From owner-freebsd-announce@FreeBSD.ORG Wed May 26 04:33:37 2004 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 86BC516A4D0; Wed, 26 May 2004 04:33:37 -0700 (PDT) Received: from smtp.des.no (flood.des.no [217.116.83.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id A2D7343D2F; Wed, 26 May 2004 04:33:36 -0700 (PDT) (envelope-from security-advisories@freebsd.org) Received: by smtp.des.no (Pony Express, from userid 666) id A9EE75310; Wed, 26 May 2004 13:33:23 +0200 (CEST) Received: from dwp.des.no (des.no [80.203.228.37]) by smtp.des.no (Pony Express) with ESMTP id 5F311530A; Wed, 26 May 2004 13:32:52 +0200 (CEST) Received: by dwp.des.no (Postfix, from userid 2602) id D72B733CAC; Wed, 26 May 2004 13:32:51 +0200 (CEST) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Precedence: bulk Message-Id: <20040526113251.D72B733CAC@dwp.des.no> Date: Wed, 26 May 2004 13:32:51 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on flood.des.no X-Spam-Level: s X-Spam-Status: No, hits=1.8 required=5.0 tests=ADDR_FREE,AWL autolearn=no version=2.63 Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-04:11.msync X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: security-advisories@freebsd.org List-Id: Project Announcements [moderated] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 May 2004 11:33:37 -0000 X-List-Received-Date: Wed, 26 May 2004 11:33:37 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-04:11.msync Security Advisory The FreeBSD Project Topic: buffer cache invalidation implementation issues Category: core Module: sys Announced: 2004-05-26 Credits: Stephan Uphoff Matt Dillon Affects: All FreeBSD versions prior to the correction date Corrected: 2004-05-25 22:46:38 UTC (RELENG_4, 4.10-STABLE) 2004-05-25 23:07:55 UTC (RELENG_5_2, 5.2.1-RELEASE-p8) 2004-05-22 23:09:19 UTC (RELENG_4_10, 4.10-RELEASE) 2004-05-25 23:01:21 UTC (RELENG_4_9, 4.9-RELEASE-p9) 2004-05-25 23:01:19 UTC (RELENG_4_8, 4.8-RELEASE-p22) CVE Name: CAN-2004-0435 FreeBSD only: YES For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The msync(2) system call is used by applications to request that modified memory pages are written to permanent storage. II. Problem Description Programming errors in the implementation of the msync(2) system call involving the MS_INVALIDATE operation lead to cache consistency problems between the virtual memory system and on-disk contents. III. Impact In some situations, a user with read access to a file may be able to prevent changes to that file from being committed to disk. IV. Workaround There is no workaround. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 4-STABLE; or to the RELENG_5_2, RELENG_4_10, RELENG_4_9, or RELENG_4_8 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 4.8, 4.9, 4.10 and 5.2 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 5.2] # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:11/msync5.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:11/msync5.patch.asc [FreeBSD 4.8, 4.9, 4.10] # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:11/msync4.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:11/msync4.patch.asc b) Apply the patch. # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - ------------------------------------------------------------------------- RELENG_4 src/sys/ufs/ufs/ufs_readwrite.c 1.65.2.16 src/sys/vm/vm_map.c 1.187.2.30 RELENG_4_10 src/sys/ufs/ufs/ufs_readwrite.c 1.65.2.14.4.1 src/sys/vm/vm_map.c 1.187.2.24.2.4 RELENG_4_9 src/UPDATING 1.73.2.89.2.10 src/sys/conf/newvers.sh 1.44.2.32.2.10 src/sys/ufs/ufs/ufs_readwrite.c 1.65.2.14.2.1 src/sys/vm/vm_map.c 1.187.2.23.2.1 