Add EN-15:11, EN-15:12, EN-15:13 and SA-15:20.
This commit is contained in:
parent
5653203ecb
commit
1ce4c8455f
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=47263
14 changed files with 735 additions and 0 deletions
122
share/security/advisories/FreeBSD-EN-15:11.toolchain.asc
Normal file
122
share/security/advisories/FreeBSD-EN-15:11.toolchain.asc
Normal file
|
@ -0,0 +1,122 @@
|
|||
-----BEGIN PGP SIGNED MESSAGE-----
|
||||
Hash: SHA512
|
||||
|
||||
=============================================================================
|
||||
FreeBSD-EN-15:11.toolchain Errata Notice
|
||||
The FreeBSD Project
|
||||
|
||||
Topic: make(1) syntax errors when upgrading from 9.x and earlier
|
||||
|
||||
Category: core
|
||||
Module: toolchain
|
||||
Announced: 2015-08-18
|
||||
Credits: John Hein
|
||||
Affects: FreeBSD 10.2-RELEASE
|
||||
Corrected: 2015-08-13 22:29:26 UTC (stable/10, 10.2-STABLE)
|
||||
2015-08-18 19:30:17 UTC (releng/10.2, 10.2-RC3-p1)
|
||||
2015-08-18 19:30:17 UTC (releng/10.2, 10.2-RELEASE-p1)
|
||||
|
||||
For general information regarding FreeBSD Errata Notices and Security
|
||||
Advisories, including descriptions of the fields above, security
|
||||
branches, and the following sections, please visit
|
||||
<URL:https://security.freebsd.org/>.
|
||||
|
||||
I. Background
|
||||
|
||||
The FreeBSD userland and kernel build system ensures a seamless upgrade path
|
||||
from the previous major FreeBSD version. During source-based upgrades, the
|
||||
build system must utilize several utilities on the running system in order to
|
||||
bootstrap the build toolchain, after which the bootstrapped utilities are used
|
||||
to produce the build output for the system upgrade.
|
||||
|
||||
The make(1) utility was replaced with the NetBSD bmake(1) utility as of
|
||||
FreeBSD 10.0-RELEASE, which has several syntactical differences compared to
|
||||
the fmake(1) utility found in earlier FreeBSD releases.
|
||||
|
||||
II. Problem Description
|
||||
|
||||
A hard-coded make(1) invocation in the FreeBSD 10.2 sources produce warnings
|
||||
on FreeBSD versions earlier than 10.x due to a syntactical difference between
|
||||
the FreeBSD and NetBSD versions of make(1).
|
||||
|
||||
The warnings may persist on FreeBSD 10.2-RELEASE or 10.2-STABLE if the system
|
||||
is configured to use fmake(1), by defining WITHOUT_BMAKE in src.conf(5).
|
||||
|
||||
III. Impact
|
||||
|
||||
The warnings produced have no known functional impact. Additionally, the
|
||||
warnings will not recur after the system is upgraded to 10.2-RELEASE or
|
||||
10.2-STABLE, unless WITHOUT_BMAKE is defined in src.conf(5) as noted above.
|
||||
|
||||
IV. Workaround
|
||||
|
||||
No workaround is available, but systems using binary upgrades such as
|
||||
freebsd-update(8) are not affected.
|
||||
|
||||
V. Solution
|
||||
|
||||
Perform one of the following:
|
||||
|
||||
1) Update the system sources to stable/10 or releng/10.2 dated after the
|
||||
correction date prior to upgrading from FreeBSD 9.x or earlier. No addtional
|
||||
action is required.
|
||||
|
||||
2) To update your present system via a source code patch:
|
||||
|
||||
a) Download the relevant patch from the location below, and verify the
|
||||
detached PGP signature using your PGP utility.
|
||||
|
||||
# fetch https://security.FreeBSD.org/patches/EN-15:11/toolchain.patch
|
||||
# fetch https://security.FreeBSD.org/patches/EN-15:11/toolchain.patch.asc
|
||||
# gpg --verify toolchain.patch.asc
|
||||
|
||||
b) Apply the patch. Execute the following commands as root:
|
||||
|
||||
# cd /usr/src
|
||||
# patch < /path/to/patch
|
||||
|
||||
VI. Correction details
|
||||
|
||||
The following list contains the correction revision numbers for each
|
||||
affected branch.
