Date: Thu, 27 May 2021 00:47:07 GMT From: Gordon Tetlow <gordon@FreeBSD.org> To: doc-committers@FreeBSD.org, dev-commits-doc-all@FreeBSD.org Subject: git: 72551dc011 - main - Add EN-21:11 to EN-21:16, SA-21:11, and SA-21:12. Message-ID: <202105270047.14R0l7BZ086882@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by gordon (src committer): URL: https://cgit.FreeBSD.org/doc/commit/?id=72551dc01164fe7634a0e303c699e0b037e5f162 commit 72551dc01164fe7634a0e303c699e0b037e5f162 Author: Gordon Tetlow <gordon@FreeBSD.org> AuthorDate: 2021-05-27 00:46:06 +0000 Commit: Gordon Tetlow <gordon@FreeBSD.org> CommitDate: 2021-05-27 00:46:06 +0000 Add EN-21:11 to EN-21:16, SA-21:11, and SA-21:12. Approved by: so --- website/data/security/advisories.toml | 8 + website/data/security/errata.toml | 24 +++ .../security/advisories/FreeBSD-EN-21:11.aesni.asc | 136 +++++++++++++++++ .../advisories/FreeBSD-EN-21:12.divert.asc | 130 ++++++++++++++++ .../security/advisories/FreeBSD-EN-21:13.mpt.asc | 125 +++++++++++++++ .../security/advisories/FreeBSD-EN-21:14.pms.asc | 151 ++++++++++++++++++ .../advisories/FreeBSD-EN-21:15.virtio.asc | 125 +++++++++++++++ .../security/advisories/FreeBSD-EN-21:16.bc.asc | 160 +++++++++++++++++++ .../security/advisories/FreeBSD-SA-21:11.smap.asc | 167 ++++++++++++++++++++ .../advisories/FreeBSD-SA-21:12.libradius.asc | 170 +++++++++++++++++++++ .../static/security/patches/EN-21:11/aesni.patch | 79 ++++++++++ .../security/patches/EN-21:11/aesni.patch.asc | 16 ++ .../static/security/patches/EN-21:12/divert.patch | 94 ++++++++++++ .../security/patches/EN-21:12/divert.patch.asc | 16 ++ website/static/security/patches/EN-21:13/mpt.patch | 61 ++++++++ .../static/security/patches/EN-21:13/mpt.patch.asc | 16 ++ .../static/security/patches/EN-21:14/pms.12.patch | 71 +++++++++ .../security/patches/EN-21:14/pms.12.patch.asc | 16 ++ .../static/security/patches/EN-21:14/pms.13.patch | 81 ++++++++++ .../security/patches/EN-21:14/pms.13.patch.asc | 16 ++ .../static/security/patches/EN-21:15/virtio.patch | 155 +++++++++++++++++++ .../security/patches/EN-21:15/virtio.patch.asc | 16 ++ website/static/security/patches/EN-21:16/bc.patch | 11 ++ .../static/security/patches/EN-21:16/bc.patch.asc | 16 ++ .../static/security/patches/SA-21:11/smap.patch | 81 ++++++++++ .../security/patches/SA-21:11/smap.patch.asc | 16 ++ .../security/patches/SA-21:12/libradius.11.patch | 123 +++++++++++++++ .../patches/SA-21:12/libradius.11.patch.asc | 16 ++ .../security/patches/SA-21:12/libradius.patch | 133 ++++++++++++++++ .../security/patches/SA-21:12/libradius.patch.asc | 16 ++ 30 files changed, 2245 insertions(+) diff --git a/website/data/security/advisories.toml b/website/data/security/advisories.toml index b3a4c14939..ccb6c58848 100644 --- a/website/data/security/advisories.toml +++ b/website/data/security/advisories.toml @@ -1,6 +1,14 @@ # Sort advisories by year, month and day # $FreeBSD$ +[[advisories]] +name = "FreeBSD-SA-21:12.libradius" +date = "2021-05-26" + +[[advisories]] +name = "FreeBSD-SA-21:11.smap" +date = "2021-05-26" + [[advisories]] name = "FreeBSD-SA-21:10.jail_mount" date = "2021-04-06" diff --git a/website/data/security/errata.toml b/website/data/security/errata.toml index bf235e7212..de0a6f640f 100644 --- a/website/data/security/errata.toml +++ b/website/data/security/errata.toml @@ -1,6 +1,30 @@ # Sort errata notices by year, month and day # $FreeBSD$ +[[notices]] +name = "FreeBSD-EN-21:16.bc" +date = "2021-05-26" + +[[notices]] +name = "FreeBSD-EN-21:15.virtio" +date = "2021-05-26" + +[[notices]] +name = "FreeBSD-EN-21:14.pms" +date = "2021-05-26" + +[[notices]] +name = "FreeBSD-EN-21:13.mpt" +date = "2021-05-26" + +[[notices]] +name = "FreeBSD-EN-21:12.divert" +date = "2021-05-26" + +[[notices]] +name = "FreeBSD-EN-21:11.aesni" +date = "2021-05-26" + [[notices]] name = "FreeBSD-EN-21:10.lldb" date = "2021-04-06" diff --git a/website/static/security/advisories/FreeBSD-EN-21:11.aesni.asc b/website/static/security/advisories/FreeBSD-EN-21:11.aesni.asc new file mode 100644 index 0000000000..484758e445 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-21:11.aesni.asc @@ -0,0 +1,136 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-21:11.aesni Errata Notice + The FreeBSD Project + +Topic: Race condition in aesni(4) encrypt-then-auth operations + +Category: core +Module: aesni +Announced: 2021-05-26 +Affects: FreeBSD 12.2 +Corrected: 2021-04-27 19:16:35 UTC (stable/12, 12.2-STABLE) + 2021-05-26 20:40:11 UTC (releng/12.2, 12.2-RELEASE-p7) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +The aesni(4) driver provides implementations of various cryptographic +operations using specialized CPU instructions available on contemporary Intel +and AMD CPUs. This provides improved throughput relative to pure software +implementations of the same operations. + +II. Problem Description + +aesni(4) implements SHA-1 and SHA-2 and can compute HMACs using these +functions. One step of the HMAC computation involves the computation of a +derived key. This step was implemented such that if multiple threads were +concurrently computing an HMAC using the same crypto(9) session, the kernel's +copy of the session key could be corrupted. + +III. Impact + +This bug could cause aesni(4) to return incorrect digests of input data, +or incorrect report a digest verification failure. + +Since the bug is only triggered when multiple threads are sharing a crypto(9) +session, some consumers are unaffected. For example, geli(8) will not trigger +the bug. It is possible to trigger the bug with IPSec or KGSSAPI, or via +crypto(4) if the underlying application is multithreaded and shares sessions +among multiple threads. + +IV. Workaround + +The aesni(4) kernel module may be unloaded to work around the problem. Note +that this may incur a substantial hit to performance. + +Workloads not making use of HMAC-based authentication using aesni(4) are +unaffected. For example, aesni(4) implements AES-GCM, and that implementation +is not susceptible to this problem. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date and reboot. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for an erratum update" + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-21:11/aesni.patch +# fetch https://security.FreeBSD.org/patches/EN-21:11/aesni.patch.asc +# gpg --verify aesni.