Date: Thu, 19 Mar 2020 17:20:56 +0000 (UTC) From: Gordon Tetlow <gordon@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r53996 - in head/share: security/advisories security/patches/EN-20:03 security/patches/EN-20:04 security/patches/EN-20:05 security/patches/EN-20:06 security/patches/SA-20:04 security/pa... Message-ID: <202003191720.02JHKuok043807@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: gordon (src committer) Date: Thu Mar 19 17:20:56 2020 New Revision: 53996 URL: https://svnweb.freebsd.org/changeset/doc/53996 Log: Add EN-20:03 through EN-20:06 and SA-20:04 through SA-20:09. Approved by: so Added: head/share/security/advisories/FreeBSD-EN-20:03.sshd.asc (contents, props changed) head/share/security/advisories/FreeBSD-EN-20:04.pfctl.asc (contents, props changed) head/share/security/advisories/FreeBSD-EN-20:05.mlx5en.asc (contents, props changed) head/share/security/advisories/FreeBSD-EN-20:06.ipv6.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-20:04.tcp.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-20:05.if_oce_ioctl.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-20:06.if_ixl_ioctl.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-20:07.epair.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-20:08.jail.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-20:09.ntp.asc (contents, props changed) head/share/security/patches/EN-20:03/ head/share/security/patches/EN-20:03/sshd.patch (contents, props changed) head/share/security/patches/EN-20:03/sshd.patch.asc (contents, props changed) head/share/security/patches/EN-20:04/ head/share/security/patches/EN-20:04/pfctl.patch (contents, props changed) head/share/security/patches/EN-20:04/pfctl.patch.asc (contents, props changed) head/share/security/patches/EN-20:05/ head/share/security/patches/EN-20:05/mlx5en.patch (contents, props changed) head/share/security/patches/EN-20:05/mlx5en.patch.asc (contents, props changed) head/share/security/patches/EN-20:06/ head/share/security/patches/EN-20:06/ipv6.patch (contents, props changed) head/share/security/patches/EN-20:06/ipv6.patch.asc (contents, props changed) head/share/security/patches/SA-20:04/ head/share/security/patches/SA-20:04/tcp.patch (contents, props changed) head/share/security/patches/SA-20:04/tcp.patch.asc (contents, props changed) head/share/security/patches/SA-20:05/ head/share/security/patches/SA-20:05/if_oce_ioctl.patch (contents, props changed) head/share/security/patches/SA-20:05/if_oce_ioctl.patch.asc (contents, props changed) head/share/security/patches/SA-20:06/ head/share/security/patches/SA-20:06/if_ixl_ioctl.patch (contents, props changed) head/share/security/patches/SA-20:06/if_ixl_ioctl.patch.asc (contents, props changed) head/share/security/patches/SA-20:07/ head/share/security/patches/SA-20:07/epair.11.patch (contents, props changed) head/share/security/patches/SA-20:07/epair.11.patch.asc (contents, props changed) head/share/security/patches/SA-20:07/epair.12.patch (contents, props changed) head/share/security/patches/SA-20:07/epair.12.patch.asc (contents, props changed) head/share/security/patches/SA-20:08/ head/share/security/patches/SA-20:08/kern_jail.patch (contents, props changed) head/share/security/patches/SA-20:08/kern_jail.patch.asc (contents, props changed) head/share/security/patches/SA-20:09/ head/share/security/patches/SA-20:09/ntp.11.3.patch (contents, props changed) head/share/security/patches/SA-20:09/ntp.11.3.patch.asc (contents, props changed) head/share/security/patches/SA-20:09/ntp.11.patch (contents, props changed) head/share/security/patches/SA-20:09/ntp.11.patch.asc (contents, props changed) head/share/security/patches/SA-20:09/ntp.12.1.patch (contents, props changed) head/share/security/patches/SA-20:09/ntp.12.1.patch.asc (contents, props changed) head/share/security/patches/SA-20:09/ntp.12.patch (contents, props changed) head/share/security/patches/SA-20:09/ntp.12.patch.asc (contents, props changed) Modified: head/share/xml/advisories.xml head/share/xml/notices.xml Added: head/share/security/advisories/FreeBSD-EN-20:03.sshd.