os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Add latest batch of security advisories and errata notices.

Browse source
This commit is contained in:
Xin LI 2015-02-25 06:25:59 +00:00
parent 41b4e3632d
commit f01c32e590
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=46288
23 changed files with 161579 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

132
share/security/advisories/FreeBSD-EN-15:01.vt.asc Normal file
View file

@ -0,0 +1,132 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-EN-15:01.vt Errata Notice
The FreeBSD Project
Topic: vt(4) crash with improper ioctl parameters
Category: core
Module: vt
Announced: 2015-02-25
Credits: Francisco Falcon from Core Security Technologies
Affects: FreeBSD 9.3 and FreeBSD 10.1
Corrected: 2015-02-02 18:48:49 UTC (stable/10, 10.1-STABLE)
2015-02-25 05:56:16 UTC (releng/10.1, 10.1-RELEASE-p6)
2015-02-02 18:48:49 UTC (stable/9, 9.3-STABLE)
2015-02-25 05:56:54 UTC (releng/9.3, 9.3-RELEASE-p10)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.freebsd.org/>.
I. Background
The vt(4) device provides multiple virtual terminals with an extensive
feature set.
II. Problem Description
The vt(4) code uses a signed integer as index value and does not test for
negative values.
III. Impact
A local attacker could trigger a panic by tricking the kernel into
accessing undefined kernel memory.
IV. Workaround
No workaround is available, but systems that do not use vt(4) are not
affected.
All affected FreeBSD releases does not ship with vt(4) enabled by
default, and user have to enable them explicitly.
V. Solution
Perform one of the following:
1) Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.
2) To update your present system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
3) To update your present system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/EN-15:01/vt.patch
# fetch https://security.FreeBSD.org/patches/EN-15:01/vt.patch.asc
# gpg --verify vt.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/9/ r278106
releng/9.3/ r279265
stable/10/ r278106
releng/10.1/ r279264
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0998>
<URL:http://www.coresecurity.com/advisories/freebsd-kernel-multiple-vulnerabilities>
The latest revision of this Errata Notice is available at
https://security.FreeBSD.org/advisories/FreeBSD-EN-15:01.vt.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.1 (FreeBSD)
iQIcBAEBCgAGBQJU7Wi8AAoJEO1n7NZdz2rnjXUQAIXWVC52AmDrQHvirZ23Jc84
OnhLpYU3McHxtEpuIRZOcklDwuBQlP/0u1zsHoPvlHP/t6k74SA07MsuYjnUYrom
lF+P9wlmADXXFijGceE3UvdxD574ByyOVuqwvjDMbnxJOCyUNM4NaflZCacpqt4J
P7cpZVBLIh/lmFZYuuyYZ+AKC+02hNGQkLfY010EmPjsZMPYgr6UfRP5UG3+JLvy
LXYXOMkklQst9tSyJoC1QhQ8N6MbvGAjs0f9tO2G3nLkxdSZfAWnIExkACUnhW5G
2JzBJXTrXbyRelX3RmCV93j/9PHkS5Oj85p3fmc8swsdEgyq3e2rVMUdWEtJEZuE
c5lR/cGikMpFlsFnJqNi8LyIoXiGuVfLlhsNZsfjOn4WzenYd5gbmzZFLiu5agfq
TZZOAtpoYv7yvW+t98yZR+wUDQNk0Jsq738FR8qnPG4uN0yFVMjg+EEWMIEA+fnj
rLPxCO798PkpsVgUY+KC02Q/OLDcavWmf4+dGLGXVOHGrdmW4/9mSywiQQEZXl/9
5GsY/5Qy6XmL8bf+I7pa1ozUGvJNZo+GZaak5hnaaaWiAt/aTlf9uoeNCizGo7ad
+srCLTEI0lEo883PrgNE8K1WWbg/by9Nv9YkE9AkPaAt8gIj/sOMuRv5/oGUj94D
v5gabABppiNMM9tNykM9
=7HYa
-----END PGP SIGNATURE-----

