From owner-svn-doc-all@freebsd.org Wed Mar 7 17:30:49 2018 Return-Path: Delivered-To: svn-doc-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 04044F42EF1; Wed, 7 Mar 2018 17:30:49 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id ADDBE82D5F; Wed, 7 Mar 2018 17:30:48 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A8C6324CB0; Wed, 7 Mar 2018 17:30:48 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w27HUmMg035559; Wed, 7 Mar 2018 17:30:48 GMT (envelope-from gordon@FreeBSD.org) Received: (from gordon@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w27HUmA2035556; Wed, 7 Mar 2018 17:30:48 GMT (envelope-from gordon@FreeBSD.org) Message-Id: <201803071730.w27HUmA2035556@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gordon set sender to gordon@FreeBSD.org using -f From: Gordon Tetlow Date: Wed, 7 Mar 2018 17:30:48 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r51470 - in head/share/security: advisories patches/SA-18:01 X-SVN-Group: doc-head X-SVN-Commit-Author: gordon X-SVN-Commit-Paths: in head/share/security: advisories patches/SA-18:01 X-SVN-Commit-Revision: 51470 X-SVN-Commit-Repository: doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 Mar 2018 17:30:49 -0000 Author: gordon (src,ports committer) Date: Wed Mar 7 17:30:48 2018 New Revision: 51470 URL: https://svnweb.freebsd.org/changeset/doc/51470 Log: Correct patches for 10.x along with updated advisory. Modified: head/share/security/advisories/FreeBSD-SA-18:01.ipsec.asc head/share/security/patches/SA-18:01/ipsec-10.patch head/share/security/patches/SA-18:01/ipsec-10.patch.asc Modified: head/share/security/advisories/FreeBSD-SA-18:01.ipsec.asc ============================================================================== --- head/share/security/advisories/FreeBSD-SA-18:01.ipsec.asc Wed Mar 7 15:06:09 2018 (r51469) +++ head/share/security/advisories/FreeBSD-SA-18:01.ipsec.asc Wed Mar 7 17:30:48 2018 (r51470) @@ -14,15 +14,20 @@ Credits: Maxime Villard Affects: All supported versions of FreeBSD. Corrected: 2018-02-24 13:04:02 UTC (stable/11, 11.1-STABLE) 2018-03-07 05:53:35 UTC (releng/11.1, 11.1-RELEASE-p7) - 2018-03-07 05:47:48 UTC (stable/10, 10.4-STABLE) - 2018-03-07 05:53:35 UTC (releng/10.4, 10.4-RELEASE-p6) - 2018-03-07 05:53:35 UTC (releng/10.3, 10.3-RELEASE-p27) + 2018-03-07 16:55:15 UTC (stable/10, 10.4-STABLE) + 2018-03-07 17:16:41 UTC (releng/10.4, 10.4-RELEASE-p6) + 2018-03-07 17:16:41 UTC (releng/10.3, 10.3-RELEASE-p27) CVE Name: CVE-2018-6916 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . +0. Revision