From owner-freebsd-security@FreeBSD.ORG  Mon Apr 29 22:31:52 2013
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id 81BEA358;
 Mon, 29 Apr 2013 22:31:52 +0000 (UTC)
 (envelope-from brett@lariat.net)
Received: from lariat.net (lariat.net [66.62.230.51])
 by mx1.freebsd.org (Postfix) with ESMTP id 1E6561BAC;
 Mon, 29 Apr 2013 22:31:51 +0000 (UTC)
Received: from Toshi.lariat.net (IDENT:ppp1000.lariat.net@lariat.net
 [66.119.58.2] (may be forged))
 by lariat.net (8.9.3/8.9.3) with ESMTP id QAA16119;
 Mon, 29 Apr 2013 16:08:25 -0600 (MDT)
Message-Id: <201304292208.QAA16119@lariat.net>
X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
Date: Mon, 29 Apr 2013 16:08:22 -0600
To: freebsd-security@freebsd.org,
 FreeBSD Security Advisories <security-advisories@freebsd.org>
From: Brett Glass <brett@lariat.net>
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-13:05.nfsserver
In-Reply-To: <201304292055.r3TKtcEs039958@freefall.freebsd.org>
References: <201304292055.r3TKtcEs039958@freefall.freebsd.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
X-Mailman-Approved-At: Tue, 30 Apr 2013 03:40:57 +0000
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Apr 2013 22:31:52 -0000

Please be advised that, when using freebsd-update(8) to install the patch for
this security problem, freebsd-update will move the current kernel to /boot/kernel.old,
and install a new GENERIC kernel in /boot/kernel, even if you have built a custom
kernel and created a copy of the GENERIC kernel in /boot/GENERIC. 

The kernel in /boot/GENERIC is NOT updated, nor are the modules in that directory
updated. What's more, if you did not build modules for your custom kernel, you
will not get copies of the updated NFS modules.

This is probably not the behavior most users who have built custom kernels will
want or expect. (I would have hoped that the GENERIC kernel, its modules, and the
kernel sources would be updated and that I'd be reminded to rebuild my custom kernel
if necessary.)

--Brett Glass

At 02:55 PM 4/29/2013, FreeBSD Security Advisories wrote:
 
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>=============================================================================
>FreeBSD-SA-13:05.nfsserver                                  Security Advisory
>                                                          The FreeBSD Project
>
>Topic:          Insufficient input validation in the NFS server