Add EN-20:01, EN-20:01, and SA-20:01 through SA-20:03.
Approved by: so
This commit is contained in:
parent
b6c3f1683a
commit
f6a49b1e07
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=53835
17 changed files with 894 additions and 0 deletions
138
share/security/advisories/FreeBSD-EN-20:01.ssp.asc
Normal file
138
share/security/advisories/FreeBSD-EN-20:01.ssp.asc
Normal file
|
@ -0,0 +1,138 @@
|
|||
-----BEGIN PGP SIGNED MESSAGE-----
|
||||
Hash: SHA512
|
||||
|
||||
=============================================================================
|
||||
FreeBSD-EN-20:01.ssp Errata Notice
|
||||
The FreeBSD Project
|
||||
|
||||
Topic: Imprecise ordering of SSP canary initialization
|
||||
|
||||
Category: core
|
||||
Module: libc
|
||||
Announced: 2020-01-28
|
||||
Credits: Kyle Evans
|
||||
Affects: All supported versions of FreeBSD.
|
||||
Corrected: 2019-11-25 03:49:38 UTC (stable/12, 12.1-STABLE)
|
||||
2020-01-28 18:53:14 UTC (releng/12.1, 12.1-RELEASE-p2)
|
||||
2020-01-28 18:53:14 UTC (releng/12.0, 12.0-RELEASE-p13)
|
||||
2019-11-25 03:49:38 UTC (stable/11, 11.3-STABLE)
|
||||
2020-01-28 18:53:14 UTC (releng/11.3, 11.3-RELEASE-p6)
|
||||
|
||||
For general information regarding FreeBSD Errata Notices and Security
|
||||
Advisories, including descriptions of the fields above, security
|
||||
branches, and the following sections, please visit
|
||||
<URL:https://security.FreeBSD.org/>.
|
||||
|
||||
I. Background
|
||||
|
||||
The Stack Smashing Protector ("SSP") relies on a stack canary being
|
||||
initialized early on in application startup. On FreeBSD, this is
|
||||
accomplished with a constructor in libc.
|
||||
|
||||
II. Problem Description
|
||||
|
||||
When a binary is statically linked, constructor invocation order is based on
|
||||
priority and sorted arbitrarily within a priority level across all
|
||||
constructors present in the single statically linked object. The stack
|
||||
canary guard constructor had no priority, so statically linked binary could
|
||||
not predictably order their constructors to avoid bad interactions with
|
||||
respect to the stack canary constructor leading to false-positive detection
|
||||
of a stack overflow condition and erroneous process abort in some rare cases.
|
||||
|
||||
Dynamically linked binaries are generally not affected, since the stack
|
||||
canary is initialized in libc and libc is ordered very early in constructor
|
||||
invocation.
|
||||
|
||||
III. Impact
|
||||
|
||||
Affected programs will abort and log a "stack overflow detected" message to
|
||||
syslog(3).
|
||||
|
||||
IV. Workaround
|
||||
|
||||
No workaround is available, but dynamically linked binaries are not affected.
|
||||
|
||||
V. Solution
|
||||
|
||||
Upgrade your system to a supported FreeBSD stable or release / security
|
||||
branch (releng) dated after the correction date. Statically linked binaries
|
||||
should be relinked against the updated base system.
|
||||
|
||||
Perform one of the following:
|
||||
|
||||
1) To update your system via a binary patch:
|
||||
|
||||
Systems running a RELEASE version of FreeBSD on the i386 or amd64
|
||||
platforms can be updated via the freebsd-update(8) utility:
|
||||
|
||||
# freebsd-update fetch
|
||||
# freebsd-update install
|
||||
|
||||
2) To update your system via a source code patch:
|
||||
|
||||
The following patches have been verified to apply to the applicable
|
||||
FreeBSD release branches.
|
||||
|
||||
a) Download the relevant patch from the location below, and verify the
|
||||
detached PGP signature using your PGP utility.
|
||||
|
||||
# fetch https://security.FreeBSD.org/patches/EN-20:01/ssp.patch
|
||||
# fetch https://security.FreeBSD.org/patches/EN-20:01/ssp.patch.asc
|
||||
# gpg --verify ssp.patch.asc
|
||||
|
||||
b) Apply the patch. Execute the following commands as root:
|
||||
|
||||
# cd /usr/src
|
||||
# patch < /path/to/patch
|
||||
|
||||
c) Recompile the operating system using buildworld and installworld as
|
||||
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
|
||||
|
||||
VI. Correction details
|
||||
|
||||
The following list contains the correction revision numbers for each
|
||||
affected branch.
|
||||
|
||||
Branch/path Revision
|
||||
- -------------------------------------------------------------------------
|
||||
stable/12/ r355080
|
||||
releng/12.1/ r357215
|
||||
releng/12.0/ r357215
|
||||
stable/11/ r355080
|
||||
releng/11.3/ r357215
|
||||
- -------------------------------------------------------------------------
|
||||
|
||||
To see which files were modified by a particular revision, run the
|
||||
following command, replacing NNNNNN with the revision number, on a
|
||||
machine with Subversion installed:
|
||||
|
||||
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
|
||||
|
||||
Or visit the following URL, replacing NNNNNN with the revision number:
|
||||
|
||||
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
|
||||
|
||||
VII. References
|
||||
|
||||
<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=241905>
|
||||
|
||||
The latest revision of this advisory is available at
|
||||
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-20:01.ssp.asc>
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl4whbdfFIAAAAAALgAo
|
||||
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
|
||||
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
|
||||
5cKWSA/8CINmMeEm76kGRoyuDiTD+h1Ra28DM81+HNsTuEb8W8uhNT/ZJf61lWZe
|
||||
c5BEO8uJMP8XUjGEzIEu4ARkZcV2pvLxyUIoWgq1TGTYB7jp8zXeJZj/wPqLLpI4
|
||||
lwXl19hWPprz1CDgukR87+flDZyNEe62YfAtL3WRqGuYU8Yb6AmNoKSwOphset4m
|
||||
6F7pg8wPFnHfW2EOl6/jFZsv41C+2SlIXa8HIXFJj0TnfltLsCqEWhpDhVE0Wv0D
|
||||
f2MCGs03xS+UN/kUGIE6G2WBD/Etfy4DMr7RsRxu1lta6FhOk8sR27FCcSnqyKPM
|
||||
MqXK0PxN5qx8D2UbQUhNCmmclnOVjzGEn9ECzxW5XrDsz17bhodtL4f29GmLEw4l
|
||||
wdHcttUlQduzolZlBgKgNyp6ZuKXXYzPYsATgJTG9LBQShyQeWa4rCz21Nh+vrmA
|
||||
NdSAY/LEvq6R8IKHFljDwFIPITnV6xQObMIDgrsJMFyFyIUGiZEo0Jo51I28aUJ/
|
||||
EM76+SULzxY50Agw5KFgCM1iXPfGnEfPN03wNCzrbvpv3y67qduGF4jbmLMZPcnv
|
||||
aZBVQj4Cx9Q/pC/TCFNilmmEa3/xYDB6hGnQn9cIYBV1Q61IQXwGaGXNG+fN760x
|
||||
gYfnbY2ZlJVV66amfTC89HNVwMeq++Imd4AzNlaXV+a9qummNKc=
|
||||
=VzHc
|
||||
-----END PGP SIGNATURE-----
|
131
share/security/advisories/FreeBSD-EN-20:02.nmount.asc
Normal file
131
share/security/advisories/FreeBSD-EN-20:02.nmount.asc
Normal file
|
@ -0,0 +1,131 @@
|
|||
-----BEGIN PGP SIGNED MESSAGE-----
|
||||
Hash: SHA512
|
||||
|
||||
=============================================================================
|
||||
FreeBSD-EN-20:02.nmount Errata Notice
|
||||
The FreeBSD Project
|
||||
|
||||
Topic: nmount invalid pointer dereference
|
||||
|
||||
Category: core
|
||||
Module: kernel
|
||||
Announced: 2020-01-28
|
||||
Credits: Andrew Turner
|
||||
Affects: FreeBSD 11.3 and FreeBSD 12.0.
