Add SA-14:17.kmem and EN-14:09.jail.

svn path=/head/; revision=45230
2014-07-08 22:23:25 +00:00 · 2014-07-08 22:23:25 +00:00 · d126e9c52b · 2020-12-08 03:00:23 +00:00
commit d126e9c52b
parent 85345b9d9e
12 changed files with 1187 additions and 0 deletions
--- a/share/security/advisories/FreeBSD-EN-14:09.jail.asc
+++ b/share/security/advisories/FreeBSD-EN-14:09.jail.asc
@ -0,0 +1,121 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-14:09.jail						Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          Jail fails to start if WITHOUT_INET/WITHOUT_INET6 is used
+
+Category:       core
+Module:         jail
+Announced:      2014-07-08
+Credits:        Eugene Grosbein, Chris Rees
+Affects:        FreeBSD 8.4
+Corrected:      2014-07-02 19:18:59 UTC (stable/8, 8.4-STABLE)
+                2014-07-08 21:55:39 UTC (releng/8.4, 8.4-RELEASE-p14)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:http://security.freebsd.org/>.
+
+I.   Background
+
+The jail(8) utility creates new jails, or modifies or removes existing
+jails.
+
+II.  Problem Description
+
+The jail(8) rc(8) script used to start jails on the system does not
+properly detect if an address protocol is in use on the system.
+
+III. Impact
+
+When the FreeBSD kernel and userland are built either without IPv4 or IPv6
+support by defining WITHOUT_INET or WITHOUT_INET6 in src.conf(5), the jail(8)
+will fail to start with an non-descriptive error.
+
+IV.  Workaround
+
+No workaround is available, however systems that do not define WITHOUT_INET
+or WITHOUT_INET6 are not affected.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+2) To update your present system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/EN-14:09/jail.patch
+# fetch http://security.FreeBSD.org/patches/EN-14:09/jail.patch.asc
+# gpg --verify jail.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>.
+
+3) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/8/                                                         r268168
+releng/8.4/                                                       r268435
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:http://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+The latest revision of this Errata Notice is available at
+http://security.FreeBSD.org/advisories/FreeBSD-EN-14:09.jail.asc
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2
+
+iQIcBAEBCgAGBQJTvG0oAAoJEO1n7NZdz2rnEeUP+gJuYN0VoSbT+0zPJH9u61/K
+gJma3dUY4zuKDRyLhYNTCM+fKIwCZ07+9lesAeDm8mXts0UGGvjSHVqxXlG1hiGi
+2W8AxNzvV0FQuE6awlz8dDE2ikATkae7VPBoLraq0a7CEH4kW/mnl4+xQ3I2Hgc+
+wTmF+R13mb905xbF+52aj1jDUus8+ZFuDY0VRV3IY34i9OxcnoQO+T8v1w6d9ly3
+KbHmZXd2LPS0yeITAWuk4p1gwl8vi7uz7IiJcxrw/YEOUC6LkHO5/JUPRDz1O5Dd
+snRmFFF5w77u5bYWpHHU6kw4/k0GwuS1jfQnQm1ag/Gl8A1O4BA4ixvItOrU/FiT
+KxoOsdrMgD9jvIyHKOGPyio+FQuRdn+TsyE7WDw/MO2sZ3Et8nG49PccSbFQxuWu
+IFXoK+1gI1Vst5YlMUwbCwQRCuBawaUVhfWqF5jIeVvW2uPRr6S1rIJOyGy/HlKO
+HwdEtBbDcukWYojjG3pcORdv/HaQkN47NrJrJ6bWldJCshhSwPJ1ivyKLL16hjf2
+H/Tk+IHfVULjxgMEY7wQ3fL6kkgMHbrfxhBSy6LVYJggzvV+hgJXNY0116gUuAhA
+5UTKFfEHyXDtlgsTHSyETiHw3qXQ6JmyNUPepuAcf1Ly/yTvlFPhM56R52ZjBLRs
+rQOf3Vdelgpnpo4olu7L
+=4r/Q
+-----END PGP SIGNATURE-----
--- a/share/security/advisories/FreeBSD-SA-14:17.kmem.asc
+++ b/share/security/advisories/FreeBSD-SA-14:17.kmem.asc
@ -0,0 +1,170 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-14:17.kmem                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Kernel memory disclosure in control messages and SCTP
+		notifications
+
+Category:       core
+Module:         kern, sctp
+Announced:      2014-07-08
+Credits:        Michael Tuexen
+Affects:        All supported versions of FreeBSD.
