvK9N8rTnwNGk6JnJXGMhF0V7cYEsCvN29 +xZX2VxxGo6APuFuct86FpDOZMnzqvGqukI2vTxwgG3kMDY4Y5DkVEwmjWOk4rAK9 ++vGOrM+e+eUcktiIa+tFNmwhTexlXQ6LByiQKn6Py2jpcTJr2GP6AY/S4obHNGkB +prixFBP9H6CP6M27RlWGiKG+dr60tzKukWcvj+Y3Ogu9tQOY0p+RGfTY/v416aAP +VcFpxZhQc/67M45rRfPi8Ff+oXlcVXzmI1mkn4EcBcBC7DPLMD/Fvf0fixFKMLRw +tImHAIn0cKWyjfu/uXSspFo9GtuHEyfodeLhA52Fh7ulfWgjNoQDvFJE3KAD+GGo +x+GElJsO2Q+68b7b6sJPt0ZEijaDilI1d/cnwYYbXwwvnvbCPss7I9IWzB1T4xBI +dZM/ED7jPFt3cbH2btVAaHDyMsx3FW0RzjDbTMGZFbNFsF3Adbet2ds8Jym954K0 +3MPv/T4OHui8tOL4WO3WMB/X50qDwBIFZC8+kU/MOe5OAq9yVyc= +=7P47 +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-25:02.audit.asc b/website/static/security/advisories/FreeBSD-EN-25:02.audit.asc new file mode 100644 index 0000000000..ab45d0458f --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-25:02.audit.asc @@ -0,0 +1,137 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-25:02.audit Errata Notice + The FreeBSD Project + +Topic: System call auditing disabled by DTrace + +Category: core +Module: audit +Announced: 2025-01-29 +Credits: Joe Duin +Affects: All supported versions of FreeBSD. +Corrected: 2025-01-17 13:40:36 UTC (stable/14, 14.2-STABLE) + 2025-01-29 18:54:51 UTC (releng/14.2, 14.2-RELEASE-p1) + 2025-01-29 18:55:18 UTC (releng/14.1, 14.1-RELEASE-p7) + 2025-01-17 13:40:56 UTC (stable/13, 13.4-STABLE) + 2025-01-29 18:55:24 UTC (releng/13.4, 13.4-RELEASE-p3) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +The audit(4) facility allows a system administrator to audit +security-relevant events. System calls are one such security-related +event, and the audit(4) facility will record whether the system call was +successful along with other important details. + +II. Problem Description + +When userspace invokes a system call, the kernel routes the call through +a common function which optionally logs an audit record for the call. +This function also calls into DTrace to implement system call tracing. +When both system call auditing and DTrace system call tracing are +enabled at the same time, a logic error causes auditing to be silently +disabled. + +III. Impact + +A privileged user can inhibit system call audit logging by running a +DTrace script which uses the "syscall" provider. Once the DTrace script +exits, system call auditing will resume without any intervention. + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date and reboot. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) +utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-25:02/audit.patch +# fetch https://security.FreeBSD.org/patches/EN-25:02/audit.patch.asc +# gpg --verify audit.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the +system. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash in the +following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ 4b9ba274d736 stable/14-n270139 +releng/14.2/ 71bf983f92ba releng/14.2-n269508 +releng/14.1/ 1574c53178e9 releng/14.1-n267729 +stable/13/ 1bf531bcd791 stable/13-n259015 +releng/13.4/ f7b9cd733c39 releng/13.4-n258269 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>; + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-25:02.audit.asc>; +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmeajKMACgkQbljekB8A +Gu/wIxAA38DHdcS7lmwRT/rYyuUICRW7v51RU/FMzbxJ/F0Aovh+mhKUjI3IU6Ym +HEfJpu0o0bRN+tf2cCz4JEO881NhipNsmZlZ62W1Rz3bIG0MmcCQ+9bYMlLcCKrB +V1GR/kve5ENZRi9R4eQ+zzrIMXnrL18QOY1BMxnuqT/QmA18LPx0XPGhecKj4L0+ +brD7xvg8cGd6QYKz56PVKqgPSJtN6gl9qgiIb2jtTNoz9lyXf/88N4nvFTGB86Mj +wVQy9J/fdiHU6154xQq8HaIEk2q0kQsOM7fuEwms1yCgOKiOyYOL2Ohn1KDRD1Vh +ECWLldc2l67ioLY2o3I15O4gSPa+/NcEgtGxrgCcUbp6cWHAMYbDw8/Oth7eIdjB +tuv0Hu27ADJH9RawmrgziD9BzQzSK1qzzBLvic20pvU3tqlSTDWyrTfLYkkFoqjg +8tL3PULNtHgcoP1VwfhQjVZAB5XzCDvuxTOOG6po6Hp02zdLmuQzQ7M+p/Fz1Cf1 +rftSNXfXS5vXnX18j51/I6KZaqRg039RVotVy7Pjy/+FWD5y8UGqp5QqPBlOvjve +62R+FKVVr/Ki17kuQMayCc2hoWS4nKirQK1Kb2AoKIur5HoIM7urUnIIanzLvmIT +tSJxvh1msNsOf2Q+1Yo6IP27Q9yjDTPZA+jFTzSL9lGiJAXoiVQ= +=DEwx +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-25:03.tzdata.asc b/website/static/security/advisories/FreeBSD-EN-25:03.tzdata.asc new file mode 100644 index 0000000000..58e884e6ef --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-25:03.tzdata.asc @@ -0,0 +1,167 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-25:03.tzdata Errata Notice + The FreeBSD Project + +Topic: Timezone database information update + +Category: contrib +Module: zoneinfo +Announced: 2025-01-29 +Affects: All supported versions of FreeBSD +Corrected: 2025-01-20 00:25:35 UTC (stable/14, 14.2-STABLE) + 2025-01-29 18:54:53 UTC (releng/14.2, 14.2-RELEASE-p1) + 2025-01-29 18:55:24 UTC (releng/14.1, 14.1-RELEASE-p7) + 2025-01-20 00:26:44 UTC (stable/13, 13.4-STABLE) + 2025-01-29 18:55:26 UTC (releng/13.4, 13.4-RELEASE-p3) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +The IANA Time Zone Database (often called tz or zoneinfo) contains code and +data that represent the history of local time for many representative +locations around the globe. It is updated periodically to reflect changes +made by political bodies to time zone boundaries, UTC offsets, and +daylight-saving rules. + +FreeBSD releases install the IANA Time Zone Database in /usr/share/zoneinfo. +The tzsetup(8) utility allows the user to specify the default local time +zone. Based on the selected time zone, tzsetup(8) copies one of the files +from /usr/share/zoneinfo to /etc/localtime. A time zone may also be selected +for an individual process by setting its TZ environment variable to a desired +time zone name. + +II. Problem Description + +Several changes to future and past timestamps have been recorded in the IANA +Time Zone Database after previous FreeBSD releases were released. This +affects many users in different parts of the world. Because of these +changes, the data in the zoneinfo files need to be updated. If the local +timezone on the running system is affected, tzsetup(8) needs to be run to +update /etc/localtime. + +III. Impact + +An incorrect time will be displayed on a system configured to use one of the +affected time zones if the /usr/share/zoneinfo and /etc/localtime files are +not updated, and all applications on the system that rely on the system time, +such as cron(8) and syslog(8), will be affected. + +IV. Workaround + +The system administrator can install an updated version of the IANA Time Zone +Database from the misc/zoneinfo port and run tzsetup(8). + +Applications that store and display times in Coordinated Universal Time (UTC) +are not affected. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +Please note that some third party software, for instance PHP, Ruby, Java, +Perl and Python, may be using different zoneinfo data sources, in such cases +this software must be updated separately. Software packages that are +installed via binary packages can be upgraded by executing 'pkg upgrade'. + +Following the instructions in this Errata Notice will only update the IANA +Time Zone Database installed in /usr/share/zoneinfo. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) +utility: + +# freebsd-update fetch +# freebsd-update install + +Restart all the affected applications and daemons, or reboot the system. + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 14.2] +# fetch https://security.FreeBSD.org/patches/EN-25:03/tzdata-2025a.patch +# fetch https://security.FreeBSD.org/patches/EN-25:03/tzdata-2025a.patch.asc +# gpg --verify tzdata-2025a.patch.asc + +[FreeBSD 14.1, FreeBSD 13.4] +# fetch https://security.FreeBSD.org/patches/EN-25:03/tzdata-2024b-2025a.patch +# fetch https://security.FreeBSD.org/patches/EN-25:03/tzdata-2024b-2025a.patch.asc +# gpg --verify tzdata-2024b-2025a.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart all the affected applications and daemons, or reboot the system. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash in the +following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ a158d26e89f2 stable/14-n270163 +releng/14.2/ b9149a3af722 releng/14.2-n269509 +releng/14.1/ 40928c124157 releng/14.1-n267734 +stable/13/ 2d6dcb4f97f8 stable/13-n259027 +releng/13.4/ eb9d8bafa485 releng/13.4-n258271 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>; + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://github.com/eggert/tz/blob/2025a/NEWS>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-25:03.tzdata.asc>; +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmeajKUACgkQbljekB8A +Gu9cFhAAuGVUEwz0fggS27AahJHjh1a7SCwCh0lqRqedqsyRwJ4hoMoU2D7u5MCa +w6uhBGHP5WeaKhKjMuZy339qE1mDrlm07uaoAdoum1BcmbdPIbUBrnXVYyPXuaCo +ao92VBXRjDYaPlWtiK2z8DUyzYorHyH8TPtI64T05AnbkgblZl7jzwK/QLljqo0X +33VhZF5ZGpHhdEr5lmx1Rx7dKfItgX7WGjnWFwQ7Y3J9pieCXggNjiHwjoXxz3Vz +mZoRntnQ1JNTxEyPb69vokNCpOg03ateUTqGz/6JSR3quHqt78hXns4sVwYF9aSh +A486DFzSHhW7Wl5moGSTl28GYFiU4mB7775Ui3wBEC2hI+UrH5etnmXjsr0kVOxE +gmjLPwFcNqUZE+u3TmLTn7oRxftziwQ2qCWsfORyKfOP3fU0CrR41eOPWmNeCaVn +rP5dmkYP857CcPjzDdt0UwI0ZSpirc304HxU9H4J69BBe2CLS4IC74SEr5hloZnY +QNF66nyZ0dfU2Rf2ojwJ9FdHS9DyB5cnG7yMp6rn74ORrz7Gug2UO4UHVJwQ58Ji +GWgZhENaGDbA8PO3X9ptoNAtmuYG4XFn4AxzqQ6cUfnveItVzRZr10qGE7WMhNjH +/yVAV6swGSZWFdl05Km+75WHX/+7cQrGOgsWJt1yHkzRsYVS8K0= +=x7nl +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-25.03.etcupdate.asc b/website/static/security/advisories/FreeBSD-SA-25.03.etcupdate.asc new file mode 100644 index 0000000000..5809240dac --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-25.03.etcupdate.asc @@ -0,0 +1,141 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-25:03.etcupdate Security Advisory + The FreeBSD Project + +Topic: Unprivileged access to system files + +Category: core +Module: etcupdate +Announced: 2025-01-29 +Credits: Christos Chatzaras +Affects: All supported versions of FreeBSD. +Corrected: 2025-01-28 16:07:18 UTC (stable/14, 14.2-STABLE) + 2025-01-29 18:54:57 UTC (releng/14.2, 14.2-RELEASE-p1) + 2025-01-29 18:55:26 UTC (releng/14.1, 14.1-RELEASE-p7) + 2025-01-28 16:07:34 UTC (stable/13, 13.4-STABLE) + 2025-01-29 18:55:30 UTC (releng/13.4, 13.4-RELEASE-p3) +CVE Name: CVE-2025-0374 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +The etcupdate(8) utility is a tool for managing updates to files that are not +updated as part of ‘make installworld’ such as files in /etc. It manages +updates by doing a three-way merge of changes made to these files against the +local versions. It is also designed to minimize the amount of user +intervention with the goal of simplifying upgrades for clusters of machines. + +II. Problem Description + +When etcupdate encounters conflicts while merging files, it saves a version +containing conflict markers in /var/db/etcupdate/conflicts. This version does +not preserve the mode of the input file, and is world-readable. This applies +to files that would normally have restricted visibility, such as +/etc/master.passwd. + +III. Impact + +An unprivileged local user may be able to read encrypted root and user +passwords from the temporary master.passwd file created in +/var/db/etcupdate/conflicts. This is possible only when conflicts within the +password file arise during an update, and the unprotected file is deleted when +conflicts are resolved. + +IV. Workaround + +No workaround is available. Systems whose files are updated using a mechanism +other than etcupdate, such as freebsd-update(8), are unaffected. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) +utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-25:03/etcupdate.patch +# fetch https://security.FreeBSD.org/patches/SA-25:03/etcupdate.patch.asc +# gpg --verify etcupdate.