|
||||
|
||||
Branch/path Revision
|
||||
- -------------------------------------------------------------------------
|
||||
stable/10/ r286746
|
||||
releng/10.2/ r286901
|
||||
- -------------------------------------------------------------------------
|
||||
|
||||
To see which files were modified by a particular revision, run the
|
||||
following command, replacing NNNNNN with the revision number, on a
|
||||
machine with Subversion installed:
|
||||
|
||||
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
|
||||
|
||||
Or visit the following URL, replacing NNNNNN with the revision number:
|
||||
|
||||
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
|
||||
|
||||
VII. References
|
||||
|
||||
<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202277>
|
||||
|
||||
The latest revision of this Errata Notice is available at
|
||||
https://security.FreeBSD.org/advisories/FreeBSD-EN-15:11.toolchain.asc
|
||||
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2.1.7 (FreeBSD)
|
||||
|
||||
iQIcBAEBCgAGBQJV05A1AAoJEO1n7NZdz2rnSJEP/A1452UILdiWXytwy75nCktq
|
||||
a4vCmQ73gK1raY1SyFDzRppemiIeiDlsE3NTldNvMjw+itPkW/d/VJYIsUQimLxL
|
||||
dQvuAaWLKDK2MKjCUkl7isxBJPdcnnB12QLIZ5TS9ZzqPo7awFq91tL3TmAhwdmw
|
||||
mAikqUoOZilTC6j3wZp+2w4IjSrecN6dGdTutd9E8ahjy8BmNBax+hyPnbFTXGp4
|
||||
s8Tpx3LhmPicvXh4ou3uHm0IbKFJF2B5Y8THTDF2SAZ5pyaltjg+o4JvW1lvaOFM
|
||||
XXp1XkGhfdkFj19FKeFUsT4BWLorqAnu9BqNJFlrxbotaPMMBJLbMEI2HqBVMa8a
|
||||
fu+loj9tlAMprWjKnl+GLcYrpIEmIPQzGHHO0k8ke1efQmsfLeBo1cdKyQV1M88u
|
||||
uwRBDkN08krEyun5QDeZwn35Kc//jeK14v465HRXt0gxztX+frt31UKNu7cTEuo9
|
||||
ZqZbX5RUS85u/Z8WKhIBp9LWSgVdaB1v10mSb9kHMqZvckEqlozxr3h+/lOezpep
|
||||
rGCdnHPDEHaA5jvwX2WY3+Rb7hOvpzRw5UmBuGVfGp16HQALIwwMC0LM9hA2NnZf
|
||||
re3Rx4asssbyoLmp8akZjDsr3j/500/XM7enNvQcEc1ZQhK9k5W9SDg6cbEthEle
|
||||
Eiaq3eGZnWVBKiYftGcT
|
||||
=ryS+
|
||||
-----END PGP SIGNATURE-----
|
122
share/security/advisories/FreeBSD-EN-15:12.netstat.asc
Normal file
122
share/security/advisories/FreeBSD-EN-15:12.netstat.asc
Normal file
|
@ -0,0 +1,122 @@
|
|||
-----BEGIN PGP SIGNED MESSAGE-----
|
||||
Hash: SHA512
|
||||
|
||||
=============================================================================
|
||||
FreeBSD-EN-15:12.netstat Errata Notice
|
||||
The FreeBSD Project
|
||||
|
||||
Topic: Incorrect netstat(1) data handling on 32-bit systems
|
||||
|
||||
Category: core
|
||||
Module: netstat
|
||||
Announced: 2015-08-18
|
||||
Credits: Mark Johnston
|
||||
Affects: FreeBSD 10.2-RELEASE
|
||||
Corrected: 2015-07-31 00:21:41 UTC (stable/10, 10.2-STABLE)
|
||||
2015-08-18 19:30:17 UTC (releng/10.2, 10.2-RC3-p1)
|
||||
2015-08-18 19:30:17 UTC (releng/10.2, 10.2-RELEASE-p1)
|
||||
|
||||
For general information regarding FreeBSD Errata Notices and Security
|
||||
Advisories, including descriptions of the fields above, security
|
||||
branches, and the following sections, please visit
|
||||
<URL:https://security.freebsd.org/>.
|
||||
|
||||
I. Background
|
||||
|
||||
The netstat(1) utility displays the contents of various network related data
|
||||
structures.
|
||||
|
||||
II. Problem Description
|
||||
|
||||
The netstat(1) utility incorrectly handles reported values on 32-bit systems.
|
||||
|
||||
III. Impact
|
||||
|
||||
Due to how netstat(1) processes IPSEC counters, the utility may produce
|
||||
incorrect output on 32-bit systems.
|
||||
|
||||
IV. Workaround
|
||||
|
||||
No workaround is available, however systems without IPSEC compiled into the
|
||||
kernel are not affected.
|
||||
|
||||
V. Solution
|
||||
|
||||
Perform one of the following:
|
||||
|
||||
1) Upgrade your system to a supported FreeBSD stable or release / security
|
||||
branch (releng) dated after the correction date.
|
||||
|
||||
2) To update your present system via a binary patch:
|
||||
|
||||
Systems running a RELEASE version of FreeBSD on the i386 or amd64
|
||||
platforms can be updated via the freebsd-update(8) utility:
|
||||
|
||||
# freebsd-update fetch
|
||||
# freebsd-update install
|
||||
|
||||
3) To update your present system via a source code patch:
|
||||
|
||||
The following patches have been verified to apply to the applicable
|
||||
FreeBSD release branches.
|
||||
|
||||
a) Download the relevant patch from the location below, and verify the
|
||||
detached PGP signature using your PGP utility.
|
||||
|
||||
# fetch https://security.FreeBSD.org/patches/EN-15:12/netstat.patch
|
||||
# fetch https://security.FreeBSD.org/patches/EN-15:12/netstat.patch.asc
|
||||
# gpg --verify netstat.patch.asc
|
||||
|
||||
b) Apply the patch. Execute the following commands as root:
|
||||
|
||||
# cd /usr/src
|
||||
# patch < /path/to/patch
|
||||
|
||||
c) Recompile the operating system using buildworld and installworld as
|
||||
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
|
||||
|
||||
VI. Correction details
|
||||
|
||||
The following list contains the correction revision numbers for each
|
||||
affected branch.