|
||||
Corrected: 2019-10-03 07:17:26 UTC (stable/12, 12.1-STABLE)
|
||||
2019-10-04 14:10:56 UTC (releng/12.1, 12.1-RELEASE)
|
||||
2020-01-28 18:54:15 UTC (releng/12.0, 12.0-RELEASE-p13)
|
||||
2019-10-04 17:27:49 UTC (stable/11, 11.3-STABLE)
|
||||
2020-01-28 18:54:15 UTC (releng/11.3, 11.3-RELEASE-p6)
|
||||
|
||||
For general information regarding FreeBSD Errata Notices and Security
|
||||
Advisories, including descriptions of the fields above, security
|
||||
branches, and the following sections, please visit
|
||||
<URL:https://security.FreeBSD.org/>.
|
||||
|
||||
I. Background
|
||||
|
||||
The nmount(2) system call is used to mount file systems.
|
||||
|
||||
II. Problem Description
|
||||
|
||||
VFS option processing related to the nmount(2) system call was missing a
|
||||
length check. This is generally only available to privileged users unless
|
||||
the vfs.usermount sysctl is changed from the default to allow non-privileged
|
||||
users the ability to mount file systems.
|
||||
|
||||
III. Impact
|
||||
|
||||
A userland process authorized to mount filesystems can possibly trigger a
|
||||
kernel panic.
|
||||
|
||||
IV. Workaround
|
||||
|
||||
No workaround is available. However, if the vfs.usermount sysctl has been
|
||||
changed to allow non-privileged users the ability to mount file systems,
|
||||
switching back to the default value of 0 will prevent non-privileged users
|
||||
from triggering the issue.
|
||||
|
||||
V. Solution
|
||||
|
||||
Upgrade your system to a supported FreeBSD stable or release / security
|
||||
branch (releng) dated after the correction date, and reboot.
|
||||
|
||||
Perform one of the following:
|
||||
|
||||
1) To update your system via a binary patch:
|
||||
|
||||
Systems running a RELEASE version of FreeBSD on the i386 or amd64
|
||||
platforms can be updated via the freebsd-update(8) utility:
|
||||
|
||||
# freebsd-update fetch
|
||||
# freebsd-update install
|
||||
# shutdown -r +10min "Rebooting for an errata update"
|
||||
|
||||
2) To update your system via a source code patch:
|
||||
|
||||
The following patches have been verified to apply to the applicable
|
||||
FreeBSD release branches.
|
||||
|
||||
a) Download the relevant patch from the location below, and verify the
|
||||
detached PGP signature using your PGP utility.
|
||||
|
||||
# fetch https://security.FreeBSD.org/patches/EN-20:02/nmount.patch
|
||||
# fetch https://security.FreeBSD.org/patches/EN-20:02/nmount.patch.asc
|
||||
# gpg --verify nmount.patch.asc
|
||||
|
||||
b) Apply the patch. Execute the following commands as root:
|
||||
|
||||
# cd /usr/src
|
||||
# patch < /path/to/patch
|
||||
|
||||
c) Recompile your kernel as described in
|
||||
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
|
||||
system.
|
||||
|
||||
VI. Correction details
|
||||
|
||||
The following list contains the correction revision numbers for each
|
||||
affected branch.
|
||||
|
||||
Branch/path Revision
|
||||
- -------------------------------------------------------------------------
|
||||
stable/12/ r353032
|
||||
releng/12.1/ r353104
|
||||
releng/12.0/ r357216
|
||||
stable/11/ r353109
|
||||
releng/11.3/ r357216
|
||||
- -------------------------------------------------------------------------
|
||||
|
||||
To see which files were modified by a particular revision, run the
|
||||
following command, replacing NNNNNN with the revision number, on a
|
||||
machine with Subversion installed:
|
||||
|
||||
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
|
||||
|
||||
Or visit the following URL, replacing NNNNNN with the revision number:
|
||||
|
||||
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
|
||||
|
||||
VII. References
|
||||
|
||||
The latest revision of this advisory is available at
|
||||
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-20:02.nmount.asc>
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl4whcpfFIAAAAAALgAo
|
||||
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
|
||||
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
|
||||
5cJWUQ//UZtfZZXpkmLYet67qmbIj7uLbw9CDc1N5HRwNgnjTDGc4d5o3BQEAr2X
|
||||
/q1t8US3Ec/rWm5YqzqRNmt+Uei/F7J2u1udRm56vsPPb+eq8tRiRVK6RYY4FYBj
|
||||
rxPkxf6nNCTqWELFtmQejnCQ0wN2Oy+oNY3fA1j1GzOHm0S7dc9CnlrE75eDX33q
|
||||
sXezm6/VYRwyKGKEJUMlmn9gn0qzGr3L9go5TCWDw9lhuJoygE/QblnVTQI5mTDv
|
||||
khjke28RxLkAkOUMvq8EIq1L9j88FeVWEOMIKU2xgaUvh6z6NQE8o6eKTb4D7mDO
|
||||
Vo4NdB81SdPmCaHISocrEhkS/Vff3rlMcb4xf/DFZgDK3FXzNYkAqLyMrDNw6egv
|
||||
fV4fbhnyqPpejCDW0Il7nxOwV4KtdmEaMCvKwvQu9VpiL8wUrV9wBSkbavyagS49
|
||||
un2UYkkv28IIkmhDwbRM7qEcE7Dt6xfsZN4HIZ6R2eUGhGx/ETDXoC9fE74khigF
|
||||
ubU7QygqWtZ8JDZ8qmnfDM7n0EG1DV3I+XSdupN1ytaxaKOzF5HAnVxcLuMnY5LT
|
||||
80HaVQazsfCJ5IQinUtiGoOFldQT3NGkvVMcCe+M5R+PP2g4DRJgaCzDCXDIx0k2
|
||||
My/JU5RjlUl0714OV0VaGlzVnwk5y7RNNLcHWlSx83HBoBSWcnk=
|
||||
=uOTk
|
||||
-----END PGP SIGNATURE-----
|
131
share/security/advisories/FreeBSD-SA-20:01.libfetch.asc
Normal file
131
share/security/advisories/FreeBSD-SA-20:01.libfetch.asc
Normal file
|
@ -0,0 +1,131 @@
|
|||
-----BEGIN PGP SIGNED MESSAGE-----
|
||||
Hash: SHA512
|
||||
|
||||
=============================================================================
|
||||
FreeBSD-SA-20:01.libfetch Security Advisory
|
||||
The FreeBSD Project
|
||||
|
||||
Topic: libfetch buffer overflow
|
||||
|
||||
Category: core
|
||||
Module: libfetch
|
||||
Announced: 2020-01-28
|
||||
Credits: Duncan Overbruck
|
||||
Affects: All supported versions of FreeBSD.