150
share/security/advisories/FreeBSD-EN-15:02.openssl.asc Normal file
View file

@ -0,0 +1,150 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-EN-15:02.openssl Errata Notice
The FreeBSD Project
Topic: OpenSSL update
Category: contrib
Module: openssl
Announced: 2015-02-25
Affects: All supported versions of FreeBSD.
Corrected: 2015-01-23 19:14:36 UTC (stable/10, 10.1-STABLE)
2015-02-25 05:56:16 UTC (releng/10.1, 10.1-RELEASE-p6)
2015-02-25 05:56:16 UTC (releng/10.0, 10.0-RELEASE-p18)
2015-01-09 01:11:43 UTC (stable/9, 9.3-STABLE)
2015-02-25 05:56:54 UTC (releng/9.3, 9.3-RELEASE-p10)
2015-01-09 01:11:43 UTC (stable/8, 8.4-STABLE)
2015-02-25 05:56:54 UTC (releng/8.4, 8.4-RELEASE-p24)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.freebsd.org/>.
I. Background
FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is
a collaborative effort to develop a robust, commercial-grade, full-featured
Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
and Transport Layer Security (TLS v1) protocols as well as a full-strength
general purpose cryptography library.
II. Problem Description
The OpenSSL software bundled with the FreeBSD base system has been diverged
due to various security advisories in the past and some reliability fixes
were not merged.
III. Impact
Divergence in the cryptographic code makes it harder to review changes, and
running unique code exposes users who run FreeBSD to possible unique bugs,
if there is any.
IV. Workaround
No workaround is available, but systems that do not use base system OpenSSL
for public facing services are not affected.
V. Solution
Perform one of the following:
1) Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.
2) To update your present system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
3) To update your present system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 8.4]
# fetch https://security.FreeBSD.org/patches/EN-15:02/openssl-8.4.patch
# fetch https://security.FreeBSD.org/patches/EN-15:02/openssl-8.4.patch.asc
[FreeBSD 9.3]
# fetch https://security.FreeBSD.org/patches/EN-15:02/openssl-9.3.patch
# fetch https://security.FreeBSD.org/patches/EN-15:02/openssl-9.3.patch.asc
[FreeBSD 10.0]
# fetch https://security.FreeBSD.org/patches/EN-15:02/openssl-10.0.patch
# fetch https://security.FreeBSD.org/patches/EN-15:02/openssl-10.0.patch.asc
[FreeBSD 10.1]
# fetch https://security.FreeBSD.org/patches/EN-15:02/openssl-10.1.patch
# fetch https://security.FreeBSD.org/patches/EN-15:02/openssl-10.1.patch.asc
# gpg --verify XXXX.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
Restart all deamons using the library, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/8/ r276865
releng/8.4/ r279265
stable/9/ r276865
releng/9.3/ r279265
stable/10/ r277597
releng/10.0/ r279264
releng/10.1/ r279264
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
The latest revision of this Errata Notice is available at
https://security.FreeBSD.org/advisories/FreeBSD-EN-15:02.openssl.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.1 (FreeBSD)
iQIcBAEBCgAGBQJU7WjCAAoJEO1n7NZdz2rnqScP/0nfy96IWKzt6GdHXIF7rgSl
yNF9xCfsG0jYgL2B7eLOmLyqT4+P5kEgarTCncjtDh/YEtfx/xXTseCPCAbVGmre
qhYQ/8J05bmw4vkFUxUtQAt0Kn2e911IfU1BM1J9/7sO39iBZkrbTf+mQ3zbuHP/
0Iluz0vQY4N5qrStywr34Qy3UVzh06YmrNYGryxn+vw4FmGMp0eMeX7SGHO1saAI
Rwe8Q2nArl1pIffMtbB84MU8GphIS9td5U3w7+wJ94r7s9bXULIvKwd91H8+A8sW
njmldZLs4L192Ez7NoL25+uz0AdB0R2Flb9iDwTxDyvuudQeZR0qJAfXU/sbsa6r
PFt41UCV1ZJA0d+N8GG1X2lHBkaw5LWcV5GNKAFwGj659ycYqRndpPhjviM1WLJs
s/zlhM/0z3iFC5EZn0z1oNf8W0AhxGMrGG9EdFLGFE1w0U6BqPujqdZMBoey0y+Q
00O0APcQENNo4jr8xBg/ykzA7cbCao48nbPDOWiY2SLiB+HLdbafapPimndyF0nf
JxOe973UzZVRg+mdni3I6MriK1uaTAjMzNYD5x0avoResocrJKwZVUswNOJV1ONs
gvTvmAAYHGvDXeiV8YP1nb2+G8dusljawRkkY2Hg0yBH6PS+qKfMfCq+UEQ5ewdc
L7YxxXDEwrBgtAkv5A5z
=xouA
-----END PGP SIGNATURE-----

160
share/security/advisories/FreeBSD-EN-15:03.freebsd-update.asc Normal file
View file

@ -0,0 +1,160 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-EN-15:03.freebsd-update Errata Notice
The FreeBSD Project
Topic: freebsd-update updates libraries in suboptimal order
Category: base
Module: freebsd-update
Announced: 2015-02-25
Credits: Brooks Davis
Affects: All supported versions of FreeBSD.
Corrected: 2015-02-09 09:22:47 UTC (stable/10, 10.1-STABLE)
2015-02-25 05:56:16 UTC (releng/10.1, 10.1-RELEASE-p6)
2015-02-25 05:56:16 UTC (releng/10.0, 10.0-RELEASE-p18)
2015-02-09 09:45:58 UTC (stable/9, 9.3-STABLE)
2015-02-25 05:56:54 UTC (releng/9.3, 9.3-RELEASE-p10)
2015-02-09 10:09:46 UTC (stable/8, 8.4-STABLE)
2015-02-25 05:56:54 UTC (releng/8.4, 8.4-RELEASE-p24)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.freebsd.org/>.
I. Background
The freebsd-update(8) utility is used to apply binary patches to FreeBSD
systems installed from official release images, as an alternative to
rebuilding from source. A freebsd-update(8) build server generates the
signed update packages, consisting of an index of files and directories
with checksums before the update, a set of binary patches, and an
index of files and directories with checksums after the update. The
client downloads the indexes, verifies the signatures and checksums,
then downloads and applies the required patches.
II. Problem Description
In general, the runtime linker needs to be updated before all other
libraries, including the standard C library (libc) and the threading
library (libthr), because these libraries depend on functionality of
the runtime linker.
Before this update, the freebsd-update(8) utility did not enforce
this ordering requirement and would replace libthr (and all other
libraries) before updating the runtime linker.
A recent change to the FreeBSD threading library that would prevent
a deadlock in a child process requires a NULL pointer test in the
runtime linker (/libexec/ld-elf.so.1) be in place. Since previous
versions of the runtime linker do not have this test, processes will
crash due to a NULL pointer deference.
III. Impact
If a name-service switch module linked to the threading library -- such
as ldap or winbind -- was configured to provide passwd or group services
in /etc/nsswitch.conf, then all attempts to look up a user or group by
name after the threading library was updated would result in a crash.
Most obviously, all further install(1) invocations by freebsd-update(8)
will crash, leaving the system partially updated and largely unusable.
IV. Workaround
Disabling any name-service switch modules linked to libthr prior to
running the freebsd-update(8) 'upgrade' command works around the issue.
These modules include, but are not limited to, ldap and winbind.
V. Solution
The freebsd-update(8) utility has been updated to install the runtime
linker before any libraries.
You MUST upgrade systems prior to 10.1 to address this errata notice before
updating to 10.1 or later using freebsd-update(8).
Perform one of the following:
1) Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.
2) To update your present system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
3) To update your present system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 9.3]
# fetch https://security.FreeBSD.org/patches/EN-15:03/freebsd-update.patch
# fetch https://security.FreeBSD.org/patches/EN-15:03/freebsd-update.patch.asc
# gpg --verify freebsd-update.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/8/ r278446
releng/8.4/ r279265
stable/9/ r278444
releng/9.3/ r279265
stable/10/ r278443
releng/10.0/ r279264
releng/10.1/ r279264
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
The latest revision of this Errata Notice is available at
https://security.FreeBSD.org/advisories/FreeBSD-EN-15:03.freebsd-update.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.1 (FreeBSD)
iQIcBAEBCgAGBQJU7WjDAAoJEO1n7NZdz2rnkNkQAOJU6l5aKWWwvxU+Bxwc/zV5
DcmGnL+7b/dN2zKdRVz6N54vuFnoUsXMd5EobxdC5MX31Yn/GnL5dQMbJDNAEL8D
I6jYdqf7PQL3v+EBiOFNazjeRbx5EM2gNLfwozv5LHKxER5ggmalmmf168Se4cRX
V+v2i28lCvAgOu3hXLd5gKQ3s8dNh2t/uxWI+fS3Sl6bitC0xVsXFEpTc8qIaJEu
cbVmedRQEoSnQPLdpoSgbmQpjp6/45l/UtLZpK7Cr7h8BHS9wtKdWjjkNL/wyF5j
3p2yanr6koT3P1iAhBJFE/3Dw4h5PlvWH56LP4PJmACuxU02AYrjc/ZVX1IL6bLt
9AuO8W28DTi6q9q8xy+XHcYXuDS4PF3oCDZ92m2iZMHcO747q8UQdKkgCEUfIZ2n
L79Dfkkx0uSmp4FIc1f/T6gDiBkZFRfs4stHRrm9K6nbyvFCAczj8wTUQPDjDUGw
zGH1jN9r/I3mHi3FREd0+w++BYZproepf4yfv5c/UJN9P88vCBAZZqlS1kkxYGUz
jOwzsF/MkpMWW16Xp58f7uwGTVZNTLzoq0r2GTln2R9fQAoQNrJYcBiW48MPSlQe
wef9nRhC8BPOSI70dl5r16/lOu4IuBqwBFiY8QzzDc/DABmaDUQrhLRp+VDHqFeL
taJCUogXb0n1CFub4f9P
=J5C+
-----END PGP SIGNATURE-----

133
share/security/advisories/FreeBSD-SA-15:04.igmp.asc Normal file
View file

@ -0,0 +1,133 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-SA-15:04.igmp Security Advisory
The FreeBSD Project
Topic: Integer overflow in IGMP protocol
Category: core
Module: igmp
Announced: 2015-02-25
Credits: Mateusz Kocielski, Logicaltrust,
Marek Kroemeke, and 22733db72ab3ed94b5f8a1ffcde850251fe6f466
Affects: All supported versions of FreeBSD.
Corrected: 2015-02-25 05:43:02 UTC (stable/10, 10.1-STABLE)
2015-02-25 05:56:16 UTC (releng/10.1, 10.1-RELEASE-p6)
2015-02-25 05:56:16 UTC (releng/10.0, 10.0-RELEASE-p18)
2015-02-25 05:43:02 UTC (stable/9, 9.3-STABLE)
2015-02-25 05:56:54 UTC (releng/9.3, 9.3-RELEASE-p10)
2015-02-25 05:43:02 UTC (stable/8, 8.4-STABLE)
2015-02-25 05:56:54 UTC (releng/8.4, 8.4-RELEASE-p24)
CVE Name: CVE-2015-1414
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
I. Background
IGMP is a control plane protocol used by IPv4 hosts and routers to propagate
multicast group membership information. IGMP version 3 is implemented on
FreeBSD.
II. Problem Description
An integer overflow in computing the size of IGMPv3 data buffer can result
in a buffer which is too small for the requested operation.
III. Impact
An attacker who can send specifically crafted IGMP packets could cause a
denial of service situation by causing the kernel to crash.
IV. Workaround
Block incoming IGMP packets by protecting your host/networks with a firewall.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/SA-15:04/igmp.patch
# fetch https://security.FreeBSD.org/patches/SA-15:04/igmp.patch.asc
# gpg --verify igmp.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/8/ r279263
releng/8.4/ r279265
stable/9/ r279263
releng/9.3/ r279265
stable/10/ r279263
releng/10.0/ r279264
releng/10.1/ r279264
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1414>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-15:04.igmp.asc>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.1 (FreeBSD)
iQIcBAEBCgAGBQJU7WjDAAoJEO1n7NZdz2rnjr8QAL0J0+4lRtPXRyDRX2xFSnzw
sc3OpfmlTiD3pCFkebTYy3/+EK86iAL1ZELqlJe5mm2+pzhCQB13C4/exc0l1U6b
tyiGXxhVi2/4SBrs6n9lmB/YhXkgtqaOQAcNaOD6sVbS1e5cBtjnG86oOq8tQ2qG
c7Dvh3HTp9M5fDJtsI40SIpqy3FcKORBfpjYd8jONfSqMnLM2kM8xzwHSv4/X23e
GlDKHtIi+1ylD/Qu7Z3S7hqXDTSYjZb1QHc7axDFB6X6nj2Rz3aWS2hPPTypFd3T
zTj5DZjgiP7U2LhR40sWW68RYi21yzNUwbe0w5LeDah6Ymc5CDO2ujdm3HDQbQGH
pA9QIOjzpgR64nWLIJfZ7jMxL3rCCaCW3NCB/iRXni2Ib/wt3ZDkJyEk/SF4K82H
72U2u2qVjAsnhmwWK8gksBi9bEXk3TnX778bkrwm4rt1xOjACq8k66LAernoE4tB
DkE0pO4QR+6XwFb5sJMG/3L9CmrhTp2pkPDBQDbSD+ngBs5V5mJOqVf7gB+UptnN
Fh8OACO/5KtDkqBDsCljHxHZNaboVF4Q613+iF5CUc6SYOTkLnBDUE4Pq38vlzVB
GdZMEo/hvsCbR4c2TmdKuvEkEqayxCxcv0DXiyTlVCecxSkaYvMXPwCKK43QtS7S
het83QCUxaVuxLiznuwR
=lkYC
-----END PGP SIGNATURE-----

