Date: Tue, 12 May 2020 17:59:49 +0000 (UTC) From: Gordon Tetlow <gordon@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r54136 - in head/share: security/advisories security/patches/EN-20:08 security/patches/EN-20:09 security/patches/EN-20:10 security/patches/SA-20:12 security/patches/SA-20:13 security/pa... Message-ID: <202005121759.04CHxn0A001652@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: gordon (src committer) Date: Tue May 12 17:59:49 2020 New Revision: 54136 URL: https://svnweb.freebsd.org/changeset/doc/54136 Log: Add EN-20:08 through EN-20:09, and SA-20:12 through SA-20:16. Approved by: so Added: head/share/security/advisories/FreeBSD-EN-20:08.tzdata.asc (contents, props changed) head/share/security/advisories/FreeBSD-EN-20:09.igb.asc (contents, props changed) head/share/security/advisories/FreeBSD-EN-20:10.build.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-20:12.libalias.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-20:13.libalias.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-20:14.sctp.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-20:15.cryptodev.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-20:16.cryptodev.asc (contents, props changed) head/share/security/patches/EN-20:08/ head/share/security/patches/EN-20:08/tzdata-2020a.patch (contents, props changed) head/share/security/patches/EN-20:08/tzdata-2020a.patch.asc (contents, props changed) head/share/security/patches/EN-20:09/ head/share/security/patches/EN-20:09/igb.patch (contents, props changed) head/share/security/patches/EN-20:09/igb.patch.asc (contents, props changed) head/share/security/patches/EN-20:10/ head/share/security/patches/EN-20:10/build.11.patch (contents, props changed) head/share/security/patches/EN-20:10/build.11.patch.asc (contents, props changed) head/share/security/patches/EN-20:10/build.12.patch (contents, props changed) head/share/security/patches/EN-20:10/build.12.patch.asc (contents, props changed) head/share/security/patches/SA-20:12/ head/share/security/patches/SA-20:12/libalias.patch (contents, props changed) head/share/security/patches/SA-20:12/libalias.patch.asc (contents, props changed) head/share/security/patches/SA-20:13/ head/share/security/patches/SA-20:13/libalias.patch (contents, props changed) head/share/security/patches/SA-20:13/libalias.patch.asc (contents, props changed) head/share/security/patches/SA-20:14/ head/share/security/patches/SA-20:14/sctp.patch (contents, props changed) head/share/security/patches/SA-20:14/sctp.patch.asc (contents, props changed) head/share/security/patches/SA-20:15/ head/share/security/patches/SA-20:15/cryptodev.11.patch (contents, props changed) head/share/security/patches/SA-20:15/cryptodev.11.patch.asc (contents, props changed) head/share/security/patches/SA-20:15/cryptodev.12.patch (contents, props changed) head/share/security/patches/SA-20:15/cryptodev.12.patch.asc (contents, props changed) head/share/security/patches/SA-20:16/ head/share/security/patches/SA-20:16/cryptodev.patch (contents, props changed) head/share/security/patches/SA-20:16/cryptodev.patch.asc (contents, props changed) Modified: head/share/xml/advisories.xml head/share/xml/notices.xml Added: head/share/security/advisories/FreeBSD-EN-20:08.tzdata.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-EN-20:08.tzdata.asc Tue May 12 17:59:49 2020 (r54136) @@ -0,0 +1,150 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-20:08.tzdata Errata Notice + The FreeBSD Project + +Topic: Timezone database information update + +Category: contrib +Module: zoneinfo +Announced: 2020-05-12 +Affects: All supported versions of FreeBSD. +Corrected: 2020-04-27 03:56:47 UTC (stable/12, 12.1-STABLE) + 2020-05-12 16:44:13 UTC (releng/12.1, 12.1-RELEASE-p5) + 2020-04-27 03:57:17 UTC (stable/11, 11.4-PRERELEASE) + 2020-05-12 16:44:13 