Date: Tue, 1 Jun 2021 20:51:34 GMT From: Gordon Tetlow <gordon@FreeBSD.org> To: doc-committers@FreeBSD.org, dev-commits-doc-all@FreeBSD.org Subject: git: caf6116627 - main - Add EN-21:17. Approved by: so Message-ID: <202106012051.151KpY8V080284@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by gordon (src committer): URL: https://cgit.FreeBSD.org/doc/commit/?id=caf6116627fb89e2d4020f04255c0133d6faaa58 commit caf6116627fb89e2d4020f04255c0133d6faaa58 Author: Gordon Tetlow <gordon@FreeBSD.org> AuthorDate: 2021-06-01 20:51:11 +0000 Commit: Gordon Tetlow <gordon@FreeBSD.org> CommitDate: 2021-06-01 20:51:11 +0000 Add EN-21:17. Approved by: so --- website/data/security/errata.toml | 4 + .../advisories/FreeBSD-EN-21:17.libradius.asc | 147 +++++++++++++++++++++ .../security/patches/EN-21:17/libradius.patch | 16 +++ .../security/patches/EN-21:17/libradius.patch.asc | 16 +++ 4 files changed, 183 insertions(+) diff --git a/website/data/security/errata.toml b/website/data/security/errata.toml index de0a6f640f..4c1b2b1704 100644 --- a/website/data/security/errata.toml +++ b/website/data/security/errata.toml @@ -1,6 +1,10 @@ # Sort errata notices by year, month and day # $FreeBSD$ +[[notices]] +name = "FreeBSD-EN-21:17.libradius" +date = "2021-06-01" + [[notices]] name = "FreeBSD-EN-21:16.bc" date = "2021-05-26" diff --git a/website/static/security/advisories/FreeBSD-EN-21:17.libradius.asc b/website/static/security/advisories/FreeBSD-EN-21:17.libradius.asc new file mode 100644 index 0000000000..889553b23f --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-21:17.libradius.asc @@ -0,0 +1,147 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-21:17.libradius Errata Notice + The FreeBSD Project + +Topic: Incorrect validation in rad_get_attr(3) + +Category: core +Module: libradius +Announced: 2021-06-01 +Affects: All supported versions of FreeBSD. +Corrected: 2021-05-28 17:00:19 UTC (stable/13, 13.0-STABLE) + 2021-06-01 20:26:32 UTC (releng/13.0, 13.0-RELEASE-p2) + 2021-05-28 17:03:20 UTC (stable/12, 12.2-STABLE) + 2021-06-01 20:38:39 UTC (releng/12.2, 12.2-RELEASE-p8) + 2021-05-28 17:02:43 UTC (stable/11, 11.4-STABLE) + 2021-05-28 20:37:54 UTC (releng/11.4, 11.4-RELEASE-p11) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +libradius(3) is a client and server library implementing the Remote +Authentication Dial In User Service (RADIUS) protocol. It is used by +pam_radius(8) and mpd5 (available in the ports tree as net/mpd5). + +II. Problem Description + +The patch for FreeBSD-SA-21:12.libradius modified rad_get_attr(3) to +verify that an attribute length smaller than the minimum required for +the attribute type and length fields is disallowed. This check may fail +incorrectly for the final attribute in a RADIUS message. + +III. Impact + +The bug may cause request validation to fail when it should succeed. +This can result in errors in applications making using of libradius(3). + +IV. Workaround + +No workaround is available. Systems not using libradius(3) are unaffected. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-21:17/libradius.patch +# fetch https://security.FreeBSD.org/patches/EN-21:17/libradius.patch.asc +# gpg --verify libradius.