Date: Tue, 24 Aug 2021 20:40:51 GMT From: Gordon Tetlow <gordon@FreeBSD.org> To: doc-committers@FreeBSD.org, dev-commits-doc-all@FreeBSD.org Subject: git: 0f385ddd4d - main - Add EN-21:23 to EN-21:25 and SA-21:13 to SA-21:17. Message-ID: <202108242040.17OKepw3007631@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by gordon (src committer): URL: https://cgit.FreeBSD.org/doc/commit/?id=0f385ddd4d39726db1e5ea8afceb6c94632dab22 commit 0f385ddd4d39726db1e5ea8afceb6c94632dab22 Author: Gordon Tetlow <gordon@FreeBSD.org> AuthorDate: 2021-08-24 20:39:53 +0000 Commit: Gordon Tetlow <gordon@FreeBSD.org> CommitDate: 2021-08-24 20:39:53 +0000 Add EN-21:23 to EN-21:25 and SA-21:13 to SA-21:17. Approved by: so --- website/data/security/advisories.toml | 20 + website/data/security/errata.toml | 12 + .../advisories/FreeBSD-EN-21:23.virtio_blk.asc | 125 +++++ .../advisories/FreeBSD-EN-21:24.libcrypto.asc | 141 ++++++ .../security/advisories/FreeBSD-EN-21:25.bhyve.asc | 153 ++++++ .../security/advisories/FreeBSD-SA-21:13.bhyve.asc | 167 ++++++ .../advisories/FreeBSD-SA-21:14.ggatec.asc | 154 ++++++ .../advisories/FreeBSD-SA-21:15.libfetch.asc | 158 ++++++ .../advisories/FreeBSD-SA-21:16.openssl.asc | 167 ++++++ .../advisories/FreeBSD-SA-21:17.openssl.asc | 156 ++++++ .../security/patches/EN-21:23/virtio_blk.patch | 50 ++ .../security/patches/EN-21:23/virtio_blk.patch.asc | 16 + .../security/patches/EN-21:24/libcrypto.patch | 37 ++ .../security/patches/EN-21:24/libcrypto.patch.asc | 16 + .../static/security/patches/EN-21:25/bhyve.patch | 11 + .../security/patches/EN-21:25/bhyve.patch.asc | 16 + .../security/patches/SA-21:13/bhyve.11.patch | 58 +++ .../security/patches/SA-21:13/bhyve.11.patch.asc | 16 + .../security/patches/SA-21:13/bhyve.12.patch | 98 ++++ .../security/patches/SA-21:13/bhyve.12.patch.asc | 16 + .../security/patches/SA-21:13/bhyve.13.patch | 117 +++++ .../security/patches/SA-21:13/bhyve.13.patch.asc | 16 + .../static/security/patches/SA-21:14/ggatec.patch | 37 ++ .../security/patches/SA-21:14/ggatec.patch.asc | 16 + .../security/patches/SA-21:15/libfetch.patch | 15 + .../security/patches/SA-21:15/libfetch.patch.asc | 16 + .../security/patches/SA-21:16/openssl.12.patch | 559 +++++++++++++++++++++ .../security/patches/SA-21:16/openssl.12.patch.asc | 16 + .../security/patches/SA-21:16/openssl.13.patch | 559 +++++++++++++++++++++ .../security/patches/SA-21:16/openssl.13.patch.asc | 16 + .../security/patches/SA-21:17/openssl.11.patch | 94 ++++ .../security/patches/SA-21:17/openssl.11.patch.asc | 16 + .../security/patches/SA-21:17/openssl.12.patch | 125 +++++ .../security/patches/SA-21:17/openssl.12.patch.asc | 16 + 34 files changed, 3205 insertions(+) diff --git a/website/data/security/advisories.toml b/website/data/security/advisories.toml index ccb6c58848..1df4d90a44 100644 --- a/website/data/security/advisories.toml +++ b/website/data/security/advisories.toml @@ -1,6 +1,26 @@ # Sort advisories by year, month and day # $FreeBSD$ +[[advisories]] +name = "FreeBSD-SA-21:17.openssl" +date = "2021-08-24" + +[[advisories]] +name = "FreeBSD-SA-21:16.openssl" +date = "2021-08-24" + +[[advisories]] +name = "FreeBSD-SA-21:15.libfetch" +date = "2021-08-24" + +[[advisories]] +name = "FreeBSD-SA-21:14.ggatec" +date = "2021-08-24" + +[[advisories]] +name = "FreeBSD-SA-21:13.bhyve" +date = "2021-08-24" + [[advisories]] name = "FreeBSD-SA-21:12.libradius" date = "2021-05-26" diff --git a/website/data/security/errata.toml b/website/data/security/errata.toml index bd86fb8b01..4cc5b7ccfa 100644 --- a/website/data/security/errata.toml +++ b/website/data/security/errata.toml @@ -1,6 +1,18 @@ # Sort errata notices by year, month and day # $FreeBSD$ +[[notices]] +name = "FreeBSD-EN-21:25.bhyve" +date = "2021-08-24" + +[[notices]] +name = "FreeBSD-EN-21:24.libcrypto" +date = "2021-08-24" + +[[notices]] +name = "FreeBSD-EN-21:23.virtio_blk" +date = "2021-08-24" + [[notices]] name = "FreeBSD-EN-21:22.linux_futex" date = "2021-06-29" diff --git a/website/static/security/advisories/FreeBSD-EN-21:23.virtio_blk.asc b/website/static/security/advisories/FreeBSD-EN-21:23.virtio_blk.asc new file mode 100644 index 0000000000..11c7933a4b --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-21:23.virtio_blk.asc @@ -0,0 +1,125 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-21:23.virtio_blk Errata Notice + The FreeBSD Project + +Topic: virtio_blk(4) fails to attach on some hypervisors + +Category: core +Module: virtio_blk +Announced: 2021-08-24 +Affects: FreeBSD 13.0 +Corrected: 2021-06-28 15:16:29 UTC (stable/13, 13.0-STABLE) + 2021-08-24 16:36:55 UTC (releng/13.0, 13.0-RELEASE-p4) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +VirtIO is a specification for para-virtualized I/O in a virtual machine +(VM). It defines an interface for efficient I/O between the hypervisor +and VM. virtio_blk(4) is a driver handling VirtIO block devices. + +II. Problem Description + +The virtio_blk(4) driver sends commands to the host to query disk +identifiers before acknowledging to the host that the driver is ready. + +III. Impact + +Affected versions of FreeBSD will not boot under some hypervisors, or +under the presence of modern and non-transitional VirtIO block devices. + +IV. Workaround + +No workaround is available. FreeBSD running in QEMU emulator is not +affected by this issue. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date and reboot. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for an erratum update" + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-21:23/virtio_blk.patch +# fetch https://security.FreeBSD.org/patches/EN-21:23/virtio_blk.patch.asc +# gpg --verify virtio_blk.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the +system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 6fd5a4a6f3ac stable/13-n246114 +releng/13.0/ f66e34809906 releng/13.0-n244753 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>; + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-21:23.virtio_blk.asc>; +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmElV04ACgkQ05eS9J6n +5cK9NQ//cT8k06JwzqJ1rh09OK/XM9GWxXDuI/YHV4bQ8zc15aSM+PoS2FHgpcDy +BaoyDBp1pFgvx/QxbWdHUYam1SZac3vqbe7qfw/QKQopC8sjgdbqTxcCPmk8qh/r +upfqaLmtlxYBxxKEPtr1DUVUzt+qqT6jWK6cCR6KjXKFGQNh0DiYGopmiwPbQzYQ +s2nLnQqX5UwgSLNPgY95Aam1RsKiQcSgPkegmKvbhHdgYoal7EDJ8htMnSHBYkhV +K/tQ98572xKwpywpQEXvDehaGgov7XQellvA9LchKnONfrRDu23I3Ud7WmA/APwk +YFRQs6S2kQGjmUIOLYb+Ey+xROOSmiIePA7e1/hVOtdkhkaeUNqXbBVyQKmHBv6k +oipHzgnDQ87wlCV9NT77TevvGc7uzJ4iI9nwvecnLDeLEL8Fuuy7QaBd3KGgbEaN +p2C4jBWkfjppvNovR4bCIj6uhgwKuxR6m/IH9oM38I/vtIsr03/ozX6fJT5SGrk3 +XbxhXC7suolWZcKKlIQc+ReZnHOrR/4p1sHG3DcKYzP3Y9NjBUYwR+uf6WCB+v+y +/jADR/Co88bEkKTK7Dexfz8cK9QQO8NvK6jkNkx7Q46ZagHgQaNVYKASsYeLcW13 +ns3qKL8E7lOgJtcSX+1l39iJ9nYGdERMP7BwkuFO3iSAQP5e1mM= +=Cc2A +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-21:24.libcrypto.asc b/website/static/security/advisories/FreeBSD-EN-21:24.libcrypto.asc new file mode 100644 index 0000000000..d2ce462e26 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-21:24.libcrypto.asc @@ -0,0 +1,141 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-21:24.libcrypto Errata Notice + The FreeBSD Project + +Topic: OpenSSL 1.1.1e API functions not exported + +Category: core +Module: libcrypto +Announced: 2021-08-24 +Affects: FreeBSD 12.2 and later. +Corrected: 2021-06-09 21:53:42 UTC (stable/13, 13.0-STABLE) + 2021-08-24 17:25:47 UTC (releng/13.0, 13.0-RELEASE-p4) + 2021-06-09 21:54:13 UTC (stable/12, 12.2-STABLE) + 2021-08-24 18:32:08 UTC (releng/12.2, 12.2-RELEASE-p10) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +libcrypto is part of the OpenSSL distribution and provides APIs to +various low-level cryptographic services. + +II. Problem Description + +New API functions added in OpenSSL 1.1.1e and later were not publicly +exported to applications. + +III. Impact + +Applications trying to use new API functions added in OpenSSL 1.1.1e +or later would fail to build with a link error. + +IV. Workaround + +No workaround is available. However, the APIs added in OpenSSL 1.1.1e +and later are obscure and not used by many applications. In particular, +none of the affected APIs are used by applications using libssl from +OpenSSL for Transport Layer Security (TLS). + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-21:17/libcrypto.patch +# fetch https://security.FreeBSD.org/patches/EN-21:17/libcrypto.patch.asc +# gpg --verify libcrypto.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ f8edb3f9c725 stable/13-n245963 +releng/13.0/ 3ef67fed446a releng/13.0-n244754 +stable/12/ r369974 +releng/12.2/ r370391 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>; + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-21:24.libcrypto.asc>; +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmElV10ACgkQ05eS9J6n +5cLiZxAAlg4s2mnbSDWTcyyDFSiriek2RFyqT6SR0FkHAod+zYzIrZNfLGM5431N +0Wr15eSkLqUKpbG88eE44N3aqVQSDnhmgGw5R4v+n//y4M8YywiW78inIB09Wpvl +XvfckpBgj8hAHvh2P54nP52m5Vxo0/WUHCNXi7VQFfjWyFxwUxcUnlumC/CpEqGI +GWNB9ZzVg9x7U7ykDd+MtRFRoURYHzZyTUlfpcJD0eS9bWi4JzYWmJElkwehSvI2 +Ey0Mf2ynslbhEmUlFrnBRMmFVg1D12aVQApfn69+AB2twYyScjZXMoz6P1vwAEmg +wrNE1yVb27MB1MK9+t6yuRVgd/S7BFrQ7NLnl/jOa21eAHBE1Ac21BvifrYiJr3I +D2BH859RxUXzer/MU1vGGoTdZkujubaDsVWJqobFcnHC+flnfkzTLNiJxT65eI7n +fqwz1UoeHdeDs6hpkGH5uecsae3GOZSNW307eEvJKeQg6JbzaREKh4cth+0fCA32 +xzxVD4BiMgjdCkRe0mESQUSrW3jsHqNm0L721iY71TqF4/FRylkvHIseIljEW1cp +zmt37+buvEtHuYHsmhNRvdJLJVPRnA6Lhn+VQ0IKObZW5WVxo3dbqSITPg/SuzLu +CWjUVXb3uUFc1xM3CtSQL+6k3cy6EYIw713rbrq+hApnCEf2/UE= +=T9UL +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-21:25.bhyve.asc b/website/static/security/advisories/FreeBSD-EN-21:25.bhyve.asc new file