UTC (releng/11.3, 11.3-RELEASE-p9) + +Note: The upcoming release of FreeBSD 11.4 was branched after the original +commit to the stable branch and already includes the updated timezone +information. + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +The tzsetup(8) program allows the user to specify the default local timezone. +Based on the selected timezone, tzsetup(8) copies one of the files from +/usr/share/zoneinfo to /etc/localtime. This file actually controls the +conversion. + +II. Problem Description + +Several changes in Daylight Savings Time happened after previous FreeBSD +releases were released that would affect many people who live in different +countries. Because of these changes, the data in the zoneinfo files need to +be updated, and if the local timezone on the running system is affected, +tzsetup(8) needs to be run so the /etc/localtime is updated. + +III. Impact + +An incorrect time will be displayed on a system configured to use one of the +affected timezones if the /usr/share/zoneinfo and /etc/localtime files are +not updated, and all applications on the system that rely on the system time, +such as cron(8) and syslog(8), will be affected. + +IV. Workaround + +The system administrator can install an updated timezone database from the +misc/zoneinfo port and run tzsetup(8) to get the timezone database corrected. + +Applications that store and display times in Coordinated Universal Time (UTC) +are not affected. + +V. Solution + +Please note that some third party software, for instance PHP, Ruby, Java and +Perl, may be using different zoneinfo data source, in such cases this +software must be updated separately. For software packages that is installed +via binary packages, they can be upgraded by executing `pkg upgrade'. + +Following the instructions in this Errata Notice will update all of the +zoneinfo files to be the same as what was released with FreeBSD release. + +Perform one of the following: + +1) Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. Restart all the affected +applications and daemons, or reboot the system. + +2) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +Restart all the affected applications and daemons, or reboot the system. + +3) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-20:08/tzdata-2020a.patch +# fetch https://security.FreeBSD.org/patches/EN-20:08/tzdata-2020a.patch.asc +# gpg --verify tzdata-2020a.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart all the affected applications and daemons, or reboot the system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r360361 +releng/12.1/ r360969 +stable/11/ r360362 +releng/11.3/ r360969 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-20:08.tzdata.asc>; +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl663tZfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cLsNw/9GPsAAKDQhjy0Y6hqfu8Jygd4sYUn/SghOFyaBvqfUdobKnPe+zy9ankg +uM/Ytfwa/E7nKcI7z6kWiWGngmhkbMUlk4A16GmumSRV5bz/pHWYAusU8pVCtvsw +4zrW14uK19s7Pl9KgdMf72fVGREAKQwbqL4iye9bwxUjP0yCa1VmI1RgAwhTXdqY +fz7bCa8klq+R0oIV2JWnzw+IxwgbLYkV/1dQ5rc1IadciEmPvTls70SCKrzQ3orm +wHpI8zvcle1JUooyQrqkf8sRTnTRNjVN+X9bFw5xMQFmVP0wahtQwXsE8wio73Ia +J5bS40KkHUbKJ57ud+vRv3EQoArF4fhSsRUskK32C5S7ahGYIMDIdSCJcUHq7zTA +gv9oaIgMSsoYq98M/JDdFsn49NNf4hitETChwQ2GdBpBXk77PSXz48kncm2TXPzn +ibM8nufZxAG768sNAji4AtMb9/MiMoE2CDbmXV9pIc9XK/5hz91GDAdGY0BSH1q8 +LrwSpuOJvLHOQE1gVqxqB/DNkPOGMOqq62cagSxE4D0aGhHuTWq0h2BuF6TlbVs+ +cnog6eZ2BZcVsnkrSiWPQFPH1fg60bzmh6LdhIYRmTjWNxVu+fvm9yHUz3/SHt5N +Kdll9Hy0QsXjtmwcgl55e4vint1ke4PeMc3sTbkpcodCRpg6faA= +=Mxc9 +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-EN-20:09.igb.