os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Add 3 new advisories:

Browse source 
Fix devfs rules not applied by default for jails. [SA-14:07]

Fix OpenSSL use-after-free vulnerability. [SA-14:08]

Fix TCP reassembly vulnerability. [SA-14:09]
This commit is contained in:
Xin LI 2014-04-30 04:32:38 +00:00
parent 1894c1d552
commit e4e2190aed
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=44715
10 changed files with 561 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

149
share/security/advisories/FreeBSD-SA-14:07.devfs.asc Normal file
View file

@ -0,0 +1,149 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-SA-14:07.devfs Security Advisory
The FreeBSD Project
Topic: devfs rules not applied by default for jails
Category: core
Module: etc_rc.d
Announced: 2014-04-30
Affects: FreeBSD 10.0
Corrected: 2014-04-30 04:03:05 UTC (stable/10, 10.0-STABLE)
2014-04-30 04:04:42 UTC (releng/10.0, 10.0-RELEASE-p2)
CVE Name: CVE-2014-3001
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.
I. Background
The device file system, or devfs(5), provides access to kernel's device
namespace in the global file system namespace.
The devfs(5) rule subsystem provides a way for the administrator of a system
to control the attributes of DEVFS nodes. Each DEVFS mount-point has a
``ruleset'', or a list of rules, associated with it, allowing the
administrator to change the properties, including the visibility, of certain
nodes.
II. Problem Description
The default devfs rulesets are not loaded on boot, even when jails are used.
Device nodes will be created in the jail with their normal default access
permissions, while most of them should be hidden and inaccessible.
III. Impact
Jailed processes can get access to restricted resources on the host system.
For jailed processes running with superuser privileges this implies access
to all devices on the system. This level of access could lead to information
leakage and privilege escalation.
IV. Workaround
Systems that do not run jails are not affected.
The system administrator can do the following to load the default ruleset:
/etc/rc.d/devfs onestart
Then apply the default ruleset for jails on a devfs mount using:
devfs -m ${devfs_mountpoint} rule -s 4 applyset
Or, alternatively, the following command will apply the ruleset over all devfs
mountpoints except the host one:
mount -t devfs | grep -v '^devfs on /dev ' | awk '{print $3;}' | \
xargs -n 1 -J % devfs -m % rule -s 4 applyset
After this, the system administrator should add the following configuration
to /etc/rc.conf to make it permanent, so the above operations do not have
to be done each time the host system reboots.
devfs_load_rulesets="YES"
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch http://security.FreeBSD.org/patches/SA-14:07/devfs.patch
# fetch http://security.FreeBSD.org/patches/SA-14:07/devfs.patch.asc
# gpg --verify devfs.patch.asc
b) Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
# install -o root -g wheel -m 444 etc/defaults/rc.conf /etc/defaults/
Follow the steps described in the "Workaround" section, or reboot the
system.
3) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/10/ r265122
releng/10.0/ r265124
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:http://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3001>
The latest revision of this advisory is available at
<URL:http://security.FreeBSD.org/advisories/FreeBSD-SA-14:07.devfs.asc>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (FreeBSD)
iQIcBAEBCgAGBQJTYHsGAAoJEO1n7NZdz2rnXsQP/iInaOcBlBDIsZokdpQCgAoF
eSKuD5ihYTnlUew9l7lsizOn9se8Lj692FOXWsAjVqodp+A+ew8mUYNBjrOZnPDq
HMo/yV7iYHNMUFHOOa7baeUO5M84KIGwTvaWIhMtb7QsRIn3KkJaxBL75LbTjtAa
odBrXv+/3K2aG0s7rVGtykmWaWmmo/fln27wtZTo0jzLikw3l/iSNsW7qy3RZWKh
g48nf+yNlFPhUpcNnvtjdziw04aCT9KGLfJ8csY5inM5LgLs9TcXCYoHyFqyNWeD
f0+dEbUDTp/ATppz6cCovjpFbBS6wKfg1k3JoVBNtrVOyu7+qgTQi58JnVpmLdBx
s7msIWf/LlIiA9Jz0RKEdFbRBw1UVc45Zxse8gzVRnCxIwywFEuXDPQ0a3UxnQ1c
Te0/QQ/rodS/WpELhhu3DGq3aONbznuP/NzQRSQpe1Oqr56+ATiiUo7ITXjm7fpW
iqJ9I0BfeyrP/mI3cs2D8V6hOHqrlgdOSgoUwjpNcZCkO2yo/vl0Sk/NEhMhfHYO
Wn3Dc/dQYwgFjqL1UW4WGKe/j/SW/JFLyb0+r/mIDq8Z2en1kBSHWBtvRu2hoFc+
mMZ2UpwxBXF71zeslajuGIZ/tfIsHmGLjj6BsRQcdbinEodwIJnlDb5y/KmsBV0w
Yyigteth/aK/m3ikDCGs
=qxER
-----END PGP SIGNATURE-----