+Corrected:      2014-07-08 21:54:50 UTC (stable/10, 10.0-STABLE)
+                2014-07-08 21:55:27 UTC (releng/10.0, 10.0-RELEASE-p7)
+                2014-07-08 21:54:50 UTC (stable/9, 9.3-PRERELEASE)
+                2014-07-08 21:55:27 UTC (releng/9.3, 9.3-RC3-p1)
+                2014-07-08 21:55:27 UTC (releng/9.3, 9.3-RC2-p1)
+                2014-07-08 21:55:27 UTC (releng/9.3, 9.3-RC1-p2)
+                2014-07-08 21:55:27 UTC (releng/9.3, 9.3-BETA3-p2)
+                2014-07-08 21:55:27 UTC (releng/9.2, 9.2-RELEASE-p10)
+                2014-07-08 21:55:27 UTC (releng/9.1, 9.1-RELEASE-p17)
+                2014-07-08 21:54:50 UTC (stable/8, 8.4-STABLE)
+                2014-07-08 21:55:39 UTC (releng/8.4, 8.4-RELEASE-p14)
+CVE Name:       CVE-2014-3952, CVE-2014-3953
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+The control message API is used to construct ancillary data objects for
+use in control messages sent and received across sockets and passed via
+the recvmsg(2) and sendmsg(2) system calls.
+
+II.  Problem Description
+
+Buffer between control message header and data may not be completely
+initialized before being copied to userland. [CVE-2014-3952]
+
+Three SCTP cmsgs, SCTP_SNDRCV, SCTP_EXTRCV and SCTP_RCVINFO, have implicit
+padding that may not be completely initialized before being copied to
+userland.  In addition, three SCTP notifications, SCTP_PEER_ADDR_CHANGE,
+SCTP_REMOTE_ERROR and SCTP_AUTHENTICATION_EVENT, have padding in the
+returning data structure that may not be completely initialized before
+being copied to userland.  [CVE-2014-3953]
+
+III. Impact
+
+An unprivileged local process may be able to retrieve portion of kernel
+memory.
+
+For the generic control message, the process may be able to retrieve a
+maximum of 4 bytes of kernel memory.
+
+For SCTP, the process may be able to retrieve 2 bytes of kernel memory
+for all three control messages, plus 92 bytes for SCTP_SNDRCV and 76
+bytes for SCTP_EXTRCV.  If the local process is permitted to receive
+SCTP notification, a maximum of 112 bytes of kernel memory may be
+returned to userland.
+
+This information might be directly useful, or it might be leveraged to
+obtain elevated privileges in some way.  For example, a terminal buffer
+might include a user-entered password.
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 10.0]
+# fetch http://security.FreeBSD.org/patches/SA-14:17/kmem.patch
+# fetch http://security.FreeBSD.org/patches/SA-14:17/kmem.patch.asc
+# gpg --verify kmem.patch.asc
+
+[FreeBSD 8.4, 9.2 and 9.3-RC]
+# fetch http://security.FreeBSD.org/patches/SA-14:17/kmem-89.patch
+# fetch http://security.FreeBSD.org/patches/SA-14:17/kmem-89.patch.asc
+# gpg --verify kmem.patch.asc
+
+[FreeBSD 9.2]
+# fetch http://security.FreeBSD.org/patches/SA-14:17/kmem-9.1.patch
+# fetch http://security.FreeBSD.org/patches/SA-14:17/kmem-9.1.patch.asc
+# gpg --verify kmem.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+3) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/8/                                                         r268432
+releng/8.4/                                                       r268435
+stable/9/                                                         r268432
+releng/9.1/                                                       r268434
+releng/9.2/                                                       r268434
+releng/9.3/                                                       r268433
+stable/10/                                                        r268432
+releng/10.0/                                                      r268434
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:http://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3952>
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3953>
+
+The latest revision of this advisory is available at
+<URL:http://security.FreeBSD.org/advisories/FreeBSD-SA-14:17.kmem.asc>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2
+
+iQIcBAEBCgAGBQJTvG0nAAoJEO1n7NZdz2rn9w0QANVDZ/92sbXjrREbn/qDto75
+opjg7cJUne0tAkeqoCxYNiCT0yxI4M37N41Hvq1ZbA0HFgodjb5s6pXTZ4baB4PH
+CKxMvk8NB8PAw3+JfG9Ec8e4MaUd0Md04yNx/Ej1zdDz75rhHcqGiK2Agm086RSV
+K7TyzZXr1QrjJCSltM5dcXHacMgIZ7OxxY/e4DrI7tsEQk50wmlSKcZZI0GC8o+p
+DzhcMP+7qN9wNcZaXNNlLxLlthjlwudnGuFwg4DzkUCjCu2ooyerOref4UDWXmN8
+bky3U9wx5PnM/LmocWAPYCgA58WckbPooiWEWGWJJeogbVi6+vVNOe1516vAeTep
+MyGLpdP6v2tSo6XI33yd2YrxDMGOdFN1+ZfeDvFyBk9JFEfMhKHio84967hQRQN6
+pz1+0Ga119akQZKnBs3z9YhPze26sJB+tgTdIUJnunVysdslKI2EYcJ1R+UNIoDB
+h5XClPqAWyupfohp2TD8vM5RT+x6CaeW4P08KRpg8PTmqHi7CNB5wgFASG2uC/BT
+3qZDebjE7CMCQ35wEWBwVHt8SK0MwaIb9u4A+Fxf/plNDwqKqtQ7LdhI/fabJl5T
+IP3RbQLdiGyRAtOwcgXbmIGd2k3E9TNCQa5AdiUjiE5zGcRUs3iywVtyvellnVpI
+yAc2ussNLU5vJef4t30X
+=u6Xe
+-----END PGP SIGNATURE-----