|
||||
|
||||
Branch/path Revision
|
||||
- -------------------------------------------------------------------------
|
||||
stable/10/ r286099
|
||||
releng/10.2/ r286901
|
||||
- -------------------------------------------------------------------------
|
||||
|
||||
To see which files were modified by a particular revision, run the
|
||||
following command, replacing NNNNNN with the revision number, on a
|
||||
machine with Subversion installed:
|
||||
|
||||
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
|
||||
|
||||
Or visit the following URL, replacing NNNNNN with the revision number:
|
||||
|
||||
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
|
||||
|
||||
VII. References
|
||||
|
||||
<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201700>
|
||||
|
||||
The latest revision of this Errata Notice is available at
|
||||
https://security.FreeBSD.org/advisories/FreeBSD-EN-15:12.netstat.asc
|
||||
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2.1.7 (FreeBSD)
|
||||
|
||||
iQIcBAEBCgAGBQJV05A1AAoJEO1n7NZdz2rnAzIQANyLdOOQhe9dHyAV4N5YKM3B
|
||||
Z/86dY/KIIViVb1uzkBASBNnkHlG+mCMOQpzX2x8yCPF4i7bIEfPa4r2Bzw9pvCF
|
||||
RWRKvZXERESh/RndQFhxcmJMAyYPq7MdK0IZzG53vinlMoSz2WTKj2vSR7t2jfo+
|
||||
ObTfgdkqN/PZs/W+AQY8a4DMdxCLg1KCZiSpQRO7ea+4AxsI8qNgoytvG6HRno/z
|
||||
uGe6Ad82ZfysKgqe9JO4gvRTR77ebQAVSSr3qylQcOGHohy9tFHcI2FEAAqLJrQY
|
||||
b5DDLOawLRsQm0hwkLCTOZX2QvIFgz0gGRpvPcN9ZKValMc5DKQv36z3hOByK+3i
|
||||
dDHFG/Diy2JNP0tsKtW8IyyLvW2DAUoTs1nVaWMvLKkMUr+loOYvoaLdGT0xQP2d
|
||||
M6UT40mRMznfH/Gq/0DJFArsYcyB9YRl7rD0dy1HhqApogHQrTjsT+1vtBtpaTmv
|
||||
LHA77tHyzI0TxOvmx3hglj/z4BLZDPU6ydXr3zeOYBpLz5p02GKxHUc+JrmWBfOV
|
||||
Jep0+Fr2fYST5bGVtExNQV6cTlBZPnGR4JxJEUQA6a+FdyJcDuzOTNcs0YzwjuSC
|
||||
dIk5pdxI3nkc+zf9GZLXUdLcxXfo6jBUy0fSWkzirGzBfo0wxseE6cbxxTH7vumx
|
||||
CLGGmHiqxVuF/nP4ScHi
|
||||
=3aK1
|
||||
-----END PGP SIGNATURE-----
|
127
share/security/advisories/FreeBSD-EN-15:13.vidcontrol.asc
Normal file
127
share/security/advisories/FreeBSD-EN-15:13.vidcontrol.asc
Normal file
|
@ -0,0 +1,127 @@
|
|||
-----BEGIN PGP SIGNED MESSAGE-----
|
||||
Hash: SHA512
|
||||
|
||||
=============================================================================
|
||||
FreeBSD-EN-15:13.vidcontrol Errata Notice
|
||||
The FreeBSD Project
|
||||
|
||||
Topic: Allow size argument to vidcontrol(1) for syscons(4)
|
||||
|
||||
Category: core
|
||||
Module: vidcontrol
|
||||
Announced: 2015-08-18
|
||||
Credits: Ed Maste
|
||||
Affects: FreeBSD 10.2-RELEASE
|
||||
Corrected: 2015-08-04 15:15:06 UTC (stable/10, 10.2-STABLE)
|
||||
2015-08-18 19:30:17 UTC (releng/10.2, 10.2-RC3-p1)
|
||||
2015-08-18 19:30:17 UTC (releng/10.2, 10.2-RELEASE-p1)
|
||||
|
||||
For general information regarding FreeBSD Errata Notices and Security
|
||||
Advisories, including descriptions of the fields above, security
|
||||
branches, and the following sections, please visit
|
||||
<URL:https://security.freebsd.org/>.
|
||||
|
||||
I. Background
|
||||
|
||||
The vidcontrol(1) utility is used to set various options for the syscons(4) or
|
||||
vt(4) console driver, such as video mode, colors, cursor shape, screen output
|
||||
map, font, and screen saver timeout.
|
||||
|
||||
The vidcontrol(1) utility allows specifying a font size and font file as
|
||||
arguments to the '-f' flag. When no size or file are specified, vidcontrol(1)
|
||||
the default font will be used.
|
||||
|
||||
II. Problem Description
|
||||
|
||||
The vidcontrol(1) does not properly allow specifying the font size when
|
||||
invoked from the command line.
|
||||
|
||||
III. Impact
|
||||
|
||||
The vidcontrol(1) utility will use the default font size, regardless of the
|
||||
size specified as an argument to the '-f' flag.
|
||||
|
||||
IV. Workaround
|
||||
|
||||
No workaround is available, but systems not using the vt(4) driver are not
|
||||
affected.
|
||||
|
||||
V. Solution
|
||||
|
||||
Perform one of the following:
|
||||
|
||||
1) Upgrade your system to a supported FreeBSD stable or release / security
|
||||
branch (releng) dated after the correction date.
|
||||
|
||||
2) To update your present system via a binary patch:
|
||||
|
||||
Systems running a RELEASE version of FreeBSD on the i386 or amd64
|
||||
platforms can be updated via the freebsd-update(8) utility:
|
||||
|
||||
# freebsd-update fetch
|
||||
# freebsd-update install
|
||||
|
||||
3) To update your present system via a source code patch:
|
||||
|
||||
The following patches have been verified to apply to the applicable
|
||||
FreeBSD release branches.
|
||||
|
||||
a) Download the relevant patch from the location below, and verify the
|
||||
detached PGP signature using your PGP utility.
|
||||
|
||||
# fetch https://security.FreeBSD.org/patches/EN-15:13/vidcontrol.patch
|
||||
# fetch https://security.FreeBSD.org/patches/EN-15:13/vidcontrol.patch.asc
|
||||
# gpg --verify vidcontrol.patch.asc
|
||||
|
||||
b) Apply the patch. Execute the following commands as root:
|
||||
|
||||
# cd /usr/src
|
||||
# patch < /path/to/patch
|
||||
|
||||
c) Recompile your kernel as described in
|
||||
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
|
||||
system.