154
share/security/advisories/FreeBSD-SA-14:08.tcp.asc Normal file
View file

@ -0,0 +1,154 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-SA-14:08.tcp Security Advisory
The FreeBSD Project
Topic: TCP reassembly vulnerability
Category: core
Module: inet
Announced: 2014-04-30
Credits: Jonathan Looney
Affects: All supported versions of FreeBSD.
Corrected: 2014-04-30 04:04:20 UTC (stable/8, 8.4-STABLE)
2014-04-30 04:05:47 UTC (releng/8.4, 8.4-RELEASE-p9)
2014-04-30 04:05:47 UTC (releng/8.3, 8.3-RELEASE-p16)
2014-04-30 04:04:20 UTC (stable/9, 9.2-STABLE)
2014-04-30 04:05:47 UTC (releng/9.2, 9.2-RELEASE-p5)
2014-04-30 04:05:47 UTC (releng/9.1, 9.1-RELEASE-p12)
2014-04-30 04:03:05 UTC (stable/10, 10.0-STABLE)
2014-04-30 04:04:42 UTC (releng/10.0, 10.0-RELEASE-p2)
CVE Name: CVE-2014-3000
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.
I. Background
The Transmission Control Protocol (TCP) of the TCP/IP protocol suite
provides a connection-oriented, reliable, sequence-preserving data
stream service. When network packets making up a TCP stream (``TCP
segments'') are received out-of-sequence, they are maintained in a
reassembly queue by the destination system until they can be re-ordered
and re-assembled.
II. Problem Description
FreeBSD may add a reassemble queue entry on the stack into the segment list
when the reassembly queue reaches its limit. The memory from the stack is
undefined after the function returns. Subsequent iterations of the
reassembly function will attempt to access this entry.
III. Impact
An attacker who can send a series of specifically crafted packets with a
connection could cause a denial of service situation by causing the kernel
to crash.
Additionally, because the undefined on stack memory may be overwritten by
other kernel threads, while extremely difficult, it may be possible for
an attacker to construct a carefully crafted attack to obtain portion of
kernel memory via a connected socket. This may result in the disclosure of
sensitive information such as login credentials, etc. before or even
without crashing the system.
IV. Workaround
It is possible to defend to these attacks by doing traffic normalization
using a firewall. This can be done by including the following /etc/pf.conf
configuration:
scrub in all
This requires pf(4) to be enabled, and have the mentioned configuration
loaded.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch http://security.FreeBSD.org/patches/SA-14:08/tcp.patch
# fetch http://security.FreeBSD.org/patches/SA-14:08/tcp.patch.asc
# gpg --verify tcp.patch.asc
b) Apply the patch.
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
3) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/8/ r265123
releng/8.3/ r265125
releng/8.4/ r265125
stable/9/ r265123
releng/9.1/ r265125
releng/9.2/ r265125
stable/10/ r265122
releng/10.0/ r265124
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:http://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3000>
The latest revision of this advisory is available at
<URL:http://security.FreeBSD.org/advisories/FreeBSD-SA-14:08.tcp.asc>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (FreeBSD)
iQIcBAEBCgAGBQJTYHsHAAoJEO1n7NZdz2rngywP/joAE0afufOlFvOsSxeeXUWg
kNhtEQV5iXgsbu8QPwM/ikmAgg2ONGLQ47A7w7vHF98qg8jk6W1aZCcRE5lIg8hg
WP5boSFvzvTXIQCo8EsIdcbnNBEA6CrtVQOIvWtuow2z8T0MtSou78Ctq2SO0O+8
7lY9pFYguFBgUNmVC6jpChIGJS9uZtdz2Vn697B4fOyv1pn6wenW7teOsyN+4Dyj
7Wq/qppZDrYSnd+YdveUAFCyCoYIXcsLXbeeIVJC2g8x6LlDw8swZElZL6refX6L
UPDBViI3ctAcjEgzAP1fN3d9FpA5oGJ67J9QcDxYIfTj5YrQiYoTs49ER9FD7k9Q
UxrgLamZ45/D762/IpmLHCwD+FWdzhl9wufklUptrHNIyNyovwMxQDNnoGZUIKeZ
x1fAfctXRAztISyQ5xqVw3nKLauPCSG6IniyyZ12BcFxmDvoEcyOFLqB1eN+l5DB
aJvfiA4PjWIV1nVU+w4MKKAQbHQSgh9bu8EvYUuwNrGOtP49RV1HejWD85ePSgtr
KOQ0HU8CGmTpWOMkDQBl8Ap1boP9iUOTRp/WuIxwMi+AqoKRuDrWs0sOAXIksu2s
0sgGnbI0lrg77lBW4FPvMaCg1dlzlfv4J9AExAh6Ur52qxh5GaOcI2NhYWbxvijh
5wgOBszZXV2kPRDAaJTa
=uhXC
-----END PGP SIGNATURE-----

