os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Correct patches for 10.x along with updated advisory.

Browse source
This commit is contained in:
Gordon Tetlow 2018-03-07 17:30:48 +00:00
parent b060bc7373
commit 1adffe452d
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=51470
3 changed files with 40 additions and 35 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

43
share/security/advisories/FreeBSD-SA-18:01.ipsec.asc
View file

@ -14,15 +14,20 @@ Credits: Maxime Villard
Affects: All supported versions of FreeBSD.
Corrected: 2018-02-24 13:04:02 UTC (stable/11, 11.1-STABLE)
2018-03-07 05:53:35 UTC (releng/11.1, 11.1-RELEASE-p7)
2018-03-07 05:47:48 UTC (stable/10, 10.4-STABLE)
2018-03-07 05:53:35 UTC (releng/10.4, 10.4-RELEASE-p6)
2018-03-07 05:53:35 UTC (releng/10.3, 10.3-RELEASE-p27)
2018-03-07 16:55:15 UTC (stable/10, 10.4-STABLE)
2018-03-07 17:16:41 UTC (releng/10.4, 10.4-RELEASE-p6)
2018-03-07 17:16:41 UTC (releng/10.3, 10.3-RELEASE-p27)
CVE Name: CVE-2018-6916
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
0. Revision History
v1.0 2018-03-07 Initial release.
v1.1 2018-03-07 Correct patch for 10.x releases.
I. Background
The IPsec suite of protocols provide network level security for IPv4 and IPv6
@ -101,9 +106,9 @@ affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/10/ r330565
releng/10.3/ r330566
releng/10.4/ r330566
stable/10/ r330609
releng/10.3/ r330611
releng/10.4/ r330611
stable/11/ r329907
releng/11.1/ r330566
- -------------------------------------------------------------------------
@ -126,19 +131,19 @@ The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-18:01.ipsec.asc>
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlqfhClfFIAAAAAALgAo
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlqgIMpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cISCQ//f9bjAzuou4wlbaoVBp+csfE8qwJl0PJAs/guwO9dO/TMLrVzJ+oNtAIR
VO6T7j2uC/eLD80PFsGoTpDAm4O1gqcGGX4OZm/6rE/OdqC3/UhhqpMYke0ZdNuh
ugUyztXZkHuvsLgoR/peW9QqAxRRABTUWL0NPQU4YvtEpa5iOOkzNYuPQ9+dltQC
SXkbGDrHgHwMHSyoZ14eRffrlwOU+bYH7tdMvDzPyr3z4NhJSTJvKBy4dohCal9F
bQRjZSqsGGZ4D0T0BW88RpD3wRBj9s23bSgbcrR8tQvtwEN897S/oL0wtbFYVOQ+
p/ZgiVgV2JvB17m6Dnmt8+CQLEri+21l1NCF2rVMvMBUcZioiO3L43Z3dZNZfRb5
pknuSB6q0HEF5qE1sRIlT2WwH/6rd6VASQOb0NQRTBKNVM7ZU6+Q1PN56KjPhZmw
uVREGJ6fHz/MB58fOLkyhbhvcmL7Hz1CGQwQz1Qi05Gp5T2OYP9POJyK8e/EW+Gs
hiiErWezEWpVtHHfUpbudVlqlLp/Mc8LHlVOCIhnrEWH1zhgBX2Bx/WmELUerJz/
RjOKUdPTQwn8IVkXJfpj42IbxdCG8xvQN/NKWf01maa+Y2xLCtlg8H0I9/9zT80Q
bLdFKjj+M5ysz+bcSR4jl3pd2WMqpidXPvOjph5JcfNWDA5131I=
=Uzqo
5cIRsA//b3GwfCJwKRdmxvEeTMxSrlppHr3x+quY9HhJEy1Sp4G4aPv4T5J0wjwX
vYdRuCtYSbdewGrOtq77Lwf0QKmvay6rvY/FB5Mm5EXqzdSzKLoEWqv9n0ShRbA4
4M61TaqrK6TB/zE+CRm9LS1Vmx7sfOh7ebhWvt1oKoobC/9p/1W/622ZJ6CsE7vc
GWg0zJzbCpw3MfhCF8dTr7mjheL7EiXBQaSNDIa4FqSScPshk87VmUM7rd8NYUuX
ADDTOyQ/9ycwPecHl1/IlFRsIOGXl7mvXy8SibRUsSFNZB53x+915hLRhH+YuQH8
aoWVT+mTwOsJPs36Nd+PwV3iJ5jcLaIXFlx65JHu+rep7BXDpDM6N7BHoeDl3s+y
8qwFUwb6wVEMj93kM8X+VdVx1nyFr/MTFsbj6CaIryXm+X/QtE4TCzDoWn+P+cpo
Ic7q/NDA4abU1KEOQYAS8TTrJl+VTtAVl2gv/D3+TGOXWebXkoAsKvRbXC7eesWa
b1GD5my7sSPmMsSsiNxNus9EtWOE0QMu6Asa/fDhhsg+jUSdsn8Iduia62UFeCXz
NBq87Gobw1WM+N7aDKDbt9+hXBZu3YTPL31IDhCj5ezOWQ77qpDV7c0CiQsRqLjG
nwgNe41g2bhjIFpIoyA/e4aXdOuYHsUKYFCmmzCO1ZGO3NkB0VQ=
=Yb3u
-----END PGP SIGNATURE-----