|
||||
Corrected: 2020-01-28 18:40:55 UTC (stable/12, 12.1-STABLE)
|
||||
2020-01-28 18:55:25 UTC (releng/12.1, 12.1-RELEASE-p2)
|
||||
2020-01-28 18:55:25 UTC (releng/12.0, 12.0-RELEASE-p13)
|
||||
2020-01-28 18:42:06 UTC (stable/11, 11.3-STABLE)
|
||||
2020-01-28 18:55:25 UTC (releng/11.3, 11.3-RELEASE-p6)
|
||||
CVE Name: CVE-2020-7450
|
||||
|
||||
For general information regarding FreeBSD Security Advisories,
|
||||
including descriptions of the fields above, security branches, and the
|
||||
following sections, please visit <URL:https://security.FreeBSD.org/>.
|
||||
|
||||
I. Background
|
||||
|
||||
libfetch(3) is a multi-protocol file transfer library included with FreeBSD
|
||||
and used by the fetch(1) command-line tool, pkg(8) package manager, and
|
||||
others.
|
||||
|
||||
II. Problem Description
|
||||
|
||||
A programming error allows an attacker who can specify a URL with a username
|
||||
and/or password components to overflow libfetch(3) buffers.
|
||||
|
||||
III. Impact
|
||||
|
||||
An attacker in control of the URL to be fetched (possibly via HTTP redirect)
|
||||
may cause a heap buffer overflow, resulting in program misbehavior or
|
||||
malicious code execution.
|
||||
|
||||
IV. Workaround
|
||||
|
||||
No workaround is available.
|
||||
|
||||
V. Solution
|
||||
|
||||
Upgrade your vulnerable system to a supported FreeBSD stable or
|
||||
release / security branch (releng) dated after the correction date.
|
||||
|
||||
Perform one of the following:
|
||||
|
||||
1) To update your vulnerable system via a binary patch:
|
||||
|
||||
Systems running a RELEASE version of FreeBSD on the i386 or amd64
|
||||
platforms can be updated via the freebsd-update(8) utility:
|
||||
|
||||
# freebsd-update fetch
|
||||
# freebsd-update install
|
||||
|
||||
2) To update your vulnerable system via a source code patch:
|
||||
|
||||
The following patches have been verified to apply to the applicable
|
||||
FreeBSD release branches.
|
||||
|
||||
a) Download the relevant patch from the location below, and verify the
|
||||
detached PGP signature using your PGP utility.
|
||||
|
||||
# fetch https://security.FreeBSD.org/patches/SA-20:01/libfetch.patch
|
||||
# fetch https://security.FreeBSD.org/patches/SA-20:01/libfetch.patch.asc
|
||||
# gpg --verify libfetch.patch.asc
|
||||
|
||||
b) Apply the patch. Execute the following commands as root:
|
||||
|
||||
# cd /usr/src
|
||||
# patch < /path/to/patch
|
||||
|
||||
c) Recompile the operating system using buildworld and installworld as
|
||||
described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
|
||||
|
||||
Restart all daemons that use the library, or reboot the system.
|
||||
|
||||
VI. Correction details
|
||||
|
||||
The following list contains the correction revision numbers for each
|
||||
affected branch.