133
share/security/advisories/FreeBSD-SA-14:09.openssl.asc Normal file
View file

@ -0,0 +1,133 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-SA-14:09.openssl Security Advisory
The FreeBSD Project
Topic: OpenSSL use-after-free vulnerability
Category: contrib
Module: openssl
Announced: 2014-04-30
Affects: FreeBSD 10.x.
Corrected: 2014-04-30 04:03:05 UTC (stable/10, 10.0-STABLE)
2014-04-30 04:04:42 UTC (releng/10.0, 10.0-RELEASE-p2)
CVE Name: CVE-2010-5298
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.
I. Background
FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is
a collaborative effort to develop a robust, commercial-grade, full-featured
Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols as well as a full-strength
general purpose cryptography library.
OpenSSL context can be set to a mode called SSL_MODE_RELEASE_BUFFERS, which
requests the library to release the memory it holds when a read or write buffer
is no longer needed for the context.
II. Problem Description
The buffer may be released before the library have finished using it. It is
possible that a different SSL connection in the same process would use the
released buffer and write data into it.
III. Impact
An attacker may be able to inject data to a different connection that they
should not be able to.
IV. Workaround
No workaround is available, but systems that do not use OpenSSL to implement
the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
protocols, or not using SSL_MODE_RELEASE_BUFFERS and use the same process
to handle multiple SSL connections, are not vulnerable.
The FreeBSD base system service daemons and utilities do not use the
SSL_MODE_RELEASE_BUFFERS mode. However, many third party software uses this
mode to reduce their memory footprint and may therefore be affected by this
issue.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch http://security.FreeBSD.org/patches/SA-14:09/openssl.patch
# fetch http://security.FreeBSD.org/patches/SA-14:09/openssl.patch.asc
# gpg --verify openssl.patch.asc
Restart all deamons using the library, or reboot the system.
3) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/10/ r265122
releng/10.0/ r265124
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:http://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/004_openssl.patch.sig>
<URL:https://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest>
<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5298>
The latest revision of this advisory is available at
<URL:http://security.FreeBSD.org/advisories/FreeBSD-SA-14:09.openssl.asc>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (FreeBSD)
iQIcBAEBCgAGBQJTYHsHAAoJEO1n7NZdz2rn2EsP+wYlobS4EiYtgspXAFgKLha1
0aeA7UokUs21QRTV9tIiFD0Se5HwdmHdh94bRJMRFraU22QYbAelG5GPsZPdRCt4
0ECLKUBDK6ng2M7UNyKhkstsL0+wBq6y5dzKjpR49QX4Vh2zEUYw5BcC5vrIk+YK
Qazq8l1t5bl9ebm9rIDmd2uCv/Qe1MgnMlAczeH9HckfzMiH6NhnAuiYpP7K0mIL
By6gpSxsHPeQShgJN/5kJjVGkdQK1/A1q0KnNf5r/itQdSC96NazKpCCpkud6RMm
k9aPxI5As5Scl70zuCUDAS6vbNI3dvzCU46k8t65/FTeYQO2lxje0QZpqaDiB3+2
tbN5kDviQdWHlJyygCeNK3jxdv0H3+zUZidjPuo158Zcbhb4ckTEZtMtgTn0fRoY
alG8qLn3hLj51fPHQK3Ff96xL+1DrhT+3D18OYIbjx7LKtsJJbnorB3jrbW68Ggr
h0bW+8yAm1jDFM4kPQw6gcrmtyjxNhnVRLoeoBPSIkmS9cm+12YcXufbSyLm/WqG
hkpPCrvUXibZmLi0CDlRMhLkjaOUhEXQsV3OR0gCmuFtN52gncyrIoPaxs79HZ1A
g2JxLp7b56B2XOyakEmNc+rqJJkzi+LV8HTp5DcrbXjAunYk9ipfxPakqXFDD6jV
L3ElC6aFDJ2UchtmjBRk
=Y+tE
-----END PGP SIGNATURE-----

13
share/security/patches/SA-14:07/devfs.patch Normal file
View file

@ -0,0 +1,13 @@
Index: etc/defaults/rc.conf
===================================================================
--- etc/defaults/rc.conf (revision 265059)
+++ etc/defaults/rc.conf (working copy)
@@ -649,7 +649,7 @@
devfs_system_ruleset="" # The name (NOT number) of a ruleset to apply to /dev
devfs_set_rulesets="" # A list of /mount/dev=ruleset_name settings to
# apply (must be mounted already, i.e. fstab(5))
-devfs_load_rulesets="NO" # Enable to always load the default rulesets
+devfs_load_rulesets="YES" # Enable to always load the default rulesets
performance_cx_lowest="HIGH" # Online CPU idle state
performance_cpu_freq="NONE" # Online CPU frequency
economy_cx_lowest="HIGH" # Offline CPU idle state