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash in the +following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ 93836ff92be8 stable/14-n270244 +releng/14.2/ c55000e7c233 releng/14.2-n269513 +releng/14.1/ b8945a926a2f releng/14.1-n267736 +stable/13/ 17e935f1f327 stable/13-n259074 +releng/13.4/ c1c180910d46 releng/13.4-n258274 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>; + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277470>; +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0374>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-25:03.etcupdate.asc>; +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmeajKwACgkQbljekB8A +Gu+/Zg//S1n7l9ABmKTrFKWstkDgyNplTyb8VRQ6HQtdAQSa1M5C8MUXt57wjCV0 +uOilT3GwT29IzBW2EDe3m8uOGdd3n0Ti6pCn0a11HV/VXqTt7zbbLNSPs7soTWVs +oIsig0wmw/oZ2+ZkOvZG19ae99NdLzrV6YSK8NpdnOqwnTiZtN0cxCEdzhAQVznL +omYwXjw7todZ1mskECDuaFrw+1R6K2Aw0lpauveNcsGewjV85IML6G3sPKYMJJCq +E51LZ/1AfkQ+DDae+BVrGpvocf8YtR1p9Af8nSq16/WKKn4bwsVqFDf+fDpLpHW6 +W7P+Ng4KDKMPX7D/ObzTECKJLuhP3f0yZkkOrypIXFC5M34lbmyqJvR4tB7uJeNU +uqlD9RNbKY652isbIRZKz5L8gnZpFK0IUTHhcGOpTw8dfF19CsfE2jHoI/7fs8rC +RqMRCHo2dlPMP1xHTWfsgS3BYNJgC99CF1VCgpj2PuwQ3tP+CnQ5Ed2tvdTRrPjA +/IL3DzH/5hUIhHUPPPnw7m4PHUduXJyG1gvv998oIVw4Q7AXTcTGYU4fLZrEvBY7 +r4Zgpy8WkdRYMJHfdlrmSJNf3r2isrVXosw5PLbwBRw1k+V2KlxBRo6YjglbakU/ +LEmgLL7D4BrMHUBjqe1m1wff3Urz41tRTQr/IaBjeXxI6jlwDDM= +=60Xo +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-25:01.openssh.asc b/website/static/security/advisories/FreeBSD-SA-25:01.openssh.asc new file mode 100644 index 0000000000..34fdcd3af4 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-25:01.openssh.asc @@ -0,0 +1,136 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-25:01.openssh Security Advisory + The FreeBSD Project + +Topic: OpenSSH Keystroke Obfuscation Bypass + +Category: contrib +Module: openssh +Announced: 2025-01-29 +Credits: Philippos Giavridis +Credits: Jacky Wei En Kung, Daniel Hugenroth and + Alastair Beresford (University of Cambridge) +Affects: FreeBSD 14.1 +Corrected: 2024-07-15 18:45:16 UTC (stable/14, 14.2-STABLE) + 2025-01-29 18:55:25 UTC (releng/14.1, 14.1-RELEASE-p7) + 2024-08-01 15:03:50 UTC (stable/13, 13.4-STABLE) +CVE Name: CVE-2024-39894 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +OpenSSH is an implementation of the SSH protocol suite, providing an +encrypted and authenticated transport for a variety of services, including +remote shell access. + +OpenSSH version 9.5 introduced a mechanism to mitigate keystroke timing +attacks by "sending interactive traffic at fixed intervals when there is +only a small amount of data being sent." + +II. Problem Description + +A logic error in the ssh(1) ObscureKeystrokeTiming feature (on by default) +rendered this feature ineffective. + +III. Impact + +A passive observer could detect which network packets contain real keystrokes, +and infer the specific characters being transmitted from packet timing. + +IV. Workaround + +No workaround is available. This bug does not affect connections when +ObscureKeystrokeTiming was disabled or sessions where no TTY was requested. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) +utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 14.1] +# fetch https://security.FreeBSD.org/patches/SA-25:01/openssh.patch +# fetch https://security.FreeBSD.org/patches/SA-25:01/openssh.patch.asc +# gpg --verify openssh.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash in the +following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ bf9a275b24f6 stable/14-n268158 +releng/14.1/ 88d5d8108711 releng/14.1-n267735 +stable/13/ 79853e40abd8 stable/13-n258171 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>; + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39894>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-25:01.openssh.asc>; +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmeajKgACgkQbljekB8A +Gu8WORAAl3zgLVz40e7nhduuV4eZlnvWAc6sruSap5f80ikGLRDfuzgKugWdOvTA +i+bSZuZkGPx444uyC0JcN016+oUpd/1Xzr4/KQ7BL0ZYmgxQn/O8jfPbEiSloXpG +Vgn8ZXYh1EKilhIw6n79yZN6WSY/gAfMZzeY/R7v1n7WaBnUYaUB8fl94CoTxf1j +qQfmngBi6GU52OqirqBI4OYozJ2dkhRK/epvFUxMPGFVKa7wj4GChrQFW+PCyvHE +TPg4H37kbSC37LbCn2Y/vjs8WcAr/xI68AGkalANgqVvtIpA0+tO7hn5gqgevbc8 +xO1xDvy38mlgX1CIdRD/Ur857z3P23mVfPhHkXX+85mbH/8QRbMJuB88zrhS9pcY +V+dq23r0ALRCo8t8Sab5xukZhuK2rxFfXvfF2YT920Vd7LgCsA9MjTCdU/IfNpH0 +Ax5Lq1bm4cv9DT47XBRn+0QDZU0TSq0uJ8YLrusfS67ikzdbSBqL3tOAXtz6DeCL +UDqSg3Ohw4HFn+DNMOdmESWO/t5LesEY/nB/vGSQYNYQMqlednwAPVhp6D8jvcgE +Wi26qTLo4SgcvfDUk4EfDeLp90pgCXkBn5Zo9eTdOlyY/aMzvFcI7EKbsSAkX1Cg +zus5DrcA9BTu2Wp9xWTUHLBC65ecHy6/xXSubjL4GCbYcPcjxQI= +=oskq +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-25:02.fs.asc b/website/static/security/advisories/FreeBSD-SA-25:02.fs.asc new file mode 100644 index 0000000000..daf046b3b2 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-25:02.fs.asc @@ -0,0 +1,151 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-25:02.fs Security Advisory + The FreeBSD Project + +Topic: Buffer overflow in some filesystems via NFS + +Category: core +Module: fs +Announced: 2025-01-29 +Credits: Kevin Miller +Affects: All supported versions of FreeBSD. +Corrected: 2025-01-17 13:53:10 UTC (stable/14, 14.2-STABLE) + 2025-01-29 18:54:56 UTC (releng/14.2, 14.2-RELEASE-p1) + 2025-01-29 18:55:22 UTC (releng/14.1, 14.1-RELEASE-p7) + 2025-01-17 14:00:40 UTC (stable/13, 13.4-STABLE) + 2025-01-29 18:55:29 UTC (releng/13.4, 13.4-RELEASE-p3) +CVE Name: CVE-2025-0373 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +FreeBSD provides a number of filesystem implementations for different +purposes. cd9660 is used to mount ISO 9660 images; tarfs is used to mount +POSIX tar archives; ext2fs is used to mount ext2, ext3, and ext4 filesystems. + +II. Problem Description + +In order to export a file system via NFS, the file system must define a file +system identifier (FID) for all exported files. Each FreeBSD file system +implements operations to translate between FIDs and vnodes, the kernel's +in-memory representation of files. These operations are VOP_VPTOFH(9) and +VFS_FHTOVP(9). + +On 64-bit systems, the implementation of VOP_VPTOFH() in the cd9660, tarfs and +ext2fs filesystems overflows the destination FID buffer by 4 bytes, a stack +buffer overflow. + +III. Impact + +A NFS server that exports a cd9660, tarfs, or ext2fs file system can be made +to panic by mounting and accessing the export with an NFS client. Further +exploitation (e.g., bypassing file permission checking or remote kernel code +execution) is potentially possible, though this has not been demonstrated. In +particular, release kernels are compiled with stack protection enabled, and +some instances of the overflow are caught by this mechanism, causing a panic. + +IV. Workaround + +No workaround is available, however, only systems which export a cd9660, +tarfs, or ext2fs filesystem via NFS are affected. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) +utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 14.x] +# fetch https://security.FreeBSD.org/patches/SA-25:02/fs-14.patch +# fetch https://security.FreeBSD.org/patches/SA-25:02/fs-14.patch.asc +# gpg --verify fs-14.patch.asc + +[FreeBSD 13.x] +# fetch https://security.FreeBSD.org/patches/SA-25:02/fs-13.patch +# fetch https://security.FreeBSD.org/patches/SA-25:02/fs-13.patch.asc +# gpg --verify fs-13.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the +system. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash in the +following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ 7a3a0402aeb6 stable/14-n270143 +releng/14.2/ faa47d299a0e releng/14.2-n269512 +releng/14.1/ c90866090517 releng/14.1-n267732 +stable/13/ ee931cf4a49c stable/13-n259016 +releng/13.4/ 0365b776f1b1 releng/13.4-n258273 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>; + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0373>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-25:02.fs.asc>; +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmeajKoACgkQbljekB8A +Gu8JFw/7Bq7C56cUeMwxb6I7BU3U2/DNjKLAR3bymrYqqJberyyyfUtgCcaTyz2q *** 7455 LINES SKIPPED ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202501292020.50TKKjl5027362>