From owner-freebsd-announce@FreeBSD.ORG Wed Jun 24 05:44:24 2009 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7A1281065670; Wed, 24 Jun 2009 05:44:24 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 668D58FC1A; Wed, 24 Jun 2009 05:44:24 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (cperciva@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n5O5iO2f050585; Wed, 24 Jun 2009 05:44:24 GMT (envelope-from security-advisories@freebsd.org) Received: (from cperciva@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n5O5iORB050583; Wed, 24 Jun 2009 05:44:24 GMT (envelope-from security-advisories@freebsd.org) Date: Wed, 24 Jun 2009 05:44:24 GMT Message-Id: <200906240544.n5O5iORB050583@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: cperciva set sender to security-advisories@freebsd.org using -f From: FreeBSD Errata Notices To: FreeBSD Errata Notices Precedence: bulk Cc: Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-09:02.bce X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.5 Reply-To: freebsd-stable@freebsd.org List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jun 2009 05:44:24 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-EN-09:02.bce Errata Notice The FreeBSD Project Topic: bce(4) does not work with lagg(4) LACP mode Category: core Module: sys/dev Announced: 2009-06-24 Credits: Pete French David Christensen Affects: FreeBSD 7.2 Corrected: 2009-05-20 21:13:49 (RELENG_7, 7.2-STABLE) 2009-06-24 05:28:09 (RELENG_7_2, 7.2-RELEASE-p2) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background bce(4) is a network device driver for Broadcom NetXtreme II (BCM5706/5708/5709/5716) PCI/PCIe Gigabit Ethernet adapters. The lagg(4) driver is a pseudo network interface driver which allows aggregation of multiple network interfaces as one virtual interface for the purpose of providing fault-tolerance and high-speed links. II. Problem Description The bce(4) driver used an incorrect total packet length calculation. This bug was accidentally added just after 7.1-RELEASE. III. Impact When adding a bce(4) interface on the system as a lagg(4) member with the LACP aggregation protocol enabled network communication via the bce(4) interface stops completely. Although the bce(4) interface works if it is not a lagg(4) member, the incoming traffic statistics which can be found in netstat(1) output will be incorrect because every packet is recognized as full-sized one. IV. Workaround No workaround is available. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 7-STABLE or to the RELENG_7_2 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 7.2 system. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/EN-09:02/bce.patch # fetch http://security.FreeBSD.org/patches/EN-09:02/bce.patch.asc b) Apply the patch. # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. CVS: Branch Revision Path - ------------------------------------------------------------------------- RELENG_7 src/sys/dev/bce/if_bce.c 1.34.2.8 src/sys/dev/bce/if_bcereg.c 1.16.2.3 RELENG_7_2 src/UPDATING 1.507.2.23.2.5 src/sys/conf/newvers.sh 1.72.2.11.2.6 src/sys/dev/bce/if_bce.c 1.34.2.7.2.2 - ------------------------------------------------------------------------- Subversion: Branch/path Revision - ------------------------------------------------------------------------- stable/7/ r192477 releng/7.2/ r194808 - ------------------------------------------------------------------------- VII. References The latest revision of this advisory is available at http://security.FreeBSD.org/advisories/FreeBSD-EN-09:02.bce.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (FreeBSD) iEYEARECAAYFAkpBu9cACgkQFdaIBMps37IyrgCeKorJrpSXubynKzNJ2ld4j1K3 RqoAnAjhR8Fld9c8gJUIP/BuQ0wx2atT =oSkz -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Wed Jun 24 05:44:27 2009 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 572501065674; Wed, 24 Jun 2009 05:44:27 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 439908FC1D; Wed, 24 Jun 2009 05:44:27 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (cperciva@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n5O5iRkx050601; Wed, 24 Jun 2009 05:44:27 GMT (envelope-from security-advisories@freebsd.org) Received: (from cperciva@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n5O5iRNE050599; Wed, 24 Jun 2009 05:44:27 GMT (envelope-from security-advisories@freebsd.org) Date: Wed, 24 Jun 2009 05:44:27 GMT Message-Id: <200906240544.n5O5iRNE050599@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: cperciva set sender to security-advisories@freebsd.org using -f From: FreeBSD Errata Notices To: FreeBSD Errata Notices Precedence: bulk Cc: Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-09:03.fxp X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.5 Reply-To: freebsd-stable@freebsd.org List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jun 2009 05:44:27 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-EN-09:03.fxp Errata Notice The FreeBSD Project Topic: Poor TCP performance of fxp(4) Category: core Module: sys/dev Announced: 2009-06-24 Credits: Bjoern Koenig Pyun YongHyeon Affects: FreeBSD 7.2 Corrected: 2009-05-07 01:14:59 (RELENG_7, 7.2-STABLE) 2009-06-24 05:28:09 (RELENG_7_2, 7.2-RELEASE-p3) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background fxp(4) is a network device driver which provides support for Ethernet adapters based on the Intel i82557, i82558, i82559, i82550, and i82562 chips. It supports TCP segmentation offload (TSO) for IPv4 on i82550 and i82551. II. Problem Description When a TSO option is enabled, fxp(4) always sets the length of outgoing IP packets as the interface MTU (Maximum Transmission Unit). This could could cause the packet to be lost when the TCP receiver advertises a smaller MSS (Maximum Segment Size) than the interface MTU on the sender side. III. Impact TCP connections via fxp(4) can cause significantly poor performance when the TSO option is enabled due to packet loss. Note that the loss depends on the receiver side's MSS. IV. Workaround Disable TSO of fxp(4) interfaces on your system. There are two ways to do this: (disable TSO of a specific interface; "fxp0" in the below example) # ifconfig fxp0 -tso (disable TSO of all interfaces on the system) # sysctl net.inet.tcp.tso=0 V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 7-STABLE or to the RELENG_7_2 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 7.2 system. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/EN-09:03/fxp.patch # fetch http://security.FreeBSD.org/patches/EN-09:03/fxp.patch.asc b) Apply the patch. # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. CVS: Branch Revision Path - ------------------------------------------------------------------------- RELENG_7 src/sys/dev/fxp/if_fxp.c 1.266.2.15 RELENG_7_2 src/UPDATING 1.507.2.23.2.5 src/sys/conf/newvers.sh 1.72.2.11.2.6 src/sys/dev/fxp/if_fxp.c 1.266.2.14.2.2 - ------------------------------------------------------------------------- Subversion: Branch/path Revision - ------------------------------------------------------------------------- stable/7/ r191867 releng/7.2/ r194808 - ------------------------------------------------------------------------- VII. References The latest revision of this advisory is available at http://security.FreeBSD.org/advisories/FreeBSD-EN-09:03.fxp.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (FreeBSD) iEYEARECAAYFAkpBvA0ACgkQFdaIBMps37IKbACfdnwjftNf/f/3c+hvxOKGz7eg osQAmwRaCBV/a2A3Pdxt/FxGwg+bHXM7 =rUkc -----END PGP SIGNATURE----- From owner-freebsd-announce@FreeBSD.ORG Wed Jun 24 05:44:30 2009 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1B680106566C; Wed, 24 Jun 2009 05:44:30 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 080848FC0C; Wed, 24 Jun 2009 05:44:30 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (cperciva@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n5O5iTEa050617; Wed, 24 Jun 2009 05:44:29 GMT (envelope-from security-advisories@freebsd.org) Received: (from cperciva@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n5O5iTDA050615; Wed, 24 Jun 2009 05:44:29 GMT (envelope-from security-advisories@freebsd.org) Date: Wed, 24 Jun 2009 05:44:29 GMT Message-Id: <200906240544.n5O5iTDA050615@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: cperciva set sender to security-advisories@freebsd.org using -f From: FreeBSD Errata Notices To: FreeBSD Errata Notices Precedence: bulk Cc: Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-09:04.fork X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.5 Reply-To: freebsd-stable@freebsd.org List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jun 2009 05:44:30 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-EN-09:04.fork Errata Notice The FreeBSD Project Topic: Deadlock in a multi-threaded program during fork(2) Category: core Module: libc Announced: 2009-06-24 Credits: Konstantin Belousov , Max Brazhnikov Affects: FreeBSD 7.2 Corrected: 2009-05-03 17:51:38 (RELENG_7, 7.2-STABLE) 2009-06-24 05:28:09 (RELENG_7_2, 7.2-RELEASE-p2) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background fork(2) is a system call which causes creation of a new process. FreeBSD supports invoking the malloc(3) function during the fork(2) in a process running in threaded mode which involves locking of the memory allocator. II. Problem Description A lock order reversal has been found in the interaction between the malloc(3) implementation and threading library. When a multi-threaded process calls the fork(2) system call in a thread and the malloc(3) function in another thread it can cause a deadlock in the child process. III. Impact A multi-threaded program that calls fork(2) in a thread and malloc(3) in another thread can make the child process stop unintentionally. There is no direct impact on the other processes or the kernel. IV. Workaround No workaround is available. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 7-STABLE or to the RELENG_7_2 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 7.2 system. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/EN-09:04/fork.patch # fetch http://security.FreeBSD.org/patches/EN-09:04/fork.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # cd /usr/src/lib/libc # make obj && make depend && make && make install VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. CVS: Branch Revision Path - ------------------------------------------------------------------------- RELENG_7 src/lib/libc/stdlib/malloc.c 1.147.2.7 RELENG_7_2 src/UPDATING 1.507.2.23.2.5 src/sys/conf/newvers.sh 1.72.2.11.2.6 src/lib/libc/stdlib/malloc.c 1.147.2.6.2.2 - ------------------------------------------------------------------------- Subversion: Branch/path Revision - ------------------------------------------------------------------------- stable/7/ r191767 releng/7.2/ r194808 - ------------------------------------------------------------------------- VII. References The latest revision of this advisory is available at http://security.FreeBSD.org/advisories/FreeBSD-EN-09:04.fork.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (FreeBSD) iEYEARECAAYFAkpBvBsACgkQFdaIBMps37LnLQCeNw8Es9R9X8QySoZni2JQ9Kma N+8An3Ff/bB4l3dvgfAa0rAA+TjbfQBV =8YtE -----END PGP SIGNATURE-----