|
||||
|
||||
Branch/path Revision
|
||||
- -------------------------------------------------------------------------
|
||||
stable/12/ r357213
|
||||
releng/12.1/ r357217
|
||||
releng/12.0/ r357217
|
||||
stable/11/ r357214
|
||||
releng/11.3/ r357217
|
||||
- -------------------------------------------------------------------------
|
||||
|
||||
To see which files were modified by a particular revision, run the
|
||||
following command, replacing NNNNNN with the revision number, on a
|
||||
machine with Subversion installed:
|
||||
|
||||
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
|
||||
|
||||
Or visit the following URL, replacing NNNNNN with the revision number:
|
||||
|
||||
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
|
||||
|
||||
VII. References
|
||||
|
||||
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7450>
|
||||
|
||||
The latest revision of this advisory is available at
|
||||
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-20:01.libfetch.asc>
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl4whc5fFIAAAAAALgAo
|
||||
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
|
||||
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
|
||||
5cJw5BAAmi4Mk+an8qJB4GwfOSxWhn42GnN9/HikJwkiTNHQr7n51ANp4sHCgTYG
|
||||
PCo6UvCFqdIfhpBIrykI7ZwzAetCpldDdIMQFJoi5ChJ7aIcNDpiH06yLjYLgseS
|
||||
qSxJ+dXt6j7G2FMUWPBka8eTNBi64gT0MbyC7zFdISfJqfNy+p0WvdwYm3UsWkeR
|
||||
pEV+o6zL+PI3s6IsqQTQzYuyNYgoTLdvhjgNMymI+OMH8uCdBUrdItdSwSYPwVOp
|
||||
+8SUX47jMFNcIbBmuQ3KnPxu9fHx8JzfqpLDAkmp6hu6sXNTmIZ27mgItu4DRgWN
|
||||
nvd750H6fv9UCbRYOyvjeuEN8olOpZcoTAuQDtcC/z7BvKAwLC7oAYXZEiQ4pn/D
|
||||
MGMzlJU7fxiyIWDNJprzyrsgPAUhCC3ePyenTErB+GQKmf1fHTjLWJHN43W2tbqk
|
||||
kYzMwwLQa3KwOYzHPHbJt6F94b9dN30v8cgIVkvs5ivLr8eErIJAQ71PgxkgRQL1
|
||||
/C301qeJvgBqLm+so0Ef6wi/D9HvCvyk6IqbQNEvOXD8RNtyqdhBO1jJ93zDVLLK
|
||||
ey5room7Hln/A3l5bXBzb6O3+q60U7lbxzokkAhNoe+pls6HQ50OeainXDU1dal4
|
||||
HcBOCM1cnXNjXDdizqdMDvyR7ftXuBxOYeMsxY2JbT4qKjjA19M=
|
||||
=chN4
|
||||
-----END PGP SIGNATURE-----
|
123
share/security/advisories/FreeBSD-SA-20:02.ipsec.asc
Normal file
123
share/security/advisories/FreeBSD-SA-20:02.ipsec.asc
Normal file
|
@ -0,0 +1,123 @@
|
|||
-----BEGIN PGP SIGNED MESSAGE-----
|
||||
Hash: SHA512
|
||||
|
||||
=============================================================================
|
||||
FreeBSD-SA-20:02.ipsec Security Advisory
|
||||
The FreeBSD Project
|
||||
|
||||
Topic: Missing IPsec anti-replay window check
|
||||
|
||||
Category: core
|
||||
Module: kernel
|
||||
Announced: 2020-01-28
|
||||
Credits: Jean-Francois HREN
|
||||
Affects: FreeBSD 12.0 only
|
||||
Corrected: 2020-01-28 18:56:46 UTC (releng/12.0, 12.0-RELEASE-p13)
|
||||
CVE Name: CVE-2019-5613
|
||||
|
||||
For general information regarding FreeBSD Security Advisories,
|
||||
including descriptions of the fields above, security branches, and the
|
||||
following sections, please visit <URL:https://security.FreeBSD.org/>.
|
||||
|
||||
I. Background
|
||||
|
||||
IPsec is a suite of protocols providing data authentication, integrity, and
|
||||
confidentiality between two networked hosts.
|
||||
|
||||
II. Problem Description
|
||||
|
||||
A missing check means that an attacker can reinject an old packet and it will
|
||||
be accepted and processed by the IPsec endpoint.
|
||||
|
||||
III. Impact
|
||||
|
||||
The impact depends on the higher-level protocols in use over IPsec. For
|
||||
example, an attacker who can capture and inject packets could cause an action
|
||||
that was intentionally performed once to be repeated.
|
||||
|
||||
IV. Workaround
|
||||
|
||||
No workaround is available. Systems not using IPsec are not vulnerable.
|
||||
|
||||
V. Solution
|
||||
|
||||
Upgrade your vulnerable system to a supported FreeBSD stable or
|
||||
release / security branch (releng) dated after the correction date,
|
||||
and reboot.
|
||||
|
||||
Perform one of the following:
|
||||
|
||||
1) To update your vulnerable system via a binary patch:
|
||||
|
||||
Systems running a RELEASE version of FreeBSD on the i386 or amd64
|
||||
platforms can be updated via the freebsd-update(8) utility:
|
||||
|
||||
# freebsd-update fetch
|
||||
# freebsd-update install
|
||||
# shutdown -r +10min "Rebooting for a security update"
|
||||
|
||||
2) To update your vulnerable system via a source code patch:
|
||||
|
||||
The following patches have been verified to apply to the applicable
|
||||
FreeBSD release branches.
|
||||
|
||||
a) Download the relevant patch from the location below, and verify the
|
||||
detached PGP signature using your PGP utility.
|
||||
|
||||
# fetch https://security.FreeBSD.org/patches/SA-20:02/ipsec.patch
|
||||
# fetch https://security.FreeBSD.org/patches/SA-20:02/ipsec.patch.asc
|
||||
# gpg --verify ipsec.patch.asc
|
||||
|
||||
b) Apply the patch. Execute the following commands as root:
|
||||
|
||||
# cd /usr/src
|
||||
# patch < /path/to/patch
|
||||
|
||||
c) Recompile your kernel as described in
|
||||
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
|
||||
system.
|
||||
|
||||
VI. Correction details
|
||||
|
||||
The following list contains the correction revision numbers for each
|
||||
affected branch.
|
||||
|
||||
Branch/path Revision
|
||||
- -------------------------------------------------------------------------
|
||||
releng/12.0/ r357218
|
||||
- -------------------------------------------------------------------------
|
||||
|
||||
To see which files were modified by a particular revision, run the
|
||||
following command, replacing NNNNNN with the revision number, on a
|
||||
machine with Subversion installed:
|
||||
|
||||
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
|
||||
|
||||
Or visit the following URL, replacing NNNNNN with the revision number:
|
||||
|
||||
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
|
||||
|
||||
VII. References
|
||||
|
||||
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5613>
|
||||
|
||||
The latest revision of this advisory is available at
|
||||
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-20:02.ipsec.asc>
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl4whdFfFIAAAAAALgAo
|
||||
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
|
||||
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
|
||||
5cIWbQ/9EvRm9/pFezk65B8NR9BJFYzSbFv8GxtxNjcFJ0KpG48s7XxBg9BWNKMs
|
||||
b7dtGTRlPKGUh0CRfhkCzxx10JZ0Aeu+UNNWQrt7r34pku1bUTrOAqW9nxIBq8zr
|
||||
tihvShWxWmMb9roeGRQIDpDoRCDs/Ps5eZ9NkTIRIPnGvidm8FTr8eQIHxSQJ/dX
|
||||
9bnQO1KP3Fz1+ywKA/poMdfXwdrUhiaPaC9AQ704lMiz881Itsi93Xw9HceKar0E
|
||||
dnbPbXMTQ+mkdVe3U2KLVDIMs119XL3Nuel2y7ACNjH3Bvjeerfjn6rZfiseV5FR
|
||||
muH0I+HKVdkdgWrFRPPthzUTmZYaStgbgOymsclwCpUJkS/ITgJWTpx6V+0E+4n6
|
||||
bocwue5xP9EtCKDoEp3RSf17f47nbHgA0oeR+1CU9bh2lU6h2lAxRhxkPcWrgBiJ
|
||||
HWSJ96UyF3S9Kfj7sbKBE/0wPQYRO2fs2PSfjvjmydyYlg0gcZ25tK3sm5xyvxoG
|
||||
pVCwMn3gFDchEWnxJaSrGg/xoQCCWM+KdVXkaBSdCEsqs8+o6bTXPrq8ZyU451aO
|
||||
7qxLPBlw5XNZ87jUEOhT3PwH49H9sAl++4IHUUUvs5pcIigdTNplgVpRt2DdFDzg
|
||||
ardLO/Cyr1qAAMClC3jXx0I7uTViROt3x7lg2+2V7bF5SnL8VjU=
|
||||
=tFox
|
||||
-----END PGP SIGNATURE-----
|
131
share/security/advisories/FreeBSD-SA-20:03.thrmisc.asc
Normal file
131
share/security/advisories/FreeBSD-SA-20:03.thrmisc.asc
Normal file
|
@ -0,0 +1,131 @@
|
|||
-----BEGIN PGP SIGNED MESSAGE-----
|
||||
Hash: SHA512
|
||||
|
||||
=============================================================================
|
||||
FreeBSD-SA-20:03.thrmisc Security Advisory
|
||||
The FreeBSD Project
|
||||
|
||||
Topic: kernel stack data disclosure
|
||||
|
||||
Category: core
|
||||
Module: kernel
|
||||
Announced: 2020-01-28
|
||||
Credits: Ilja Van Sprundel
|
||||
Affects: All supported versions of FreeBSD.
