Date: Thu, 14 Jan 2016 09:40:53 +0000 (UTC) From: Gleb Smirnoff <glebius@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r48011 - in head/share/security: advisories patches/EN-16:01 patches/EN-16:02 patches/EN-16:03 patches/SA-16:01 patches/SA-16:02 patches/SA-16:03 patches/SA-16:04 patches/SA-16:05 patch... Message-ID: <201601140940.u0E9erMP028957@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: glebius (src committer) Date: Thu Jan 14 09:40:53 2016 New Revision: 48011 URL: https://svnweb.freebsd.org/changeset/doc/48011 Log: Publish todays advisories. Approved by: so Added: head/share/security/advisories/FreeBSD-EN-16:01.filemon.asc (contents, props changed) head/share/security/advisories/FreeBSD-EN-16:02.pf.asc (contents, props changed) head/share/security/advisories/FreeBSD-EN-16:03.yplib.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-16:01.sctp.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-16:02.ntp.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-16:03.linux.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-16:04.linux.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-16:05.tcp.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-16:06.bsnmpd.asc (contents, props changed) head/share/security/patches/EN-16:01/ head/share/security/patches/EN-16:01/filemon.patch (contents, props changed) head/share/security/patches/EN-16:01/filemon.patch.asc (contents, props changed) head/share/security/patches/EN-16:02/ head/share/security/patches/EN-16:02/pf-10.1.patch (contents, props changed) head/share/security/patches/EN-16:02/pf-10.1.patch.asc (contents, props changed) head/share/security/patches/EN-16:02/pf-10.2.patch (contents, props changed) head/share/security/patches/EN-16:02/pf-10.2.patch.asc (contents, props changed) head/share/security/patches/EN-16:02/pf-9.patch (contents, props changed) head/share/security/patches/EN-16:02/pf-9.patch.asc (contents, props changed) head/share/security/patches/EN-16:03/ head/share/security/patches/EN-16:03/yplib.patch (contents, props changed) head/share/security/patches/EN-16:03/yplib.patch.asc (contents, props changed) head/share/security/patches/SA-16:01/ head/share/security/patches/SA-16:01/sctp.patch (contents, props changed) head/share/security/patches/SA-16:01/sctp.patch.asc (contents, props changed) head/share/security/patches/SA-16:02/ head/share/security/patches/SA-16:02/ntp-10.patch (contents, props changed) head/share/security/patches/SA-16:02/ntp-10.patch.asc (contents, props changed) head/share/security/patches/SA-16:02/ntp-9.patch (contents, props changed) head/share/security/patches/SA-16:02/ntp-9.patch.asc (contents, props changed) head/share/security/patches/SA-16:03/ head/share/security/patches/SA-16:03/linux.patch (contents, props changed) head/share/security/patches/SA-16:03/linux.patch.asc (contents, props changed) head/share/security/patches/SA-16:04/ head/share/security/patches/SA-16:04/linux.patch (contents, props changed) head/share/security/patches/SA-16:04/linux.patch.asc (contents, props changed) head/share/security/patches/SA-16:05/ head/share/security/patches/SA-16:05/tcp.patch (contents, props changed) head/share/security/patches/SA-16:05/tcp.patch.asc (contents, props changed) head/share/security/patches/SA-16:06/ head/share/security/patches/SA-16:06/bsnmpd.patch (contents, props changed) head/share/security/patches/SA-16:06/bsnmpd.patch.asc (contents, props changed) Added: head/share/security/advisories/FreeBSD-EN-16:01.filemon.