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-EN-20:03.sshd.asc Thu Mar 19 17:20:56 2020 (r53996) @@ -0,0 +1,119 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-20:03.sshd Errata Notice + The FreeBSD Project + +Topic: Misleading log messages upon successful sshd login + +Category: contrib +Module: sshd +Announced: 2020-03-19 +Affects: FreeBSD 12.1 +Corrected: 2019-11-28 02:18:19 UTC (stable/12, 12.1-STABLE) + 2020-03-19 16:34:11 UTC (releng/12.1, 12.1-RELEASE-p3) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +The sshd server implements the secure shell protocol, providing remote +access. + +II. Problem Description + +Due to a programming error, error messages of the form "Failed unknown for +user <user> ..." will be emitted to auth.log for successful logins. + +III. Impact + +Log files will be confusing, and programs like fail2ban that parse logs will +not function correctly. + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date, and restart the sshd +service. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# nohup service sshd restart + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-20:03/sshd.patch +# fetch https://security.FreeBSD.org/patches/EN-20:03/sshd.patch.asc +# gpg --verify sshd.patch.asc + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart the applicable daemons, or reboot the system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r355160 +releng/12.1/ r359134 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=234793>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-20:03.sshd.asc>; +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl5zplJfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cJLCA//V8LAaiI3320RkieKpp1W8VJLajd1aWnwmMzCMuyXYsEnDoLRzGdsEdcv +K1HhEz27vEuhusmW6AwLGcuHDJl+/230JJMcs24dtbJ/VcanG4Tw5fKjT6g1zT9m +A8ZQ16N5LU8q8TGcRATie9+88Ri3iepDkur4Gh4HBH/VKfI4szoWZXpBe0UZJTPr +EGXtcvTRlVlex3jWJF2FA/4TioR6PGAyJxwtxLpaSWoMJFrTKh0b7AnyCTzqC6cE +aHF/RDH8i16VbVDTHmfo0FPKeCcF25uFYG1edDpSofdvE9XZTEvqy1fz6Nv+LEbp +EMFOa99zUtzjWVkvPMXWXSYDVivyjoX38pEvbZnNxWNot8His9UWOss9vff9/B/L +Y6uHIpPeW8JhBpyOJ6hlYZ/zkEnKy33tNm+/mzV6TBUpu0h8cTULKkXCeIQIyU61 +YUGEhw+TFRS0X9v6lovXif3/Cs6r8nNKSh/NUa43B7oxacEsCimfU1YApNi7nj3L +DD1vQmvR7j7k8tTDw4FGqv3HgkRL4RgkbWsGJB83dUXTEUV/Dtjh6o7duTsYbdw0 +eEaqTQBysENCQEsZ3s0NHF0nUdrmxecw/6US+dhnt1nMJH7I4UaHM95wMXY0x3CQ +k5yDoMPMs4NTC7iBRtyw69IQMsOwRsUU5notdlWjklKKSvRAXnA= +=8o6k +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-EN-20:04.pfctl.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-EN-20:04.pfctl.asc Thu Mar 19 17:20:56 2020 (r53996) @@ -0,0 +1,132 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-20:04.pfctl Errata Notice + The FreeBSD Project + +Topic: Missing pfctl(8) tunable + +Category: core +Module: pfctl(8) +Announced: 2020-03-19 +Credits: Rubicon Communications, LLC (netgate.com) +Affects: FreeBSD 11.3-RELEASE +Corrected: 2020-02-12 14:50:13 UTC (stable/11, 11.3-STABLE) + 2020-03-19 16:35:15 UTC (releng/11.3, 11.3-RELEASE-p7) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +Packet filtering takes place in the kernel. A pseudo-device, /dev/pf, allows +userland processes to control the behavior of the packet filter through an +ioctl(2) interface. Commands include enabling and disabling the filter, +loading rulesets, adding and removing individual rules or state table entries, +and