Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 25 Jul 2016 15:12:34 +0000 (UTC)
From:      Xin LI <delphij@FreeBSD.org>
To:        doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org
Subject:   svn commit: r49164 - in head/share: security/advisories security/patches/EN-16:09 security/patches/SA-16:25 xml
Message-ID:  <201607251512.u6PFCYeT061854@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: delphij
Date: Mon Jul 25 15:12:34 2016
New Revision: 49164
URL: https://svnweb.freebsd.org/changeset/doc/49164

Log:
  Add EN-16:09 and SA-16:25.

Added:
  head/share/security/advisories/FreeBSD-EN-16:09.freebsd-update.asc   (contents, props changed)
  head/share/security/advisories/FreeBSD-SA-16:25.bspatch.asc   (contents, props changed)
  head/share/security/patches/EN-16:09/
  head/share/security/patches/EN-16:09/freebsd-update.patch   (contents, props changed)
  head/share/security/patches/EN-16:09/freebsd-update.patch.asc   (contents, props changed)
  head/share/security/patches/SA-16:25/
  head/share/security/patches/SA-16:25/bspatch.patch   (contents, props changed)
  head/share/security/patches/SA-16:25/bspatch.patch.asc   (contents, props changed)
Modified:
  head/share/xml/advisories.xml
  head/share/xml/notices.xml

Added: head/share/security/advisories/FreeBSD-EN-16:09.freebsd-update.asc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-EN-16:09.freebsd-update.asc	Mon Jul 25 15:12:34 2016	(r49164)
@@ -0,0 +1,149 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-16:09.freebsd-update                                 Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          freebsd-update(8) support of FreeBSD 11.0 release distribution
+
+Category:       core
+Module:         freebsd-update
+Announced:      2016-07-25
+Affects:        All supported versions of FreeBSD.
+Corrected:      2016-07-11 04:50:32 UTC (stable/11, 11.0-BETA2)
+                2016-07-11 04:50:32 UTC (stable/11, 11.0-BETA1-p1)
+                2016-07-11 04:11:33 UTC (stable/10, 10.3-STABLE)
+                2016-07-25 15:04:17 UTC (releng/10.3, 10.3-RELEASE-p6)
+                2016-07-25 15:04:17 UTC (releng/10.2, 10.2-RELEASE-p20)
+                2016-07-25 15:04:17 UTC (releng/10.1, 10.1-RELEASE-p37)
+                2016-07-11 04:12:15 UTC (stable/9, 9.3-STABLE)
+                2016-07-25 15:04:17 UTC (releng/9.3, 9.3-RELEASE-p45)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+The freebsd-update(8) utility is used to apply binary patches to FreeBSD
+systems installed from official release images, as an alternative to
+rebuilding from source.
+
+II.  Problem Description
+
+The recent development of FreeBSD has introduced additional release
+distribution names, which would fail with the existing freebsd-update(8)
+sanity checks.
+
+III. Impact
+
+Upgrading to FreeBSD 11.x from existing FreeBSD releases is not possible
+due failing sanity checks.
+
+IV.  Workaround
+
+No workaround is available other than patching the freebsd-update(8)
+utility, but systems that do not use FreeBSD-provided binary updates
+to upgrade are not affected.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+A reboot is not required.
+
+2) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+A reboot is not required.
+
+Please note that for FreeBSD 11.0-BETA1, the freebsd-update utility needs
+to be patched manually.
+
+# fetch http://update.freebsd.org/11.0-BETA1/i386/f/6b42aa5e560601bbf30c0b7a6ceed274796c955e6254f7a2fcd393376fe21c55.gz
+# gunzip -c < 6b42aa5e560601bbf30c0b7a6ceed274796c955e6254f7a2fcd393376fe21c55.gz > NEW
+# sha256 -q NEW
+
+Verify that the output is:
+
+6b42aa5e560601bbf30c0b7a6ceed274796c955e6254f7a2fcd393376fe21c55
+
+# install -m 555 NEW /usr/sbin/freebsd-update
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-16:09/freebsd-update.patch
+# fetch https://security.FreeBSD.org/patches/EN-16:09/freebsd-update.patch.asc
+# gpg --verify freebsd-update.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/9/                                                         r302537
+releng/9.3/                                                       r303304
+stable/10/                                                        r302536
+releng/10.1/                                                      r303304
+releng/10.2/                                                      r303304
+releng/10.3/                                                      r303304
+stable/11/                                                        r302539
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>;
+
+VII. References
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-16:09.freebsd-update.asc>;
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.13 (FreeBSD)
+
+iQIcBAEBCgAGBQJXliskAAoJEO1n7NZdz2rngvEP/iP/SI7ot9+oiV+BfV5QWUki
+e5ZV9K780kMPfDOxJh7jR9/CJbzHz0Sp/KLLq0vgfpq3hiwdDGnrRGWK0k+Wb0QQ
+QtXftMl5DSSfbaICK03jVjrBszytFpoKIlSqCdT2BB5vGIT9rCO7m2d320MfIQXK
+M1vVxOt67FRVRPbG4nOFwhdExllKk4jt0Tp5AqSkO3WlNC0qVyK6IECwKnpMn3YO
+o0upyQaJCNxZgDzg8X+paCHMYLeliafJhugJjH7V/QtYJI5RMFY7FWaCOtD+uFux
+RkVqsRGxDm7kzlvXMW+sh6jcbP1jk83Nv6LZjNYyZlqYILUoRclubtLXN9aI7Tfa
+Z6Qr33IBX+nRNDFSIy6awm+hiwC9Gm6ODz5aQSMkEd0uzpO11I6BXxUaj7QmEl1u
+NnmmKbdoZvI6k0g4tWMgXZtwFFjij8d7RlyG57Sa058nnHr/0uehgc2g4wU59qXa
+au5USIuyyBzZpyznT2/UFH7GzYlJ10Pq2iog+1U/5NJMgIGMrDQ7xwx8Xwwthdxg
+5fk3dmGWYsnTS/bB567tGuqAwk55lOSLgxYoPUrK9AqGgmZwaMK5yAxbfUl4D9Z1
+6ED1Nmb2EEJSDA7HupECEZOszmmGy8ydSiKzXuSqZ0DLX+LqBBP6YTvCH4w4vyh6
+7KZWLEr7uRQ9/fTqlGFf
+=WJIj
+-----END PGP SIGNATURE-----