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-EN-16:01.filemon.asc Thu Jan 14 09:40:53 2016 (r48011) @@ -0,0 +1,124 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-16:01.filemon Errata Notice + The FreeBSD Project + +Topic: filemon and bmake meta-mode stability issues + +Category: core +Module: filemon +Announced: 2016-01-14 +Credits: Bryan Drewery +Affects: FreeBSD 10.2-RELEASE +Corrected: 2015-09-09 17:15:13 UTC (stable/10, 10.2-STABLE) + 2016-01-14 09:10:46 UTC (releng/10.2, 10.2-RELEASE-p9) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security branches, +and the following sections, please visit +<URL:https://security.freebsd.org/>. + +I. Background + +In FreeBSD 10.2, /usr/bin/make is the NetBSD bmake utility. bmake has +a feature called meta-mode [1], which can make use of the filemon(4) kernel +module to perform reliable update builds and provide better build +dependencies. +[1] http://www.crufty.net/sjg/blog/freebsd-meta-mode.htm + +II. Problem Description + +Multiple stability and locking problems have been fixed in the filemon(4) +kernel module. Without these fixes, using meta-mode and filemon(4) on a +FreeBSD 10.2 system may result in kernel panics. + +III. Impact + +For the jails and virtual machines used by the FreeBSD Jenkins Continuous +Integration builders, it is desirable to use released versions FreeBSD. +This will allow us to set up builders to test building FreeBSD-CURRENT with +meta-mode, using a FreeBSD 10.2-RELEASE-p9 build host. + +IV. Workaround + +No workaround is available for the filemon stability problems. + +V. Solution + +Perform one of the following: + +1) Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +2) To update your present system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +3) To update your present system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-16:01/filemon.patch +# fetch https://security.FreeBSD.org/patches/EN-16:01/filemon.patch.asc +# gpg --verify filemon.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/10 r287598 +releng/10.2 r293893 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +The latest revision of this Errata Notice is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-16:01.filemon.asc>; +-----BEGIN PGP SIGNATURE----- + +iQIcBAEBCgAGBQJWl2jlAAoJEO1n7NZdz2rnF6kQAJEgtPKwowupOd3QV2UvMJ4T +PP/UK9tvF+Tbmow+5z9vV8ghh/oHc/AUWxhbIcnOFO7YldwrYJDXAHWF5VoTgatb +Ycg+R10Kyg8loZZuAAaGsY+zS78BIXunKVduWealz6TV978sZ5mr7qVJjX03Bvdh +9s3dX6PLfA0ZtqxXuhJ3oMj1Nt7UoGyNNNg23TWhQDMzpueB1EihhjzcLEk8UCjR +OlZElMXsnI/c9zG0eaSDPqfUuQrZDasQ+kM4eWaEXxcZVHSEQtU7vJ6SjxAkeCHT +fzRcAilzQBQJzObzpdXCxrd3OmKL52Ml44Kll2k31QQM3YDHw5g+mMJ+G6BoD5HZ +hQktb7Y064s/SQ0S91aTCgdSBzlTOny7IjsE1W+T6WD4Dohc1aY5y5u2UDBIRIS9 +BvovQF9k0PXIqpA3DjV1cGp3oYLpmJc5NYqHuJ9hkQWSp8FntfuQ1gKpieznyg25 +mb7fsOU693Dglcodtz1uQcwwgh/0s7bEcP6o7ejzsd4bzhe9CTLgD5qp0MD8htiH +Li+i9O5hUS8nheJt03btw/mq7CPbr66JWnpVHmPe8kL8SU7qmwBwq6d3buk5Hyr1 +tOmpuTyW+dq4iWweG411/j9M8Q03fD/DI4Ez2KS5OTizNAWb2wq8e+OZIk6TDE37 +Aam3KrksQZjG+sqL7NVp +=INcx +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-EN-16:02.pf.