17
share/security/patches/SA-14:07/devfs.patch.asc Normal file
View file

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (FreeBSD)
iQIcBAABCgAGBQJTYHsHAAoJEO1n7NZdz2rn4JoQAKTCSA9tdJAJXkdlJb+ZgX9N
iPCFkpMBHUFLBX3JR2OXCtb+bLaw+Q9//tnONk+52VBgSX6rcNEHsGpcbPA0oUcF
fhQ7XGbrAKrCtJpwOW87tlq0VJBNg1XOEK+hioM+eSiY8KruQZDsM7Aa60zQV4n9
izTtaEmjUHXiwEKcrdOHrHX3blL4ZI4loX8VOQsUXeKJcxIY0ikTqKct/D4cKvQg
1e+DFroOv1eTfML01U36KPadqGrDNBwP07REIhqhlFqjnC2GKbdnh5TpHqpsGqmx
U0+h52JE2BtrLP5lZ8Pc5uqZCg+1G/UWAGt+GsTbnPnGYjgWClWmzrU7XQxShmma
HknWfsmNosOc9Cl8+/jcZuU6f/YNFH++s778P7Y6NXTXBI5RY5d0X44dRwO07ARq
nYX/P+lqiPHpWSBFdGkjlq8rFIF24bMBRbBfc7GzW2GEZcVnhfmYQiYpOyvOpLpn
T3pVPhalbNX1cFqR85mV2N3M0uLi5X56Ahw4P/YubRMXVqGqnHbUtjh4+zgpf2Sn
36Y1IuC8bLYqXewe+yeziz3lQPOOha0xDyx+MBBnI4alXR2fswcWCdkUn1IeAw+o
BxWBjy8373XnxHoOStLoL+O90PPEvCNYPJTXy38OO0bHEYMBvm1L0z2Q0JX9f8os
6h27mvRbLKelL5uRalcq
=rRKI
-----END PGP SIGNATURE-----

32
share/security/patches/SA-14:08/tcp.patch Normal file
View file

@ -0,0 +1,32 @@
Index: sys/netinet/tcp_reass.c
===================================================================
--- sys/netinet/tcp_reass.c (revision 264836)
+++ sys/netinet/tcp_reass.c (working copy)
@@ -211,7 +211,7 @@ tcp_reass(struct tcpcb *tp, struct tcphdr *th, int
* Investigate why and re-evaluate the below limit after the behaviour
* is understood.
*/
- if (th->th_seq != tp->rcv_nxt &&
+ if ((th->th_seq != tp->rcv_nxt || !TCPS_HAVEESTABLISHED(tp->t_state)) &&
tp->t_segqlen >= (so->so_rcv.sb_hiwat / tp->t_maxseg) + 1) {
V_tcp_reass_overflows++;