6
share/security/patches/SA-18:01/ipsec-10.patch
View file

@ -8,11 +8,11 @@
+ DPRINTF(("%s: bad mbuf length %u (expecting %lu)"
+ " for packet in SA %s/%08lx\n", __func__,
+ m->m_pkthdr.len, (u_long) (skip + authsize + rplen),
+ ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
+ ipsec_address(&sav->sah->saidx.dst),
+ (u_long) ntohl(sav->spi)));
+ AHSTAT_INC(ahs_badauthl);
+ error = EACCES;
+ goto bad;
+ m_freem(m);
+ return EACCES;
+ }
AHSTAT_ADD(ahs_ibytes, m->m_pkthdr.len - skip - hl);

26
share/security/patches/SA-18:01/ipsec-10.patch.asc
View file

@ -1,18 +1,18 @@
-----BEGIN PGP SIGNATURE-----
iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlqfhGpfFIAAAAAALgAo
iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlqgIOxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
5cKa+BAAg4G75ea9cM88a8lYwbYhkJtBXtFKI0ct0k0cur083WGBfwiAjvLvulas
wTC4agKfFYViZpk7/gXNtfwNsSwM25mA5qTUOgDErA1SbdQqKcZc+bH3NfeMdSwa
eeQ6xC4qBqgTINE8waXNal1IktqOy3/i/K/Glx6w2UDQrrH1s8PrHDjZBOm0cVlv
n3jM5jVUjIM4otfJxmdleMaF/NEWCbe6JoPxx5/rrPWjm/ZKa+t3Cbz4FNzl4PHO
IInFo6k0u9SKtdaAkGuEIOLtEwfULGcGATONxTGj62T7Yd+3NsmqKsj4eXQv2Aoo
Ez+GRws+QQcQqTHDnqNtAMuRfNXyHnmgKDTxH9DS4uWKIJjjungRJ2OCySSRelPX
GJmnljcuEr0zOx2JkRRKm3opOWRruqh2juFZr2vUD3eiWApqouWt2Jv4ddzuSBBZ
6uFdZJtrvwKIUhEE30V6XRIQOXc/QSQygfPgJ4lGNKMyv/IKOmZeT1JtYoU8a74I
3aX5grnV/fDQgjP6Ks2jwKuMrm9jcJYWEhnhg/rJFaHKcOFmdBde0I4RCraIhCgA
GX3uCFZRotYerNP2DeLhRuWsn4N6S3bAvAO/ICO2NYQEQe4WbVPF9TJNoXf3MBDd
HEAL5iNSD3PYCxmD7m2jAVb+Y0oDMlnsLxpM5eZZQtpNy2QWrjc=
=9maD
5cIdaBAAmNj+4+bMUdvUlsv5wYLWVmsEzVQi8uFJ95RqYZZYlH1VTBZLs0lu03gk
mKzelKexiwoW5tljdZPG7FfInXdy7uaat3iu95tI1QVMW/6x5bVuDIkDf2nr8D5Y
qYNyAQKKE0cMxoe/J8faSuABTpdNTAXTc0ZnTV1wcUC0KQDBQMCgDaMRCsR5DjJV
KErca5fnfidB57wf8XJpj/K/jkmGvuPj0g1ere2GAaQAXaiWSRnl5nyWTX64TXI5
yhrGt0QqpjCkcU3sJPlUIupFe38x13tlLMYuNPZbLFBmL2nwrPluNftBnMA/iGiR
i/PBG3UKYoA0VjX6IMU2UGHZXBZFF8r7P+NTIOJ5qWlJoluqO/SliU11tzcgl9MM
Hq81nbSNa4I12eB/PTI2x3PRcs0Hc6LWMHSY/oomciHykzb+oCTtimN+vYbqzXzf
6VdeHZbuOEhNVyHd9kUWzQv3CY8OsnFZ3zja7IsxkYgDBmbrcVBzdPbf3j/31kSq
AdbErhlz30UVzGEZEiL8ZvIg7Z32MW3etauUYR9QFz5EcKNSd0C9+1+VGVofZEMJ
x//XRvXRIkcY1YY195d2iiRceBa+IZ2XtvKS0ByB+4ZImw0Emeq4Er9A3/GCnyp3
KFj4udpGmUpjh5xXoEl0Pjt3q/JUhTkC0JWtvcrGQJ5kCO1y77A=
=gdOo
-----END PGP SIGNATURE-----