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-EN-16:02.pf.asc Thu Jan 14 09:40:53 2016 (r48011) @@ -0,0 +1,149 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-16:02.pf Errata Notice + The FreeBSD Project + +Topic: Invalid TCP checksums with pf(4) + +Category: core +Module: pf +Announced: 2016-01-14 +Credits: Kristof Provost <kp@FreeBSD.org> +Affects: All supported versions of FreeBSD. +Corrected: 2015-11-11 12:36:42 UTC (stable/10, 10.2-STABLE) + 2016-01-14 09:10:46 UTC (releng/10.2, 10.2-RELEASE-p9) + 2016-01-14 09:11:16 UTC (releng/10.1, 10.1-RELEASE-p26) + 2015-12-25 15:12:54 UTC (stable/9, 9.3-STABLE) + 2016-01-14 09:11:26 UTC (releng/9.3, 9.3-RELEASE-p33) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +The pf(4) is one of several packet filters available in FreeBSD, originally +written for OpenBSD. In addition to filtering packets, it also has packet +normalization capabilities. + +II. Problem Description + +When running with certain network interfaces, capable for hardware transmit +checksum offloading, or TCP segmentation offload, pf(4) produces packets with +invalid TCP checksums. + +III. Impact + +The TCP packets with invalid checksums are rejected by the remote host, +leading to large performance impacts or inability to successfully run +a TCP connection. + +IV. Workaround + +Disable transmit checksum offloading and TSO support on the affected +network interface: + +# ifconfig ue0 -txcsum -tso + +V. Solution + +Perform one of the following: + +1) Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +Reboot the system or unload and reload the pf.ko kernel module. + +2) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +Reboot the system or unload and reload the pf.ko kernel module. + +3) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 10.2] +# fetch https://security.FreeBSD.org/patches/EN-16:02/pf-10.2.patch +# fetch https://security.FreeBSD.org/patches/EN-16:02/pf-10.2.patch.asc +# gpg --verify pf-10.2.patch.asc + +[FreeBSD 10.1] +# fetch https://security.FreeBSD.org/patches/EN-16:02/pf-10.1.patch +# fetch https://security.FreeBSD.org/patches/EN-16:02/pf-10.1.patch.asc +# gpg --verify pf-10.1.patch.asc + +[FreeBSD 9.3] +# fetch https://security.FreeBSD.org/patches/EN-16:02/pf-9.3.patch +# fetch https://security.FreeBSD.org/patches/EN-16:02/pf-9.3.patch.asc +# gpg --verify pf-9.3.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the +system or unload and reload the pf.ko kernel module. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/9/ r292732 +releng/9.3/ r293896 +stable/10/ r290669 +releng/10.1/ r293894 +releng/10.2/ r293893 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=154428>; +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193579>; +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=198868>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-16:02.pf.asc>; +-----BEGIN PGP SIGNATURE----- + +iQIcBAEBCgAGBQJWl2rlAAoJEO1n7NZdz2rnv0QP/RXPzKbSRsyyX3914BJv/W4V +coLFodRd62WxPvFIOXaLbNsVSi1yqRqNS3BPNTXnldEvjZWS5HsRlY5inq7hCjOn +NzZFIBVD3aL3eIXBUghNHTcCp3Ml5zIzcGUwJ0wW4F8j3D8Ty0YbJs+E7Ku63DIb +3rR2Mj1Jcoxi4JNVaQ962JlRrqauQUIiFbS0bSmP/cQCUlvhm+uk8Yj1KgSYesSu +n+lQAipH2zZWGjVj1xxvqi4cUcr6J6LEF0eTmg+UoM24vhq+QNql5aactYMOORiW +f+80HOWm6R8F/6TI2xs7HpNfnQNuNBRTfmfViQB8GgzgV2juElcTXW4NKXALrkWy +HxAfv6wdhDxclOXzumUXDOXC90o62Jv5gWiToJWLyETHI1vTe4UuE0egejFHSDJB +bmFpbYeuvXJ5/3dAYHHtnjtIPE9PXG+c16eJr3XDkY4plreL/hpyDHFRd3scqWew +EvPnkYcXZmzpCC/wZbDM5sI76YAfX7vayVqsUI0X4WRueYyIljRQGwygwfmHWiac +HIrgLgJvXZCGXiiuSpZq5874er0/UN9czGuMVOFZoXZ45yuj99pO1rJNZryO926A +UAOsC76m78myPrM+a4dJDrnWKgZjputCEBHXXNS8Yxt1cimrrbAb2wy0gt1CIMFm +cuAfikAwdNj3JAvjS4oA +=Aw1R +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-EN-16:03.yplib.