TCPSTAT_INC(tcps_rcvmemdrop);
@@ -234,7 +234,7 @@ tcp_reass(struct tcpcb *tp, struct tcphdr *th, int
*/
te = uma_zalloc(V_tcp_reass_zone, M_NOWAIT);
if (te == NULL) {
- if (th->th_seq != tp->rcv_nxt) {
+ if (th->th_seq != tp->rcv_nxt || !TCPS_HAVEESTABLISHED(tp->t_state)) {
TCPSTAT_INC(tcps_rcvmemdrop);
m_freem(m);
*tlenp = 0;
@@ -282,7 +282,8 @@ tcp_reass(struct tcpcb *tp, struct tcphdr *th, int
TCPSTAT_INC(tcps_rcvduppack);
TCPSTAT_ADD(tcps_rcvdupbyte, *tlenp);
m_freem(m);
- uma_zfree(V_tcp_reass_zone, te);
+ if (te != &tqs)
+ uma_zfree(V_tcp_reass_zone, te);
tp->t_segqlen--;
/*
* Try to present any queued data

17
share/security/patches/SA-14:08/tcp.patch.asc Normal file
View file

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (FreeBSD)
iQIcBAABCgAGBQJTYHsIAAoJEO1n7NZdz2rn4+gP/jJtvvI8bBFC/GwM9Au9uoMX
unxJheHR1+CJatBvdYloTWYFxSY11r8/gx2OCO+LmthgbISImbzRpNJUYFM1UrKc
zyNDakOzN94GViKfvBk33+R6zZyl7DDumjHtBPfldh3wWq3MZFJWOv0bXIJGGeUL
wMx8pdS3D15hjumSFWNz8W0B9H7aTr7fOlPw29VhR43EJKDAS9Zh//2249KmvMHG
6WnDtjZ3ECwU9ULtIooQGasSQK4Lr03L8Ok+cAl4gD+RZb+XAsHvIXfC9ZSzwEjx
t6p9cjTackdctgbXgIZyTFPjsV5QxVzqhRfWbL3Ykraa0bm0F4s3b67GlNF5krqg
1WUkw8dwSJ+f2QKe3rjLIp9UioF6x1eGw2Eh6VB46SGHt2ZRhLtLoDjz2Yv5p+IV
63azOIfxouvpK7N27EaEiRQCf+Ulo2+2nB2xUsdXnXXsGYwQK3xYcxk8fi8V/lXx
wbJztnD0KnlY/ms82nNgmd15o+8bckymSlsvZWCFLhiOfJpT9zmRDUZMrBFUFb7H
lr3yW5RmxwGx/t3y1fiH96ZwnmoQkwhNNSkbi8CoaVLXPSNwGe+W2DpMxC1T+LNc
WCCwwtWdrIKysQkV0N2esohPby0OOqpg6mhKSF6jkYookryKgGrfyr7jfSrOlG7N
h/vSkWl6T/d3uhWrEkno
=Ig1P
-----END PGP SIGNATURE-----

