Correct patches for 10.x along with updated advisory.
This commit is contained in:
Gordon Tetlow
parent
b060bc7373
commit
1adffe452d
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=51470
3 changed files with 40 additions and 35 deletions
|
|
@ -14,15 +14,20 @@ Credits: Maxime Villard
|
||||||
Affects: All supported versions of FreeBSD.
|
Affects: All supported versions of FreeBSD.
|
||||||
Corrected: 2018-02-24 13:04:02 UTC (stable/11, 11.1-STABLE)
|
Corrected: 2018-02-24 13:04:02 UTC (stable/11, 11.1-STABLE)
|
||||||
2018-03-07 05:53:35 UTC (releng/11.1, 11.1-RELEASE-p7)
|
2018-03-07 05:53:35 UTC (releng/11.1, 11.1-RELEASE-p7)
|
||||||
2018-03-07 05:47:48 UTC (stable/10, 10.4-STABLE)
|
2018-03-07 16:55:15 UTC (stable/10, 10.4-STABLE)
|
||||||
2018-03-07 05:53:35 UTC (releng/10.4, 10.4-RELEASE-p6)
|
2018-03-07 17:16:41 UTC (releng/10.4, 10.4-RELEASE-p6)
|
||||||
2018-03-07 05:53:35 UTC (releng/10.3, 10.3-RELEASE-p27)
|
2018-03-07 17:16:41 UTC (releng/10.3, 10.3-RELEASE-p27)
|
||||||
CVE Name: CVE-2018-6916
|
CVE Name: CVE-2018-6916
|
||||||
|
|
||||||
For general information regarding FreeBSD Security Advisories,
|
For general information regarding FreeBSD Security Advisories,
|
||||||
including descriptions of the fields above, security branches, and the
|
including descriptions of the fields above, security branches, and the
|
||||||
following sections, please visit <URL:https://security.FreeBSD.org/>.
|
following sections, please visit <URL:https://security.FreeBSD.org/>.
|
||||||
|
|
||||||
|
0. Revision History
|
||||||
|
|
||||||
|
v1.0 2018-03-07 Initial release.
|
||||||
|
v1.1 2018-03-07 Correct patch for 10.x releases.
|
||||||
|
|
||||||
I. Background
|
I. Background
|
||||||
|
|
||||||
The IPsec suite of protocols provide network level security for IPv4 and IPv6
|
The IPsec suite of protocols provide network level security for IPv4 and IPv6
|
||||||
|
|
@ -101,9 +106,9 @@ affected branch.
|
||||||
|
|
||||||
Branch/path Revision
|
Branch/path Revision
|
||||||
- -------------------------------------------------------------------------
|
- -------------------------------------------------------------------------
|
||||||
stable/10/ r330565
|
stable/10/ r330609
|
||||||
releng/10.3/ r330566
|
releng/10.3/ r330611
|
||||||
releng/10.4/ r330566
|
releng/10.4/ r330611
|
||||||
stable/11/ r329907
|
stable/11/ r329907
|
||||||
releng/11.1/ r330566
|
releng/11.1/ r330566
|
||||||
- -------------------------------------------------------------------------
|
- -------------------------------------------------------------------------
|
||||||
|
|