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-EN-16:03.yplib.asc Thu Jan 14 09:40:53 2016 (r48011) @@ -0,0 +1,139 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-16:03.ypclnt Errata Notice + The FreeBSD Project + +Topic: YP/NIS client library critical bug + +Category: core +Module: ypclnt +Announced: 2016-01-14 +Credits: Ravi Pokala, + Lakshmi Narasimhan Sundararajan, + Fred Lewis, + Pushkar Kothavade +Affects: All supported versions of FreeBSD. +Corrected: 2015-12-21 14:32:29 UTC (stable/10, 10.2-STABLE) + 2016-01-14 09:10:46 UTC (releng/10.2, 10.2-RELEASE-p9) + 2016-01-14 09:11:16 UTC (releng/10.1, 10.1-RELEASE-p26) + 2016-01-13 05:32:24 UTC (stable/9, 9.3-STABLE) + 2016-01-14 09:11:26 UTC (releng/9.3, 9.3-RELEASE-p33) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +The YP/NIS subsystem allows network management of passwd, group, netgroup, +hosts, services, rpc, bootparams and ethers file entries. The ypclnt suite +provides an interface to the YP subsystem. + +The standard NIS protocol limits its database entries to YPMAXRECORD (1024 +characters). + +II. Problem Description + +There is a bug with the NIS client library, which can lead to an infinite +loop. + +III. Impact + +A server that is deliberately configured to violate the NIS/YP protocol can +cause a FreeBSD NIS client to be stuck forever. + +IV. Workaround + +No workaround is available, but systems that are not configured to use +NIS/YP are not affected. + +V. Solution + +Perform one of the following: + +1) Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +A reboot is recommended. + +2) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +A reboot is recommended. + +3) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-16:03/yplib.patch +# fetch https://security.FreeBSD.org/patches/EN-16:03/yplib.patch.asc +# gpg --verify yplib.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +A reboot is recommended. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/9/ r293804 +releng/9.3/ r293896 +stable/10/ r292547 +releng/10.1/ r293894 +releng/10.2/ r293893 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:https://reviews.freebsd.org/D4095>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-16:03.ypclnt.asc>; +-----BEGIN PGP SIGNATURE----- + +iQIcBAEBCgAGBQJWl2j1AAoJEO1n7NZdz2rnRZQP/iZq/xlDFZrxwpW4S0GimmmK +CdB9yE8rITW2XRWIaTW+fj4aqQ8cvD3IpqtgPe1wCXe69XgmICPwwBh/zNB4w0qu +xmyihP6/2qTLatIq886StqXRkS+05U5y4VoEwFaRkBCy3IWDVXgM41DsRhOuYq3y +Y72VNeJFSuD+qb0i0B56PpPhaVd7hyEgvuXLXxi3l/BiUMD9t4Z36W8a2IPrF1wa +wviTB6cr614dzH+Jou+d9ffKoD6TWeZtbcf1jrw12YVBJhPx3vCqPVJGerGRUwVF +TeD4cUyHmY1nRa4zssKJcbAbgbYGtumRZTysa50eXBVsd7MTloZk0o8Angr6uGeR +rRo8Sop8PbwWm81Zykb4lIBOVUB4TsEfMjusKhgcJ5kmd+gK8z1ZzE/ZlOes2UJ8 +eH+LOEKjux3c9UKkz6RDWinM277J5fhZ5Zi6jO6n/LrJRKiqKud6VeHQLOElXye7 +/8KFqCaym8JpZ0P3Cywid+2EyqjlNwvsZleDs8EE/d1+60yX+Qm2j+BKAfqhSyLD +a9TimJTsEMA47Rf3af2lx1q4bnrKJVSBGhNaNzDHe5UIge0FAt8uUwgL/yIDpBlS +/5TtnD3F30B34482sAf4u/WW/1ipppIFEe8i6d9uwIGjG9Z5eVVom2FJbAHHdVA6 +w8xVZil5irkB2fdI1DOi +=A4Qy +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-16:01.sctp.