|
||||
|
||||
VI. Correction details
|
||||
|
||||
The following list contains the correction revision numbers for each
|
||||
affected branch.
|
||||
|
||||
Branch/path Revision
|
||||
- -------------------------------------------------------------------------
|
||||
stable/10/ r286291
|
||||
releng/10.2/ r286901
|
||||
- -------------------------------------------------------------------------
|
||||
|
||||
To see which files were modified by a particular revision, run the
|
||||
following command, replacing NNNNNN with the revision number, on a
|
||||
machine with Subversion installed:
|
||||
|
||||
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
|
||||
|
||||
Or visit the following URL, replacing NNNNNN with the revision number:
|
||||
|
||||
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
|
||||
|
||||
VII. References
|
||||
|
||||
The latest revision of this Errata Notice is available at
|
||||
https://security.FreeBSD.org/advisories/FreeBSD-EN-15:13.vidcontrol.asc
|
||||
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2.1.7 (FreeBSD)
|
||||
|
||||
iQIcBAEBCgAGBQJV05A2AAoJEO1n7NZdz2rnUc0QAMiNBzG5yPZYN5yDzbKSzWAX
|
||||
/bHJNOhM2SBTHIHuUd/s1UjW2OW57IYyVLaF8BPjs8pXlQT6op3R2r/ZItfe/5xz
|
||||
dja6oBH74czaLRMigrxIT1SaJdSzlpnRbtJR4HMjGnA2f9Rbttl5S4j0vf6sy/6G
|
||||
fqgbKrston6WbTQudNkpwekaYbUStA4iVarIBfntbNmg7TvFZLl+yKbPvoQ3/Lxz
|
||||
pU1U55JNTQOYn+h1KaLm+p7pvEPM7g6q49ZsIaX3dXBIMB00GT9wwvZZPpvUNn+Q
|
||||
v+EUSvuIspaIhFb0Jng5gULQkJ5pRg/xDWZ71PcNW/F7hKf4Gt8NUdpmMO+k180X
|
||||
EQAS37q9hdSiYmktFx7O6tX//3vr/Zpvm0fZviBjqJwkNTqzRfa+NPojbDaDqolX
|
||||
/b/af9FZ0dBET4VrlNRp/XpJq9d5MCrRZKd2zmcdUwiOh06ZpQzh0tYjJCdM8d5P
|
||||
Ytdl36EIsCSBWm1vcXA9lHafMe+Ihuh3mOLPkWR+RL47jfHe7iuoyxKJGLBsK9T5
|
||||
Pzq7Le9uSdrIIqZce7zCsZ59MpwizMOBO8/XejynTQXmmLuzc/DI+L6lWINGbFc7
|
||||
pNYPSbcYB3iikdKe8LyQm2+Joiuu4EJJkiOiUSYYNT0o4yJYBTRntEwqnUJb8sO2
|
||||
kMp/1tcmaQbOdW6t8iqw
|
||||
=/VcW
|
||||
-----END PGP SIGNATURE-----
|
149
share/security/advisories/FreeBSD-SA-15:20.expat.asc
Normal file
149
share/security/advisories/FreeBSD-SA-15:20.expat.asc
Normal file
|
@ -0,0 +1,149 @@
|
|||
-----BEGIN PGP SIGNED MESSAGE-----
|
||||
Hash: SHA512
|
||||
|
||||
=============================================================================
|
||||
FreeBSD-SA-15:20.expat Security Advisory
|
||||
The FreeBSD Project
|
||||
|
||||
Topic: Multiple integer overflows in expat (libbsdxml) XML parser
|
||||
|
||||
Category: contrib
|
||||
Module: libbsdxml
|
||||
Announced: 2015-08-18
|
||||
Affects: All supported versions of FreeBSD.
|
||||
Corrected: 2015-08-18 19:30:05 UTC (stable/10, 10.2-STABLE)
|
||||
2015-08-18 19:30:35 UTC (releng/10.1, 10.1-RELEASE-p18)
|
||||
2015-08-18 19:30:17 UTC (releng/10.2, 10.2-RC3-p1)
|
||||
2015-08-18 19:30:17 UTC (releng/10.2, 10.2-RELEASE-p1)
|
||||
2015-08-18 19:30:05 UTC (stable/9, 9.3-STABLE)
|
||||
2015-08-18 19:30:35 UTC (releng/9.3, 9.3-RELEASE-p23)
|
||||
CVE Name: CVE-2015-1283
|
||||
|
||||
For general information regarding FreeBSD Security Advisories,
|
||||
including descriptions of the fields above, security branches, and the
|
||||
following sections, please visit <URL:https://security.FreeBSD.org/>.
|
||||
|
||||
I. Background
|
||||
|
||||
Expat is an XML parser library written in C. It is a stream-oriented
|
||||
parser in which an application registers handlers for things the parser
|
||||
might find in the XML document (like start tags).
|
||||
|
||||
The FreeBSD base system ships libexpat as libbsdxml for components that
|
||||
need to parse XML data. Some of these applications use the XML parser
|
||||
on trusted data from the kernel, for instance the geom(8) configuration
|
||||
utilities, while other applications, like tar(1), cpio(1), svnlite(1)
|
||||
and unbound-anchor(8), may use the XML parser on input from network or
|
||||
the user.
|
||||
|
||||
II. Problem Description
|
||||
|
||||
Multiple integer overflows have been discovered in the XML_GetBuffer()
|
||||
function in the expat library.