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart all daemons that use the library, or reboot the system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ f9972532343b stable/13-n245792 +releng/13.0/ 8acc450613c3 releng/13.0-n244745 +stable/12/ r369897 +releng/12.2/ r369921 +stable/11/ r369896 +releng/11.4/ r369919 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>; + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-21:17.libradius.asc>; +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmC2nUcACgkQ05eS9J6n +5cIyuxAAgNcgrQ/+3NRWPk8N0iqjIs5fN0HHdKF91o8FtCel9JW0UXXH9LZEsJiX +5twBTXHy8QL5yleJy83KDgHtIAKFTgILr2NaKBsc9T10sKJ7QWqpTUYKy9YXbqfO +3eX2+60j5LVfazoRMrPZotLxvvexa3imHQh4IrUEr/eDdUs1kB/fIc1bwi6sBksK +5Mqg6rlm1FusruUFfRynEUCQY7MhuFMTPUDvOOu8bvfmYK+sFB2lyfH1mxv7eaNA +LtiTrP/EcMDxpxbPL+fwEJgHnz50K4UIwaqpt9x46z3tNEDB/NJI5XWJ8KHG7liW +mJvPJIhu0QV2+Q04r5zqF9Io8PSulowS7NYxgGwcFXL7ZquLFxR2w/IdPkkqoLmZ +kTHW3Zz2kyDDJ7c3kg2dafolMS2G5MmUy91cIpR8T6o4ARYHIHuojXE4E8M2JUPQ +GV/HP0keMNKHRAy674Ie1Pa+Lmzwa1o1MNj/znF/8kR7pFqY60TqQ+h2jsHKO+ov +TZEjVf886LOmw6z/q7s2WBl2sq2JMiffWoFBx6URGKPtjCYYOWbC4AocsbAeu4a1 +5aNOa5otm25JjSZi6h0nepbw/QQHhR6LgqAIJue1bD4uA0Sbhf4Vwcbte1aMasGs +Te0nK0Q2QAdzfSI7TJdzAazXPHeqDfWnKAw2h57jJnMQH5IbMss= +=lZku +-----END PGP SIGNATURE----- diff --git a/website/static/security/patches/EN-21:17/libradius.patch b/website/static/security/patches/EN-21:17/libradius.patch new file mode 100644 index 0000000000..4f8e05c631 --- /dev/null +++ b/website/static/security/patches/EN-21:17/libradius.patch @@ -0,0 +1,16 @@ +--- lib/libradius/radlib.c.orig ++++ lib/libradius/radlib.c +@@ -964,7 +964,12 @@ + } + type = h->in[h->in_pos++]; + len = h->in[h->in_pos++]; +- if (len < 2 || h->in_pos + len > h->in_len) { ++ if (len < 2) { ++ generr(h, "Malformed attribute in response"); ++ return -1; ++ } ++ len -= 2; ++ if (h->in_pos + len > h->in_len) { + generr(h, "Malformed attribute in response"); + return -1; + } diff --git a/website/static/security/patches/EN-21:17/libradius.patch.asc b/website/static/security/patches/EN-21:17/libradius.patch.asc new file mode 100644 index 0000000000..fdc7c1af1e --- /dev/null +++ b/website/static/security/patches/EN-21:17/libradius.patch.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmC2nUgACgkQ05eS9J6n +5cLZcxAApmo7ozxwyMyLpvozf94MtA4spYgM3/MQb8WiO4gd1FkQOKjqyLVTnSF3 +Hbb8VTrhDp13K5o5v4wCtF102P5LWnRC1Ny0ivOGVBmtOnZsDsMHCH1FSSGE8V9z +8kFtFWSxaW5GKyA8KWHNxfWnxbwlrK0PXNBYgcGbXv8t1LBO/OJ6AKv7ghuNHaSR +wPcLekQXRc4AyjkqNETiXLwc+zUTXT9uEgbtQw9TgFjhP15R1EIwFBfL9IdyLaW3 +8cShW2JbByCIPocVzCjZGbgLYWXGoysrIVTM7bKMvJmmOUbP++b+WDpFhdhDQh7v +RYpkBcU4uSsSKmMp/y9b9oJf0s2ARkrK5TJphQ3hecdpINFnQeq2jC1YP95DuW+U +9JARIvL1R8bQgdg3BihpZUgpdV0nOLc+V5rTTu7zbB5mhc1PdppIUKHOS26bmzbP +lIaqQb3npiCMslcjsybYNCpYfLIGbPP+aoSzvu/uAOkXhWp4CPlwvCEberM8jtVo +h7/3XmfzMkKqpf86OVm7/xXxPQgP/F5HZm66hFeaUZOIutAKcmJGkOaH3gzO1U9N +oyUQPbDkbTEUKuGRnxHBXf3ne6KUfxx8k6zq0Xr9St5MXSRjLH8gdfSyTS4EgXtb +s9XrgdHfvsJlOff/p3m17sEm4hrX3fXJeX1e+adG54N4rldPgHM= +=CECh +-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202106012051.151KpY8V080284>