Date: Wed, 07 Aug 2019 01:17:10 -0000 From: Fernando Gont <fgont@si6networks.com> To: freebsd-security@freebsd.org, FreeBSD Security Advisories <security-advisories@freebsd.org> Subject: Re: FreeBSD Security Advisory FreeBSD-SA-19:19.mldv2 Message-ID: <016f565b-9281-dc14-651a-bcd2245f0544@si6networks.com> In-Reply-To: <20190806183211.EE35BEE16@freefall.freebsd.org> References: <20190806183211.EE35BEE16@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Folks, Since FreeBSD ships with IPv6 support enabled by default, aren't all systems affected, one way or another? Thanks, Fernando > ============================================================================= > FreeBSD-SA-19:19.mldv2 Security Advisory > The FreeBSD Project > > Topic: ICMPv6 / MLDv2 out-of-bounds memory access > > Category: core > Module: net > Announced: 2019-08-06 > Credits: CJD of Apple > Affects: All supported versions of FreeBSD. > Corrected: 2019-08-06 17:13:41 UTC (stable/12, 12.0-STABLE) > 2019-08-06 17:11:17 UTC (releng/12.0, 12.0-RELEASE-p9) > 2019-08-06 17:15:46 UTC (stable/11, 11.3-STABLE) > 2019-08-06 17:11:17 UTC (releng/11.3, 11.3-RELEASE-p2) > 2019-08-06 17:11:17 UTC (releng/11.2, 11.2-RELEASE-p13) > CVE Name: CVE-2019-5608 > > For general information regarding FreeBSD Security Advisories, > including descriptions of the fields above, security branches, and the > following sections, please visit <URL:https://security.FreeBSD.org/>. > > I. Background > > MLDv2 is the Multicast Listener Discovery protocol, version 2. It is used > by IPv6 routers to discover multicast listeners. > > II. Problem Description > > The ICMPv6 input path incorrectly handles cases where an MLDv2 listener > query packet is internally fragmented across multiple mbufs. > > III. Impact > > A remote attacker may be able to cause an out-of-bounds read or write that > may cause the kernel to attempt to access an unmapped page and subsequently > panic. > > IV. Workaround > > No workaround is available. Systems not using IPv6 are not affected. > > V. Solution > > Perform one of the following: > > Upgrade your vulnerable system to a supported FreeBSD stable or > release / security branch (releng) dated after the correction date, > and reboot. > > 1) To update your vulnerable system via a binary patch: > > Systems running a RELEASE version of FreeBSD on the i386 or amd64 > platforms can be updated via the freebsd-update(8) utility: > > # freebsd-update fetch > # freebsd-update install > # shutdown -r +10min "Reboot for security update" > > 2) To update your vulnerable system via a source code patch: > > The following patches have been verified to apply to the applicable > FreeBSD release branches. > > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. > > [FreeBSD 11.2, FreeBSD 11.3] > # fetch https://security.FreeBSD.org/patches/SA-19:19/mldv2.11.patch > # fetch https://security.FreeBSD.org/patches/SA-19:19/mldv2.11.patch.asc > # gpg --verify mldv2.11.patch.asc > > [FreeBSD 12.0] > # fetch https://security.FreeBSD.org/patches/SA-19:19/mldv2.12.patch > # fetch https://security.FreeBSD.org/patches/SA-19:19/mldv2.12.patch.asc > # gpg --verify mldv2.12.patch.asc > > b) Apply the patch. Execute the following commands as root: > > # cd /usr/src > # patch < /path/to/patch > > c) Recompile your kernel as described in > <URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the > system. > > VI. Correction details > > The following list contains the correction revision numbers for each > affected branch. > > Branch/path Revision > ------------------------------------------------------------------------- > stable/12/ r350648 > releng/12.0/ r350644 > stable/11/ r350650 > releng/11.3/ r350644 > releng/11.2/ r350644 > ------------------------------------------------------------------------- > > To see which files were modified by a particular revision, run the > following command, replacing NNNNNN with the revision number, on a > machine with Subversion installed: > > # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base > > Or visit the following URL, replacing NNNNNN with the revision number: > > <URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; > > VII. References > > <URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5608>; > > The latest revision of this advisory is available at > <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:19.mldv2.asc>; > _______________________________________________ > freebsd-security-notifications@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security-notifications > To unsubscribe, send any mail to "freebsd-security-notifications-unsubscribe@freebsd.org" > -- Fernando Gont SI6 Networks e-mail: fgont@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?016f565b-9281-dc14-651a-bcd2245f0544>