|
||||
|
||||
III. Impact
|
||||
|
||||
The integer overflows may be exploited by using specifically crafted XML
|
||||
data and lead to infinite loop, or a heap buffer overflow, which results
|
||||
in a Denial of Service condition, or enables remote attackers to execute
|
||||
arbitrary code.
|
||||
|
||||
IV. Workaround
|
||||
|
||||
No workaround is available, but the problem is only exploitable when the
|
||||
affected system needs to process data from an untrusted source.
|
||||
|
||||
Because the library is used by many third party applications, we advise
|
||||
system administrators to check and make sure that they have the latest
|
||||
expat version as well, and restart all third party services, or reboot
|
||||
the system.
|
||||
|
||||
V. Solution
|
||||
|
||||
Perform one of the following:
|
||||
|
||||
1) Upgrade your vulnerable system to a supported FreeBSD stable or
|
||||
release / security branch (releng) dated after the correction date.
|
||||
|
||||
A reboot is not required after updating the base system.
|
||||
|
||||
2) To update your vulnerable system via a binary patch:
|
||||
|
||||
Systems running a RELEASE version of FreeBSD on the i386 or amd64
|
||||
platforms can be updated via the freebsd-update(8) utility:
|
||||
|
||||
# freebsd-update fetch
|
||||
# freebsd-update install
|
||||
|
||||
A reboot is not required after updating the base system.
|
||||
|
||||
3) To update your vulnerable system via a source code patch:
|
||||
|
||||
The following patches have been verified to apply to the applicable
|
||||
FreeBSD release branches.
|
||||
|
||||
a) Download the relevant patch from the location below, and verify the
|
||||
detached PGP signature using your PGP utility.
|
||||
|
||||
# fetch https://security.FreeBSD.org/patches/SA-15:20/expat.patch
|
||||
# fetch https://security.FreeBSD.org/patches/SA-15:20/expat.patch.asc
|
||||
# gpg --verify expat.patch.asc
|
||||
|
||||
b) Apply the patch. Execute the following commands as root:
|
||||
|
||||
# cd /usr/src
|
||||
# patch < /path/to/patch
|
||||
|
||||
c) Recompile the operating system using buildworld and installworld as
|
||||
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
|
||||
|
||||
The FreeBSD base system do not install daemons that uses the library,
|
||||
therefore, a reboot is not required after updating the base system.
|
||||
|
||||
VI. Correction details
|
||||
|
||||
The following list contains the correction revision numbers for each
|
||||
affected branch.
|
||||
|
||||
Branch/path Revision
|
||||
- -------------------------------------------------------------------------
|
||||
stable/9/ r286900
|
||||
releng/9.3/ r286902
|
||||
stable/10/ r286900
|
||||
releng/10.1/ r286902
|
||||
releng/10.2/ r286901
|
||||
- -------------------------------------------------------------------------
|
||||
|
||||
To see which files were modified by a particular revision, run the
|
||||
following command, replacing NNNNNN with the revision number, on a
|
||||
machine with Subversion installed:
|
||||
|
||||
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
|
||||
|
||||
Or visit the following URL, replacing NNNNNN with the revision number:
|
||||
|
||||
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
|
||||
|
||||
VII. References
|
||||
|
||||
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1283>
|
||||
|
||||
The latest revision of this advisory is available at
|
||||
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-15:20.expat.asc>
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2.1.7 (FreeBSD)
|
||||
|
||||
iQIcBAEBCgAGBQJV05AOAAoJEO1n7NZdz2rnRPUP/2L0kectacl6IWOOeGFt6QgG
