Date: Mon, 15 Jul 2024 14:33:01 -0600 From: Alan Somers <asomers@freebsd.org> To: freebsd-stable@freebsd.org Subject: Re: FreeBSD Errata Notice FreeBSD-EN-23:21.tty Message-ID: <CAOtMX2h1Um-XzAj2WjMf2u9pUV-j2ZxozyVZh8qg3gue3DiKsQ@mail.gmail.com> In-Reply-To: <20231205221600.4AC2514E38@freefall.freebsd.org> References: <20231205221600.4AC2514E38@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
What exactly does the "Announced: 2023-11-24" date refer to? It isn't the date that the patch got applied to the main or stable branch, nor the date that the email alert was sent out, nor the date that anything changed in Bugzilla. On Tue, Dec 5, 2023 at 3:23=E2=80=AFPM FreeBSD Errata Notices <errata-notices@freebsd.org> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D > FreeBSD-EN-23:21.tty Errata No= tice > The FreeBSD Pro= ject > > Topic: tty(4) IUTF8 causes a kernel panic > > Category: core > Module: tty > Announced: 2023-11-24 > Affects: FreeBSD 14.0 > Corrected: 2023-11-20 16:54:54 UTC (stable/14, 14.0-STABLE) > 2023-12-05 18:27:38 UTC (releng/14.0, 14.0-RELEASE-p2) > 2023-11-20 16:57:49 UTC (stable/13, 13.2-STABLE) > > For general information regarding FreeBSD Errata Notices and Security > Advisories, including descriptions of the fields above, security > branches, and the following sections, please visit > <URL:https://security.FreeBSD.org/>. > > Note: This issue does not affect 13.2-RELEASE, as the bug was introduced = into > the stable/13 branch after the 13.2 release. > > I. Background > > The IUTF8 flag was added to the tty(4) subsystem in order to add proper > backspace handling for UTF-8 characters. Without this flag, tty(4) treat= s > all characters as single-byte-wide characters and so, in the case of a UT= F-8 > character two bytes in size or larger, tty(4) deletes only one byte durin= g a > backspace event, instead of all bytes, which results in the tty buffer > containing garbage. > > II. Problem Description > > The implementation of backspace handling failed to check whether the TTY > buffer was empty, in which case the kernel could panic. > > III. Impact > > An unprivileged user may be able to trigger a kernel panic. > > IV. Workaround > > No workaround is available. > > V. Solution > > Upgrade your system to a supported FreeBSD stable or release / security b= ranch > (releng) dated after the correction date, and reboot. > > Perform one of the following: > > 1) To update your system via a binary patch: > > Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platfo= rms, > or the i386 platfrom on FreeBSD 13 and earlier, can be updated via > the freebsd-update(8) utility: > > # freebsd-update fetch > # freebsd-update install > # shutdown -r +10min "Rebooting for a security update" > > 2) To update your system via a source code patch: > > The following patches have been verified to apply to the applicable > FreeBSD release branches. > > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. > > # fetch https://security.FreeBSD.org/patches/EN-23:21/tty.patch > # fetch https://security.FreeBSD.org/patches/EN-23:21/tty.patch.asc > # gpg --verify tty.patch.asc > > b) Apply the patch. Execute the following commands as root: > > # cd /usr/src > # patch < /path/to/patch > > c) Recompile your kernel as described in > <URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the > system. > > VI. Correction details > > This issue is corrected as of the corresponding Git commit hash or Subver= sion > revision number in the following stable and release branches: > > Branch/path Hash Revision > - -----------------------------------------------------------------------= -- > stable/14/ ae8387cc818a stable/14-n265760 > releng/14.0/ 31f6cfca851f releng/14.0-n265392 > stable/13/ 8647fe60b8c3 stable/13-n256709 > - -----------------------------------------------------------------------= -- > > Run the following command to see which files were modified by a > particular commit: > > # git show --stat <commit hash> > > Or visit the following URL, replacing NNNNNN with the hash: > > <URL:https://cgit.freebsd.org/src/commit/?id=3DNNNNNN> > > To determine the commit count in a working tree (for comparison against > nNNNNNN in the table above), run: > > # git rev-list --count --first-parent HEAD > > VII. References > > <URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D275009> > > The latest revision of this advisory is available at > <URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-23:21.tty.asc> > -----BEGIN PGP SIGNATURE----- > > iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVvmWcACgkQbljekB8A > Gu+WfxAA4+u5wXTSy1UcpO17JzFuo0JjhQUcOEh3uWRCPdgpokEkv7xnjJQz8W3u > 0c1GtigtKLOvJx6gF4ilFQhVbxtFNj5a73ODPqcy0K0x7YPw/5Rbrl+jk7389NXT > A5H7kT7bscF6x9D7YfAkA2/JSgSS3opx6KJhOP8x8DvNuNpl/v2ja1LAcIVjytu6 > YYBz/GaODjX4iOw8dYzQetmbeEOiKZX660Eq5Sm2UySRz/BpJpT3y1Ncl84dWC+H > otBihg1iezD5Ju4TIbGz6/N2oSf6mEQ2jx+ahNPGHj/A4fUeBajZWJZrge4Birii > c45EIcPUzyt8Q4Xjcn4qCKJ3MHGCR65/39oK5DbOXD62t3l/vbLSbHToYjeJWyTN > Fl/hOtVSrF7Om0qhlrNOfS2jXIcTQDBQJ/vgjC+m+FTDtnyiSSAZfYXQz4Ckkqfw > KMPc3N9YI7aoifyTQxj508WN1dma7eRwyupLabwfOij03vmN/4tAI89v6EEefhpM > wTUPTgebQWgHJjjUi7Mo8EXSzWxtPbdt2UX8XtVw3EpjQOqqc0vv+VJxkCAdMdDO > fE8614WWcHppswXi7dlWgKUcMEEdtZ48+QjM1h+fA8DeNk6FSLBJXLUQnll1QPEW > VDj9oKnoXquQyuxWB8MwbiUfrLlAhAXhfC8nG+Ci75sts0E4jQE=3D > =3Dwp8X > -----END PGP SIGNATURE----- >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOtMX2h1Um-XzAj2WjMf2u9pUV-j2ZxozyVZh8qg3gue3DiKsQ>