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-EN-20:09.igb.asc Tue May 12 17:59:49 2020 (r54136) @@ -0,0 +1,124 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-20:09.igb Errata Notice + The FreeBSD Project + +Topic: igb interfaces fail to switch to inactive state + +Category: core +Module: kernel +Announced: 2020-05-12 +Affects: FreeBSD 12.1 +Corrected: 2019-10-24 14:18:06 UTC (stable/12, 12.1-STABLE) + 2020-05-12 16:46:14 UTC (releng/12.1, 12.1-RELEASE-p5) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +The igb driver supports Intel Gigabit Ethernet interfaces. + +II. Problem Description + +The igb driver does not detect link loss, and the interface does not +transition to "inactive" upon link loss. + +III. Impact + +Incorrect link state may lead to system-level misbehaviour (for example, lagg +interfaces may not transition to an alternate interface) and may cause +confusion for system administrators. + +IV. Workaround + +Bringing the interface down and back up (e.g., "ifconfig igb0 down" followed +by "ifconfig igb0 up") may cause the status to correctly change to inactive. +Systems not using interfaces supported by the igb driver are not affected. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date, and reboot. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for errata update" + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-20:09/igb.patch +# fetch https://security.FreeBSD.org/patches/EN-20:09/igb.patch.asc +# gpg --verify igb.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r354021 +releng/12.1/ r360970 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=236724>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-20:09.igb.asc>; +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl663tZfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cIXkQ/7Bd9xjLiBJI3yG/8iCaAsQcqLPAvxS4cwtBTvzcOTs9iDs71YbiVy0IcU +ffcorkOmlwMKPSlDmgZPNxW9l8k1eOrBp2m+8UVZ0bUxA/Vp2fv9Er0A7RPoZO17 +o8fqvTFc3OPuF4LAQ+cC/lH2yiB/F/m6qqph6GisQWUARH1CLvf2FwQFbgBJ5HMN +jqiL71M3TTnoM9ZwKWelsaOLa2eGDb1zUJ/JcM33uBQ5WTMO7zcN0yxmD0i0dCrJ +4ZeewKijLWEjJucsqflSEJhc4fo01SRkii66O0r7VLff7gqiCMbieWNr1BF578l5 +fT36r/C06YlivbNErRrZ13LOP5uLre7t4z0cg7fwkRNYfbA7f5o9YRQIp1t7QXN3 +E/6DOr7r5YTfdM6pd7gm5CDprIjZuQcc4hvBXg2FeM9dkZnoVnAKSU9zfNk8N5ly ++YrF3Sl/b/jGI0CI5AuYNzDH3lZf2tdicO9kM8qp8f8IkchAxLrZ4sZmoPqrX8O1 +n5a/e9bgfPAMMJO3PZFbI3haS0wsdkFFuDvrI/raaC/gbBVDwQ25YvKa+OP/Oej7 +H3ao1MPs0Y1FnO/104aVDbNMrDrbDPQnTrwUdF5+DVa1Y9FuBhr8QStsT8oH6il1 +tBKDVjEGb0aT8tF3T+x0Ugaow0pr05MnfipwZe6xUhfpvXEaLU0= +=LGyL +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-EN-20:10.build.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-EN-20:10.build.asc Tue May 12 17:59:49 2020 (r54136) @@ -0,0 +1,138 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-20:10.build Errata Notice + The FreeBSD Project + +Topic: Incorrect build host Clang version detection + +Category: core +Module: build +Announced: 2020-05-12 +Affects: All supported versions of FreeBSD +Corrected: 2020-02-18 18:03:04 UTC (stable/12, 12.1-STABLE) + 2020-04-29 18:51:34 UTC (releng/12.1, 12.1-RELEASE-p5) + 2020-02-18 18:03:04 UTC (stable/11, 11.3-STABLE) + 2020-04-29 18:59:37 UTC (releng/11.3, 11.3-RELEASE-p9) + +Note: The upcoming release of FreeBSD 11.4 was branched after the original +commit to the stable branch and already includes this errata. + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +FreeBSD's build system detects the host compiler version and uses that to +control certain actions during the build. + +II. Problem Description + +The Clang and LLD version detection accepted only versions matching the shell +glob pattern [1-9].[0-9]*, which notably does not include 10.0. The build +then proceeded as if the compiler or linker version was 0.0. + +III. Impact + +Attempting to build 12.1-RELEASE on 13-CURRENT failed. The version detection +issue also affects 11.3-RELEASE (although the build does not fail). + +This issue only affects attempts to build FreeBSD 12.1 or 11.3 on a -CURRENT +host. + +IV. Workaround + +Install 11.3-RELEASE or 12.1-RELEASE on the build host. No action is +required when building 11.3 on an 11.3 host, or 12.1 on a 12.1 host. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 12.1] +# fetch https://security.FreeBSD.org/patches/EN-20:10/build.12.patch +# fetch https://security.FreeBSD.org/patches/EN-20:10/build.12.patch.asc +# gpg --verify build.12.patch.asc + +[FreeBSD 11.3] +# fetch https://security.FreeBSD.org/patches/EN-20:10/build.11.patch +# fetch https://security.FreeBSD.org/patches/EN-20:10/build.11.patch.asc +# gpg --verify build.11.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r358076 +releng/12.1/ r360473 +stable/11/ r358076 +releng/11.3/ r360474 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=245973>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-20:10.build.asc>; +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl663tZfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cIpBQ//Z3C6D2fP/MifBXt4ueGydxnImlZ3nh8J363j45Yla2SrG1ojLS3ld47a +sz6mpMKOfXGtxd/oV64rnx+87ZiMygTTGnzQHclE3FZzYm2WmeMmXcyznq0ap0tt +OJltwJY3KM/7znhJs+dRGIWVrHWStcT0oDmJzSE4u8+zZp4+psFSeBvJlWmZUgUt +iIWQMrYUh6s6zGFpjL+6Qy3qDReVXB/+Lc/Wo1RNxff+7VOhYhzDIBr3JooIFy1C +TG3AqtW2PC59B4cZHWUUVxnRyBAuyvlPxf+yWa7JRP/06m0YJlzWNpoKkvkdo4+x +gG7ulHZU35QLc/NJVX+osTGaGJ7j3pmh1O0npPWbdmsXsR9ugMIZ6rv7+zxq0EX7 +C/7d3fpLw4UcOGbHEI2mZH266IOt/5PaADXjcRO0d/EZRU5zeArWP0vbKF1Hmjg+ +0rdNTv5rPxAVqGSzxC/dpaXCUCGbw0oZz2V6YDL/cxtHdqZwcuNx7nARpWh4H1tE +0XG3McL8WejJELUb1KtyKrLNQRJ9QzM6tkvTupZcD/7ztL3cVL4tm5Gnfuo/Ui+i +VcilDPJnm1aT6r3b5Yzz15VkvAP6bf924lXrJZP19pJMXv90wmKsHUzqgIRG9DsB +iWLVJND9lALxcrW4ZBD+KmIOYukDrzNZJQBM8NzLiaRGgJDFCHg= +=///S +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-20:12.libalias.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-20:12.libalias.asc Tue May 12 17:59:49 2020 (r54136) @@ -0,0 +1,146 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-20:12.libalias Security Advisory + The FreeBSD Project + +Topic: Insufficient packet length validation in libalias + +Category: core +Module: libalias +Announced: 2020-05-12 +Credits: Lucas Leong (@_wmliang_) of Trend Micro Zero Day Initiative + Vishnu working with Trend Micro Zero Day Initiative +Affects: All supported versions of FreeBSD. +Corrected: 2020-05-12 16:49:04 UTC (stable/12, 12.1-STABLE) + 2020-05-12 16:51:11 UTC (releng/12.1, 12.1-RELEASE-p5) + 2020-05-12 16:49:04 UTC (stable/11, 11.4-STABLE) + 2020-05-12 16:51:11 UTC (releng/11.4, 11.4-BETA1-p1) + 2020-05-12 16:51:11 UTC (releng/11.3, 11.3-RELEASE-p9) +CVE Name: CVE-2020-7454 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +The ipfw(4) system facility allows IP packet filtering, redirecting, and +traffic accounting. The ipfw(4) packet filter also contains two different +methods of accomplishing network address translation (NAT): in-kernel and +userspace. Both implementations use the same functions provided by libalias. + +The libalias(3) library is a collection of functions for aliasing and +dealiasing of IP packets, intended for masquerading and NAT. Additionally, +libalias(3) includes modules to support protocols that require additional +logic to support address translation. + +Note: libalias(3) is not used by either the pf(4) or ipf(4) firewalls. + +II. Problem Description + +libalias(3) packet handlers do not properly validate the packet length before +accessing the protocol headers. As a result, if a libalias(3) module does +not properly validate the packet length before accessing the protocol header, +it is possible for an out of bound read or write condition to occur. + +III. Impact + +A malicious attacker could send specially constructed packets that exploit +the lack of validation allowing the attacker to read or write memory either +from the kernel (for the in-kernel NAT implementation) or from the process +space for natd (for the userspace implementation). + +IV. Workaround + +No workaround is available. Only systems using NAT and ipfw together are +affected. Systems using ipfw(4) without NAT, or systems leveraging pf(4) or +ipf(4) are not affected. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date, +and reboot. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-20:12/libalias.patch +# fetch https://security.FreeBSD.org/patches/SA-20:12/libalias.patch.asc +# gpg --verify libalias.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r360971 +releng/12.1/ r360972 +stable/11/ r360971 +releng/11.4/ r360972 +releng/11.3/ r360972 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7454>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-20:12.libalias.asc>; +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl663tdfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cK1Iw/7BpU400GeYsWt6xd+tUuBqGGB6a28+4G/e2GkqMF83vwAaf9+M4siM4Md +t0RUDLhcC3irLtGehLcXmVdWZUakmacGa3pGza3E8qdCSQC6+VdO4ghzk5fRlVf0 +jmcvCi7zml0YhmATkfMBscPeOJmvENUpouVIwzn4CXMwCKMofjKXdW8+tiT6ppsD +RVVeUrGdslVo40KZ8wqxx4y2IMKZ7qW/UZnqWQFAAD3d3iQBJXORpy1xn0AZStY2 +ddnhkKdBOyKs5JLoJfSwP8vyTi4iMXPFILP1spuTAqxEFBRTZ3rTE81jimznhp5N +/OXI92khj6deiTc1kun+ef3n89e1w6KO4Dt1LUNL08N4mpEwLwvBGLS/5v/3KVpm +Q6XknASLY4RaWdj1D5zbPY6F+JFUv22la5mdia4Gn1zxjsyZNMGgM6nx8OCZn4qg +JTr7RT4f+EubkEwYD1sw60iTYsqM3o1gFUzkFdEAotWU4tl3nxRkUwusikX7Uu7e +2QY46Sg/6NxW+oelx1qDGjMlP2CIlEsEqj4ND3eJzJT6nef1xmmTUUu+kQF4TBtX +J7XqmuTzST2ySPhBUEIOKbjmzdbe+zpbraADhq5BS3zKKmcVSqmqJxkXPxzCwIwb +uMcg2spQ5fzP/BquOGdQSx0rD3dQ5lTNX6QZyDaKHZR78ZAEiVE= +=I9Vz +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-20:13.libalias.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-20:13.libalias.asc Tue May 12 17:59:49 2020 (r54136) @@ -0,0 +1,145 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-20:13.libalias Security Advisory + The FreeBSD Project + +Topic: Memory disclosure vulnerability in libalias + +Category: core +Module: libalias +Announced: 2020-05-12 +Credits: Vishnu Dev TJ working with Trend Micro Zero Day Initiative +Affects: All supported versions of FreeBSD +Corrected: 2020-05-12 16:52:08 UTC (stable/12, 12.1-STABLE) + 2020-05-12 16:54:39 UTC (releng/12.1, 12.1-RELEASE-p5) + 2020-05-12 16:52:08 UTC (stable/11, 11.4-STABLE) + 2020-05-12 16:54:39 UTC (releng/11.4, 11.4-BETA1-p1) + 2020-05-12 16:54:39 UTC (releng/11.3, 11.3-RELEASE-p9) +CVE Name: CVE-2020-7455 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +The ipfw(4) system facility allows IP packet filtering, redirecting, and +traffic accounting. The ipfw(4) packet filter also contains two different +methods of accomplishing network address translation (NAT): in-kernel and +userspace. Both implementations use the same functions provided by libalias. + +The libalias(3) library is a collection of functions for aliasing and +dealiasing of IP packets, intended for masquerading and NAT. Additionally, +libalias(3) includes modules to support protocols that require additional +logic to support address translation. + +Note: libalias(3) is not used by either the pf(4) or ipf(4) firewalls. + +II. Problem Description + +The FTP packet handler in libalias incorrectly calculates some packet +lengths. This may result in disclosing small amounts of memory from the +kernel (for the in-kernel NAT implementation) or from the process space for +natd (for the userspace implementation). + +III. Impact + +A malicious attacker could send specially constructed packets that exploit the +erroneous calculation allowing the attacker to disclose small amount of memory +either from the kernel (for the in-kernel NAT implementation) or from the +process space for natd (for the userspace implementation). + +IV. Workaround + +No workaround is available. Only systems using NAT and ipfw together are +affected. Systems using ipfw without NAT, or systems leveraging pf(4) or +ipf(4) are not affected. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date, +and reboot. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-20:13/libalias.patch +# fetch https://security.FreeBSD.org/patches/SA-20:13/libalias.patch.asc +# gpg --verify libalias.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r360973 +releng/12.1/ r360974 +stable/11/ r360973 +releng/11.4/ r360974 +releng/11.3/ r360974 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7455>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-20:13.libalias.asc>; +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl663tdfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cK3hhAAlkHMjDluGni1AaDicw5jZuyrdGLEMfgH2OdxcrTQvrBN6ZEkfLsiFvLV +KWgUS+rx3GJApz4rZ6DFwsb+DG+kMCwYGevbT5zH5IUwe1HklyMLmjw48z47DVhx +8tpjCKNb4ttqBzb6RMURoJgo+2NAUQOZLnFGLSGOkquqeW9AhA97ZIGv7TyOPC1p +rJD/ic1IxTUXniNu4soexsRqVoMqv1nA1DLrN4TTooFVCQTHaBUBxSTFlaAsBXyb +7L5GIEydZ2429spQACnFGW4RDveOGB/6Jbt2yHEuu+ASOrwl9sRSu79PYijcz28v +yXjI0zG4A+78qmeCMbGHIySrLjc8XaWgr13Kp4S+40MWQhoGHJ2ZZVdLX010WTvm +nbGs9NQ60sytxdJn1QRTleiBIKjJiVqNEADfS4DhXa/0HouN3L8dVR/+jPfLMFmT +/7GZjhdbn4u0a1ZlgUZ62oHoo8NLop49KY4LHtHd7VpJZ8OfK0qkCN0DL4Ep+Wrg +oZWJL5HGhFOEA4TDYuypJ58yIPsTDVa9MuLMx/SBF30jVZcS1LtbiMXXuZs6clig +oOk4ZE0hpSRdA69xgX459kcTjU6XVJRnTPWyepG3sNljktwk8jyfwKHXOUpJONos +0jWu0ngj60djS8qCrxdkMn3t26fk0IhbA4leBEM+wAKmWsARt/M= +=woOx +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-20:14.sctp.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-20:14.sctp.asc Tue May 12 17:59:49 2020 (r54136) @@ -0,0 +1,138 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-20:14.sctp Security Advisory + The FreeBSD Project + +Topic: Improper checking in SCTP-AUTH shared key update + +Category: core +Module: kernel +Announced: 2020-05-12 +Credits: da_cheng_shao@yeah.net +Affects: FreeBSD 11.3 +Corrected: 2019-09-19 10:01:19 UTC (stable/12, 12.1-STABLE) + 2019-09-19 10:06:18 UTC (stable/11, 11.3-STABLE) + 2020-05-12 16:55:32 UTC (releng/11.3, 11.3-RELEASE-p9) +CVE Name: CVE-2019-15878 + +Note: The upcoming release of FreeBSD 11.4 was branched after the original +commit to the stable branch and already includes the fix for this advisory. +Similarly, the 12.1 branch was created shortly after the original commit to +the stable branch and already includes the fix. + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +The Stream Control Transmission Protocol (SCTP) is a transport protocol +supporting the socket API. An SCTP packet consists of an SCTP common header +and a number of SCTP chunks. + +The SCTP extension SCTP-AUTH can be used to authenticate SCTP chunks. It +uses shared keys which can be managed via the socket API by the application +using an SCTP association. + +II. Problem Description + +The SCTP layer does improper checking when an application tries to update +a shared key. Therefore an unprivileged local user can trigger a use-after- +free situation, for example by specific sequences of updating shared keys and +closing the SCTP association. + +III. Impact + +Tiggering the use-after-free situation may result in unintended kernel +behaviour including a kernel panic. + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date, +and reboot. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-20:14/sctp.patch +# fetch https://security.FreeBSD.org/patches/SA-20:14/sctp.patch.asc +# gpg --verify sctp.