|
||||
eRjZ6F53GqOYG3eW6tM71y+Vbeld+HkcMMgsckO4PM1vJg9AbKEJ56DmvGvFQepC
|
||||
TBBcbg++VHOB2jilKh/meOiF0sUqwcpSTwOdRREfWTAMXNS5te7kcpuykZoi4R1x
|
||||
LupCmRxQtM3taztw0AA/5AVRurmy+i6P9xuUnhGULyCcoi56VI1WvrpTk2KHbi7V
|
||||
T5f/Xwf2hPfznJVoxvPjY9YoOlD2Fql0Dc51clJOQ82l9VVD+lP4ISoJmwLqFPKA
|
||||
K4ZpiutMkoLda1er4lNaxsH4Ec7Oey4Dx2xpq1/JmQ9tP98Mtq4oaXNZAGminlET
|
||||
rNoLOWR72Gg+NEh7Y+Yuu0K3zFmzLLm1pMjYfuIUaseT2qY7CE+qwm58kG6NvC53
|
||||
fF+BwofOSaVNX/uzQnbP0iMJbewKXpqNO21CkdaapZVG+sXn8BZF3S1QDAWPaNwV
|
||||
cJT9agijNG6pNUESNZcgY0ow/n4B8J+wWwA1KWzBgbedzj0yG8rsmulkCZEpt1hU
|
||||
4uHR62Ktvd2IecoRn2gptA6SkpxHHJhzG8uKvDFq9vvzZko31rc3ttLI/Bb5P1QZ
|
||||
wqn1hp1sy9hEpoGxFQlYJj4msahR4P7vTt+0cN4dSVwwg08Xbq1TL4b077BR1ZbR
|
||||
ymv8Cnwn7Kg5NRBS2GBD
|
||||
=4h4f
|
||||
-----END PGP SIGNATURE-----
|
15
share/security/patches/EN-15:11/toolchain.patch
Normal file
15
share/security/patches/EN-15:11/toolchain.patch
Normal file
|
@ -0,0 +1,15 @@
|
|||
Index: Makefile.inc1
|
||||
===================================================================
|
||||
--- Makefile.inc1 (revision 286847)
|
||||
+++ Makefile.inc1 (working copy)
|
||||
@@ -133,8 +133,8 @@ OSRELDATE= 0
|
||||
.endif
|
||||
|
||||
.if !defined(VERSION)
|
||||
-REVISION!= make -C ${SRCDIR}/release -V REVISION
|
||||
-BRANCH!= make -C ${SRCDIR}/release -V BRANCH
|
||||
+REVISION!= ${MAKE} -C ${SRCDIR}/release -V REVISION
|
||||
+BRANCH!= ${MAKE} -C ${SRCDIR}/release -V BRANCH
|
||||
SRCRELDATE!= awk '/^\#define[[:space:]]*__FreeBSD_version/ { print $$3 }' \
|
||||
${SRCDIR}/sys/sys/param.h
|
||||
VERSION= FreeBSD ${REVISION}-${BRANCH:C/-p[0-9]+$//} ${TARGET_ARCH} ${SRCRELDATE}
|
17
share/security/patches/EN-15:11/toolchain.patch.asc
Normal file
17
share/security/patches/EN-15:11/toolchain.patch.asc
Normal file
|
@ -0,0 +1,17 @@
|
|||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2.1.7 (FreeBSD)
|
||||
|
||||
iQIcBAABCgAGBQJV05BIAAoJEO1n7NZdz2rn23IP/1S3dK2FSC1EI7DyOXF+gc7d
|
||||
/OSBm2Y+mR1NFSJEOjIui3TPRxjRUG3aLYaK+HEnmGrgiXhksgCiWAgxAxLw4odq
|
||||
dHbYP0lEnsQNZ8k4IJH5AyV+EshDJPmLyrvvKAJozZ9vSS0FlBxV4vJZDy4X65fh
|
||||
JR28SWihiEp6uNSPU45I7ELPLIhaKo0fWDDThVRIfW3g8azl2kwXES1G8LbFTZhl
|
||||
hEvKQoDHXrRArRo1aeLJ+v/OJ5OPTNY9sCJm3mozXibUIOpUPcg57dGqVx1QWWHU
|
||||
pUhlqi3kYkL6niphRSkIEvlshUYwJHQfNZUJTVS5Yj2cXvcsv8BumjEXHdwlJBId
|
||||
D4ZxLb+A+Nu9aZmKlzYGmdbguzUHjXEA9WrcIxktpgVpSpnpNzDbIywuofm5g8Q4
|
||||
U63sdB6PJsDxvEg9D6ocVfbg5LqMQE5TMFYRNXLUBJlTEU75OuTuNDoIct3vLOWI
|
||||
tP+xMVEJrD8kbBlJYT/ywqr9q5I23bF7axLNpZ/QcEa8R/Ea1iePBGUiFiJrYxWF
|
||||
AKXPQ/lfI+5Aaenw54yFA4tWLcD/6YUh8y+vbX1PA9yLs6mjZvcP+hBXnMmCQ0IS
|
||||
g/ZRSmX/c+RgUtAWlBqOoejRco5i5AznrkPl8KUi4qNMsmT2NYu91pHat5IwIh1p
|
||||
dus3VPkw1zZ+oHjuKaXw
|
||||
=JkV1
|
||||
-----END PGP SIGNATURE-----
|
42
share/security/patches/EN-15:12/netstat.patch
Normal file
42
share/security/patches/EN-15:12/netstat.patch
Normal file
|
@ -0,0 +1,42 @@
|
|||
Index: usr.bin/netstat/main.c
|
||||
===================================================================
|
||||
--- usr.bin/netstat/main.c (revision 286847)
|
||||
+++ usr.bin/netstat/main.c (working copy)
|
||||
@@ -785,19 +785,31 @@ kread_counter(u_long addr)
|
||||
int
|
||||
kread_counters(u_long addr, void *buf, size_t size)
|
||||
{
|
||||
- uint64_t *c = buf;
|
||||
+ uint64_t *c;
|
||||
+ u_long *counters;
|
||||
+ size_t i, n;
|
||||
|
||||
if (kvmd_init() < 0)
|
||||
return (-1);
|
||||
|
||||
- if (kread(addr, buf, size) < 0)
|
||||
+ if (size % sizeof(uint64_t) != 0) {
|
||||
+ warnx("kread_counters: invalid counter set size");
|
||||
return (-1);
|
||||
+ }
|
||||
|
||||
- while (size != 0) {
|
||||
- *c = kvm_counter_u64_fetch(kvmd, *c);