@ -126,19 +131,19 @@ The latest revision of this advisory is available at
|
||||||
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-18:01.ipsec.asc>
|
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-18:01.ipsec.asc>
|
||||||
-----BEGIN PGP SIGNATURE-----
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlqfhClfFIAAAAAALgAo
|
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlqgIMpfFIAAAAAALgAo
|
||||||
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
|
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
|
||||||
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
|
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
|
||||||
5cISCQ//f9bjAzuou4wlbaoVBp+csfE8qwJl0PJAs/guwO9dO/TMLrVzJ+oNtAIR
|
5cIRsA//b3GwfCJwKRdmxvEeTMxSrlppHr3x+quY9HhJEy1Sp4G4aPv4T5J0wjwX
|
||||||
VO6T7j2uC/eLD80PFsGoTpDAm4O1gqcGGX4OZm/6rE/OdqC3/UhhqpMYke0ZdNuh
|
vYdRuCtYSbdewGrOtq77Lwf0QKmvay6rvY/FB5Mm5EXqzdSzKLoEWqv9n0ShRbA4
|
||||||
ugUyztXZkHuvsLgoR/peW9QqAxRRABTUWL0NPQU4YvtEpa5iOOkzNYuPQ9+dltQC
|
4M61TaqrK6TB/zE+CRm9LS1Vmx7sfOh7ebhWvt1oKoobC/9p/1W/622ZJ6CsE7vc
|
||||||
SXkbGDrHgHwMHSyoZ14eRffrlwOU+bYH7tdMvDzPyr3z4NhJSTJvKBy4dohCal9F
|
GWg0zJzbCpw3MfhCF8dTr7mjheL7EiXBQaSNDIa4FqSScPshk87VmUM7rd8NYUuX
|
||||||
bQRjZSqsGGZ4D0T0BW88RpD3wRBj9s23bSgbcrR8tQvtwEN897S/oL0wtbFYVOQ+
|
ADDTOyQ/9ycwPecHl1/IlFRsIOGXl7mvXy8SibRUsSFNZB53x+915hLRhH+YuQH8
|
||||||
p/ZgiVgV2JvB17m6Dnmt8+CQLEri+21l1NCF2rVMvMBUcZioiO3L43Z3dZNZfRb5
|
aoWVT+mTwOsJPs36Nd+PwV3iJ5jcLaIXFlx65JHu+rep7BXDpDM6N7BHoeDl3s+y
|
||||||
pknuSB6q0HEF5qE1sRIlT2WwH/6rd6VASQOb0NQRTBKNVM7ZU6+Q1PN56KjPhZmw
|
8qwFUwb6wVEMj93kM8X+VdVx1nyFr/MTFsbj6CaIryXm+X/QtE4TCzDoWn+P+cpo
|
||||||
uVREGJ6fHz/MB58fOLkyhbhvcmL7Hz1CGQwQz1Qi05Gp5T2OYP9POJyK8e/EW+Gs
|
Ic7q/NDA4abU1KEOQYAS8TTrJl+VTtAVl2gv/D3+TGOXWebXkoAsKvRbXC7eesWa
|
||||||
hiiErWezEWpVtHHfUpbudVlqlLp/Mc8LHlVOCIhnrEWH1zhgBX2Bx/WmELUerJz/
|
b1GD5my7sSPmMsSsiNxNus9EtWOE0QMu6Asa/fDhhsg+jUSdsn8Iduia62UFeCXz
|
||||||
RjOKUdPTQwn8IVkXJfpj42IbxdCG8xvQN/NKWf01maa+Y2xLCtlg8H0I9/9zT80Q
|
NBq87Gobw1WM+N7aDKDbt9+hXBZu3YTPL31IDhCj5ezOWQ77qpDV7c0CiQsRqLjG
|
||||||
bLdFKjj+M5ysz+bcSR4jl3pd2WMqpidXPvOjph5JcfNWDA5131I=
|
nwgNe41g2bhjIFpIoyA/e4aXdOuYHsUKYFCmmzCO1ZGO3NkB0VQ=
|
||||||
=Uzqo
|
=Yb3u
|
||||||
-----END PGP SIGNATURE-----
|
-----END PGP SIGNATURE-----
|
||||||
|
|
|
||||||
|
|
@ -8,11 +8,11 @@
|
||||||
+ DPRINTF(("%s: bad mbuf length %u (expecting %lu)"
|
+ DPRINTF(("%s: bad mbuf length %u (expecting %lu)"
|
||||||
+ " for packet in SA %s/%08lx\n", __func__,
|
+ " for packet in SA %s/%08lx\n", __func__,
|
||||||
+ m->m_pkthdr.len, (u_long) (skip + authsize + rplen),
|
+ m->m_pkthdr.len, (u_long) (skip + authsize + rplen),
|