140
share/security/advisories/FreeBSD-SA-15:05.bind.asc Normal file
View file

@ -0,0 +1,140 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-SA-15:05.bind Security Advisory
The FreeBSD Project
Topic: BIND remote denial of service vulnerability
Category: contrib
Module: bind
Announced: 2015-02-25
Credits: ISC
Affects: FreeBSD 8.x and FreeBSD 9.x.
Corrected: 2015-02-18 22:20:19 UTC (stable/9, 9.3-STABLE)
2015-02-25 05:56:54 UTC (releng/9.3, 9.3-RELEASE-p10)
2015-02-18 22:29:52 UTC (stable/8, 8.4-STABLE)
2015-02-25 05:56:54 UTC (releng/8.4, 8.4-RELEASE-p24)
CVE Name: CVE-2015-1349
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
I. Background
BIND 9 is an implementation of the Domain Name System (DNS) protocols.
The named(8) daemon is an Internet Domain Name Server.
II. Problem Description
BIND servers which are configured to perform DNSSEC validation and which
are using managed keys (which occurs implicitly when using
"dnssec-validation auto;" or "dnssec-lookaside auto;") may exhibit
unpredictable behavior due to the use of an improperly initialized
variable.
III. Impact
A remote attacker can trigger a crash of a name server that is configured
to use managed keys under specific and limited circumstances. However,
the complexity of the attack is very high unless the attacker has a
specific network relationship to the BIND server which is targeted.
IV. Workaround
Only systems that runs BIND, including recursive resolvers and authoritative
servers that performs DNSSEC validation and using managed-keys are affected.
This issue can be worked around by not using "auto" for the dnssec-validation
or dnssec-lookaside options and do not configure a managed-keys statement.
Note that in order to do DNSSEC validation with this workaround one would
have to configure an explicit trusted-keys statement with the appropriate
keys.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to a supported FreeBSD stable or
release / security branch (releng) dated after the correction date.
2) To update your vulnerable system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
3) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/SA-15:05/bind.patch
# fetch https://security.FreeBSD.org/patches/SA-15:05/bind.patch.asc
# gpg --verify bind.patch.asc
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
Restart the applicable daemons, or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
stable/8/ r278973
releng/8.4/ r279265
stable/9/ r278972
releng/9.3/ r279265
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
<URL:https://kb.isc.org/article/AA-01235>
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1349>
The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-15:05.bind.asc>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.1 (FreeBSD)
iQIcBAEBCgAGBQJU7WjDAAoJEO1n7NZdz2rnKkgP/3vUBO8o5ofQFMUYSS1siPxZ
63OeeRlMabEgiWZaQ+V2O7/CPrHDIgJHQABx9kNoiutWD9TC3c5f7Yh4nfaXmbKe
Ncu3EjF1Zw/uGbu3cXjboX0CYnBDYrPNJnzIvSG0UlTY5hEIi3FgN4v2Q3gzuU/2
3aUlFHyZb4GVzK+lA+wD0unOc6+il6LHPpSzwRbLpNxCB2J582HoCuw9i5NfMiOB
KP8axZeNZLMpE90s3H/VD+7UIoe6eOC0kykH/DpuUIUxxlExK9c8f9QurpoCnOrV
qwPAeWEYjmjZmMFivVZf5ugir6diaenfPjpXvUGNz2pCp5wlRkku71sMDsgnErX2
Fnuc6nCXqTb/XX6zQmz/236EEVr2UBuX0cXWT0Dvu8GznMij/s4J+9+/Pkjp/mr7
PfXj4H9UMv2Q3zOW7+Vb2Ru0zwfL9Dt90SyNbvt6DOA9KSNnUZIkN/pbKuS9fnHX
Pw7eiNPs4Rq0Ui1DJDWVsJnZV2aVSw+qHxeMVtjCWbx3O7IVGgj5W7i95iAPHRJ4
PVd1oaI2WsteoLNGpfXUD5sQr9yFRU/mRKtgSjxtKRV/nIkdwfTNcHHXIl0XuIWw
C7VmAjlZgqj7aacTZWiVXqiFkN6gDjjFv1lVYmuDQOiK52JCbcBavYnxzZxVzuSa
yIpDuhJS5vIt/B5oepoZ
=uquT
-----END PGP SIGNATURE-----