|
||||
- size -= sizeof(*c);
|
||||
- c++;
|
||||
+ n = size / sizeof(uint64_t);
|
||||
+ if ((counters = malloc(n * sizeof(u_long))) == NULL)
|
||||
+ err(-1, "malloc");
|
||||
+ if (kread(addr, counters, n * sizeof(u_long)) < 0) {
|
||||
+ free(counters);
|
||||
+ return (-1);
|
||||
}
|
||||
+
|
||||
+ c = buf;
|
||||
+ for (i = 0; i < n; i++)
|
||||
+ c[i] = kvm_counter_u64_fetch(kvmd, counters[i]);
|
||||
+
|
||||
+ free(counters);
|
||||
return (0);
|
||||
}
|
||||
|
17
share/security/patches/EN-15:12/netstat.patch.asc
Normal file
17
share/security/patches/EN-15:12/netstat.patch.asc
Normal file
|
@ -0,0 +1,17 @@
|
|||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2.1.7 (FreeBSD)
|
||||
|
||||
iQIcBAABCgAGBQJV05BIAAoJEO1n7NZdz2rn5eEP/R4ofVcJW8kEubscqSVvvg5A
|
||||
GYggED+J0CjwJQcEW5tpUxhm0/Tw/jqzQMjgyOv/eFzgMVpNz4Yp5UYMJW/05ZM6
|
||||
Jh1yh8b/v8F+zsKN/iFm/z0D0DOOtWACZwe7a3C8cPbycukwTkNhPrucumGZsEUL
|
||||
9BJCpyaZUS31bsR6jprnQlIX3uG3uUehvLVJFooyhLWdQ2smehx4iyqzYeqbOvmz
|
||||
R3kFv+qBmuTOmQb4q683+ARs6dfW/2xfVrYzQfOqWNNXqStlqEZ/MWlpga4diwKV
|
||||
cfYyWsCuzZQcSTY+35ifT8x/zU/tDKfoYFpVs0O8z4zsPEQfb+Av5dNwpHM8nKW/
|
||||
KvvImlrgwMTsRzcyDqf8filSq5TpMScBjLeHqDBUwU7CTj4FV7j6sWesQq4nWjgo
|
||||
rFPpA0FgxFVDgN3bCPj4pdwvJE8OIy50IDF+zAEUI6k0z66zoCf2MeMd4AxgdNxk
|
||||
DHsk5/N29W0oilXuImg3jj3QYaThWVIhcX3NO029mW33c84+YFKNAox3ZHlJ0/n/
|
||||
7f654dFe1SGujtAOgaf4EMeYm7wwwqeT303YJXFuNQgy8tTaO8eKmdsXzbfNz2kv
|
||||
Aq8I55mlUtTmU6UVGJp77ZQqcONUoMCn/D/flFh/5LY9HEDVGc/924tTq4JTQFyg
|
||||
Yj5oJIiY5nRCWMcaOnAu
|
||||
=LO9c
|
||||
-----END PGP SIGNATURE-----
|
13
share/security/patches/EN-15:13/vidcontrol.patch
Normal file
13
share/security/patches/EN-15:13/vidcontrol.patch
Normal file
|
@ -0,0 +1,13 @@
|
|||
Index: usr.sbin/vidcontrol/vidcontrol.c
|
||||
===================================================================
|
||||
--- usr.sbin/vidcontrol/vidcontrol.c (revision 286847)
|
||||
+++ usr.sbin/vidcontrol/vidcontrol.c (working copy)
|
||||
@@ -1343,7 +1343,7 @@ main(int argc, char **argv)
|
||||
if (vt4_mode)
|
||||
opts = "b:Cc:fg:h:Hi:M:m:pPr:S:s:T:t:x";
|
||||
else
|
||||
- opts = "b:Cc:df:g:h:Hi:l:LM:m:pPr:S:s:T:t:x";
|
||||
+ opts = "b:Cc:dfg:h:Hi:l:LM:m:pPr:S:s:T:t:x";
|
||||
|
||||
while ((opt = getopt(argc, argv, opts)) != -1)
|
||||
switch(opt) {
|
17
share/security/patches/EN-15:13/vidcontrol.patch.asc
Normal file
17
share/security/patches/EN-15:13/vidcontrol.patch.asc
Normal file
|
@ -0,0 +1,17 @@
|
|||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2.1.7 (FreeBSD)
|
||||
|
||||
iQIcBAABCgAGBQJV05BIAAoJEO1n7NZdz2rnToIP/30+OLVjPtkT8k3DUFTL8Mk3
|
||||
wWiPfBdueZ1BlYxC+/tDxyLWkDGGRUALljwOz9V4CobiT1FEcEW24VDMDJCk/Qiq
|
||||
zveKkRMhY3hjna6rbqvfBWa2qCYmELXR0onJc69+mC7LXI6Jg4x3bTwQ1BjZQf2f
|
||||
T3fwO6CWfHuHYzNxLkT726hs6xAP9B8drlUB328t6VGw8LPYsXEQ2aJLSIuRzE9T
|
||||
Ds5jvaIvyKtGrDJE88ZZhKaZUncXPMiG22MKtkT1g4dljaIjCV31N7ZZVZg+yaO9
|
||||
L/5+5bT6p6dkbKJYvRsh+KqktfL1UeACGL/TzJdoZ6ZpVPcHfqVK3BPBQLnNGHPB
|
||||
PbXnQXkgdLYJVeWVd8g275se/Dz1q3fryFwG5PzTl/aw1+lImR/Dgf9FDjkYEHXh
|
||||
0NQcoE/8R1vMyAxeUSqMRkf95DX54NKpHeEadRHiGq8Lxj0HzmoNKn/hlARXrxCu
|
||||
zRLvzxF/VXVysurq9V4kyQJk9yQDy+h/fn0Y70OYLTgVR5zYnq9oMK+Fw+7hqmiG
|
||||
RaBQGwj+/8rByTQ7atgDj/W3wTARK0Y76aHoyl76fEzd/SFuvbMmJz+NKjWZv0mo
|
||||
Cjxu+6Tb7rS1mAxDX0SEqlzbKlVPCaYV808jG2bl7F9r6x9N6zgXcD5HOC5jdGT3
|
||||
7zUqHo8l6/n3Xt27lvKF
|
||||
=eCcb
|
||||
-----END PGP SIGNATURE-----
|
49
share/security/patches/SA-15:20/expat.patch
Normal file
49
share/security/patches/SA-15:20/expat.patch
Normal file
|
@ -0,0 +1,49 @@
|
|||
Index: contrib/expat/lib/xmlparse.c
|
||||
===================================================================