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-16:01.sctp.asc Thu Jan 14 09:40:53 2016 (r48011) @@ -0,0 +1,145 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-16:01.sctp Security Advisory + The FreeBSD Project + +Topic: SCTP ICMPv6 error message vulnerability + +Category: core +Module: SCTP +Announced: 2016-01-14 +Credits: Jonathan T. Looney +Affects: All supported versions of FreeBSD +Corrected: 2016-01-14 09:11:42 UTC (stable/10, 10.2-STABLE) + 2016-01-14 09:10:46 UTC (releng/10.2, 10.2-RELEASE-p9) + 2016-01-14 09:11:16 UTC (releng/10.1, 10.1-RELEASE-p26) + 2016-01-14 09:11:48 UTC (stable/9, 9.3-STABLE) + 2016-01-14 09:11:26 UTC (releng/9.3, 9.3-RELEASE-p33) +CVE Name: CVE-2016-1879 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +The Stream Control Transmission Protocol (SCTP) protocol provides reliable, +flow-controlled, two-way transmission of data. + +The Internet Control Message Protocol for IPv6 (ICMPv6) provides a way for +hosts on the Internet to exchange control information. Among other uses, +a host or router can use ICMPv6 to inform a host when there is an error +delivering a packet sent by that host. + +II. Problem Description + +A lack of proper input checks in the ICMPv6 processing in the SCTP stack +can lead to either a failed kernel assertion or to a NULL pointer +dereference. In either case, a kernel panic will follow. + +III. Impact + +A remote, unauthenticated attacker can reliably trigger a kernel panic +in a vulnerable system running IPv6. Any kernel compiled with both IPv6 +and SCTP support is vulnerable. There is no requirement to have an SCTP +socket open. + +IPv4 ICMP processing is not impacted by this vulnerability. + +IV. Workaround + +No workaround is available, but systems using a kernel compiled without +SCTP support or IPv6 support are not vulnerable. + +In addition, some stateful firewalls may block ICMPv6 messages that are +not responding to a legitimate connection. (However, this may not +completely block the problem, as an ICMPv6 message could still be sent +in response to a legitimate SCTP connection.) + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. +Rebooting to the new kernel is required. + +2) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +Rebooting to the new kernel is required. + +3) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-16:01/sctp.patch +# fetch https://security.FreeBSD.org/patches/SA-16:01/sctp.patch.asc +# gpg --verify sctp.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/9/ r293898 +releng/9.3/ r293896 +stable/10/ r293897 +releng/10.1/ r293894 +releng/10.2/ r293893 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1879>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:01.sctp.asc>; +-----BEGIN PGP SIGNATURE----- + +iQIcBAEBCgAGBQJWl2j1AAoJEO1n7NZdz2rnIfoQAOZTLX3VovQPGj9wr7PspLQi +Tazu6vRnjzdOdjpeWwSgYlq6DJGjT71c/BRyCWCoijr2uyBWRlANqzMO64thuTzx +gc6juRlChLDF4sNVWbNDMRwuHTfCpgDH2/4hQeR/9CmiQxHJyqL0gXc889D206i9 +KzgmYrSALEVK0E2kDBeRMsadtqPIEzCw4LygWd4qrtYNPjAfBR/a9U4rg7ZN0ICZ +RCPnkAF6qI09B931QfHaI4C9wdBF8DJ6nKN/2aU9ATdOJJb7oUkpaHht8kmbdZS+ +Tn12nEXkQvNxuAKT7Fb87M14s7LUR12V5wgDeMd2UtOfkeSpGEDFACdhYW3IpKan +gD+2IlzLRhoQTJ7lQWMRTKh3OiDDR2kLwvbEU7BGecDSG6fVkgumn6NlHYybdH7L +axpDOxPz8ITfcdRipIXLOQEC308ckdmaEwqi4ikgBGwEkSgIwj1flGStswvcMrim +vT0xof2dv1y6RW5xYnJF7Mtn/rEcqrql/BeBp/kxJZ2Qt3hkppQnjWD6kvrEj00s +CajzxdBTM7J3buDzu++RL2GL9p5Cwo1kDmUJdWimIbSecL62J9+PwFCDYp/dOy25 +GAPGnf7gk8YhwM8pHwLtcX0b9UundkXLWnLBN7R12fL7Ch2CmPbgPcoFc5CSbcIx +TBRU+4TGcNGxigXyzIHT +=G0DD +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-16:02.ntp.