|
||||
Corrected: 2019-11-15 16:40:10 UTC (stable/12, 12.1-STABLE)
|
||||
2020-01-28 18:57:45 UTC (releng/12.1, 12.1-RELEASE-p2)
|
||||
2020-01-28 18:57:45 UTC (releng/12.0, 12.0-RELEASE-p13)
|
||||
2019-11-15 16:40:55 UTC (stable/11, 11.3-STABLE)
|
||||
2020-01-28 18:57:45 UTC (releng/11.3, 11.3-RELEASE-p6)
|
||||
CVE Name: CVE-2019-15875
|
||||
|
||||
For general information regarding FreeBSD Security Advisories,
|
||||
including descriptions of the fields above, security branches, and the
|
||||
following sections, please visit <URL:https://security.FreeBSD.org/>.
|
||||
|
||||
I. Background
|
||||
|
||||
The kernel can create a core dump file when a process crashes that contains
|
||||
process state, for debugging.
|
||||
|
||||
II. Problem Description
|
||||
|
||||
Due to incorrect initialization of a stack data structure, up to 20 bytes of
|
||||
kernel data stored previously stored on the stack will be exposed to a
|
||||
crashing user process.
|
||||
|
||||
III. Impact
|
||||
|
||||
Sensitive kernel data may be disclosed.
|
||||
|
||||
IV. Workaround
|
||||
|
||||
Core dumps may be disabled by setting the kern.coredump sysctl to 0.
|
||||
See sysctl(8) and sysctl.conf(5).
|
||||
|
||||
V. Solution
|
||||
|
||||
Upgrade your vulnerable system to a supported FreeBSD stable or
|
||||
release / security branch (releng) dated after the correction date,
|
||||
and reboot.
|
||||
|
||||
Perform one of the following:
|
||||
|
||||
1) To update your vulnerable system via a binary patch:
|
||||
|
||||
Systems running a RELEASE version of FreeBSD on the i386 or amd64
|
||||
platforms can be updated via the freebsd-update(8) utility:
|
||||
|
||||
# freebsd-update fetch
|
||||
# freebsd-update install
|
||||
# shutdown -r +10min "Rebooting for a security update"
|
||||
|
||||
2) To update your vulnerable system via a source code patch:
|
||||
|
||||
The following patches have been verified to apply to the applicable
|
||||
FreeBSD release branches.
|
||||
|
||||
a) Download the relevant patch from the location below, and verify the
|
||||
detached PGP signature using your PGP utility.
|
||||
|
||||
# fetch https://security.FreeBSD.org/patches/SA-20:03/thrmisc.patch
|
||||
# fetch https://security.FreeBSD.org/patches/SA-20:03/thrmisc.patch.asc
|
||||
# gpg --verify thrmisc.patch.asc
|
||||
|
||||
b) Apply the patch. Execute the following commands as root:
|
||||
|
||||
# cd /usr/src
|
||||
# patch < /path/to/patch
|
||||
|
||||
c) Recompile your kernel as described in
|
||||
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
|
||||
system.
|
||||
|
||||
VI. Correction details
|
||||
|
||||
The following list contains the correction revision numbers for each
|
||||
affected branch.
|
||||
|
||||
Branch/path Revision
|
||||
- -------------------------------------------------------------------------
|
||||
stable/12/ r354734
|
||||
releng/12.1/ r357219
|
||||
releng/12.0/ r357219
|
||||
stable/11/ r354735
|
||||
releng/11.3/ r357219
|
||||
- -------------------------------------------------------------------------
|
||||
|
||||
To see which files were modified by a particular revision, run the
|
||||
following command, replacing NNNNNN with the revision number, on a
|
||||
machine with Subversion installed:
|
||||
|
||||
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
|
||||
|
||||
Or visit the following URL, replacing NNNNNN with the revision number:
|
||||
|
||||
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
|
||||
|
||||
VII. References
|
||||
|
||||
<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15875>
|
||||
|
||||
The latest revision of this advisory is available at
|
||||
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-20:03.thrmisc.asc>
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl4whdVfFIAAAAAALgAo
|
||||
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
|
||||
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
|
||||
5cLOgg/7BAIhE6SQ06BkCKNBerK3jj1sY2gBc7aohLbzdhEpCIrrd+sMsh0tphII
|
||||
ftR5psPaZahzjP9Mrs/lA1fWVsco1jo4icevGiPTfbEVqBF1S8XINccwQr3AvYJR
|
||||
33PGUrgzY2rU8MTj0YPJ2EG3ahghb96lKkK3USikoJA5SsXSZkFphp2OFXnUFWbG
|
||||
TXWOUBWXbHMBUprf/oXcvNo/ZjDcxvJzMqT2YIGwKOsT0Xtx5nD+6C390axRuVEd
|
||||
sA6z1RhA/EEx6JMNSUAoG5rnJSXDYQTB2kd9ilozXi07CboVZ38loXy8492FGrin
|
||||
uG3MfnI+PHrMtG+S5yHwzOGhB/20DNoWqLKZobTGr46r8rrdc553F5Cn7ivLEz9Y
|
||||
Sk+IGjZfB99jv+JxCr/+/4gn3niOyh0MolqG9r0rT13fLmeQX5XtYfyYPJHE1wuR
|
||||
+JZ9TQSaJ6TX/DcIsy60OWcfWAQOeoYsvTZO6hqpjHt66m2Ah1pdAyc8c0R8yaQG
|
||||
tFpRhgQvYpiPJviq7NvM5V2afSo16RWWy9A+xEYUrxp0H0inVNOgdqwhln7ZzI4u
|
||||
YoBis/eZkNAPxqFJyvJ89TQFmsWFPcpHjAGMoL+aCuIotuHHa/MPdT2pfyqHG9iL
|
||||
E9axI8zhyzNUC+osR2I6DT/R8rF5QHAY8xI8FffiS8jfN3BJVm4=
|
||||
=3mdJ
|
||||
-----END PGP SIGNATURE-----
|
33
share/security/patches/EN-20:01/ssp.patch
Normal file
33
share/security/patches/EN-20:01/ssp.patch
Normal file
|
@ -0,0 +1,33 @@
|
|||
--- lib/libc/secure/stack_protector.c.orig
|
||||
+++ lib/libc/secure/stack_protector.c
|
||||
@@ -40,11 +40,29 @@
|
||||
#include <unistd.h>
|
||||
#include "libc_private.h"
|
||||
|
||||
+/*
|
||||
+ * We give __guard_setup a defined priority early on so that statically linked
|
||||
+ * applications have a defined priority at which __stack_chk_guard will be
|
||||
+ * getting initialized. This will not matter to most applications, because
|
||||
+ * they're either not usually statically linked or they simply don't do things
|
||||
+ * in constructors that would be adversely affected by their positioning with
|
||||
+ * respect to this initialization.