RELENG_4_8 src/UPDATING 1.73.2.80.2.25 src/sys/conf/newvers.sh 1.44.2.29.2.23 src/sys/ufs/ufs/ufs_readwrite.c 1.65.2.13.2.1 src/sys/vm/vm_map.c 1.187.2.17.2.1 RELENG_5_2 src/UPDATING 1.282.2.16 src/sys/conf/newvers.sh 1.56.2.15 src/sys/ufs/ffs/ffs_vnops.c 1.119.2.1 src/sys/vm/vm_object.c 1.317.2.1 - ------------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAtH2pFdaIBMps37IRAmycAJ0cv/iG6NlGBsC1xT4gg/Gx3lF8DwCghfHl G2wdUNyfvhz0u3kFB9pH41c= =SK1u -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Wed May 26 22:35:43 2004 Return-Path: Delivered-To: freebsd-announce@mx1.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0BB0416A4CE for ; Wed, 26 May 2004 22:35:43 -0700 (PDT) Received: from bobbi.cse.buffalo.edu (bobbi.cse.Buffalo.EDU [128.205.32.23]) by mx1.FreeBSD.org (Postfix) with ESMTP id 796AE43D49 for ; Wed, 26 May 2004 22:35:42 -0700 (PDT) (envelope-from kensmith@FreeBSD.org) Received: from bobbi.cse.buffalo.edu (localhost.cse.buffalo.edu [127.0.0.1]) i4R5Z3Q4019444 for ; Thu, 27 May 2004 01:35:03 -0400 (EDT) Received: (from kensmith@localhost) by bobbi.cse.buffalo.edu (8.12.11/8.12.11/Submit) id i4R5Z3Mc019443 for freebsd-announce@freebsd.org; Thu, 27 May 2004 01:35:03 -0400 (EDT) (envelope-from kensmith) Date: Thu, 27 May 2004 01:35:03 -0400 From: Ken Smith To: freebsd-announce@FreeBSD.org Message-ID: <20040527053502.GB19380@bobbi.cse.buffalo.edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="qcHopEYAB45HaUaB" Content-Disposition: inline User-Agent: Mutt/1.4.2.1i Subject: [FreeBSD-Announce] Announcing FreeBSD 4.10-RELEASE X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Project Announcements [moderated] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 27 May 2004 05:35:43 -0000 --qcHopEYAB45HaUaB Content-Type: text/plain; charset=us-ascii Content-Disposition: inline I am happy to announce the availability of FreeBSD 4.10-RELEASE, the latest release of the FreeBSD -STABLE development branch. Since FreeBSD 4.9-RELEASE in October 2003 we have made conservative updates to a number of software programs in the base system, dealt with known security issues, and made many bugfixes. For a complete list of new features, known problems, and late-breaking news, please see the release notes and errata list, available here: http://www.FreeBSD.org/releases/4.10R/relnotes.html http://www.FreeBSD.org/releases/4.10R/errata.html FreeBSD 4.10 will become the first "Errata Branch". Release branches for previous versions of FreeBSD would only have critical security fixes applied. With FreeBSD 4.10 the scope of fixes will be expanded to include local Denial of Service fixes as well as other significant and well-tested fixes that may not represent security issues. The current plans are for one more FreeBSD 4.X release which will be FreeBSD 4.11-RELEASE. It is expected the upcoming FreeBSD 5.3 release will have reached the maturity level most users will be able to migrate to 5.X. Most developer resources continue to be devoted to the 5.X branch. For more information about FreeBSD release engineering activities, please see: http://www.FreeBSD.org/releng/ Availability ------------ FreeBSD 4.10-RELEASE supports the i386 and alpha architectures and can be installed directly over the net, using bootable media, or copied to a local NFS/FTP server. Distributions for both architectures are available now. Please continue to support the FreeBSD Project by purchasing media from one of our supporting vendors. The following companies will be offering FreeBSD 4.10 based products: FreeBSD Mall, Inc. http://www.freebsdmall.com/ Daemonnews, Inc. http://www.bsdmall.com/freebsd1.html