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-16:02.ntp.asc Thu Jan 14 09:40:53 2016 (r48011) @@ -0,0 +1,155 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-16:02.ntp Security Advisory + The FreeBSD Project + +Topic: ntp panic threshold bypass vulnerability + +Category: contrib +Module: ntp +Announced: 2016-01-14 +Credits: Network Time Foundation +Affects: All supported versions of FreeBSD. +Corrected: 2016-01-11 01:09:50 UTC (stable/10, 10.2-STABLE) + 2016-01-14 09:10:46 UTC (releng/10.2, 10.2-RELEASE-p9) + 2016-01-14 09:11:16 UTC (releng/10.1, 10.1-RELEASE-p26) + 2016-01-11 01:48:16 UTC (stable/9, 9.3-STABLE) + 2016-01-14 09:11:26 UTC (releng/9.3, 9.3-RELEASE-p33) +CVE Name: CVE-2015-5300 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +The ntpd(8) daemon is an implementation of the Network Time Protocol (NTP) +used to synchronize the time of a computer system to a reference time +source. + +II. Problem Description + +The ntpd(8) daemon has a safety feature to prevent excessive stepping of +the clock called the "panic threshold". If ever ntpd(8) determines the +system clock is incorrect by more than this threshold, the daemon exits. +There is an implementation error within the ntpd(8) implementation of this +feature, which allows the system time be adjusted in certain circumstances. + +III. Impact + +When ntpd(8) is started with the '-g' option specified, the system time will +be corrected regardless of if the time offset exceeds the panic threshold (by +default, 1000 seconds). The FreeBSD rc(8) subsystem allows specifying the +'-g' option by either including '-g' in the ntpd_flags list or by enabling +ntpd_sync_on_start in the system rc.conf(5) file. + +If at the moment ntpd(8) is restarted, an attacker can immediately respond to +enough requests from enough sources trusted by the target, which is difficult +and not common, there is a window of opportunity where the attacker can cause +ntpd(8) to set the time to an arbitrary value. + +IV. Workaround + +No workaround is available, but systems not running ntpd(8), or running +ntpd(8) but do not use ntpd_sync_on_start="YES" or specify the '-g' option in +ntpd_flags are not affected. Neither of these are set by default. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +The ntpd service has to be restarted after the update. A reboot is +recommended but not required. + +2) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +The ntpd service has to be restarted after the update. A reboot is +recommended but not required. + +3) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 10.1 and 10.2] +# fetch https://security.FreeBSD.org/patches/SA-16:02/ntp-10.patch +# fetch https://security.FreeBSD.org/patches/SA-16:02/ntp-10.patch.asc +# gpg --verify ntp-10.patch.asc + +[FreeBSD 9.3] +# fetch https://security.FreeBSD.org/patches/SA-16:02/ntp-9.patch +# fetch https://security.FreeBSD.org/patches/SA-16:02/ntp-9.patch.asc +# gpg --verify ntp-9.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart the applicable daemons, or reboot the system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/9/ r293652 +releng/9.3/ r293896 +stable/10/ r293650 +releng/10.1/ r293894 +releng/10.2/ r293893 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:https://www.cs.bu.edu/~goldbe/NTPattack.html>; + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:02.ntp.asc>; +-----BEGIN PGP SIGNATURE----- + +iQIcBAEBCgAGBQJWl2j2AAoJEO1n7NZdz2rnyg4QAJ/x3xs+pNGXxTT63hbBqLcB +NTSljW5+hFpL94Nr+rHrelvcT3HkvdWUC+7BvMksoUYCZv0vClp5W7tsfuojDPr0 +GechK1BpLwxeLnRexulWEuvDQpbr6BN9ABdfSl4h3AaUwGYbBVLMY8aT5JpTiE3I +UZg/5iPXVGFPcfdFhzaPgCpZxQtGI3QV7m5jx+Pf8r0ifuTNi8bAbwHCRzmOV8rA +1LM4fvlCPd6TiP3UANWM7PFGbX8UArgzXlb8jSwkxEVC02oZitol4UhcLgacwVrO +0/0q71pyn8W3NBQ1QPUaUg1M81sE501NCTCP3rEg+o6g7oxiq+GpgB0FKwCJxrTk +n3EL7tyhbvVcsglPLRkIXkGz3o5XdelFJ66+qS+mZAiPozkzEFUIdxd8rHKsA1e4 +ZIFARDvDgi8iTArbJnPsQH0CgK8+/2RV2ILFW00Zcu7batvSWJtAUNNFqTSN34tk +JJzHWYwKfGwRIMyEABsy9wLez9K2tRIG0fX75p82dVbRcRZwwSfPmFdfDPuMRRmc +dsNF3133TA92uxwZ177cZk537g+Q0/0I6bts8us3GlCdY2HBuIc+HvRJQyEEqGEv +v1GfEdnwGLp4rmPI8uY+JQ87now7KYhAK1SVil9AXm3tLrIqJsHYayA9nI8mjxfY +Mh1utEeP+TMuievDMQNo +=il8c +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-16:03.linux.