|
||||
--- contrib/expat/lib/xmlparse.c (revision 286868)
|
||||
+++ contrib/expat/lib/xmlparse.c (working copy)
|
||||
@@ -1678,6 +1678,12 @@ XML_ParseBuffer(XML_Parser parser, int len, int is
|
||||
void * XMLCALL
|
||||
XML_GetBuffer(XML_Parser parser, int len)
|
||||
{
|
||||
+/* BEGIN MOZILLA CHANGE (sanity check len) */
|
||||
+ if (len < 0) {
|
||||
+ errorCode = XML_ERROR_NO_MEMORY;
|
||||
+ return NULL;
|
||||
+ }
|
||||
+/* END MOZILLA CHANGE */
|
||||
switch (ps_parsing) {
|
||||
case XML_SUSPENDED:
|
||||
errorCode = XML_ERROR_SUSPENDED;
|
||||
@@ -1689,8 +1695,13 @@ XML_GetBuffer(XML_Parser parser, int len)
|
||||
}
|
||||
|
||||
if (len > bufferLim - bufferEnd) {
|
||||
- /* FIXME avoid integer overflow */
|
||||
int neededSize = len + (int)(bufferEnd - bufferPtr);
|
||||
+/* BEGIN MOZILLA CHANGE (sanity check neededSize) */
|
||||
+ if (neededSize < 0) {
|
||||
+ errorCode = XML_ERROR_NO_MEMORY;
|
||||
+ return NULL;
|
||||
+ }
|
||||
+/* END MOZILLA CHANGE */
|
||||
#ifdef XML_CONTEXT_BYTES
|
||||
int keep = (int)(bufferPtr - buffer);
|
||||
|
||||
@@ -1719,7 +1730,15 @@ XML_GetBuffer(XML_Parser parser, int len)
|
||||
bufferSize = INIT_BUFFER_SIZE;
|
||||
do {
|
||||
bufferSize *= 2;
|
||||
- } while (bufferSize < neededSize);
|
||||
+/* BEGIN MOZILLA CHANGE (prevent infinite loop on overflow) */
|
||||
+ } while (bufferSize < neededSize && bufferSize > 0);
|
||||
+/* END MOZILLA CHANGE */
|
||||
+/* BEGIN MOZILLA CHANGE (sanity check bufferSize) */
|
||||
+ if (bufferSize <= 0) {
|
||||
+ errorCode = XML_ERROR_NO_MEMORY;
|
||||
+ return NULL;
|
||||
+ }
|
||||
+/* END MOZILLA CHANGE */
|
||||
newBuf = (char *)MALLOC(bufferSize);
|
||||
if (newBuf == 0) {
|
||||
errorCode = XML_ERROR_NO_MEMORY;
|
17
share/security/patches/SA-15:20/expat.patch.asc
Normal file
17
share/security/patches/SA-15:20/expat.patch.asc
Normal file
|
@ -0,0 +1,17 @@
|
|||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2.1.7 (FreeBSD)
|
||||
|
||||
iQIcBAABCgAGBQJV05AbAAoJEO1n7NZdz2rnrksP/3jxGcKHjoTJLwf4k4Mgwrlw
|
||||
rxROcgN1v78gvmKO8RvMSh+/xVIbkV0gDANwoKRilRkA4Pyf5s7adv2QzyrpqXIv
|
||||
lz/gGOU6RZuA9jBtml/fRot4m7o2jXOlmVtnFFcg7rLHwKlH1x0lzWm4ynHH0cW7
|
||||
a8ia6JOvaeTTvnclUIe69OEhucqgDh0+/mtDEfHTUvqBQ6P/JYt5vLYJ8uLdz+rs
|
||||
mwHJDnoDq6Si0zprd75oqWY+k/pw70mYjhuPInm/skHgJNLVrmG4qqUk0krTNiHJ
|
||||
tiXw1omNhcU6RKlUWSm33RvVZAoXUtVuezrN+49XufwpcggY0N38lFVVf3Qifqv7
|
||||
GblmmQLgG4kpnwfJQTyRSHUbx8nB6US8c521gdEVJzaOiegBITtjT/oFP+tB5oXc
|
||||
6lXDTqYFODSYnPObObWOxO26ZCsbEnDeDuG4DzAVzmznTyGcBmCUMga1PKDiEKpP
|
||||
zmz5J/r+NqpQLBNxIkIrzgw9glH3mIYMci7Scx7GS7i5BsI9JXhxjybWlzofNh1/
|
||||
1b3IbJFDFHyGYCkMXko0XSC8lVkmz4ycFxvRka06+T8veGqACjiDfmS5s9G2+mXt
|
||||
rbzUgchdMXSKb264MU4Z9UPoRLwp9G0uYWaipmlohEZ21uA9rVv93USrXVnKnOB0
|
||||
s+eP4ITZ2Q/lIej858xV
|
||||
=cOv7
|
||||
-----END PGP SIGNATURE-----
|
|
@ -10,6 +10,14 @@
|
|||
<month>
|
||||
<name>8</name>
|
||||
|
||||
<day>
|
||||
<name>18</name>
|
||||
|
||||
<advisory>
|
||||
<name>FreeBSD-SA-15:20.expat</name>
|
||||
</advisory>
|
||||
</day>
|
||||
|
||||
<day>
|
||||
<name>5</name>
|
||||
|
||||
|
|
|
@ -7,6 +7,26 @@
|
|||
<year>
|
||||
<name>2015</name>
|
||||
|
||||
<month>
|
||||
<name>8</name>
|
||||
|
||||
<day>
|
||||
<name>30</name>
|
||||
|
||||
<notice>
|
||||
<name>FreeBSD-EN-15:13.vidcontrol</name>
|
||||
</notice>
|
||||
|
||||
<notice>
|
||||
<name>FreeBSD-EN-15:12.netstat</name>
|
||||
</notice>
|
||||
|
||||
<notice>
|
||||
<name>FreeBSD-EN-15:11.toolchain</name>
|
||||
</notice>
|
||||
</day>
|
||||
</month>
|
||||
|
||||
<month>
|
||||
<name>6</name>
|
||||
|
||||
|
|
Loading…
Reference in a new issue