||||||
+ ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)),
|
+ ipsec_address(&sav->sah->saidx.dst),
|
||||||
+ (u_long) ntohl(sav->spi)));
|
+ (u_long) ntohl(sav->spi)));
|
||||||
+ AHSTAT_INC(ahs_badauthl);
|
+ AHSTAT_INC(ahs_badauthl);
|
||||||
+ error = EACCES;
|
+ m_freem(m);
|
||||||
+ goto bad;
|
+ return EACCES;
|
||||||
+ }
|
+ }
|
||||||
AHSTAT_ADD(ahs_ibytes, m->m_pkthdr.len - skip - hl);
|
AHSTAT_ADD(ahs_ibytes, m->m_pkthdr.len - skip - hl);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,18 +1,18 @@
|
||||||
-----BEGIN PGP SIGNATURE-----
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlqfhGpfFIAAAAAALgAo
|
iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlqgIOxfFIAAAAAALgAo
|
||||||
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
|
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
|
||||||
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
|
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
|
||||||
5cKa+BAAg4G75ea9cM88a8lYwbYhkJtBXtFKI0ct0k0cur083WGBfwiAjvLvulas
|
5cIdaBAAmNj+4+bMUdvUlsv5wYLWVmsEzVQi8uFJ95RqYZZYlH1VTBZLs0lu03gk
|
||||||
wTC4agKfFYViZpk7/gXNtfwNsSwM25mA5qTUOgDErA1SbdQqKcZc+bH3NfeMdSwa
|
mKzelKexiwoW5tljdZPG7FfInXdy7uaat3iu95tI1QVMW/6x5bVuDIkDf2nr8D5Y
|
||||||
eeQ6xC4qBqgTINE8waXNal1IktqOy3/i/K/Glx6w2UDQrrH1s8PrHDjZBOm0cVlv
|
qYNyAQKKE0cMxoe/J8faSuABTpdNTAXTc0ZnTV1wcUC0KQDBQMCgDaMRCsR5DjJV
|
||||||
n3jM5jVUjIM4otfJxmdleMaF/NEWCbe6JoPxx5/rrPWjm/ZKa+t3Cbz4FNzl4PHO
|
KErca5fnfidB57wf8XJpj/K/jkmGvuPj0g1ere2GAaQAXaiWSRnl5nyWTX64TXI5
|
||||||
IInFo6k0u9SKtdaAkGuEIOLtEwfULGcGATONxTGj62T7Yd+3NsmqKsj4eXQv2Aoo
|
yhrGt0QqpjCkcU3sJPlUIupFe38x13tlLMYuNPZbLFBmL2nwrPluNftBnMA/iGiR
|
||||||
Ez+GRws+QQcQqTHDnqNtAMuRfNXyHnmgKDTxH9DS4uWKIJjjungRJ2OCySSRelPX
|
i/PBG3UKYoA0VjX6IMU2UGHZXBZFF8r7P+NTIOJ5qWlJoluqO/SliU11tzcgl9MM
|
||||||
GJmnljcuEr0zOx2JkRRKm3opOWRruqh2juFZr2vUD3eiWApqouWt2Jv4ddzuSBBZ
|
Hq81nbSNa4I12eB/PTI2x3PRcs0Hc6LWMHSY/oomciHykzb+oCTtimN+vYbqzXzf
|
||||||
6uFdZJtrvwKIUhEE30V6XRIQOXc/QSQygfPgJ4lGNKMyv/IKOmZeT1JtYoU8a74I
|
6VdeHZbuOEhNVyHd9kUWzQv3CY8OsnFZ3zja7IsxkYgDBmbrcVBzdPbf3j/31kSq
|
||||||
3aX5grnV/fDQgjP6Ks2jwKuMrm9jcJYWEhnhg/rJFaHKcOFmdBde0I4RCraIhCgA
|
AdbErhlz30UVzGEZEiL8ZvIg7Z32MW3etauUYR9QFz5EcKNSd0C9+1+VGVofZEMJ
|
||||||
GX3uCFZRotYerNP2DeLhRuWsn4N6S3bAvAO/ICO2NYQEQe4WbVPF9TJNoXf3MBDd
|
x//XRvXRIkcY1YY195d2iiRceBa+IZ2XtvKS0ByB+4ZImw0Emeq4Er9A3/GCnyp3
|
||||||
HEAL5iNSD3PYCxmD7m2jAVb+Y0oDMlnsLxpM5eZZQtpNy2QWrjc=
|
KFj4udpGmUpjh5xXoEl0Pjt3q/JUhTkC0JWtvcrGQJ5kCO1y77A=
|
||||||
=9maD
|
=gdOo
|
||||||
-----END PGP SIGNATURE-----
|
-----END PGP SIGNATURE-----
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue