Add two new erratas.

svn path=/head/; revision=46795

share/security/advisories/FreeBSD-EN-15:06.file.asc

@@ -0,0 +1,175 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-15:06.file                                           Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          Version and security update of file(1) and libmagic(3)
+
+Category:       contrib
+Module:         file
+Announced:      2015-06-09
+Affects:        All supported versions of FreeBSD.
+Corrected:      2015-01-23 18:48:59 UTC (stable/10, 10.1-STABLE)
+                2015-06-09 22:13:25 UTC (releng/10.1, 10.1-RELEASE-p11)
+                2015-01-23 18:50:36 UTC (stable/9, 9.3-STABLE)
+                2015-06-09 22:13:53 UTC (releng/9.3, 9.3-RELEASE-p15)
+                2015-05-09 23:53:25 UTC (stable/8, 8.4-STABLE)
+                2015-06-09 22:13:53 UTC (releng/8.4, 8.4-RELEASE-p29)
+CVE Name:       CVE-2014-0207, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480,
+                CVE-2014-3487, CVE-2014-3538, CVE-2014-3587, CVE-2014-9620,
+                CVE-2014-9621, CVE-2014-9653
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.freebsd.org/>.
+
+I.   Background
+
+The file(1) utility attempts to classify file system objects based on
+filesystem, magic number and language tests.
+
+The libmagic(3) library provides most of the functionality of file(1)
+and may be used by other applications.
+
+II.  Problem Description
+
+There are a number of denial of service issues when handling complex
+files, for instance Portable Executable (PE) files and ELF files parsing
+code with libmagic(3) and in turn file(1).
+
+III. Impact
+
+An attacker who can cause file(1) or any other applications using the
+libmagic(3) library to be run on a maliciously constructed input can
+cause the application to crash or consume excessive CPU resources,
+resulting in a denial-of-service.
+
+IV.  Workaround
+
+System administrators who run file(1) and libmagic(3) against untrusted
+files, for instance when running with a mail server's mail scanner, are
+advised to configure the scanner in a way so that they do not call file(1)
+or libmagic(3) to conduct deep inspection of input files.  Most of these
+scanners does not really need the in-depth analysis and the file type
+determined by libmagic is already sufficient.
+
+V.   Solution
+
+This errata replaces the base system file(1) and libmagic(3) with the
+version 5.22.
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+2) To update your present system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+3) To update your present system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 10.1]
+# fetch https://security.FreeBSD.org/patches/EN-15:06/file-10.1.patch
+# fetch https://security.FreeBSD.org/patches/EN-15:06/file-10.1.patch.asc
+# gpg --verify file-10.1.patch.asc
+
+[FreeBSD 9.3]
+# fetch https://security.FreeBSD.org/patches/EN-15:06/file-9.3.patch
+# fetch https://security.FreeBSD.org/patches/EN-15:06/file-9.3.patch.asc
+# gpg --verify file-9.3.patch.asc
+
+[FreeBSD 8.4]
+# fetch https://security.FreeBSD.org/patches/EN-15:06/file-8.4.patch
+# fetch https://security.FreeBSD.org/patches/EN-15:06/file-8.4.patch.asc
+# gpg --verify file-8.4.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart all deamons using the library, or reboot the system.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/8/                                                         r283135
+releng/8.4/                                                       r284194
+stable/9/                                                         r277593
+releng/9.3/                                                       r284194
+stable/10/                                                        r277592
+releng/10.1/                                                      r284193
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0207>
+
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3478>
+
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3479>
+
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3480>
+
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3487>
+
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538>
+
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3587>
+
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9620>
+
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9621>
+
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9653>
+
+The latest revision of this Errata Notice is available at
+https://security.FreeBSD.org/advisories/FreeBSD-EN-15:06.file.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.4 (FreeBSD)
+
+iQIcBAEBCgAGBQJVd2aEAAoJEO1n7NZdz2rnEVQP/2OPfepmvG2/vYrH3bKDHPRi
+12QFfE3Ylr8ctoDQRCBazdxhzLEMxdP3g9icJ0ZbnDWVmFtM9BwDfCrkcYmI6uCt
+0E1usrqHs6qthm4i1UAwRu4v71LM2yllHCaLt/XWxWDXsbI/vA5wkZgfgZK8kZWW
+PAiBUuI1bM4pegi+yymgMRoHquoyB0x2jNBKywnb9KT7m8Br9uYnJrCajI6G9HUy
+/eQKtefOVQat0trIoOwXS7cIZhLWJlVAKUinBjb2IGHxkWOrUhgXlPCpB4efS0pG
+IqEv2gvHpxllgmf+4leqNXYT8R1EUu+3OE6SbN7jV+RwgPc0TNUxC4Bkb6r1LoSH
+BRf5FMuVDYAlDKDz4j8NY0v84PpD9d37w7SSBZPiR+Fwn5xs0F4PjsU2c+tPEnVD
+Sn1vYkafvC+KXsuJtmd4sqb1zLRdpOGDxruA0VtOKATA1sDa1QZIBTB7w7iZ03f5
+umCpU8p5mo7a9AroavUEZkcpu4w5BptAsgYoBdOeKHhStBtPlXiGpML8zLhj1qnL
+hGF6RY2QrhD35C7OIer1ji0F2pEKkFfaeAqkvIXmYJaH+KQeIrEdt+ki2GStW1m9
+OdL79RMreVGE1DuX/2puBxKcMsQR+fas4L4uGi46MDXXMeV0LKJHiAT2twJlDOL/
+mc3UcOeMcAfOkINcpGuD
+=8/lF
+-----END PGP SIGNATURE-----

share/security/advisories/FreeBSD-EN-15:07.zfs.asc

@@ -0,0 +1,139 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-15:07.zfs                                            Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          ZFS Reliability Improvements
+
+Category:       contrib
+Module:         zfs
+Announced:      2015-06-09
+Affects:        FreeBSD 10.1 and later
+Corrected:      2014-12-05 00:32:33 UTC (stable/10, 10.1-STABLE)
+                2015-06-09 22:13:25 UTC (releng/10.1, 10.1-RELEASE-p11)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.freebsd.org/>.
+
+I.   Background
+
+ZFS is one of several filesystems available on FreeBSD.
+
+ZFS on FreeBSD supports TRIM/UNMAP which helps flash based storage medium to
+maintain peek performance.
+
+ZFS uses different layers of disk cache to speed up read and write
+operations, and supports second level ARC (L2ARC) which can be used as a
+second layer cache, which provides storage for less frequently accessed
+data that would not fit into RAM but still accessed often, providing
+optimal cost for performance.
+
+ZFS supports compression in L2ARC data which optimizes its space efficiency.
+
+II.  Problem Description
+
+When the ZFS filesystem on a file backed pool is used with TRIM support
+enabled, which is the default, ZIO_TYPE_FREE requests where incorrectly
+processed as a write request.
+
+When the ZFS filesystem is using L2ARC and when L2ARC compression is used,
+the compression buffer are not properly released sometimes.
+
+III. Impact
+
+The first problem will panic the system when it happens.
+
+The second problem will exhibit as a memory leak, which would lead to
+performance degradation and eventually a memory overflow, which would
+lead to a panic.
+
+IV.  Workaround
+
+The first issue can be mitigated by disabling TRIM for ZFS using
+the loader option vfs.zfs.trim.enabled=0.
+
+The second issue can be mitigated by disabling L2ARC.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+2) To update your present system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+3) To update your present system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-15:07/zfs.patch
+# fetch https://security.FreeBSD.org/patches/EN-15:07/zfs.patch.asc
+# gpg --verify 15:07.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/10/                                                        r275492
+releng/10.1/                                                      r284193
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+The latest revision of this Errata Notice is available at
+https://security.FreeBSD.org/advisories/FreeBSD-EN-15:07.zfs.asc
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.4 (FreeBSD)
+
+iQIcBAEBCgAGBQJVd2aYAAoJEO1n7NZdz2rn3ZAP/jqu2sz0LU20D1zdb3bpz8ui
+QsFeKs2gk5e00T0qqWio9RxXpSxzV1XNEw8jVz2JDsgCQf4V6UwHklgf9E+Pg9DA
+/9HNnrCuNsnlodOOqCPEETPkEWCKiPoiHXv29YzNVZDtlTXE9ysxnQgpD6IfI1AU
+HpyH//OKN+z03eNR/vSdCbvZhemn/+An4AxX8nFegeGXBjxUBE1Hf6Aek2AYKz2Q
+69nwvK56AN05FvVN+oegFdLaG9Lcv5kPnNFLoMDMGazGd/3VBfYE7ACQT2AETc/7
+DuVCrP3ewG3uftNKBEomJkPWTeKLBGZLP3pHZK1BlGlXUlHvpEbEzy0BjJevt4Zt
+6MxHT2xya8H5q8k6nfVnRB2+XhJ82nJMnZIN0cLiqdAgbRdFCS5QlOwLpXpak0tA
+EOTcjsFBTCXQiuO6JLAHn0oprBrA6mMoHxHZGErG6yFGf4PNotG70s8hOH9hxvoG
+bjdtvcbCewPqaUz54vwkp1walgK7i61waDTWNMeLdt9OPncdBO/1N5+jNAV87bLm
+iqxqp6bcHFIoVaHLhE5xxRrmiJg4J/8z2PUjuyfxnWyslMkm4s7siiQ3HIacFdE6
+7GeTDnU28Ui0JTbGx8c6QGRKhOEp0FdvmHmXXHtKBvo/yjdMy2yMg82RHMNxIQKd
+z4HmBIQGnSf4ysgAunpN
+=fmGr
+-----END PGP SIGNATURE-----