retrieving statistics. The most commonly used functions are covered by +the pfctl(8) utility. + +II. Problem Description + +pf(4) ioctls frequently take a variable number of elements as argument. +This can potentially allow users to request very large allocations. + +A failing non-blocking pf(4) allocation can tie up resources resulting in +concurrent blocking allocations entering vm_wait() and inducing reclamation +of caches. + +III. Impact + +The kernel will reject very large tables to avoid resource exhaustion +attacks. Some users run into this limit with legitimate table +configurations. + +IV. Workaround + +No workaround is available, however systems that do not employ pf(4) nor +use pf(4) table definitions larger than 65535 entries are unaffected. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date, and reboot. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for an errata update" + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 11.3] +# fetch https://security.FreeBSD.org/patches/EN-20:04/pfctl.patch +# fetch https://security.FreeBSD.org/patches/EN-20:04/pfctl.patch.asc +# gpg --verify pfctl.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/11/ r357822 +releng/11.3/ r359135 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-20:04.pfctl.asc>; +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl5zpldfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cL4Aw/9GhPqyMcVMROjoX2xepwOubsM+C9lMCTQtxOOhYLtt9IIt5KTgSefAcyt +DMcqE78R6wgaxf08XAQyD/iN3udhCFT4YRElB1o5XMEhYUcCIsatKcb8hIVJuRD3 +Ap2goT7zHlicFxpKuWblg/qenU0A9PgaCjsRaVePHS2nzOW+d9DJSg3yxz6xwGCZ +Nuv03Y2OBVm/KdW4awk50FdzR2L04U0D0ZATh+5yr25aH99dVpUQMmRc+qjRtXzh +4j34Qj8mWteAkD5690zcE1nGwu7lGDFoRjwhiP5RP9Gn3o2Sv5SJwHNwB5W1WQDr +GAormcXgUwuWwd9ijtKfWNmJm7MhZhCjvq9l0tt54e+j4Nmz39/ZijFfa1Ug7XKJ +4yp1ey2ri3W3bGrv2nRHMzY6d3EaQq/96vupt/dWxlufoIHbUvUQ0l8KWNmQ8kK1 +dplsoMS6x/AeFjjF4I62Cp429vBbpRDRCJk4mZ6itJ8CWbNXIv2xCj7aKzRcrwpx +kmcblpkFpm7edVkTGjtv/MMhUPXdlskQStOCjSkHoo/cofcAOUovJ8755AvYNkwl +P0e49iOxvFFMA3jZSuxCrQksHq295VwjImEUSJKYyARGdDiPR4q8AdUy+CPyDoLs +zMrzZz5HiNSNdoh4mX3OFIkjtuk/fXR5LQnMBuzHfmfhLtsmHAQ= +=upRR +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-EN-20:05.mlx5en.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-EN-20:05.mlx5en.asc Thu Mar 19 17:20:56 2020 (r53996) @@ -0,0 +1,122 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-20:05.mlx5en Errata Notice + The FreeBSD Project + +Topic: Fix packet forwarding performance in mlx5en(4) driver + +Category: core +Module: mlx5en +Announced: 2020-03-19 +Affects: FreeBSD 12.1 +Corrected: 2019-11-07 13:12:38 UTC (stable/12, 12.1-STABLE) + 2020-03-19 16:41:29 UTC (releng/12.1, 12.1-RELEASE-p3) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +Add CSUM_SND_TAG flag and set this flag for outgoing ratelimited mbufs. +This fixes an issue that redirected packets are dropped in the mlx5en +transmit routine. + +II. Problem Description + +Ratelimiting support in the network stack reuses an mbuf field for a +different purpose to avoid having to grow the mbuf size. This can a cause +packet drop in the forwarding case if the field in question is not cleared +prior to transmit. + +III. Impact + +All packets going through firewall code are dropped when using mlx5en(4). + +IV. Workaround + +No workaround is available. Systems not using mlx5en(4) are not affected. + +V. Solution + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# reboot + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 12.1] +# fetch https://security.FreeBSD.org/patches/EN-20:05/mlx5en.patch +# fetch https://security.FreeBSD.org/patches/EN-20:05/mlx5en.patch.asc +# gpg --verify mlx5en.