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the +system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/12/ r369665 +releng/12.2/ r369860 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251462>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-21:11.aesni.asc>; +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmCu6t4ACgkQ05eS9J6n +5cJdUBAAor2SfwygnujBNtepn8miqhACwa2P/8HZo1G68JTrHzRp8U8l/iLhTIwn +FF/aylaIg3uiFkb5V68yi9YKo4a8kIK0U/J805n8WUFFTS5OiwLkI3mLKC3vHMUD +d2gvBaAjPeBNjlNanFp8WpdNsCXvJq9CBXECQnwsnNJ1zpSSsTwm/T48pIeRpk/T +sYpyaLgEjsXl0tx0VkW2wwk7tNSQx0K7BouzqrwbQku18GW9ybETfQh5NE+Mz2+S +T1e3A4y2VNWXpDqCgHwl7+X7NX3FH2wGI56G3Xv781zJY5jq+UjxoXyLGVY56y3P +KvCgqnPavLZgER3ui/bqro3DR3uN6P3hb/Jg/3ChrNVuf9U0hElblWzQ3KQ/y2J8 +21YSuVvclMu4cfWfGcOYA8uXBQCUUYHAMKzenzmj9kZYMWaSZHpn/aibaYWZEO/U +hsDfeJRbR1hIVOdKGUmGrcWc2BVAQw/xHyAIn1IEBvCO9JRl09VPLNU6q19mrquH +GoQ0NRaWg6v+spHJeuiv3wreLjr/mfznk+I4Cz/CT3cVbm7b4gJXerObIWKnEyFI +Cj8ySvkhFAVdWcLIOJPrlIgxY5IoVr/raRuKhJ7kmFkELfUd1HK81e9QdpdzKYOH +hKWROGEBMr6bG17rqMY+tZmlx6wKVtf8mJCQHomQSi3Q7J2DRO0= +=KdoV +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-21:12.divert.asc b/website/static/security/advisories/FreeBSD-EN-21:12.divert.asc new file mode 100644 index 0000000000..c7ac1ce64e --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-21:12.divert.asc @@ -0,0 +1,130 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-21:12.divert Errata Notice + The FreeBSD Project + +Topic: Kernel double free when transmitting on a divert socket + +Category: core +Module: divert(4) +Announced: 2021-05-26 +Affects: FreeBSD 13.0 +Corrected: 2021-05-10 13:36:08 UTC (stable/13, 13.0-STABLE) + 2021-05-26 19:30:51 UTC (releng/13.0, 13.0-RELEASE-p1) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +divert(4) sockets are a facility that permit firewalls to transmit a +copy of a packet to a userspace process. They may also be used by +userspace programs to inject packets into the IP packet processing +stack. In the FreeBSD base system, the only user of divert(4) sockets +is natd(8). + +II. Problem Description + +A bug in the error handling of transmission on a divert(4) socket could +result in a double free of an mbuf. + +III. Impact + +Systems making use of divert(4) may misbehave or panic in a +non-deterministic manner. + +IV. Workaround + +No workaround is available. Systems not making use of divert(4) sockets +are unaffected. divert(4) sockets appear in sockstat(8) output as using +protocol "div". + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date and reboot. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for an erratum update" + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-21:12/divert.patch +# fetch https://security.FreeBSD.org/patches/EN-21:12/divert.patch.asc +# gpg --verify divert.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the +system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ eafeee082c50 stable/13-n245578 +releng/13.0/ 22b58630d6ba releng/13.0-n244737 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>; + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=255104>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-21:12.divert.asc>; +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmCu6usACgkQ05eS9J6n +5cJ/mw//SPzrCBbMJBWgwhQiJpI50BRgXWBFneThy2f5+2LWsg5gh1OJjqhqk+s9 +6PAHxujsUM15zAUQhwv5g+Z6g1l9j2Zy4kPsCN/QJR1zL51zqabOdOnqmAOom6gQ +nbXS2Fsh43dqCx3S+uEviC7U62kbU7CRXAhCI3wsHwRAyvzuXcUWizazp1hYllDE +IZ5LqJG/t9ZrMgMd3KabCoIVHFgPANZaBpSSFPhnDZxz7mvGVN4XtX2RYOht9f2B +xN05YSwmSLcB8EE1TQmjgcD6/K3hrPvkeFC0qSe9F66SJakuX19vfiWF2mrN/SO1 +fIILHtCaHcs2IWVzKK4FG01t3r3o7TkAnux+R4T7aMMh8LGbYiGtYCrlzaIN45aZ +bEA4aNqpZl1J1DtnthTnhNsd3R6Cq7f/hjtGNxYrSp6QLECPb4FhqVUig7m3p0s4 +a3Y5m3govOnTaRppmSt7aoXGd/yQDDc4YfIbqkWa/z3IabbW+cVUH5+uexmdLy+y +WJl/sNqznQPKPGDtPq39Ez1Pt6+TsOAowG4TXbNmaIk8C00KjFWnr+XcNS4GAhnd +QK+B2N9TQpBTSgwVMhDnjNIptEjE75VmpW3yAlQt6FL1DlVcAgZ5dgVeGHHPI+NZ +ONMpO+ifh/sRUDLH4QMviMoNi23ngkFdjo1Cq10DrIrxP4wDh6E= +=yWIx +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-21:13.mpt.asc b/website/static/security/advisories/FreeBSD-EN-21:13.mpt.asc new file mode 100644 index 0000000000..e91db4a244 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-21:13.mpt.asc @@ -0,0 +1,125 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-21:13.mpt Errata Notice + The FreeBSD Project + +Topic: mpt(4) I/O errors with a large maxphys value + +Category: core +Module: mpt +Announced: 2021-05-26 +Affects: FreeBSD 13.0 +Corrected: 2021-04-24 00:43:14 UTC (stable/13, 13.0-STABLE) + 2021-05-26 19:29:54 UTC (releng/13.0, 13.0-RELEASE-p1) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +mpt(4) is a driver for LSI disk controllers. + +II. Problem Description + +The mpt(4) driver did not correctly handle I/O requests larger than or +equal to 2MB and would incorrectly report errors. The I/O request size +is limited by the value of the kern.maxphys tunable and the default +value is below this threshold. + +III. Impact + +With kern.maxphys set to 2MB or larger, I/O to mpt(4) devices will not +work correctly. + +IV. Workaround + +To work around the problem, ensure that the kern.maxphys value is kept +at its default value. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date and reboot. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for an erratum update" + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-21:13/mpt.patch +# fetch https://security.FreeBSD.org/patches/EN-21:13/mpt.patch.asc +# gpg --verify mpt.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the +system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ f0077b4c1dcf stable/13-n245384 +releng/13.0/ a8a91efa74e0 releng/13.0-n244734 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>; + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-21:13.mpt.asc>; +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmCu6uwACgkQ05eS9J6n +5cJB6A//bXZXr5CaQJeZYCt88W4EXHaf9vZSLE0p3umoNE2V7bXFsfKPN+mQJKmB +KFOHD8PZstnG0MX4D30t8gzxeLaadO3XhzifE8bRCa49Xiibdg0eL/XqQWylyVkm +Qpyi4QIqmfPijNVFFf9FFv+1I+ERhF66isqzcWravucZZn+nV26eKaPBSPzRv7pz +qbDxW3JHXNZOo6qJJiN71mPwlOleiY4ZcIsR1iz0uf2Uo7qu69YyecPkDnj0lbxT +2CrH2JV7sLXRkAHn9gujk50nu4iyUkWFsgo7dQZ34yEFXqicQMMAkiFpVadJvFgz +FXcLVBbKCuuI0yr5vV6/jms36FQVBtWlZGJx/BKg5jGhj8deSireP4BsyttfWdQA +6zLGtyKghFAmG9o9XCzOtast9LUd0ggK3RIe4GzxImWe2mWAnQPEp7QQD0sqmYzW +XDzF5rwHzdYDTtnp+fQ9rLKhKsunMwk3tCslnb3sO4Ai2bXm+wjV4t6nresmAZDT +fJlKU8XyIhzHy33rUe1JGhv+iuNbORA7dS07XYrB70T80HOFMNo1vOy4NE2A41TJ +plPXCjIdOZBkZsmy16uYLMnljRzYgBLejr/4QnSbKxEtUGJiog8osnGnFC6wCzgy +XyscM8G2tL6jvmAVuKDLDiiBRZtc7ZEGHGjTpABLccPOmbcq4fk= +=Ch28 +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-21:14.pms.asc b/website/static/security/advisories/FreeBSD-EN-21:14.pms.asc new file mode 100644 index 0000000000..db520ea5ad --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-21:14.pms.asc @@ -0,0 +1,151 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-21:14.pms Errata Notice + The FreeBSD Project + +Topic: pms(4) data corruption + +Category: core +Module: pms +Announced: 