|
||||
+ *
|
||||
+ * This conditional should be removed when GCC 4.2 is removed.
|
||||
+ */
|
||||
+#if __has_attribute(__constructor__) || __GNUC_PREREQ__(4, 3)
|
||||
+#define _GUARD_SETUP_CTOR_ATTR \
|
||||
+ __attribute__((__constructor__ (200), __used__));
|
||||
+#else
|
||||
+#define _GUARD_SETUP_CTOR_ATTR \
|
||||
+ __attribute__((__constructor__, __used__));
|
||||
+#endif
|
||||
+
|
||||
extern int __sysctl(const int *name, u_int namelen, void *oldp,
|
||||
size_t *oldlenp, void *newp, size_t newlen);
|
||||
|
||||
long __stack_chk_guard[8] = {0, 0, 0, 0, 0, 0, 0, 0};
|
||||
-static void __guard_setup(void) __attribute__((__constructor__, __used__));
|
||||
+static void __guard_setup(void) _GUARD_SETUP_CTOR_ATTR;
|
||||
static void __fail(const char *);
|
||||
void __stack_chk_fail(void);
|
||||
void __chk_fail(void);
|
18
share/security/patches/EN-20:01/ssp.patch.asc
Normal file
18
share/security/patches/EN-20:01/ssp.patch.asc
Normal file
|
@ -0,0 +1,18 @@
|
|||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl4wheBfFIAAAAAALgAo
|
||||
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
|
||||
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
|
||||
5cJjxg/5ATm/M6VVGLH8RR/VVdsEn0MaXnq8K8Mu/z42RzHhApPZuK9Rqxi0KllI
|
||||
HapRslvyE/PsgxP119jhrqRFpxyXkkQI27t8+muQalENRqMQr1TUzqRz8R/ULm/b
|
||||
1/O83JSzaCVuVgSSFIEi49PfLdkO7M/UYxSGm8OXKJiYR+5lbWORPdQH8iCx5CCv
|
||||
hXgE65yTFxS9ekOTlr3kBCe5p+Oy3e8HRmWGpStfWx/KIKZXxoC4Nhwg+zP3DoV+
|
||||
4S+mCpknPjDAtdEaL9cUxYQ1OUjIII+yQ91ZOkwoTMelvDMU/Aam6LIi6mBPTs3q
|
||||
nI+hNZlI5t7eE4jhdhDFxnH6hGKIFuQe9AsEz0wlMtyyyAnXWwuNzr9lAw1Stu8c
|
||||
ksC3rFgP2PWHxO42KzewDiBqLKnNxM8nN5m544qqASo9UNJnnQdooluuMWFlJ7iP
|
||||
Cr/QPQlNwAGiZ3GxI9t2TnUzUH8raWyKQokkgp5ZYwVIuO2Wxj/dKvbg+bQkXuqv
|
||||
BRz3TLWjPlGWwPpSCqQG0I5IQbq3YJK+r0lJ1cyONlDRsUTXe2Y2YUFdp4toTFR5
|
||||
43kQbU1dTcuydYQ8C/gU6wklneGhiswINL+aZHtGGw8IMz9kPvTAti1WmrHAWLph
|
||||
ADYr+VMT3Hds0FZfDmIhiBBcDI528Bz9pMXZBfP4YJhwRic+nic=
|
||||
=IKok
|
||||
-----END PGP SIGNATURE-----
|
20
share/security/patches/EN-20:02/nmount.patch
Normal file
20
share/security/patches/EN-20:02/nmount.patch
Normal file
|
@ -0,0 +1,20 @@
|
|||
--- sys/kern/vfs_mount.c.orig
|
||||
+++ sys/kern/vfs_mount.c
|
||||
@@ -603,7 +603,7 @@
|
||||
*/
|
||||
fstypelen = 0;
|
||||
error = vfs_getopt(optlist, "fstype", (void **)&fstype, &fstypelen);
|
||||
- if (error || fstype[fstypelen - 1] != '\0') {
|
||||
+ if (error || fstypelen <= 0 || fstype[fstypelen - 1] != '\0') {
|
||||
error = EINVAL;
|
||||
if (errmsg != NULL)
|
||||
strncpy(errmsg, "Invalid fstype", errmsg_len);
|
||||
@@ -611,7 +611,7 @@
|
||||
}
|
||||
fspathlen = 0;
|
||||
error = vfs_getopt(optlist, "fspath", (void **)&fspath, &fspathlen);
|
||||
- if (error || fspath[fspathlen - 1] != '\0') {
|
||||
+ if (error || fspathlen <= 0 || fspath[fspathlen - 1] != '\0') {
|
||||
error = EINVAL;
|
||||
if (errmsg != NULL)
|
||||
strncpy(errmsg, "Invalid fspath", errmsg_len);
|
18
share/security/patches/EN-20:02/nmount.patch.asc
Normal file
18
share/security/patches/EN-20:02/nmount.patch.asc
Normal file
|
@ -0,0 +1,18 @@
|
|||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl4whedfFIAAAAAALgAo
|
||||
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
|
||||
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
|
||||
5cJKTBAAmQXDT2YnQ4jZkHw/ZpiqA5cVJQzaCDX4BC0gtJijdbHiewrxgSK0yw/6
|
||||
iguZ2YUCi+0SkjqGtSHNZgNk8JZ4Xdqicq47jxuNbh5ckDjlkR8h7BL+MWRYPLU/
|
||||
DtpUy3u66C/zXCJZMxUTCNwg5eJjCmJW9LXeVLVE3uGWQZ21eA8VM4LAmYnUOgVW