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r354440 +releng/12.1/ r359136 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=243871>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-20:05.mlx5en.asc>; +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl5zpldfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cIMCw/7BCNrVg/W7nwnbDdQs1xR0gTz4pUTGB7SnyXs69kJ15dimWt00oVCJurP +oh7uZIPenrS/xRosmbehsNc3IJRN6Npnf86dazuj3qRu24E3CJg9bQJ0sAHrWOXB +i6UgrWIDKIEQ/Yflpcl4bqj/L5HQsTQ/mbkBl1nYiu7VUwjGPhidRYSCQQHDY8ZM +XJ4BFBJCx+gSEcfP6iAqZTGcDAwyFkl9kzxfMIymIRqGlBABBqN6OFrnMjiBoDGL +CiTFt0rFs4/bdX8wQyRhQ6IHjFGiEbXZS4txJxP3XZaIJaPYF5snrrV1rgGjOeVl +2PmGF82ugSwrpVgPuDCMkiJEvYR6matvjRrYQDEBsz0rY6pyid4q9Ck7uKt2KW8u +M3tPtL61SbnuPXTYGpFD++xWYjlQrkcuudwHRT3NYOgNAwU6U+ejLuDzpbWFtPAh +RCQ/tmSOxTQWubxbiwiA07zxVY1a2ffguyzpc+p8PTwIbgrtuh64saoenuvNg0wJ +rhuShGQnhsfWbStOW1T21tsBkB/cZekQYt3e9zB3RREl3WBvJmKPLqO0m8WBaSUx +2iTxnMrhEAnD4R6oVouibCwRdlnxMD3xyYmJJZJ/p8hFXVZlWm60c5nKh82bQVLj +mN4Uf+V7Q/P+fkfoWFm7Dq4kYQp7DmANjh2gK80/88f9/AhX+so= +=EjZa +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-EN-20:06.ipv6.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-EN-20:06.ipv6.asc Thu Mar 19 17:20:56 2020 (r53996) @@ -0,0 +1,136 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-20:06.ipv6 Errata Notice + The FreeBSD Project + +Topic: Incorrect checksum calculations with IPv6 extension headers + +Category: core +Module: netinet6 +Announced: 2020-03-19 +Credits: Francis Dupont <fdupont@isc.org> +Affects: All supported versions of FreeBSD. +Corrected: 2020-03-02 22:54:32 UTC (stable/12, 12.1-STABLE) + 2020-03-19 16:43:37 UTC (releng/12.1, 12.1-RELEASE-p3) + 2020-03-03 08:24:09 UTC (stable/11, 11.3-STABLE) + 2020-03-19 16:43:37 UTC (releng/11.3, 11.3-RELEASE-p7) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +Upper layer transport protocols, e.g., TCP, UDP, or SCTP, include +checksums in their headers. IPv6 is a network protocol, which can +add extension headers between its own header and that of the upper +layer protocol. + +II. Problem Description + +Pseudo header checksum calculations can be delayed until the IPv6 +output routine or offloaded to the NIC. In case IPv6 extension +headers are present, FreeBSD currently never offloads to the NIC. +When passing the data to the functions doing the delayed checksum +calculations, the contents of the extension headers were erroneously +included as part of the checksum. + +III. Impact + +Upper layer transport protocol checksums may be wrong for IPv6 packets, +such as IPv6 fragments, or IPv6 packets with a Destination Options or +Hop-by-Hop Options extension header. + +IV. Workaround + +No workaround is available. Packets sent over IPv4 or IPv6 without +any extension headers are unaffected. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date, and reboot. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for errata update" + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 11.3] +# fetch https://security.FreeBSD.org/patches/EN-20:06/ipv6.patch +# fetch https://security.FreeBSD.org/patches/EN-20:06/ipv6.patch.asc +# gpg --verify ipv6.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r358557 +releng/12.1/ r359137 +stable/11/ r358566 +releng/11.3/ r359137 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=243675>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-20:06.ipv6.asc>; +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl5zpldfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cLxaA/+IUDfq39zppv1SsIrwD1a2VZVQvPtNPmM0OUzJK7gt6Jj1lDJjY/WTXl6 +I93Xm1q6VL6u+6n95XfaUe3xu05Oujlq+KE0zu3tOigs50tvyn2+PAQU1waTT3O7 +zFqqLb0mBoQl1WasiLj0NhIpAK3GDYNV/Zd0jYuQzyyhu1kahMpeiVYn5OG7Q1C0 +BUPfObwGfzDYZbDtT4RSok35uVfzLnk5mZ1L+grQaoZbh3OJonlx5GnbRAboncCY +IJRfeyrHvCX2WMKx0CiUTEHZKJErKWcynYHkWYc+jmSqfTFARWBdIHpxQzF52kuW +E34WQDuCf9miSRGrlV1CgwjXUExuPOcUN7XcRRJQkkjc2wnpjMi1qudpyZmNW7Ig +rMQQdRLAmHyuy8ZjNuuBesWqBZYC2pr1p94KGUO7VsRNRVWOe8CEBT5NCRcRzoqw +rhyGlS1ahc6P/6FliYd86MMpdS4S0olRcylW+r5z3O8DStt0VEvwC5cYubqJJDud +Crpuces4hq8xZ2E4ZVN2YclT/gKNNvtNXmPfqpWVLdtCJqg6JTjAShX/YH52Q3/Q +5VOqj1wJmAMV07f68gp6GH+dQIxAnI5uAXwrGBs5Y7PCzRafhUkEy/6m5FHYOpUN +CR+/5Iqp2S79LeAoxSbZmuVh1pmLrs6bVZcfI21V91d5hSniPPE= +=/jJ1 +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-20:04.tcp.