History + +v1.0 2018-03-07 Initial release. +v1.1 2018-03-07 Correct patch for 10.x releases. + I. Background The IPsec suite of protocols provide network level security for IPv4 and IPv6 @@ -101,9 +106,9 @@ affected branch. Branch/path Revision - ------------------------------------------------------------------------- -stable/10/ r330565 -releng/10.3/ r330566 -releng/10.4/ r330566 +stable/10/ r330609 +releng/10.3/ r330611 +releng/10.4/ r330611 stable/11/ r329907 releng/11.1/ r330566 - ------------------------------------------------------------------------- @@ -126,19 +131,19 @@ The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlqfhClfFIAAAAAALgAo +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlqgIMpfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n -5cISCQ//f9bjAzuou4wlbaoVBp+csfE8qwJl0PJAs/guwO9dO/TMLrVzJ+oNtAIR -VO6T7j2uC/eLD80PFsGoTpDAm4O1gqcGGX4OZm/6rE/OdqC3/UhhqpMYke0ZdNuh -ugUyztXZkHuvsLgoR/peW9QqAxRRABTUWL0NPQU4YvtEpa5iOOkzNYuPQ9+dltQC -SXkbGDrHgHwMHSyoZ14eRffrlwOU+bYH7tdMvDzPyr3z4NhJSTJvKBy4dohCal9F -bQRjZSqsGGZ4D0T0BW88RpD3wRBj9s23bSgbcrR8tQvtwEN897S/oL0wtbFYVOQ+ -p/ZgiVgV2JvB17m6Dnmt8+CQLEri+21l1NCF2rVMvMBUcZioiO3L43Z3dZNZfRb5 -pknuSB6q0HEF5qE1sRIlT2WwH/6rd6VASQOb0NQRTBKNVM7ZU6+Q1PN56KjPhZmw -uVREGJ6fHz/MB58fOLkyhbhvcmL7Hz1CGQwQz1Qi05Gp5T2OYP9POJyK8e/EW+Gs -hiiErWezEWpVtHHfUpbudVlqlLp/Mc8LHlVOCIhnrEWH1zhgBX2Bx/WmELUerJz/ -RjOKUdPTQwn8IVkXJfpj42IbxdCG8xvQN/NKWf01maa+Y2xLCtlg8H0I9/9zT80Q -bLdFKjj+M5ysz+bcSR4jl3pd2WMqpidXPvOjph5JcfNWDA5131I= -=Uzqo +5cIRsA//b3GwfCJwKRdmxvEeTMxSrlppHr3x+quY9HhJEy1Sp4G4aPv4T5J0wjwX +vYdRuCtYSbdewGrOtq77Lwf0QKmvay6rvY/FB5Mm5EXqzdSzKLoEWqv9n0ShRbA4 +4M61TaqrK6TB/zE+CRm9LS1Vmx7sfOh7ebhWvt1oKoobC/9p/1W/622ZJ6CsE7vc +GWg0zJzbCpw3MfhCF8dTr7mjheL7EiXBQaSNDIa4FqSScPshk87VmUM7rd8NYUuX +ADDTOyQ/9ycwPecHl1/IlFRsIOGXl7mvXy8SibRUsSFNZB53x+915hLRhH+YuQH8 +aoWVT+mTwOsJPs36Nd+PwV3iJ5jcLaIXFlx65JHu+rep7BXDpDM6N7BHoeDl3s+y +8qwFUwb6wVEMj93kM8X+VdVx1nyFr/MTFsbj6CaIryXm+X/QtE4TCzDoWn+P+cpo +Ic7q/NDA4abU1KEOQYAS8TTrJl+VTtAVl2gv/D3+TGOXWebXkoAsKvRbXC7eesWa +b1GD5my7sSPmMsSsiNxNus9EtWOE0QMu6Asa/fDhhsg+jUSdsn8Iduia62UFeCXz +NBq87Gobw1WM+N7aDKDbt9+hXBZu3YTPL31IDhCj5ezOWQ77qpDV7c0CiQsRqLjG +nwgNe41g2bhjIFpIoyA/e4aXdOuYHsUKYFCmmzCO1ZGO3NkB0VQ= +=Yb3u -----END PGP SIGNATURE----- Modified: head/share/security/patches/SA-18:01/ipsec-10.patch ============================================================================== --- head/share/security/patches/SA-18:01/ipsec-10.patch Wed Mar 7 15:06:09 2018 (r51469) +++ head/share/security/patches/SA-18:01/ipsec-10.patch Wed Mar 7 17:30:48 2018 (r51470) @@ -8,11 +8,11 @@ + DPRINTF(("%s: bad mbuf length %u (expecting %lu)" + " for packet in SA %s/%08lx\n", __func__, + m->m_pkthdr.len, (u_long) (skip + authsize + rplen), -+ ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)), ++ ipsec_address(&sav->sah->saidx.dst), + (u_long) ntohl(sav->spi))); + AHSTAT_INC(ahs_badauthl); -+ error = EACCES; -+ goto bad; ++ m_freem(m); ++ return EACCES; + } AHSTAT_ADD(ahs_ibytes, m->m_pkthdr.len - skip - hl); Modified: head/share/security/patches/SA-18:01/ipsec-10.patch.asc ============================================================================== --- head/share/security/patches/SA-18:01/ipsec-10.patch.asc Wed Mar 7 15:06:09 2018 (r51469) +++ head/share/security/patches/SA-18:01/ipsec-10.patch.asc Wed Mar 7 17:30:48 2018 (r51470) @@ -1,18 +1,18 @@ -----BEGIN PGP SIGNATURE----- -iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlqfhGpfFIAAAAAALgAo +iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlqgIOxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n -5cKa+BAAg4G75ea9cM88a8lYwbYhkJtBXtFKI0ct0k0cur083WGBfwiAjvLvulas -wTC4agKfFYViZpk7/gXNtfwNsSwM25mA5qTUOgDErA1SbdQqKcZc+bH3NfeMdSwa -eeQ6xC4qBqgTINE8waXNal1IktqOy3/i/K/Glx6w2UDQrrH1s8PrHDjZBOm0cVlv -n3jM5jVUjIM4otfJxmdleMaF/NEWCbe6JoPxx5/rrPWjm/ZKa+t3Cbz4FNzl4PHO -IInFo6k0u9SKtdaAkGuEIOLtEwfULGcGATONxTGj62T7Yd+3NsmqKsj4eXQv2Aoo -Ez+GRws+QQcQqTHDnqNtAMuRfNXyHnmgKDTxH9DS4uWKIJjjungRJ2OCySSRelPX -GJmnljcuEr0zOx2JkRRKm3opOWRruqh2juFZr2vUD3eiWApqouWt2Jv4ddzuSBBZ -6uFdZJtrvwKIUhEE30V6XRIQOXc/QSQygfPgJ4lGNKMyv/IKOmZeT1JtYoU8a74I -3aX5grnV/fDQgjP6Ks2jwKuMrm9jcJYWEhnhg/rJFaHKcOFmdBde0I4RCraIhCgA -GX3uCFZRotYerNP2DeLhRuWsn4N6S3bAvAO/ICO2NYQEQe4WbVPF9TJNoXf3MBDd -HEAL5iNSD3PYCxmD7m2jAVb+Y0oDMlnsLxpM5eZZQtpNy2QWrjc= -=9maD +5cIdaBAAmNj+4+bMUdvUlsv5wYLWVmsEzVQi8uFJ95RqYZZYlH1VTBZLs0lu03gk +mKzelKexiwoW5tljdZPG7FfInXdy7uaat3iu95tI1QVMW/6x5bVuDIkDf2nr8D5Y +qYNyAQKKE0cMxoe/J8faSuABTpdNTAXTc0ZnTV1wcUC0KQDBQMCgDaMRCsR5DjJV +KErca5fnfidB57wf8XJpj/K/jkmGvuPj0g1ere2GAaQAXaiWSRnl5nyWTX64TXI5 +yhrGt0QqpjCkcU3sJPlUIupFe38x13tlLMYuNPZbLFBmL2nwrPluNftBnMA/iGiR +i/PBG3UKYoA0VjX6IMU2UGHZXBZFF8r7P+NTIOJ5qWlJoluqO/SliU11tzcgl9MM +Hq81nbSNa4I12eB/PTI2x3PRcs0Hc6LWMHSY/oomciHykzb+oCTtimN+vYbqzXzf +6VdeHZbuOEhNVyHd9kUWzQv3CY8OsnFZ3zja7IsxkYgDBmbrcVBzdPbf3j/31kSq +AdbErhlz30UVzGEZEiL8ZvIg7Z32MW3etauUYR9QFz5EcKNSd0C9+1+VGVofZEMJ +x//XRvXRIkcY1YY195d2iiRceBa+IZ2XtvKS0ByB+4ZImw0Emeq4Er9A3/GCnyp3 +KFj4udpGmUpjh5xXoEl0Pjt3q/JUhTkC0JWtvcrGQJ5kCO1y77A= +=gdOo -----END PGP SIGNATURE-----