mode 100644 index 0000000000..558de1b971 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-21:25.bhyve.asc @@ -0,0 +1,153 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-21:25.bhyve Errata Notice + The FreeBSD Project + +Topic: Fix NVMe iovec construction for large IOs + +Category: core +Module: bhyve +Announced: 2021-08-24 +Affects: FreeBSD 12.2 and later. +Corrected: 2021-07-09 14:24:14 UTC (stable/13, 13.0-STABLE) + 2021-08-24 17:25:47 UTC (releng/13.0, 13.0-RELEASE-p4) + 2021-07-09 14:25:45 UTC (stable/12, 12.2-STABLE) + 2021-08-24 18:32:11 UTC (releng/12.2, 12.2-RELEASE-p10) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +bhyve(8) is a hypervisor that supports running a variety of guest +operating systems in virtual machines. Newer UEFI code in Red Hat +Enterprise Linux (RHEL) 8.4 and later (as well as applicable variants) +will not boot in newly installed guests. + +II. Problem Description + +By default, NVMe data transfer operations use a scatter-gather list in +which all entries point to a fixed-size memory region. For example, if +the memory page size is 4KB, a 2MB IO requires 512 entries. Lists +themselves are also fixed in size (default is 512 entries). + +Because the list size is fixed, the last entry is special. If the IO +requires more than 512 entries, the last entry in the list contains the +address of the next list of entries. But if the IO requires exactly 512 +entries, the last entry points to data. + +The NVMe emulation missed this logic and unconditionally treated the +last entry as a pointer to the next list. + +III. Impact + +When a RHEL 8.4 and later (or variants) are installed as guests within +bhyve(8) on emulated NVMe storage, the system will not boot due to a +newer UEFI driver that is included with these distributions. + +IV. Workaround + +Installation of a RHEL 8.3 guest and performing an in-place upgrade. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-21:25/bhyve.patch +# fetch https://security.FreeBSD.org/patches/EN-21:25/bhyve.patch.asc +# gpg --verify bhyve.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ a7761d19dacd stable/13-n246220 +releng/13.0/ 4f590ee3ed7e releng/13.0-n244755 +stable/12/ r370107 +releng/12.2/ r370392 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>; + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=256422>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-21:25.bhyve.asc>; +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmElV10ACgkQ05eS9J6n +5cJQ6A//ad84xTf/SfMMEqlFaQbNtuh4egvTgWRIt8JkkzpTyO+VRMhJ9pJIW0LP +G23xBQYOkUjjb8WvZpQ0iP4PsMHaKzzwiVO2qUZ10IgIJbxjyIbSo/LJxFSUl50K +zwuxtM2LKIc6VDasMsg5B3FkCojlZEckN4HykzK1HHV9PvwCOGMQXdFDklmdKdwx +kGr4tk5r3yG3sgfY98+TdT34Y1jioWzT6LFscXfEWhQQXFa02m+AKPFsXOl+eSVt +O3mgaazyTT4LWiT9ZEj9dN6yJ3aseG4bpq/FIO4bXBOU35ttdsMxtn87muDvXRE3 +rYHALHYhsgpNlP1Pa0FD0/syZ8VVV+L5hQ9+n7oPlHOmMVxoDIC/TireyCNtHM0C +yEPWu3rWRBsK0YTuP57ezSRnnaAXqInSmLX1IkmzBSwAoySEED8ONlypPB4qh19M +oUcOE661JAWA84ZP02gZsjjRaZOihv0BVmC0RXkCSe3VGAMuxCKYSLcupwFn34pA +gEe+IL6WpR2fCiR3ncLjvhZrGlBfGDEfGmTRD5ceVMLaZKly8D9IpCuXK62Gi1DA +pjAHJ9T6BmWW5Cxx5eJJESuhRldREf6KAVifB8K/DtWtp2BquILWj9pd4vuUYhz9 +eYva+/shAJE5PGKva9k0Erk++bE3Cephnjh9SgnWlZnoeSLcJ3k= +=1wKt +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-21:13.bhyve.asc b/website/static/security/advisories/FreeBSD-SA-21:13.bhyve.asc new file mode 100644 index 0000000000..5f0cefc4fc --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-21:13.bhyve.asc @@ -0,0 +1,167 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-21:13.bhyve Security Advisory + The FreeBSD Project + +Topic: Missing error handling in bhyve(8) device models + +Category: core +Module: bhyve +Announced: 2021-08-24 +Credits: Agustin Gianni (GitHub Security Lab) +Affects: All supported versions of FreeBSD. +Corrected: 2021-08-24 18:29:48 UTC (stable/13, 13.0-STABLE) + 2021-08-24 17:33:35 UTC (releng/13.0, 13.0-RELEASE-p4) + 2021-08-24 18:33:04 UTC (stable/12, 12.2-STABLE) + 2021-08-24 18:32:13 UTC (releng/12.2, 12.2-RELEASE-p10) + 2021-08-24 18:33:02 UTC (stable/11, 11.4-STABLE) + 2021-08-24 18:31:27 UTC (releng/11.4, 11.4-RELEASE-p13) +CVE Name: CVE-2021-29631 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +bhyve(8) is a hypervisor that supports running a variety of guest +operating systems in virtual machines. It implements a number of device +models using the VirtIO interface to exchange data between the guest and +the host. + +II. Problem Description + +Certain VirtIO-based device models failed to handle errors when fetching +I/O descriptors. Such errors could be triggered by a malicious guest. +As a result, the device model code could be tricked into operating on +uninitialized I/O vectors, leading to memory corruption. + +III. Impact + +A malicious guest may be able to crash the bhyve process. It may be +possible to exploit the memory corruption bugs to achieve arbitrary code +execution in the bhyve process. + +IV. Workaround + +No workaround is available. Virtual machines are unaffected unless they +use one or more of the following device models: + +* virtio-console +* virtio-rnd +* virtio-scsi (available starting in FreeBSD 12.0) +* virtio-9p (available starting in FreeBSD 13.0) + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 13.0] +# fetch https://security.FreeBSD.org/patches/SA-21:13/bhyve.13.patch +# fetch https://security.FreeBSD.org/patches/SA-21:13/bhyve.13.patch.asc +# gpg --verify bhyve.13.patch.asc + +[FreeBSD 12.2] +# fetch https://security.FreeBSD.org/patches/SA-21:13/bhyve.12.patch +# fetch https://security.FreeBSD.org/patches/SA-21:13/bhyve.12.patch.asc +# gpg --verify bhyve.12.patch.asc + +[FreeBSD 11.4] +# fetch https://security.FreeBSD.org/patches/SA-21:13/bhyve.11.patch +# fetch https://security.FreeBSD.org/patches/SA-21:13/bhyve.11.patch.asc +# gpg --verify bhyve.11.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 20f96f215562 stable/13-n246941 +releng/13.0/ ec08bc89d4b3 releng/13.0-n244756 +stable/12/ r370400 +releng/12.2/ r370393 +stable/11/ r370399 +releng/11.4/ r370386 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>; + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29631>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-21:13.bhyve.asc>; +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmElV10ACgkQ05eS9J6n +5cLrsw//SuInBQjVhNXa1OkC7FcBve+vQCmgThGAxJVrFpRdHxg/q3Vfyza3/V1w +FGUiPPhAsF3wYwK9UqMS5a3dOI3WbaUvH8dDeLd3BLj4AfFE3uTOFC0xzmdBQcm0 +2mFbTRkL0Wqb6FpDiswdu1s9jp1JggIa+SGuajl4XaoIyM/tek3PFuEOeE2v2N7E +djKciPwFnsRneFQIOTHVqa0mut5AilNI9WwKZgv3qzqQNnAasBpbiZKG/BhA2mZm +GLm0NtI40BdnIW3mfGYqK3r/tXUi/tcMSHzV2NDOGToB5wHj6Ah1lQ8pUEVnLo0d +TeDrioK/z53wqLhHUSsxdifST6JX0CQ2kf7qb256mE3o9brRyD2s6AM2Bld3r/ov +wzPTIzIGmtaxezCJhZpEPfaul/B2mCTjWkGrxOMROAzeocrIY4pJ5cGmH8XYfGA+ +WQOwe+OKHb33qak3mrgGxECv72R/h2PUH5PV14HEj+PW5S03qIHm3iisvGWo6+3C +efqZ9tsiWbPvbF3CFuECOgjUIu5YDf6K83H5/Lnaw9SnANuTj8t8I1yg/RmByWlx +9ucposBVht9h9TcFKNm+REfNCaYwQ3FukfGn/s3ih/iHNcGn1rGjh1t+vN4DNnLl +Ew3GTlSzJqzeO3QvstdrRDvvBNFGDZV6yyZBu3ogPaZc4WAHnHQ= +=suTg +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-21:14.ggatec.asc b/website/static/security/advisories/FreeBSD-SA-21:14.ggatec.asc new file mode 100644 index 0000000000..578a09c26a --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-21:14.ggatec.asc @@ -0,0 +1,154 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-21:14.ggatec Security Advisory + The FreeBSD Project + +Topic: Remote code execution in ggatec(8) + +Category: core +Module: ggatec +Announced: 2021-08-24 +Credits: Johannes Totz +Affects: All supported versions of FreeBSD. +Corrected: 2021-08-24 17:50:50 UTC (stable/13, 13.0-STABLE) + 2021-08-24 17:37:45 UTC (releng/13.0, 13.0-RELEASE-p4) + 2021-08-24 18:30:13 UTC (stable/12, 12.2-STABLE) + 2021-08-24 18:32:15 UTC (releng/12.2, 12.2-RELEASE-p10) + 2021-08-24 18:29:35 UTC (stable/11, 11.4-STABLE) + 2021-08-24 18:31:29 UTC (releng/11.4, 11.4-RELEASE-p13) +CVE Name: CVE-2021-29630 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +GEOM Gate is a GEOM module that reflects I/O requests into user mode where +the ggatec(8) daemon fowards those requests to ggated(8), possibly over the +network to another machine. + +II. Problem Description + +The ggatec(8) daemon does not validate the size of a response before writing +it to a fixed-sized buffer. This allows to overwrite the stack of ggatec(8). + +III. Impact + +A malicious ggated(8) or an attacker in a priviledged network position can +overwrite the stack with crafted content and potentially execute arbitrary +code. + +IV. Workaround + +No workaround is available but systems not using ggatec(8) are not affected. +Neither ggatec(8) nor ggated(8) are enabled by default and need explicit +configuration by the super-user. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +Restart any ggatec(8) instances. Existing ggate devices can be kept alive +and restarted with `ggatec rescue`. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-21:14/ggatec.patch +# fetch https://security.FreeBSD.org/patches/SA-21:14/ggatec.patch.asc +# gpg --verify ggatec.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart the applicable daemons, or reboot the system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 0729ba2f49c9 stable/13-n246938 +releng/13.0/ c8a2cc4ba845 releng/13.0-n244757 +stable/12/ r370383 +releng/12.2/ r370394 +stable/11/ r370381 +releng/11.4/ r370387 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>; + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29630>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-21:14.ggatec.asc>; +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmElV14ACgkQ05eS9J6n +5cKyqBAAi7eHUJ5Ud4dNJac8zbaj5uIlYF1XUPBfm5XlevfW1b1vgrfrs0QM3Sw5 +9efTVTESFUC+T9wVMYO3s9POEwiu3x0A/eRsH2tq9oaZPQKdpAhkEEQ/uqnNRKfm +qHZ8YuSJGT+EWEFp1ib5O4Y78TvjL7ST0+IG/O5vBMKqgsxy29o6tOAy3q9+RVqj +hNQNo7KbXBXEns/I7HN4JssQSjeWOmK65Ty5YAp1VsNGbD/7rSqsCp4P/CatvRQ7 +0kzVMb/hkaDn1G7jYOXbAPk+XrUr9cFriChjLuAAyZRBfWcNlPmoxRgNoDVDY44x +elnBAEmSPD9adwy2hoHeusiiUnN7Vrz6DJeox7BSnbQx1lbU+j6qev0EBaMAmEUJ +POxn9wjfth3hdfRSx5p2jSVaD/086BBpMQ9KXojVONgqE7hFF402+ooCnorA2XTh +s08cIy38TEyHoW/rqr3SoXwyvkM3vAjQBmYzocDqocfufQ7UCH+SDFSsORuof+4N +9T2j/UvGqmrQvnMhAsRfbdFImvwUut+ZLJzNqTEjYWlZv58QEKocU0OOvrd2Wb5i +ok2CRIhCy08UnDItFSYI28TaMv8ZiCoWLx7H0+20mQeLaPF45dQWXz1o4FrFHVjx +EdMZpmh9tFU8j5bm0J5l8CpoiTZsqZ41gTrFyEdSnOnS1uvT8jQ= +=6Z2C +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-21:15.libfetch.asc b/website/static/security/advisories/FreeBSD-SA-21:15.libfetch.asc new file mode 100644 index 0000000000..8ab5289d51 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-21:15.libfetch.asc @@ -0,0 +1,158 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-21:15.libfetch Security Advisory + The FreeBSD Project + +Topic: libfetch out of bounds read + +Category: core +Module: libfetch +Announced: 2021-08-24 +Credits: Samanta Navarro +Affects: All supported versions of FreeBSD. +Corrected: 2021-08-24 17:59:43 UTC (stable/13, 13.0-STABLE) + 2021-08-24 18:00:47 UTC (releng/13.0, 13.0-RELEASE-p4) + 2021-08-24 18:30:16 UTC (stable/12, 12.2-STABLE) + 2021-08-24 18:32:17 UTC (releng/12.2, 12.2-RELEASE-p10) + 2021-08-24 18:29:40 UTC (stable/11, 11.4-STABLE) + 2021-08-24 18:31:31 UTC (releng/11.4, 11.4-RELEASE-p13) +CVE Name: CVE-2021-36159 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +libfetch(3) is a multi-protocol file transfer library included with FreeBSD +and used by the fetch(1) command-line tool, pkg(8) package manager, and +others. + +II. Problem Description + +The passive mode in FTP communication allows an out of boundary read while +libfetch uses strtol to parse the relevant numbers into address bytes. It +does not check if the line ends prematurely. If it does, the for-loop +condition checks for *p == '\0' one byte too late because p++ was already +performed. + +III. Impact + +The connection buffer size can be controlled by a malicious FTP server +because the size is increased until a newline is encountered (or no more +characters are read). This also allows to move the buffer into more +interesting areas within the address space, potentially parsing relevant +numbers for the attacker. Since these bytes become available to the server +in form of a new TCP connection to a constructed port number or even part of +the IPv6 address this is a potential information leak. + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-21:15/libfetch.patch +# fetch https://security.FreeBSD.org/patches/SA-21:15/libfetch.patch.asc +# gpg --verify libfetch.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ a75324d674f5 stable/13-n246939 +releng/13.0/ 060510ba8bfb releng/13.0-n244758 +stable/12/ r370384 +releng/12.2/ r370395 +stable/11/ r370382 +releng/11.4/ r370388 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + *** 2482 LINES SKIPPED ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202108242040.17OKepw3007631>