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-16:03.linux.asc Thu Jan 14 09:40:53 2016 (r48011) @@ -0,0 +1,133 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-16:03.linux Security Advisory + The FreeBSD Project + +Topic: Linux compatibility layer incorrect futex handling + +Category: core +Module: kernel +Announced: 2016-01-14 +Credits: Mateusz Guzik +Affects: All supported versions of FreeBSD. +Corrected: 2016-01-14 09:11:42 UTC (stable/10, 10.2-STABLE) + 2016-01-14 09:10:46 UTC (releng/10.2, 10.2-RELEASE-p9) + 2016-01-14 09:11:16 UTC (releng/10.1, 10.1-RELEASE-p26) + 2016-01-14 09:11:48 UTC (stable/9, 9.3-STABLE) + 2016-01-14 09:11:26 UTC (releng/9.3, 9.3-RELEASE-p33) +CVE Name: CVE-2016-1880 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:http://security.FreeBSD.org/>. + +I. Background + +FreeBSD is binary-compatible with the Linux operating system through a +loadable kernel module/optional kernel component. The support is +provided on amd64 and i386 machines. + +II. Problem Description + +A programming error in the handling of Linux futex robust lists may result +in incorrect memory locations being accessed. + +III. Impact + +It is possible for a local attacker to read portions of kernel memory, which +may result in a privilege escalation. + +IV. Workaround + +No workaround is available, but systems not using the Linux binary +compatibility layer are not vulnerable. + +The following command can be used to test if the Linux binary +compatibility layer is loaded: + +# kldstat -m linuxelf + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +Reboot the system or unload and reload the linux.ko kernel module. + +2) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +Reboot the system or unload and reload the linux.ko kernel module. + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-16:03/linux.patch +# fetch http://security.FreeBSD.org/patches/SA-16:03/linux.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/amd64/linux32 +# make sysent +# cd /usr/src/i386/linux +# make sysent + +c) Recompile your kernel and modules as described in +<URL:http://www.FreeBSD.org/handbook/kernelconfig.html>. + +Reboot the system or unload and reload the linux.ko kernel module. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Subversion: + +Branch/path Revision +- --------------------------------------------------------------------------- +stable/9/ r293898 +releng/9.3/ r293896 +stable/10/ r293897 +releng/10.1/ r293894 +releng/10.2/ r293893 +- --------------------------------------------------------------------------- + +VII. References + +<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1880>; + +The latest revision of this advisory is available at +<URL:http://security.FreeBSD.org/advisories/FreeBSD-SA-16:03.linux.asc>; +-----BEGIN PGP SIGNATURE----- + +iQIcBAEBCgAGBQJWl2j2AAoJEO1n7NZdz2rngkcQAJ8yxlxYd+qZPf+pbP+0Kj6w ++Sy8BrSUrYLMFynrs4vRPTJobLnVGpwkp6I6ZCDL/yoI/7Xkl3ld7HWfH7MAJ6WP +x0j5/bC+AlWGpKfL6wqeddxjHgmaAlDznN1MyO+3byVfP1Y8VVppbzqPNw9AW17Q +kNqNAMsVuk3OMpoE7CYEsaH6rzHzbMGAPuR+KN5J55Mth6dNkIYSIFJ0sCae5cnv +P6SoMKjn7ffcHymmX/Yj7K0FTOrJOePR0eLbTITivJT1uZ3bYbbYyK1bYslE6bwF +EQ3Ij+LhZdM5D7GBOpILBZ9ojvVMq8PiW9yY3zo7DRrwWajBy8pe/3ow0u7igoOK +/0XUFmRT0Q0iCxlGhXPxEGcc40g6oE6oVz1m3Ewgqc2+iZm+w6N/w88dRqiBHNgL +AiCqleI10eRNgP1uq7XT/5PEslmQLxSCrDPFDOgmSZc3uY7H5LBb6O9fb7YTpn6J +bfL7yyJFei/lAlY1s2b+4/DW9PE1OwxNw/R85mSUpbP5my5wwZR+s3mGTLI2JAlk +74Nw/OR9HLLHoEO5JlagfEclKp7O+JzhHYkAcBm7yRMRr1LV+7JZQEaTCeWTkm6L +YvL8Ca1PAL6qNLZbxQ26Gjka7KCrFhhNfR22c3Lz4pLtkg9YmDRb4sy6i+q3ellG +0mLi0OqTu2gn+25xhidf +=OQft +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-16:04.linux.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-16:04.linux.asc Thu Jan 14 09:40:53 2016 (r48011) @@ -0,0 +1,145 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-16:04.linux Security Advisory + The FreeBSD Project + +Topic: Linux compatibility layer setgroups(2) system call + vulnerability + +Category: core +Module: kernel +Announced: 2016-01-14 +Credits: Dmitry Chagin +Affects: All supported versions of FreeBSD +Corrected: 2016-01-14 09:11:42 UTC (stable/10, 10.2-STABLE) + 2016-01-14 09:10:46 UTC (releng/10.2, 10.2-RELEASE-p9) + 2016-01-14 09:11:16 UTC (releng/10.1, 10.1-RELEASE-p26) + 2016-01-14 09:11:48 UTC (stable/9, 9.3-STABLE) + 2016-01-14 09:11:26 UTC (releng/9.3, 9.3-RELEASE-p33) +CVE Name: CVE-2016-1881 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +FreeBSD is binary-compatible with the Linux operating system through a +loadable kernel module/optional kernel component. The support is +provided on amd64 and i386 machines. + +II. Problem Description + +A programming error in the Linux compatibility layer setgroups(2) system +call can lead to an unexpected results, such as overwriting random kernel +memory contents. + +III. Impact + +It is possible for a local attacker to overwrite portions of kernel +memory, which may result in a privilege escalation or cause a system +panic. + +IV. Workaround + +No workaround is available, but systems not using the Linux binary +compatibility layer are not vulnerable. + +The following command can be used to test if the Linux binary +compatibility layer is loaded: + +# kldstat -m linuxelf + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +Reboot the system or unload and reload the linux.ko kernel module. + +2) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +Reboot the system or unload and reload the linux.ko kernel module. + +3) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-16:04/linux.patch +# fetch https://security.FreeBSD.org/patches/SA-16:04/linux.patch.asc +# gpg --verify linux.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/amd64/linux32 +# make sysent +# cd /usr/src/i386/linux +# make sysent + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>. + +Reboot the system or unload and reload the linux.ko kernel module. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/9/ r293898 +releng/9.3/ r293896 +stable/10/ r293897 +releng/10.1/ r293894 +releng/10.2/ r293893 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1881>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:04.linux.asc>; +-----BEGIN PGP SIGNATURE----- + +iQIcBAEBCgAGBQJWl2j3AAoJEO1n7NZdz2rnstMP/jddSJehSXe9rlL2qhYfRrQY +XZSuoOtolvcl2xSQCZYprXN95/i890VOdJ9x4+iYJA2IQO55a8MjS1DcJjjonV7J +zJa7Apnu1jaK1jDx+RL6C3eVDff0ss1B7NvZTXmjHn+nIsIRxd6vzxDp2NujTnWS *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201601140940.u0E9erMP028957>