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-20:04.tcp.asc Thu Mar 19 17:20:56 2020 (r53996) @@ -0,0 +1,144 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-20:04.tcp Security Advisory + The FreeBSD Project + +Topic: TCP IPv6 SYN cache kernel information disclosure + +Category: core +Module: tcp +Announced: 2020-03-19 +Credits: Michael Tuexen (Netflix, contractor) +Affects: All supported versions of FreeBSD. +Corrected: 2020-03-08 14:48:21 UTC (stable/12, 12.1-STABLE) + 2020-03-19 16:46:01 UTC (releng/12.1, 12.1-RELEASE-p3) + 2020-03-08 14:48:32 UTC (stable/11, 11.3-STABLE) + 2020-03-19 16:46:01 UTC (releng/11.3, 11.3-RELEASE-p7) +CVE Name: CVE-2020-7451 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +The Internet Protocol version 6 (IPv6) header contains a one byte field +called Traffic Class. Two bits of this field are used for Explicit +Congestion Notification (ECN), the other six bits are used as Differentiated +Services Field Codepoints (DSCP). + +The Transmission Control Protocol (TCP) is a connection oriented transport +protocol, which can be used as an upper layer of IPv6. A TCP endpoint is +either acting as a client (sending initially a SYN segment) or as a server +(initially waiting to receive a SYN segment and then responding with a +SYN-ACK segment). + +To mitigate the impact of some attacks against TCP servers (like +SYN-flooding), FreeBSD uses specific code to handle the TCP connection setup +for servers. This includes the transmission and retransmission of SYN-ACK +segments or responding with a challenge ACK segment to a received RST +segment. + +II. Problem Description + +When a TCP server transmits or retransmits a TCP SYN-ACK segment over IPv6, +the Traffic Class field is not initialized. This also applies to challenge ACK +segments, which are sent in response to received RST segments during the TCP +connection setup phase. + +III. Impact + +For each TCP SYN-ACK (or challenge TCP-ACK) segment sent over IPv6, one byte +of kernel memory is transmitted over the network. + +IV. Workaround + +No workaround is available. Systems not using IPv6 are unaffected. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date, +and reboot. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-20:04/tcp.patch +# fetch https://security.FreeBSD.org/patches/SA-20:04/tcp.patch.asc +# gpg --verify tcp.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r358739 +releng/12.1/ r359138 +stable/11/ r358740 +releng/11.3/ r359138 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7451>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-20:04.tcp.asc>; +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl5zplhfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cLuzQ/9HvuKX5w2/CDerZPseNDKqumxjoap6MjfExvpVN4Auy31wcE7248JpZ/d +I+Be927dmghiey97opVcR56g5OJ9QAinQRTWX1rLKaQ2xldGFE5924iLyQ/hjMXG +LDkYrBpJ2Wkdq9XFZKAuu2dpV/RUMlGnKANG/QfAAd5V4VC7Sg5X6ty7ISlVMrM7 +aQdBP4e5XyssfeqZeZ/A57dF3Yi7F1TEEjXeM+dulTET4nm0+w74n+QaNoH6hcMI +n3Bb/SsF9HfbZtXz235vkzbgvvSX4f+D/d3vrcAA9KMVjKBH6QbiwJKuHSdb0GY8 +ENMb7vO7Rx71u8GnCYg659qFrWb/kaTW2BCbgAJyp2747nAw8I7DwZiN2RKWA7qh +JbcZb1rJN9gEccnGyNouuy4DzUlUc4VQnp4ajqV4S1YGbwdfsBqi2c0dYwqEcW96 +RKxxTrH9JB8d52wMMshB7hMfwbeLeOJJ4phFL8knXuv19SWCP/tz6XDopoBN6wTW +yn5g+n7oVCOsSwlPLHl/5WWUTvKjyCB6eZIblFhlbiNTuQiUaegDXx66On+vgVKD +oYA9cDQUcvIKLne/KgCqTQ5MAuwE/7hPyUlGmuiZ3/Qx6CW568+v1kTc19eUQb0a ++e5HDRFhtiQyRMpTC9Yt14sv8oFLynhyt/IbQWTeqppZhBugbJ8= +=CFKz +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-20:05.if_oce_ioctl.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-20:05.if_oce_ioctl.asc Thu Mar 19 17:20:56 2020 (r53996) @@ -0,0 +1,132 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-20:05.if_oce_ioctl Security Advisory + The FreeBSD Project + +Topic: Insufficient oce(4) ioctl(2) privilege checking + +Category: core +Module: oce(4) +Announced: 2020-03-19 +Credits: Ilja Van Sprundel +Affects: All supported versions of FreeBSD. +Corrected: 2019-12-26 16:56:42 UTC (stable/12, 12.1-STABLE) + 2020-03-19 16:48:29 UTC (releng/12.1, 12.1-RELEASE-p3) + 2019-12-26 16:58:11 UTC (stable/11, 11.3-STABLE) + 2020-03-19 16:48:29 UTC (releng/11.3, 11.3-RELEASE-p7) +CVE Name: CVE-2019-15876 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +The primary interface used for network driver configuration is ioctl(2). +Several ioctl(2) commands are reserved for driver-specific purposes. For +instance, a driver may use one of these ioctls to implement an interface for +updating device firmware. + +II. Problem Description + +The driver-specific ioctl(2) command handlers in oce(4) failed to check +whether the caller has sufficient privileges to perform the corresponding +operation. + +III. Impact + +The oce(4) handler permits unprivileged users to send passthrough commands to +device firmware. + +IV. Workaround + +No workaround is available. Systems that do not contain devices driven by +oce(4) are unaffected. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date, +and reboot. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-20:05/if_oce_ioctl.patch +# fetch https://security.FreeBSD.org/patches/SA-20:05/if_oce_ioctl.patch.asc +# gpg --verify if_oce_ioctl.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r356089 +releng/12.1/ r359139 +stable/11/ r356090 +releng/11.3/ r359139 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15876>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-20:05.if_oce_ioctl.asc>; +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl5zplhfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cJAuBAAnsnjdm2aTLo14rOiNHTNh0NqJPQTJ5F6MwE1P/nUlP5xM21GzDkyki7H +4AytZiCma6MCPzbc8aO6wGnc5zfSA1G/5TLetIgIQeyDQ8wRd0uhIoeO3NB3EXhz +KJkNqtyosmzKUSmq7V/WqYN7VOVceegvbvLXCMTYFkUmvJxYbB67s0upqydFBAD4 +j1ecKkNOIehV6cGColM3Dv7sJtVgdvaKg2ehW+AWR7UBOntIr/X3mVpkUE5Y2oLX +tpjuEbdraOpIw/ohKfvpZNPXnEFmhgxrRV4WRw8yFeMsEtLI2HyyUV4ysZrgMKB+ +LKxdhfd7HhIiGdoRZO4P60traRiRD+VfqU9Jt3xd9fO1t0MZYTS0R0Lqt9n3UPhR +26YcyrJgElaHIz8Viiw1U7Pdxila7b7gL+V4QVNSG00OqCKkdepgURRepzaz8Zhd +lrfLf+9vysPIL6RsJwDb77qYbu9kK/afGmadBVot6QGg6ovWVLUGd0pQFJuLihZl +YRocdxDO0lgF+w6llmp6ZidEjaScL7XG3yKG1DuoSa0tS+0eQU2U2hByJDzzzkTn +x7t7WU8o5gSRYDe68yuJHXiHWswA4IK+tkYf+h8fDhENDbt7PCo86Vq0Dixg3hoG +ak/KfomAAsnh6MfWNRlCWDXbe0p/yxYLPRHugDdrZ2IpX+uJWHs= +=pADZ +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-20:06.if_ixl_ioctl.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-20:06.if_ixl_ioctl.asc Thu Mar 19 17:20:56 2020 (r53996) @@ -0,0 +1,128 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-20:06.if_ixl_ioctl Security Advisory + The FreeBSD Project + +Topic: Insufficient ixl(4) ioctl(2) privilege checking + +Category: core +Module: ixl(4) +Announced: 2020-03-19 +Credits: Ilja Van Sprundel +Affects: All supported versions of FreeBSD. +Corrected: 2020-01-10 18:31:59 UTC (stable/12, 12.1-STABLE) + 2020-03-19 16:49:32 UTC (releng/12.1, 12.1-RELEASE-p3) +CVE Name: CVE-2019-15877 