Date: Thu, 22 Aug 2019 00:56:21 +0000 (UTC) From: Gordon Tetlow <gordon@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r53316 - head/share/security/advisories Message-ID: <201908220056.x7M0uLdD099987@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: gordon (src committer) Date: Thu Aug 22 00:56:21 2019 New Revision: 53316 URL: https://svnweb.freebsd.org/changeset/doc/53316 Log: Add a workaround for the midi issue. Reviewed by: so Modified: head/share/security/advisories/FreeBSD-SA-19:23.midi.asc Modified: head/share/security/advisories/FreeBSD-SA-19:23.midi.asc ============================================================================== --- head/share/security/advisories/FreeBSD-SA-19:23.midi.asc Wed Aug 21 05:05:23 2019 (r53315) +++ head/share/security/advisories/FreeBSD-SA-19:23.midi.asc Thu Aug 22 00:56:21 2019 (r53316) @@ -23,6 +23,11 @@ For general information regarding FreeBSD Security Adv including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. +0. Revision history + +v1.0 2019-08-20 Initial release. +v1.1 2019-08-21 Updated workaround. + I. Background /dev/midistat is a device file which can be read to obtain a @@ -47,9 +52,14 @@ fault in kernel mode, leading to a panic. IV. Workaround -No workaround is available. Custom kernels without "device sound" -are not vulnerable. +Restrict permissions on /dev/midistat by adding an entry to +/etc/devfs.conf and restarting the service: +# echo "perm midistat 0600" >> /etc/devfs.conf +# service devfs restart + +Custom kernels without "device sound" are not vulnerable. + V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or @@ -120,19 +130,19 @@ The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:23.midi.asc>; -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl1cPgVfFIAAAAAALgAo +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl1d58xfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n -5cItmQ/9HL5BIP/QUvfcBbhZmZAXa7O7V9Em4auumaUWEPnUaAR0vNKZqMvFXNeN -v51/HOwCZte2fCgs8rxSH9ncQR+cUk/3nXO7PZ7pNPNfvuJoPlCV1rIuRrdwm14+ -+pZIJpY65gmmXyh5Qa5cw41MEWuDcKluUg38zEROwBpX4h0J/ZuMSARn/s1jj/kJ -hy2yzgPTz8gAzkNd8OtQm1CHdFnKWabuAHBlltj9qIA3OvJL+TpIFmzU5jA7wO1n -w9GCcz73+IA1RZXu8vPsW9AEc/1LlUrNcyLmJ+bZjW9b7mY9dq+ackvULTzFV21u -5xW2FEX3EBr3kFSbWyIS9zuTX4InftoAr97CBxNMYa25/0En4Ri2rB3oH49BgqTb -sr6p5hO3ZB6gOfJIm3WeYIc9dXsqQcWC/Y8hp7zO/Ef29jBHaa76ZX3uGgKGgyoo -UcoEjIx4ZpiqQxUEigKdlpEQdUtCIOSZ1NjSYDRFuCURDI07o1Oi8/HSdb9tNRe4 -IxfmT7G+oBGbhjZ/bziC/tZX/whXzBdo6eNIBC8XW8hrTDIXVCyqls3igiSqxoFA -WMpQN2gEZ6Yug0zpRCn4fj+dvBobpAle7F/gwZdFeWU/wtDiLQHnBOxPaobR56Qy -fIoVVGufmnjbSReSGh1WtFhDt+uJ8zal/EqGWi3IBIFpxjhAuP0= -=I8mB +5cJ3pw//fbHMCysvmMh+2RZ47d4i9d61cdYEq51VUwT2Cp2pGz+mWAoac89c4k2v +coo+nuvsXfgNGjr6SHGjLw0kCjeJPdPBDstHLnrzqbmuUFeS8rbRS9AGySy8cW7Z +qYh8OuBPqczWRM2STtyIA1nuxrKBxpEKsWdCO41lTue/D6+1rPjFkRtzK5G/yNcJ +2gQjy8DKwX2RdUmjrWXoQbGheCKUz+euhkUOFHjiJYAdLAK4Bq+Dn/Nq36c6Dej0 +wzYkeDwL+c/XxVPk1iucMJfDd+xrOi6HY4BLh4EFkJBKmQa6ciqa1B37ibARMtVb +QbGcjgoUQ1wJLxJEpD0JN5/Rbxg3KOq+8wH5if2pqW8Q9Ir89GNpbq2DjNVpBq28 +1XEE0CpIJUsqZkSobkMlmwQkz4fYNm5PGkIxpVGAUUlhEpnPlHsIWX5ADhyUwS8y +qGkYWDrB7t5kn+66pwef6HOQdSA+76MdHzsb9NF+5ByvcgSqgEJqVpFs31+hAfTQ +fH+UefOm7E65GEARG8M2NUUQnMDY/GlXOaeVgbUu60FPbr3M3QlTuAZcBZZTwd+f +aDtQt4J2P33qfkJWoH4Lt5qNzcGkucFQliKZ0SI4W0IfpaqWlRTaUcaC6MZClgdN +hh/cTP3WruHVsgQKPPO1F1soFCP96cDI1LVeHiYYTLBX0n5JarQ= +=AI8Q -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201908220056.x7M0uLdD099987>