Added: head/share/security/advisories/FreeBSD-SA-16:25.bspatch.asc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-SA-16:25.bspatch.asc	Mon Jul 25 15:12:34 2016	(r49164)
@@ -0,0 +1,140 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-16:25.bspatch                                    Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Heap vulnerability in bspatch
+
+Category:       core
+Module:         bsdiff
+Announced:      2016-07-25
+Affects:        All supported versions of FreeBSD.
+Corrected:      2016-07-25 14:52:12 UTC (stable/11, 11.0-BETA2-p1)
+                2016-07-25 14:52:12 UTC (stable/11, 11.0-BETA1-p1)
+                2016-07-25 14:53:04 UTC (stable/10, 10.3-STABLE)
+                2016-07-25 15:04:17 UTC (releng/10.3, 10.3-RELEASE-p6)
+                2016-07-25 15:04:17 UTC (releng/10.2, 10.2-RELEASE-p20)
+                2016-07-25 15:04:17 UTC (releng/10.1, 10.1-RELEASE-p37)
+                2016-07-25 14:53:04 UTC (stable/9, 9.3-STABLE)
+                2016-07-25 15:04:17 UTC (releng/9.3, 9.3-RELEASE-p45)
+CVE Name:       CVE-2014-9862
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+The bspatch utility generates newfile from oldfile and patchfile where
+patchfile is a binary patch built by bsdiff(1).
+
+II.  Problem Description
+
+The implementation of bspatch does not check for a negative value on numbers
+of bytes read from the diff and extra streams, allowing an attacker who
+can control the patch file to write at arbitrary locations in the heap.
+
+This issue was first discovered by The Chromium Project and reported
+independently by Lu Tung-Pin to the FreeBSD project.
+
+III. Impact
+
+An attacker who can control the patch file can cause a crash or run arbitrary
+code under the credentials of the user who runs bspatch, in many cases, root.
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+No reboot is needed.
+
+2) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+No reboot is needed.
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-16:25/bspatch.patch
+# fetch https://security.FreeBSD.org/patches/SA-16:25/bspatch.patch.asc
+# gpg --verify bspatch.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/9/                                                         r303301
+releng/9.3/                                                       r303304
+stable/10/                                                        r303301
+releng/10.1/                                                      r303304
+releng/10.2/                                                      r303304
+releng/10.3/                                                      r303304
+stable/11/                                                        r303300
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>;
+
+VII. References
+
+<URL:https://bugs.chromium.org/p/chromium/issues/detail?id=372525>;
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9862>;
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:25.bspatch.asc>;
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.13 (FreeBSD)
+
+iQIcBAEBCgAGBQJXlir7AAoJEO1n7NZdz2rnTtAP/iFnhrcmRuxmeMGtVPWHZFhH
+/I2iB62wGf4vNGVedwh3fHPEgjEpMvDVP7S+OCLB7Fnf+Mwm9uL47cjxdr/P5dy8
+iKRsojG7HVE3Iia7DyaSEQwbJMQZGWsy2wr9epiHPoOpnSaWKUBx94C+oc7gPdM5
+8LW5OpUgSpFCztQ82gbM/2Bjy5OREJQP6ASW62WO+MkD7n+ZUzsUCdR13bzvpA23
+BaNeInQArn5Zf3OiZXjQ9Go1muml2llQmqxeb8p3V9IbJ3mdUBQat1AtF/yXfpWA
+tkUfgqAaoKbjOrk22h/wBRssPlqqftZDXWqi2KlkEltqyU1evnsb5UVCu0SZdgkW
+lQlnE1vymJCnxC211SweDNbbP8laR0OpjRxUxljSXVMXag4Lh9+9aD6zIZ9zZNi7
+MxXEasLZViwq8gEbZLlLUfcOQVv6T+3jTiH8aRUYFp5PsBGBgQCAQgGCEaztQTNr
+lnSp/rqnP7FEu7gsHtP3wGK03RItNketbKMSUzV5eXiWmVYC3a6/WboqqJuqhDka
+zs3W0h0Fw6iqk6CfImHnhD1unarXnSQU5vRcf9srnUvS0XgYS/113BQK23SjGmki
+OIJe3Wm0CrcChAf8lKdeyPlKFcN906EkQ8Hh8vB00B9BZCXYLY9zBK6lW40NA1UN
+cy+ljfLX/xwCNIJJXdwH
+=FL3H
+-----END PGP SIGNATURE-----

Added: head/share/security/patches/EN-16:09/freebsd-update.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/security/patches/EN-16:09/freebsd-update.patch	Mon Jul 25 15:12:34 2016	(r49164)
@@ -0,0 +1,11 @@
+--- usr.sbin/freebsd-update/freebsd-update.sh.orig
++++ usr.sbin/freebsd-update/freebsd-update.sh
+@@ -1250,7 +1250,7 @@
+ 
+ 	# Check that the first four fields make sense.
+ 	if gunzip -c < files/$1.gz |
+-	    grep -qvE "^[a-z]+\|[0-9a-z]+\|${P}+\|[fdL-]\|"; then
++	    grep -qvE "^[a-z]+\|[0-9a-z-]+\|${P}+\|[fdL-]\|"; then
+ 		fetch_metadata_bogus ""
+ 		return 1
+ 	fi

Added: head/share/security/patches/EN-16:09/freebsd-update.patch.asc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/security/patches/EN-16:09/freebsd-update.patch.asc	Mon Jul 25 15:12:34 2016	(r49164)
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.13 (FreeBSD)
+
+iQIcBAABCgAGBQJXlisdAAoJEO1n7NZdz2rn8A0QAOZkAJrgoOhtyTIp9M15Vgw5
+gbBYIIfu0M0ZORGK0ii+kpoyWSYebM11NEw8j3xodMioCF9xrOKkBqa6aSZbJ/yu
+t+zvs7m0XA/Dz1Gbdk/+Kb9NZiBnK256OUXosg1YCqNZl+G+hkJP0J6mmbhq5ngM
+F29+XfSNsDnZOkO65r8i6HeGCV6xE5WuxWPL4Tyb5eBE4fF1RThJm7wPWz6taNCJ
+rt63fxZsaoZwxPYUq3gne/X33Zdxufg6+nYv6wMF+NpgMg8ATnrDkt8iCSHIi03x
+xfuZHDB90mW0tuCBs06Si7AgZmyoyp99val51xPfyid0rcyHqxhPy5O/ggJTtFUk
+2y+hAq4bF6wk/skJee2vrhSsOOAOwZ1rbysVnjVTy38nGK+2bVskGMCGfsYLNm7z
+BGfUNCdVAn3n+DKpdsC9PBThWD+yVDUpNOuxZoGa+zeX1TY5pw2uJb+DEMqGMGAa
+zIj7A4HGMWksJWcZ14OLckyOX3TegwOl/ypjGBweDpkPmHdpW8Vsp3vzJ7QwGx3Q
+AY0agzts22RjzFlIpfhF5rrPuqekXgx2iAlxlwdikzu4maE5bjmYe81ctPezYFem
+hsdwvHJZlAU30CxIpnUGahvfTVJxeVupLL2lMCD0PdX5s89mQRxY1jAVdkimUUmN
+/DYhPCPiUnodANkReDlm
+=1xk9
+-----END PGP SIGNATURE-----

Added: head/share/security/patches/SA-16:25/bspatch.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/security/patches/SA-16:25/bspatch.patch	Mon Jul 25 15:12:34 2016	(r49164)
@@ -0,0 +1,13 @@
+--- usr.bin/bsdiff/bspatch/bspatch.c.orig
++++ usr.bin/bsdiff/bspatch/bspatch.c
+@@ -164,6 +164,10 @@
+ 		}
+ 
+ 		/* Sanity-check */
++		if ((ctrl[0] < 0) || (ctrl[1] < 0))
++			errx(1,"Corrupt patch\n");
++
++		/* Sanity-check */
+ 		if(newpos+ctrl[0]>newsize)
+ 			errx(1,"Corrupt patch\n");
+ 

Added: head/share/security/patches/SA-16:25/bspatch.patch.asc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/security/patches/SA-16:25/bspatch.patch.asc	Mon Jul 25 15:12:34 2016	(r49164)
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.13 (FreeBSD)
+
+iQIcBAABCgAGBQJXlisQAAoJEO1n7NZdz2rn+DsQANxyj43FDDzMKGUqMksTkJHY
+tZ46p64Je48sfGx5gTbeq/Uu1a6SLSM7ZnXGnwkm+IbOtIxu/tqKG/VhRg519UHU
+7nHRDR8kNc51jyXkG7g0jbwe/kwhZ+a0D2XJGdYIZ6UOzw56b+otdHSU+mLgoNeK
+t+3A6ETxQNXrqBmas87ylaGr7qdvN9ZlCDFjRDH3c2G6lVwA+YriOLSpRCCPe2HK
+bAgj9QoqgeCP1dqzqOiLd+4RCy0/8acdaZL+46vGpqlvWXPQOM6CTDMc3DZ1Ck0S
+UXmcDWJTLnU0BamYw3/q6VQxorQIbM3ihRQZSIx67wwK2FZMyCCrFTOeS7+3Qtn+
+kJgN5ZBrODQ0waYZ+9796+KL4cOff29a0Yj3CECOOhvl4+sQsN+q5oNk7mrSIDoj
+zPbyijP2Op8WTmpY1kL1VjKudbMwnjAHTcl3RQQHMOqsy0jkXmSnaFbq1wwbCCFS
+bLhKz8CzwILjHj4PVFjFB2tnbPzaHZ+PukSFhQJoWPZt2fbY6wetxvnwGNzDckrT
+7QvoLlutBCUXRMueP8fmmaPvf2/C4YdtSRjvhP0aGA16YyULw1/Yb5YMOFmIdxtb
+ba/sdkW2wZJU4is0BXAHlvYLuZCiC+bS5KldQtVh15kU+3bxaM0TL4aFgkQjsBGM
+NULonnlJR8NKf6bFD7RG
+=v3Sd
+-----END PGP SIGNATURE-----

Modified: head/share/xml/advisories.xml
==============================================================================
--- head/share/xml/advisories.xml	Mon Jul 25 15:06:16 2016	(r49163)
+++ head/share/xml/advisories.xml	Mon Jul 25 15:12:34 2016	(r49164)
@@ -8,6 +8,18 @@
     <name>2016</name>
 
     <month>
+      <name>7</name>
+
+      <day>
+        <name>25</name>
+
+        <advisory>
+          <name>FreeBSD-SA-16:25.bspatch</name>
+        </advisory>
+      </day>
+    </month>
+
+    <month>
       <name>6</name>
 
       <day>

Modified: head/share/xml/notices.xml
==============================================================================
--- head/share/xml/notices.xml	Mon Jul 25 15:06:16 2016	(r49163)
+++ head/share/xml/notices.xml	Mon Jul 25 15:12:34 2016	(r49164)
@@ -8,6 +8,18 @@
     <name>2016</name>
 
     <month>
+      <name>7</name>
+
+      <day>
+        <name>25</name>
+
+        <notice>
+          <name>FreeBSD-EN-16:09.freebsd-update</name>
+        </notice>
+      </day>
+    </month>
+
+    <month>
       <name>5</name>
 
       <day>



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201607251512.u6PFCYeT061854>