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +The primary interface used for network driver configuration is ioctl(2). +Several ioctl(2) commands are reserved for driver-specific purposes. For +instance, a driver may use one of these ioctls to implement an interface for +updating device firmware. + +II. Problem Description + +The driver-specific ioctl(2) command handlers in ixl(4) failed to check +whether the caller has sufficient privileges to perform the corresponding +operation. + +III. Impact + +The ixl(4) handler permits unprivileged users to trigger updates to the +device's non-volatile memory (NVM). + +IV. Workaround + +No workaround is available. Systems that do not contain devices driven by +ixl(4) are unaffected. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date, +and reboot. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +3) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-20:06/if_ixl_ioctl.patch +# fetch https://security.FreeBSD.org/patches/SA-20:06/if_ixl_ioctl.patch.asc +# gpg --verify if_ixl_ioctl.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r356606 +releng/12.1/ r359140 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15877>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-20:06.if_ixl_ioctl.asc>; +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl5zplhfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cIyvg/+Myq/m3iP2V8tluOVxVmXOEn9qULYfSEM8thr7N+EZpepK45KMkVeBMp5 +gGvd8XEbZyS1RSu+Knr3+yU+jQTFeVg/52QJ8fcTbH5r+5fcO0eJw9I0hwoJBAM+ +Fp7mTtON6PUCIlaXcwmFQfQ4l1iPee2qCsn7ia02dBFZXvHq6fT6tplSagtJj8Fd +xOBvnlf8obrvC+TswIKydCREaGAIRKTa0yMzh0Ml435gmCYMrGTe2NtjNKM9sgw8 +N0Y5QHuV59kiM3mYc5I7uLux1wUIlO6rdZ2lOsbuWNcW40q9IE1Gve9kjhmha8Ls +h7BW3VPLM8gxwrgJNygxSRtremDYfQZNoeONqRKd0C2H5EVT4vZfPRI4VxziNGU7 +US0VJwm7x/bET/zbVS5YIsGwqyn9kVjBRpv+eRN4CNmEoZugB/ZJn7lRhZ9cdsTG +fDM/ULk7UMPrap8ltr0hcYvLYzOmsR1K+oxqmWLzO2+FpnoUrAmWaInptbBuOaSj +tbmRc97wpR7LJcrmAo3rHvHdbwzY9jsQk1X1Y4LAKAr114S36m3HqwX5mhv91/ZR +oXOiDYCvFlf8BBQo5BMFDlSfft1Nd8iwAEumHmo+hFFs/yVwJlwwyt2tVwpT3V3Z +py6szSTnDzjslb/JGYI8ujpHNuJrfdWRmJUrXzqreKbiYA5pWGo= +=MmYl +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-20:07.epair.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-20:07.epair.asc Thu Mar 19 17:20:56 2020 (r53996) @@ -0,0 +1,136 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-20:07.epair Security Advisory + The FreeBSD Project + +Topic: Incorrect user-controlled pointer use in epair + +Category: core +Module: kernel +Announced: 2020-03-19 +Credits: Ilja van Sprundel +Affects: All supported versions of FreeBSD. +Corrected: 2020-02-04 04:29:54 UTC (stable/12, 12.1-STABLE) + 2020-03-19 16:50:36 UTC (releng/12.1, 12.1-RELEASE-p3) + 2020-02-04 04:29:53 UTC (stable/11, 11.3-STABLE) + 2020-03-19 16:50:36 UTC (releng/11.3, 11.3-RELEASE-p7) +CVE Name: CVE-2020-7452 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +The epair(4) interface provides a pair of virtual back-to-back connected +Ethernet interfaces. + +II. Problem Description + +Incorrect use of a potentially user-controlled pointer in the kernel allowed +vnet jailed users to panic the system and potentially execute aribitrary code +in the kernel. + +III. Impact + +Users with root level access (or the PRIV_NET_IFCREATE privilege) can panic +the system, or potentially escape the jail or execute arbitrary code with +kernel priviliges. + +IV. Workaround + +No workaround is available. Systems not using epair(4) are not vulnerable. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date, +and reboot. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your vulnerable system via a source code patch: *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202003191720.02JHKuok043807>