2021-05-26 +Affects: FreeBSD 12.2 and later. +Corrected: 2021-04-23 01:05:42 UTC (stable/13, 13.0-STABLE) + 2021-05-26 19:30:23 UTC (releng/13.0, 13.0-RELEASE-p1) + 2021-04-23 01:11:07 UTC (stable/12, 12.2-STABLE) + 2021-05-26 20:40:15 UTC (releng/12.2, 12.2-RELEASE-p7) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +pms(4) is a driver for PMC-Sierra disk controllers. + +II. Problem Description + +Two problems are fixed by this update. + +First, the pms(4) driver did not correctly handle the new kern.maxphys +value set in FreeBSD 13.0. The devices supported by the driver impose a +limit on the maximum I/O size, and this limit is smaller than the new +default. + +Second, the pms(4) driver did not correctly handle some error cases in +the I/O path and would falsely report success to upper layers. + +III. Impact + +The bugs may cause data corruption. + +IV. Workaround + +No workaround is available. Systems not using pms(4) are unaffected. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date and reboot. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for an erratum update" + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 13.0] +# fetch https://security.FreeBSD.org/patches/EN-21:14/pms.13.patch +# fetch https://security.FreeBSD.org/patches/EN-21:14/pms.13.patch.asc +# gpg --verify pms.13.patch.asc + +[FreeBSD 12.2] +# fetch https://security.FreeBSD.org/patches/EN-21:14/pms.12.patch +# fetch https://security.FreeBSD.org/patches/EN-21:14/pms.12.patch.asc +# gpg --verify pms.12.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the +system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 6514cb18d94e stable/13-n245322 +releng/13.0/ b62d492067ba releng/13.0-n244736 +stable/12/ r369655 +releng/12.2/ r369861 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>; + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-21:14.pms.asc>; +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmCu6uwACgkQ05eS9J6n +5cJZWg/8DEsOaseewourLWezA+HeV2aHfsNf96qa4O7oAOUGtCm7nKi7jodIiLB1 +DiX8YqskrVav36lLxgyQazSCF84xB1YsNP4EiOzjeIoZyirR8+KiG37CunGhUDPg +8mPCE1+WBzHlcDwAEexldi+b88ehEqADbZiGWAsBcXYqhwaXoF6zUkgp5WFRWKzu +Kiq7Wjs7FGkAp38O4UKduybpubSyUjHCeShEGyZvevJQE4kAZKzv1+Q+spUeIBLP +P99p+vidIFIpX4uq0GgjF1GLuz4ym1tRZwu4jlJ0Vhr0KjqTWwxoMZ0m+0+SwKit +dqPLQ/rj1vBiCScU7rIS49wfT6vtujH9gPt4GI5mTY8++4hDkfRvS4D5we9RgIo+ +0j3NIAf0cb47V6nPSOBwAqkFwjtGu7rhtGgmmp1Pmf0v8I/EqRCgIekexMVW294u +L9pyH3LalHqi/GcuMn8emTPiJ6+5a1e+EBKXtnoX5tJvenkSXAl6eV7BuETaaMOc +zvMheSzvcnn+h2jIA1Mizfv9BIglRNakIxzJpSxugQWTzAQ7PutzqSaLCsn9byp3 +590cBmbmVdAFEuqIdz5I/d3BwpF24myNmYFtRlxT115jaOV8ta2qKg4GryMOCUL2 +R+zE2+d1JT+/Ra1wm2vfWIUb1pPQUIIvQ8m2rGhiok0Nlc7C7O0= +=nfsk +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-21:15.virtio.asc b/website/static/security/advisories/FreeBSD-EN-21:15.virtio.asc new file mode 100644 index 0000000000..45bff06182 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-21:15.virtio.asc @@ -0,0 +1,125 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-21:15.virtio Errata Notice + The FreeBSD Project + +Topic: virtio(4) device probing fails + +Category: core +Module: virtio +Announced: 2021-05-26 +Affects: FreeBSD 13.0 +Corrected: 2021-04-03 06:09:50 UTC (stable/13, 13.0-STABLE) + 2021-05-26 20:32:40 UTC (releng/13.0, 13.0-RELEASE-p1) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +VirtIO is