If you can not afford FreeBSD on media, are impatient, or just want to use it for evangelism purposes, then by all means download the ISO images. We can not promise that all the mirror sites will carry the larger ISO images, but they will at least be available from the following sites. MD5 checksums for the release images are included at the bottom of this message. ftp://ftp.FreeBSD.org/pub/FreeBSD/ ftp://ftp3.FreeBSD.org/pub/FreeBSD/ ftp://ftp5.FreeBSD.org/pub/FreeBSD/ ftp://ftp10.FreeBSD.org/pub/FreeBSD/ ftp://ftp.au.FreeBSD.org/pub/FreeBSD/ ftp://ftp2.au.FreeBSD.org/pub/FreeBSD/ ftp://ftp.cz.FreeBSD.org/pub/FreeBSD/ ftp://ftp.dk.FreeBSD.org/pub/FreeBSD/ ftp://ftp.fr.FreeBSD.org/pub/FreeBSD/ ftp://ftp.kr.FreeBSD.org/pub/FreeBSD/ ftp://ftp2.jp.FreeBSD.org/pub/FreeBSD/ ftp://ftp1.ru.FreeBSD.org/pub/FreeBSD/ ftp://ftp2.ru.FreeBSD.org/pub/FreeBSD/ ftp://ftp2.tw.FreeBSD.org/pub/FreeBSD/ ftp://ftp.uk.FreeBSD.org/pub/FreeBSD/ ftp://ftp3.us.FreeBSD.org/pub/FreeBSD/ ftp://ftp10.us.FreeBSD.org/pub/FreeBSD/ ftp://ftp11.us.FreeBSD.org/pub/FreeBSD/ ftp://ftp15.us.FreeBSD.org/pub/FreeBSD/ FreeBSD is also available via anonymous FTP from mirror sites in the following countries: Argentina, Australia, Austria, Brazil, Canada, China, Croatia, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hong Kong, Hungary, Iceland, Ireland, Italy, Japan, Korea, Lithuania, Netherlands, Norway, Poland, Portugal, Romania, Russia, Saudi Arabia, Singapore, Slovak Republic, Slovenia, South Africa, Spain, Sweden, Switzerland, Taiwan, Turkey, Ukraine, United Kingdom, and the United States. Before trying the central FTP site, please check your regional mirror(s) first by going to: ftp://ftp..FreeBSD.org/pub/FreeBSD Any additional mirror sites will be labeled ftp2, ftp3 and so on. More information about FreeBSD mirror sites can be found at: http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/mirrors-ftp.html For instructions on installing FreeBSD, please see Chapter 2 of The FreeBSD Handbook. It provides a complete installation walk-through for users new to FreeBSD, and can be found online at: http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/install.html Acknowledgments --------------- Many companies donated equipment, network access, or man-hours to finance the release engineering activities for FreeBSD 4.10 including The FreeBSD Mall, Compaq, Yahoo!, Sentex Communications, and NTT/Verio. The release engineering team for 4.10-RELEASE includes: Scott Long Release Engineering, Alpha Release Building Bruce A. Mah Release Engineering, Documentation Robert Watson Release Engineering, Security John Baldwin Release Engineering Murray Stokely Release Engineering Ken Smith Release Engineering I386 Release Building, Mirror Site Coordination Hiroki Sato Release Engineering, Documentation Kris Kennaway Package Building Joe Marcus Clarke Package Building Jacques A. Vidrine Security Officer CD Image Checksums ------------------ For i386: MD5 (4.10-RELEASE-i386-disc1.iso) = acdfe766794b0b5fbb2e5997af6e78dd MD5 (4.10-RELEASE-i386-disc2.iso) = 502c14e2e2d62c15d302da51ea36c199 MD5 (4.10-RELEASE-i386-miniinst.iso) = 3214c17137439ad422f53606d5626cad For Alpha: MD5 (4.10-RELEASE-alpha-disc1.iso) = 529fe8669a3fb5e127b5affc48b4c669 MD5 (4.10-RELEASE-alpha-disc2.iso) = b0d0293bfa7e6764800cb29dd22ebf45 MD5 (4.10-RELEASE-alpha-miniinst.iso) = c7c5d3149e32f88cfaef0759dfee2c55 -ken --qcHopEYAB45HaUaB Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAtX4E/G14VSmup/YRAlfeAJsHg2jkGJ/rk8KNxx0haWd/rB3jLQCfYkvx QH+ftqwWgkirg4bkazY/yHI= =V4KG -----END PGP SIGNATURE----- --qcHopEYAB45HaUaB--