Date: Tue, 17 May 2016 16:59:29 -0600 From: Alan Somers <asomers@freebsd.org> To: freebsd-security@freebsd.org Subject: Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-16:19.sendmsg Message-ID: <CAOtMX2i%2BinrEcwpr=Bg7AeuZqsuepaRYbcDv-=uvnaf9RChkag@mail.gmail.com> In-Reply-To: <20160517224018.0DCD219CC@freefall.freebsd.org> References: <20160517224018.0DCD219CC@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
I think you put the wrong revision numbers in here. Revision 300093 is the kbd fix for stable/9. 300092 is the right revision for the sendmsg fix in stable/10. On Tue, May 17, 2016 at 4:40 PM, FreeBSD Security Advisories < security-advisories@freebsd.org> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > > ============================================================================= > FreeBSD-SA-16:19.sendmsg Security > Advisory > The FreeBSD > Project > > Topic: Incorrect argument handling in sendmsg(2) > > Category: core > Module: kernel > Announced: 2016-05-17 > Credits: CTurt and the HardenedBSD team > Affects: FreeBSD 10.x > Corrected: 2016-05-17 22:30:43 UTC (stable/10, 10.3-STABLE) > 2016-05-17 22:28:27 UTC (releng/10.3, 10.3-RELEASE-p3) > 2016-05-17 22:28:20 UTC (releng/10.2, 10.2-RELEASE-p17) > 2016-05-17 22:28:11 UTC (releng/10.1, 10.1-RELEASE-p34) > CVE Name: CVE-2016-1887 > > For general information regarding FreeBSD Security Advisories, > including descriptions of the fields above, security branches, and the > following sections, please visit <URL:https://security.FreeBSD.org/>. > > I. Background > > The sendmsg(2) system call allows to send data to a socket. The data > may be accompanied by optional ancillary data. > > II. Problem Description > > Incorrect argument handling in the socket code allows malicious local > user to overwrite large portion of the kernel memory. > > III. Impact > > Malicious local user may crash kernel or execute arbitrary code in the > kernel, > potentially gaining superuser privileges. > > IV. Workaround > > No workaround is available. > > V. Solution > > Perform one of the following: > > 1) Upgrade your vulnerable system to a supported FreeBSD stable or > release / security branch (releng) dated after the correction date. > > Reboot is required. > > 2) To update your vulnerable system via a binary patch: > > Systems running a RELEASE version of FreeBSD on the i386 or amd64 > platforms can be updated via the freebsd-update(8) utility: > > # freebsd-update fetch > # freebsd-update install > > Reboot is required. > > 3) To update your vulnerable system via a source code patch: > > The following patches have been verified to apply to the applicable > FreeBSD release branches. > > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. > > # fetch https://security.FreeBSD.org/patches/SA-16:19/sendmsg.patch > # fetch https://security.FreeBSD.org/patches/SA-16:19/sendmsg.patch.asc > # gpg --verify sendmsg.patch.asc > > b) Apply the patch. Execute the following commands as root: > > # cd /usr/src > # patch < /path/to/patch > > c) Recompile your kernel as described in > <URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the > system. > > VI. Correction details > > The following list contains the correction revision numbers for each > affected branch. > > Branch/path Revision > - ------------------------------------------------------------------------- > stable/10/ r300093 > releng/10.1/ r300085 > releng/10.2/ r300086 > releng/10.3/ r300087 > - ------------------------------------------------------------------------- > > To see which files were modified by a particular revision, run the > following command, replacing NNNNNN with the revision number, on a > machine with Subversion installed: > > # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base > > Or visit the following URL, replacing NNNNNN with the revision number: > > <URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> > > VII. References > > <URL:http://cturt.github.io/sendmsg.html> > <URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1887> > > The latest revision of this advisory is available at > <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:19.sendmsg.asc> > -----BEGIN PGP SIGNATURE----- > > iQIcBAEBCgAGBQJXO50VAAoJEO1n7NZdz2rnWOAP/RyUks4Xf30YVGra+bHUjOsw > gFQEJ7HNNJHkkaJ5l0LpVh87YQxr7VXnlddskDRcL6MDf7IjW5bkpw+875iEFz93 > VykCN+1l84D0WlXAi9YZwg1GWoQs3SBfNpT1dtr9GuqJYAAeBfvMydJI1jHbJzJJ > 7inDzgvhfPOaq8wQBfjXbUN0GgYiz6dJc3xir4+4JRw0C9sgzh1pI14o1oREJbZ0 > glmHRCpuijndqluabl7rF19mSSDyF0AV7RqDCZIt7AkYHWvR1yLl4o0LGGBYCLXx > iArz2ayzbAqBVw1JktVHzGx0HuVpobxb/yOpDuYBcaxtSL6riuSYrkzHp0Dca+JT > 0/qENdMnXDN98ZMBcvVR66uWUuTVEF3/T2LXCi6G+RllrcoavvLqrcjghqT5k84P > jmAjO3Q3rIeAinjArfyexHo/f/A5CHGJylsY0FZd41A35xWaYg/dd0cT+8qsoigD > 65Ix+/6AOIjocqqQToFXiHKBCN5unwrn/UT5heU0K3ZqESGmxUrx+6yJ3mjDjtLh > C7zWcNaJu1whcT7e4eKx9vMlAFFt6OrSnr1V09KnqPiHPtIu95PZhGlrizlZVELQ > 8fKHoycOkT5F+00CWzcQuZK+l9p5iT5aWGkhunwvR7EKzqvgEFbDDpaJ5QzKTNTl > lJXypb8SMlol4YY8Spdo > =wuhi > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-announce@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-announce > To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org > " >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOtMX2i%2BinrEcwpr=Bg7AeuZqsuepaRYbcDv-=uvnaf9RChkag>