Date: Thu, 24 Jan 2019 17:47:49 +0000 (UTC) From: Glen Barber <gjb@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r52777 - head/en_US.ISO8859-1/htdocs/security Message-ID: <201901241747.x0OHlnrv063113@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: gjb Date: Thu Jan 24 17:47:48 2019 New Revision: 52777 URL: https://svnweb.freebsd.org/changeset/doc/52777 Log: - Add templates for security advisories and errata notices to the tree. - Link to the templates on the reporting.html page. Suggested by: emaste Discussed with: secteam (emaste, remko) Sponsored by: The FreeBSD Foundation Added: head/en_US.ISO8859-1/htdocs/security/advisory-template.txt (contents, props changed) head/en_US.ISO8859-1/htdocs/security/errata-template.txt (contents, props changed) Modified: head/en_US.ISO8859-1/htdocs/security/Makefile head/en_US.ISO8859-1/htdocs/security/reporting.xml Modified: head/en_US.ISO8859-1/htdocs/security/Makefile ============================================================================== --- head/en_US.ISO8859-1/htdocs/security/Makefile Thu Jan 24 08:13:11 2019 (r52776) +++ head/en_US.ISO8859-1/htdocs/security/Makefile Thu Jan 24 17:47:48 2019 (r52777) @@ -11,6 +11,8 @@ SUBDIR= advisories SUBDIR+= patches DATA= so_public_key.asc +DATA= advisory-template.txt +DATA= errata-template.txt DOCS= charter.xml DOCS+= security.xml DOCS+= advisories.xml Added: head/en_US.ISO8859-1/htdocs/security/advisory-template.txt ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/en_US.ISO8859-1/htdocs/security/advisory-template.txt Thu Jan 24 17:47:48 2019 (r52777) @@ -0,0 +1,140 @@ +============================================================================= +FreeBSD-SA-ADVISORY_TEMPLATE Security Advisory + The FreeBSD Project + +Topic: + +Category: < core | contrib > +Module: <module name> +Announced: 2019-XX-XX +Credits: +Affects: <affected versions> + <e.g., "All supported versions of FreeBSD.", "FreeBSD + 12.0 and later.", "FreeBSD 12.x", or "FreeBSD 11.2"> +Corrected: 2019-XX-XX XX:XX:XX UTC (stable/12, 12.0-STABLE) + 2019-XX-XX XX:XX:XX UTC (releng/12.0, 12.0-RELEASE-pXX) + 2019-XX-XX XX:XX:XX UTC (stable/11, 11.2-STABLE) + 2019-XX-XX XX:XX:XX UTC (releng/11.2, 11.2-RELEASE-pXX) +CVE Name: CVE-XXXX-XXXX + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +<brief description of what the affected bits are supposed to do> + +II. Problem Description + +<detailed description of the problem> + +III. Impact + +<description as to why the above problem is bad> + +IV. Workaround + +<If no workaround exists:> +No workaround is available. + +<... but some systems are unaffected:> +No workaround is available. <insert simple description of some +systems that are not vulnerable> + +<If a workaround exists:> +<insert workaround here> + +V. Solution + +<insert solution here> + +Perform one of the following: + +1) Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. +[XX Needs reboot? Mention please] + +2) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +[XX Needs reboot? Mention please] + +3) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 11.2] +# fetch https://security.FreeBSD.org/patches/SA-XX:XX/XXXX.patch +# fetch https://security.FreeBSD.org/patches/SA-XX:XX/XXXX.patch.asc +# gpg --verify XXXX.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +<for a userland utility:> + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +<for a daemons> + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart the applicable daemons, or reboot the system. + +<for a common library> + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart all daemons that use the library, or reboot the system. + +<for a kernel vulnerability:> + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +------------------------------------------------------------------------- +stable/12/ rXXXXXX +releng/12.0/ rXXXXXX +stable/11/ rXXXXXX +releng/11.2/ rXXXXXX +------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<other info on vulnerability> + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-XXXX-XXXX>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-XX:XX.XXXXX.asc>; Added: head/en_US.ISO8859-1/htdocs/security/errata-template.txt ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/en_US.ISO8859-1/htdocs/security/errata-template.txt Thu Jan 24 17:47:48 2019 (r52777) @@ -0,0 +1,140 @@ +============================================================================= +FreeBSD-EN-ERRATA_TEMPLATE Errata Notice + The FreeBSD Project + +Topic: + +Category: < core | contrib > +Module: <module name> +Announced: 2019-XX-XX +Credits: +Affects: <affected versions> + <e.g., "All supported versions of FreeBSD.", "FreeBSD + 12.0 and later.", "FreeBSD 12.x", or "FreeBSD 11.2"> +Corrected: 2019-XX-XX XX:XX:XX UTC (stable/12, 12.0-STABLE) + 2019-XX-XX XX:XX:XX UTC (releng/12.0, 12.0-RELEASE-pXX) + 2019-XX-XX XX:XX:XX UTC (stable/11, 11.2-STABLE) + 2019-XX-XX XX:XX:XX UTC (releng/11.2, 11.2-RELEASE-pXX) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +<brief description of what the affected bits are supposed to do> + +II. Problem Description + +<detailed description of the problem> + +III. Impact + +<description as to why the above problem is bad> + +IV. Workaround + +<If no workaround exists:> +No workaround is available. + +<... but some systems are unaffected:> +No workaround is available. <insert simple description of some +systems that are not vulnerable> + +<If a workaround exists:> +<insert workaround here> + +V. Solution + +<insert solution here> + +Perform one of the following: + +1) Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. +[XX Needs reboot? Mention please] + +2) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +[XX Needs reboot? Mention please] + +3) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 11.2] +# fetch https://security.FreeBSD.org/patches/EN-XX:XX/XXXX.patch +# fetch https://security.FreeBSD.org/patches/EN-XX:XX/XXXX.patch.asc +# gpg --verify XXXX.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +<for a userland utility:> + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +<for a daemons> + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart the applicable daemons, or reboot the system. + +<for a common library> + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart all daemons that use the library, or reboot the system. + +<for a kernel bug:> + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +------------------------------------------------------------------------- +stable/12/ rXXXXXX +releng/12.0/ rXXXXXX +stable/11/ rXXXXXX +releng/11.2/ rXXXXXX +------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<other info on the problem> + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=XXXXXX>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-XX:XX.XXXXX.asc>; Modified: head/en_US.ISO8859-1/htdocs/security/reporting.xml ============================================================================== --- head/en_US.ISO8859-1/htdocs/security/reporting.xml Thu Jan 24 08:13:11 2019 (r52776) +++ head/en_US.ISO8859-1/htdocs/security/reporting.xml Thu Jan 24 17:47:48 2019 (r52777) @@ -49,6 +49,13 @@ <li>Example code if possible.</li> </ul> + <p>Whenever possible, including the background, problem + description, impact, and workaround (if applicable) using the + templates for <a + href="advisory-template.txt">security advisories</a> and <a + href="errata-template.txt">errata notices</a> as appropriate + would also be helpful.</p> + <p>After this information has been reported the Security Officer or a Security Team delegate will get back to you.</p>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201901241747.x0OHlnrv063113>