a specification for para-virtualized I/O in a virtual machine +(VM). It defines an interface for efficient I/O between the hypervisor +and VM. + +II. Problem Description + +The virtio(4) driver on FreeBSD implemented support of the legacy +interface, which was released before the specification was formalized, +requiring certain characteristics that were different on some VMM +implementations. + +III. Impact + +FreeBSD will not boot on certain VMM implementations. + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date and reboot. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for an erratum update" + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-21:15/virtio.patch +# fetch https://security.FreeBSD.org/patches/EN-21:15/virtio.patch.asc +# gpg --verify virtio.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the +system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 2e107638eac2 stable/13-n245094 +releng/13.0/ 61acb3179a90 releng/13.0-n244741 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>; + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-21:15.virtio.asc>; +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmCu6uwACgkQ05eS9J6n +5cLlmA/5AR5G9Ifb34fJVhj4PT4rUiSj41mbdECbNKTgdPD2zBkedAI9Nc4w2xcG ++/i7hhePMCe8jfIwgw6eWW3UlJWx9XAtR0r/HsPxUt+glopPNcK9xr2OSY2h/jSo +EkFE3JdhTvSwapIH4VNku1PULXXMQWxI3E5Ccd4mEFz/uchq7Q83koE136M2UyXR +XXk9AsxmuNrG/dlWi5MhbUuljqkXY2O160ErIrNivHiOVHIxtiX/snEX6Q4srE2Q +YmdAC07p64xB+3c2ZkFrA/4Khp/XRO8wRwbNE8FhGiVUwlYL2a/BB1Ldq84UbdOl +ISEPr564SfhV2bSFs7PM6iHRXdD46K0/7O42X6ZswIhwN1IN+mkTW/LkYdPMpLn2 +S7lmV9ulgOBkAqHQ//+7gcOMPerNXwZ0Rcnf8SY8aOqOkgIVIXG0XocOl/nBJ9CZ +Syq7vuFly9EijTYtLonNv3XtTjB9Z5UjwBJPnmNGS6JYgbJQVpjllchLkb+cv5Kt +jVnC5YiuOAaNJ8XjqfjhyHXZrSkVmdYINRohn1y2tojNkn3jRMCYJMB0EvIugCqU +oCKmMn8R3m87723ylm5CykXmxgkSR3rfsvwzvioEFojcC+sgB5H5tdcP0XLvqg52 +DP9Rnq+j0YfNs/Ud+dcIpI4/7ANduVu+WKsd58w+H3lPmkrP9aE= +=Cr4I +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-21:16.bc.asc b/website/static/security/advisories/FreeBSD-EN-21:16.bc.asc new file mode 100644 index 0000000000..01233d766c --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-21:16.bc.asc @@ -0,0 +1,160 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-21:16.bc Errata Notice + The FreeBSD Project + +Topic: dc update + +Category: contrib +Module: bc +Announced: 2021-05-26 +Affects: FreeBSD 13.0 + FreeBSD 12.2 (only when built with option WITH_GH_BC) +Corrected: 2021-04-06 08:44:52 UTC (stable/13, 13.0-STABLE) + 2021-05-26 20:32:40 UTC (releng/13.0, 13.0-RELEASE-p1) + 2021-04-06 08:44:52 UTC (stable/12, 12.2-STABLE) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +The program dc provides a simple stack-based programming language that uses +a reverse Polish notation. Although it is a fully functional language, it +has been used primarily as a computational engine by the program bc, which +implements a more traditional language based on infix notation of operands. + +In FreeBSD 13.0 and in custom builds of FreeBSD 12.2-STABLE (with the +non-default option WITH_GH_BC) the traditional implementations of bc and dc +have been replaced by a single program under both names that provides better +POSIX conformance of the bc language, compatibility with GNU bc extensions, +and significantly improved performance of big number calculations. + +II. Problem Description + +The "P" command of the dc language outputs the top-of-stack value and should +consume it, but in this version leaves it on the stack. This problem only +affects direct dc command scripts that use "P" and rely on its effect on the +stack (i.e., do not terminate after this command and have references to stack +elements that are hidden by the value that has not been removed). + +III. Impact + +Since dc has been used very little as a general purpose programming language, +only a very small number of dc scripts exist, and most of them are used to +describe the language for educational purposes only. This issue has existed +in this implementation of dc for at least 3 years without having been +noticed. + +If a dc script relies on the correct semantics of a "P" instruction, it will +not execute subsequent instructions correctly, which may result in incorrect +output or in an infinite loop. + +IV. Workaround + +The math/gh-bc port and the gh-bc package have been updated to correct the +issue and are fully compatible with this version in all other aspects. + +They can be installed in addition to the base system versions of bc and +dc but may require a change of scripts that use dc to invoke the version +installed below LOCALBASE. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-21:16/bc.patch +# fetch https://security.FreeBSD.org/patches/EN-21:16/bc.patch.asc +# gpg --verify bc.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 0ca6ce5e976a stable/13-n245186 +releng/13.0/ 312510880e2e releng/13.0-n244742 +stable/12/ r369589 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>; + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-21:16.bc.asc>; +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmCu6u0ACgkQ05eS9J6n +5cK2Ww//Th4xtnGjvJ/GSGUq+eLMDPLJzUJhRI0jgjDVqI8tL5JMyxcui1oR0/Ur ++0GvR7JSYJ+WYLLIMHwnP3DYzyHp7ICRhCJoykwa4yKVpcdLcvX0R8Nm+2/fBC02 +PDFAvnO4HVdOJdqM5rNzA4/Y150HYj30bDXrry0RKaHKYDgp6SVc9+2T7o5zHJSX +x49TiHSVwHCjvnauIFqqFldTz1eGUMMxlisyxD9sP6efkYS49C/25O/xhwdqmrtx +HvhTdFsOr0FgPsMUSvLVcuYJOcW+/1Q+5CM/rjMyQ1VkdP/5UqFGoXHfZuiTvrRY +9pXjymwk1MyUYzEn3vu7B1ZDqJptZ4DRok4La/ylOlVVWq2hUKYtJUQja9u9O2wt +YjBvdAF/wjkr3t93qwsoWwiTP3tuPADtccfQ18rSNmN12405hAVKfLvvGDQ/mTZn +lnDHOpMQXMvuChYdf2VYOX67S7yhxV4+ThrEJkopcdCOOxYRN8A6ePmPyVg+HqHw +WcAGWWPZjm/o0r2SKJi5SM6cwJUMOQAF/hVw02NiK2uY5aXuZlIVDPgHR/LfoDce +juLKfBWAw3om7nPOF7dDXkJDN/HZ03IQM6DOStK7zvytCctxNq2+eVgSb4g/3yvs +mpvGMP1DLQywSOvmp00B8mLws9rcQbe8rUI6rR2hb9kMCcfTHIU= +=MITo +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-21:11.smap.asc b/website/static/security/advisories/FreeBSD-SA-21:11.smap.asc new file mode 100644 index 0000000000..22afada9c9 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-21:11.smap.asc @@ -0,0 +1,167 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-21:11.smap Security Advisory + The FreeBSD Project + +Topic: SMAP bypass + +Category: core +Module: amd64 +Announced: 2021-05-26 +Credits: I lost my dog if you see him please contact me at @m00nbsd. +Affects: FreeBSD 12.2 and later. +Corrected: 2021-05-26 19:18:54 UTC (stable/13, 13.0-STABLE) + 2021-05-26 19:31:50 UTC (releng/13.0, 13.0-RELEASE-p1) + 2021-05-26 19:30:31 UTC (stable/12, 12.2-STABLE) + 2021-05-26 20:40:20 UTC (releng/12.2, 12.2-RELEASE-p7) *** 1494 LINES SKIPPED ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202105270047.14R0l7BZ086882>