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r352509 +stable/11/ r352509 +releng/11.3/ r360975 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15878>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-20:14.sctp.asc>; +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl663tdfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cKMHQ/8C9QgTd37kgGUaKlZ2YpgIWj25acum87au89KvNxID1Kvd9jMOFkfvGOq +YVEqJ5ZwnOPbqme6FpLI2UDM4E2N1aMxEZcTZspWR5U/4butu4+4yy4dGudn0LQ9 +EYwTag0ocCypB/c8tBh0SfN9KHM6JqCgnWFBlwyedHTjdVCUvAgwcZJEi4ne2D3G +S7DgVes6x0gifXY897YQJlfEMfJEtdfLe9SMkIzSltjTD9PJhZ7WD5uqHYNGOFOv +Xh6JNHlAGuFxUpL94Tvr3o8Ptx0oOIo0cMw9fvqZq/Hp48jSEDfMIqhcqbEWmygW +sJo4NaZkqmA3hYCOqiOYSXFGeaSOYQanBduIA2m5BGjy5vHQBgTabSo9yH/ttrC8 +8vBkGAUOyrC+dH5kguT6Q194BwDWuloKr38oQ2PrVbfCRwHtG8SEk/BC3glPCSdE +cWj5h4Eh1+z1GadgQ4JllmH5UBY702Vm1PhqZpGRbtRTbEWL84hT+4XCokq4wmQS +uB2M/Ew77FPBeZxVzE063Zk5/TLOfl2CFywekTX6C8too2YmIqEgl0DX7DYyr+fC +15t2bNkbfvFyS5iPti2rjOSIZG684i39nnk0YcC396azveQRCvDp6Q6E25jsl0pR +P4ARjQkw5cY3MBXtdSXMFON35swHTqZnL4gy134pjGyNVR+A0/k= +=fwNs +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-20:15.cryptodev.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-20:15.cryptodev.asc Tue May 12 17:59:49 2020 (r54136) @@ -0,0 +1,144 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-20:15.cryptodev Security Advisory + The FreeBSD Project + +Topic: Use after free in cryptodev module + +Category: core +Module: cryptodev +Announced: 2020-05-12 +Credits: Yuval Kanarenstein +Affects: All supported versions of FreeBSD. +Corrected: 2020-01-20 11:19:55 UTC (stable/12, 12.1-STABLE) + 2020-05-12 16:57:47 UTC (releng/12.1, 12.1-RELEASE-p5) + 2020-01-20 11:19:55 UTC (stable/11, 11.3-STABLE) + 2020-05-12 16:57:47 UTC (releng/11.3, 11.3-RELEASE-p9) +CVE Name: CVE-2019-15879 + +Note: The upcoming release of FreeBSD 11.4 was branched after the original +commit to the stable branch and already includes the fix for this advisory. + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +The cryptodev module permits userland applications to offload +cryptographic requests to device drivers in the kernel. Applications +create sessions via file descriptors opened from /dev/crypto. + +II. Problem Description + +A race condition permitted a data structure in the kernel to be used +after it was freed by the cryptodev module. + +III. Impact + +An unprivileged process can overwrite arbitrary kernel memory. + +IV. Workaround + +Unload the cryptodev kernel module if it is loaded: + +# kldunload cryptodev + +Note that the cryptodev module is not loaded by default and is not +used by most applications. Specificially, use of accelerated software +cryptography, such as AES-NI, in userland applications via libraries such +as OpenSSL do not make use of the cryptodev module. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date, and +reboot the system. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 12.1] +# fetch https://security.FreeBSD.org/patches/SA-20:15/cryptodev.12.patch +# fetch https://security.FreeBSD.org/patches/SA-20:15/cryptodev.12.patch.asc +# gpg --verify cryptodev.12.patch.asc + +[FreeBSD 11.3] +# fetch https://security.FreeBSD.org/patches/SA-20:15/cryptodev.11.patch +# fetch https://security.FreeBSD.org/patches/SA-20:15/cryptodev.11.patch.asc +# gpg --verify cryptodev.11.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/12/ r356908 +releng/12.1/ r360976 +stable/11/ r356908 +releng/11.3/ r360976 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15879>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-20:15.cryptodev.asc>; +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl663tdfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cLW2A//VW8iJqNaBHhMnCrpl+oDTadzGM3gYVxnM+EEQYzru2Ze0z0tShiAkXrQ +NryjwBpMA3r1nyWDYaWMgbHjcG+jQdsIvoiA+fSU9hXEUbpxwX9ZKlaSZUBDX48X +YScJMewgHCXNpgkTnIckaIyIadOXX+zWhi5T0LN2tS5M5oejTLndAKo9mQm1Ni50 +PYiHFkLzO7v4H6K0cKuJRuHF8+kU1IhvOinZuXwZXoGqmPGTVsA0+T27dWhosaWv +Yqh3Pbp5oS1y3NbbOadLPhY146pT2Qrb2mQOEiHvsXMFRgjIEQzH1MYXx5gvpa4K +CkMwCV/MuNotscVZ00qhVQEGEVlrhgi2IXinzxde5HYCc3mD/KdcYnYz9zOCeIfb +9RfdvKk8uzUITLyz8ZinZBqIHghnSG3M9/cNj2o/97yRfFJazXF/SI41YoV3hcyE *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202005121759.04CHxn0A001652>