|
||||
cLjmyu7yQRVBtqkfVOD8yWMy0aLim6iwdxlun8MfFsQRJFiUXnz/3qJWlm85+mhC
|
||||
Agll8Ea8+VuhYnhqsy6ixEi82ISllKqGsysBH9X/PQevkx6jgNBMlDnvQ4ZNskFt
|
||||
P1GUZgcLnBW3qYeCvj0ob8kylnK1F8Vm5YLV/GU4m7ja56Q6xZzqfez/WuwB+8Pu
|
||||
epYZIglBrx1hXjZag9iUwWDNaHCjI+M+Ki49DbCsxBZUsj8/YPfh2OS+NBFcpWDp
|
||||
rExxzcfN23YeOpFawDeAHcMXRCBozqP/JEG+8Yv3tLmj7kPMxWmaOAc+Zm2EUEBq
|
||||
KYRAErAPbQUcZExaH/OHcJId0JV6llP+QYu55IhMPY04jAVIjaBAU3jh+Gm0V7CQ
|
||||
QV462nucMVtt/qCcFjcemVirZMpqYIbJ5ud1+9vqqPHJEOsbEmYTrcm7frBZtT6r
|
||||
tklX+u2rbl3fWVwhkOYTtax2YhxbKADG+vI2wxuVszn1qDLsZEg=
|
||||
=w1fm
|
||||
-----END PGP SIGNATURE-----
|
29
share/security/patches/SA-20:01/libfetch.patch
Normal file
29
share/security/patches/SA-20:01/libfetch.patch
Normal file
|
@ -0,0 +1,29 @@
|
|||
--- lib/libfetch/fetch.c.orig
|
||||
+++ lib/libfetch/fetch.c
|
||||
@@ -332,6 +332,8 @@
|
||||
}
|
||||
if (dlen-- > 0)
|
||||
*dst++ = c;
|
||||
+ else
|
||||
+ return (NULL);
|
||||
}
|
||||
return (s);
|
||||
}
|
||||
@@ -381,11 +383,15 @@
|
||||
if (p && *p == '@') {
|
||||
/* username */
|
||||
q = fetch_pctdecode(u->user, URL, URL_USERLEN);
|
||||
+ if (q == NULL)
|
||||
+ goto ouch;
|
||||
|
||||
/* password */
|
||||
- if (*q == ':')
|
||||
+ if (*q == ':') {
|
||||
q = fetch_pctdecode(u->pwd, q + 1, URL_PWDLEN);
|
||||
-
|
||||
+ if (q == NULL)
|
||||
+ goto ouch;
|
||||
+ }
|
||||
p++;
|
||||
} else {
|
||||
p = URL;
|
18
share/security/patches/SA-20:01/libfetch.patch.asc
Normal file
18
share/security/patches/SA-20:01/libfetch.patch.asc
Normal file
|
@ -0,0 +1,18 @@
|
|||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl4whexfFIAAAAAALgAo
|
||||
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
|
||||
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
|
||||
5cI8uRAAjHeuD0Mz/5DVcAAY/eAA/hiN/maLEVbNAP+mqv3S5Xa7Iha/XWsq96ih
|
||||
qu6UnZeAhwRPBDC3tTAd6BlgGBvnAeLVkRto1SJFLjROGJOL9CXM1ohtxkKwSZpd
|
||||
xH2Y9kUj4vTfa/RL+ctE5xIsaMI5A23YJ4RaP/nB7BGOsXzSM62beeX4ibKrZPP2
|
||||
gtJC6OsJADnZnX/FGsfit9Ckc3DvYOyuxV/hj2PMwkNUt+xzoJ0wPVmEvglTMlcm
|
||||
0gFGfRUhvO4IetKpZG1+jfD5EngYsvcyswd1JazTZVflpUfGt6rACYw8rPbBNTXi
|
||||
pKhTgu4KUicTSq2A74Mfd7ClYyPAhLU5RMav/ydwTDYpjpt6+akWcxap9V4hwW5p
|
||||
8bxCt0bi/9eXhgt7PuSTV/NvRPvsuhoyXXLLodMAWwHHCvlJEs8PYM/Qwz2yd5V2
|
||||
FYHf1EaCV79vLYeqVa/CE5p9er783GwEvSmeeNKOHlBeOeb3Is7cdrTpFYwBS+sY
|
||||
RQhqccfEpSq0bUdpHyiKV6pvq0tfOhLyamTH/4SAPh3hC52uH90zejeGhPMmZ6ld
|
||||
ud3eN7Lz8sZsJRg9nq8GCfpS1x225twnVz15YAlaQCZ2+y9R/QxKZpt/H0X4o9Hp
|
||||
8fOpiyxbW79k7/OuZDEwmXk7oAl4z//uM97Z9bLkuLk9heiVgI0=
|
||||
=Vs4w
|
||||
-----END PGP SIGNATURE-----
|
11
share/security/patches/SA-20:02/ipsec.patch
Normal file
11
share/security/patches/SA-20:02/ipsec.patch
Normal file
|
@ -0,0 +1,11 @@
|
|||
--- sys/netipsec/ipsec.c.orig
|
||||
+++ sys/netipsec/ipsec.c
|
||||
@@ -1318,6 +1318,8 @@
|
||||
__func__, replay->overflow,
|
||||
ipsec_sa2str(sav, buf, sizeof(buf))));
|
||||
}
|
||||
+
|
||||
+ replay->count++;
|
||||
return (0);
|
||||
}
|
||||
|
18
share/security/patches/SA-20:02/ipsec.patch.asc
Normal file
18
share/security/patches/SA-20:02/ipsec.patch.asc
Normal file
|
@ -0,0 +1,18 @@
|
|||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl4whe9fFIAAAAAALgAo
|
||||
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
|
||||
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
|
||||
5cL22hAAp65Q2PDHj0Y5ykuTsXobEH6oD7DDmvL27PtY8mbT01hYu7jNxwycuzv3
|
||||
7ALZljpJN+1pwN6NV7+lOlVPj/VVCzHBIK1ga7uZi0Qv/CvzIRdazWOTMKDmbo9L
|
||||