13
share/security/patches/SA-14:09/openssl.patch Normal file
View file

@ -0,0 +1,13 @@
Index: crypto/openssl/ssl/s3_pkt.c
===================================================================
--- crypto/openssl/ssl/s3_pkt.c (revision 265054)
+++ crypto/openssl/ssl/s3_pkt.c (working copy)
@@ -1055,7 +1055,7 @@ start:
{
s->rstate=SSL_ST_READ_HEADER;
rr->off=0;
- if (s->mode & SSL_MODE_RELEASE_BUFFERS)
+ if (s->mode & SSL_MODE_RELEASE_BUFFERS && s->s3->rbuf.left == 0)
ssl3_release_read_buffer(s);
}
}

17
share/security/patches/SA-14:09/openssl.patch.asc Normal file
View file

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (FreeBSD)
iQIcBAABCgAGBQJTYHsIAAoJEO1n7NZdz2rnXW4QAOUbg8DpatUc/RbzTsQErhqI
HpxblP5yry0FkEXKU242ISjfeWEdq8TcnrheXwBGwOu09HK+et435I3TmAkLwhxN
X+pwmhVL5zgFykL/q+CfidiqdM6hSA1ucUxKgsa3bDGh0k1VLxrkB+ZRa9pFJmMF
tkI39NewPUoI7aBLy4P54ifOXKh9XFKwidxf55m+2XCIcLQftJ6QWcnGpRYZCOEs
CkUDwpmVPS/7nszif2mLtM9WHdiNme951GTBm1WKlqDy9+fajlk/Wxz6QxcAfdwj
3nZ75AVyPc9oSVl3iTRhYVUj2TiO+IQjoxCTMjEc/+HcIylXXxLxyPhQwm6rGW9H
bJudJIV3ysmOa/0PMZyYld0+xt1wepWwTKns3JcmEApkjmt768ZGH1a1aH4i8Gde
ksVxnipQtg2n0KaVJG5y0SlFt0RG8kJQBvLJoplz0PKL833hfpFkApHkuILjjjqk
z2VchAGSGa9hQRh+pGdufSqezXNYpZ120iTgTNbzuhGpBrWEWj/cC50ieQMlQE3l
r7GNFJDmxJUnj4TRjMqWaJg0IOdhPqnjwQ6OmMi+wl87JLKqnLWQWbk4hIh8tnTU
hr44gjb5tVJMDmwg+Lft7h4Ziq7f3uAUeolY8YOkcoYtCXNnrXmRmiO2LMafj+E4
7IIuPElJQFIzvoTsFTDI
=nMI1
-----END PGP SIGNATURE-----

16
share/xml/advisories.xml
View file

@ -10,6 +10,22 @@
<month>
<name>4</name>
<day>
<name>30</name>
<advisory>
<name>FreeBSD-SA-14:09.openssl</name>
</advisory>
<advisory>
<name>FreeBSD-SA-14:08.tcp</name>
</advisory>
<advisory>
<name>FreeBSD-SA-14:07.devfs</name>
</advisory>
</day>
<day>
<name>08</name>