4NzLZTrC4DcQmJI7YZptMy+2jlldBkYf9cEJRC2xPxAiKonLmRrBtR826VOLCV4a
|
||||
5FPtFObGAp1JYrspExzpyJ5U5Eh6Nxag3kgY3OwXPcIa6CfI2CeY2rp5rUhqwIy/
|
||||
6CewC4YP2kRL//auKFkXc8jTvgcIdUEPdmAEzKdmlpkE/xQ+twcAYxwkYxox8QVS
|
||||
dEACEOcVJ3krKo5r5dFrTdeu/fUmptvXsVR5iI/J/r997+fsqKG8O7N3J+HNYJWM
|
||||
r9zKJjfzRNYuTNwk15KxpfY3qx2d+G09mTVwTYJ/hG+LHyj9qgB/gVCyct/l82zQ
|
||||
93rlyDKN3EQiLNs1BgoSXSRz3IoS2NErccE5tSKPbphtbpdbxU6f45wHhEWyRO/b
|
||||
43yJwslmMIgSVoG1B2WftRuQBK9EmQSVpMvP3T6gJqr0ZyQuXLTWHpBg/vX79chQ
|
||||
R/necLTNP4+aQEDtv9d8GjkEkFqj6fLbe6nJiUdo0hME8WdbGfM+cjRSBUx5LvyS
|
||||
6yMddT9SPlu4PXiMn3OT1qmqsaUuozWL+UmS5QkmGwgkbBwGS6w=
|
||||
=wVs3
|
||||
-----END PGP SIGNATURE-----
|
11
share/security/patches/SA-20:03/thrmisc.patch
Normal file
11
share/security/patches/SA-20:03/thrmisc.patch
Normal file
|
@ -0,0 +1,11 @@
|
|||
--- sys/kern/imgact_elf.c.orig
|
||||
+++ sys/kern/imgact_elf.c
|
||||
@@ -2211,7 +2211,7 @@
|
||||
td = (struct thread *)arg;
|
||||
if (sb != NULL) {
|
||||
KASSERT(*sizep == sizeof(thrmisc), ("invalid size"));
|
||||
- bzero(&thrmisc._pad, sizeof(thrmisc._pad));
|
||||
+ bzero(&thrmisc, sizeof(thrmisc));
|
||||
strcpy(thrmisc.pr_tname, td->td_name);
|
||||
sbuf_bcat(sb, &thrmisc, sizeof(thrmisc));
|
||||
}
|
18
share/security/patches/SA-20:03/thrmisc.patch.asc
Normal file
18
share/security/patches/SA-20:03/thrmisc.patch.asc
Normal file
|
@ -0,0 +1,18 @@
|
|||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl4whfJfFIAAAAAALgAo
|
||||
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
|
||||
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
|
||||
5cJfyw/+LEyYZDvgLZGxH+vMhpFKaG/s02TCf4qz9alCkn20JvYJYPZQUW6zJfgh
|
||||
qjRwa4cP1uvbO+on7O0Ez6QHOfCec6QgFOdAh5H0R2u1kt7WZri6NjIZuxidJeuk
|
||||
BJMdg0uGlCwdI4kFXiRjhRBLDHJImD1WFuoCK+hiCYlYxYaVJ7lDSBPWx0q1MbTA
|
||||
8FSRcmohlRKjjuw6ANBpw84K9JJcNBw+WcMePdMCmU/JhhDSeVbxfs5UonBPu09o
|
||||
JIGqX4k5FMbSWFWdCEz4GrtAv8CtO3eT7ykv0B8qaDiW/NGq4l3h6koh/e0ZsWPj
|
||||
vyvf+989VCnQHvNSxlde+Hdl+5rR2Lu23gj3v9AcRlLNjfE/8nVvosh7QgTtf3oC
|
||||
ZgElZXBSTO7T4msBKLnFKwyPrHm1B0ZgGDGDHr7gngyYukt+eCyYlvA8qtsv3L+f
|
||||
UXyutsABSk73O3Jm/qLNad1g51/KTfhesVzaOo1LV1McmfqkEwdt5YDmsW/A4pUO
|
||||
V5Xhjc8a0pjp2looiIrZHOGqd4pgUhwl9JvdkGm0ab4VQdc67SzgJZYj5PzMeufU
|
||||
cUdsCzvLS0ioblz6osPEp+fzhXw/F12nSb7mWXTftnTmpkJXBJkepMU7vzxrL4Ds
|
||||
+KhqpqxM41XOy5my5E3FH9m0ZPhMKF7dRR6IEOkjF3eLOUc+J7M=
|
||||
=pyQC
|
||||
-----END PGP SIGNATURE-----
|
|
@ -4,6 +4,31 @@
|
|||
$FreeBSD$
|
||||
</cvs:keyword>
|
||||
|
||||
<year>
|
||||
<name>2020</name>
|
||||
|
||||
<month>
|
||||
<name>1</name>
|
||||
|
||||
<day>
|
||||
<name>28</name>
|
||||
|
||||
<advisory>
|
||||
<name>FreeBSD-SA-20:03.thrmisc</name>
|
||||
</advisory>
|
||||
|
||||
<advisory>
|
||||
<name>FreeBSD-SA-20:02.ipsec</name>
|
||||
</advisory>
|
||||
|
||||
<advisory>
|
||||
<name>FreeBSD-SA-20:01.libfetch</name>
|
||||
</advisory>
|
||||
|
||||
</day>
|
||||
</month>
|
||||
</year>
|
||||
|
||||
<year>
|
||||
<name>2019</name>
|
||||
|
||||
|
|
|
@ -4,6 +4,27 @@
|
|||
$FreeBSD$
|
||||
</cvs:keyword>
|
||||
|
||||
<year>
|
||||
<name>2020</name>
|
||||
|
||||
<month>
|
||||
<name>1</name>
|
||||
|
||||
<day>
|
||||
<name>28</name>
|
||||
|
||||
<notice>
|
||||
<name>FreeBSD-EN-20:02.nmount</name>
|
||||
</notice>
|
||||
|
||||
<notice>
|
||||
<name>FreeBSD-EN-20:01.ssp</name>
|
||||
</notice>
|
||||
|
||||
</day>
|
||||
</month>
|
||||
</year>
|
||||
|
||||
<year>
|
||||
<name>2019</name>
|
||||
|
||||
|
|
Loading…
Reference in a new issue