os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
doc/share/security/advisories/FreeBSD-EN-14:02.mmap.asc
Xin LI dcb9c59cc2 Add 4 latest advisories and 2 latest errata notices: 
Fix bsnmpd remote denial of service vulnerability. [SA-14:01]

Fix ntpd distributed reflection Denial of Service vulnerability.
[SA-14:02]

Fix OpenSSL multiple vulnerabilities. [SA-14:03]

Fix BIND remote denial of service vulnerability. [SA-14:04]

Disable hardware RNGs by default. [EN-14:01]

Fix incorrect coalescing of stack entry with mmap. [EN-14:02]
2014-01-14 19:57:49 +00:00

127 lines
4.9 KiB
Text
Raw Blame History

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-EN-14:02.mmap Errata Notice
The FreeBSD Project
Topic: mmap should not coalesce stack entry
Category: core
Module: kernel
Announced: 2014-01-14
Credits: Konstantin Belousov
Affects: All supported versions of FreeBSD.
Corrected: 2013-12-30 08:57:54 UTC (stable/10, 10.0-PRERELEASE)
2013-12-31 08:02:34 UTC (releng/10.0, 10.0-RC4)
2013-12-31 08:02:34 UTC (releng/10.0, 10.0-RC3-p1)
2013-12-31 08:02:34 UTC (releng/10.0, 10.0-RC2-p1)
2013-12-31 08:02:34 UTC (releng/10.0, 10.0-RC1-p1)
2013-12-30 09:04:06 UTC (stable/9, 9.2-STABLE)
2014-01-14 19:42:28 UTC (releng/9.2, 9.2-RELEASE-p3)
2014-01-14 19:42:28 UTC (releng/9.1, 9.1-RELEASE-p10)
2014-01-14 19:33:28 UTC (stable/8, 8.4-STABLE)
2014-01-14 19:42:28 UTC (releng/8.4, 8.4-RELEASE-p7)
2014-01-14 19:42:28 UTC (releng/8.3, 8.3-RELEASE-p14)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:http://security.freebsd.org/>.
I. Background
The FreeBSD virtual memory system allows growing stack by mapping anonymous
memory region on top of a stack via mmap(2) system call with MAP_STACK bit
enabled in flags parameter.
II. Problem Description
The FreeBSD virtual memory system tries to coalesce adjacent memory regions
into one single object when possible. When growing the stack via mmap(2), it
will also try to coalesce the newly allocated memory into the existing object.
This would result in a failed assertion later in vm_map_stack(), which expects
that a new object is returned.
III. Impact
The system will panic when this happens.
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.
2) To update your present system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch http://security.FreeBSD.org/patches/EN-14:02/mmap.patch
# fetch http://security.FreeBSD.org/patches/EN-14:02/mmap.patch.asc
# gpg --verify mmap.patch.asc
b) Apply the patch.
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
3) To update your system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
Branch/path Revision
- -------------------------------------------------------------------------
stable/8/ r260645
releng/8.3/ r260647
releng/8.4/ r260647
stable/9/ r260082
releng/9.1/ r260647
releng/9.2/ r260647
stable/10/ r260081
releng/10.0/ r260122
- -------------------------------------------------------------------------
VII. References
The latest revision of this Errata Notice is available at
http://security.FreeBSD.org/advisories/FreeBSD-EN-14:02.mmap.asc
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJS1ZSuAAoJEO1n7NZdz2rnsPoQAIFs/URebviZjkMpYJBTahwe
Lr50uJSZIlW2nMvi+urLJAB15fJm/WHDdHqp6+WHh5jjCozb45CoIxDFnP5UB4q8
oclsQtKrt4R1dBDEa3RZQoJEm6DIk1YhfAfUtJMhDpROlvWCbBMzZWJbVQec5j3E
iyhY1FIl/BD4KWFw/hDhJX5j4HQWA/oZDagx5WZFMsFapq5rOXkC/fq3YHkTJBeW
7YEvAyTuZoj9zBVJ28cEYr7+ULtJMphBdTEzAhFZSEegsM+qyMafTf2c54MdtWR0
pSgoh9i+cSXj444e4eeqLp6LwapW5YGIrKpAmBUwTECBg5F5915i2h8ddCnmJJSM
4Wq7bXJU6PGzFXTDUsAw9HB2HcCMU2EvVNhtM3wp7dSzojLpvrgEoRZKwanu32r1
cuN/awHUGA1fzoUkxMygzT5B44IX+9gyT8lJ4N+PfKGnSO00WY41XkLheDmpgf2b
euDrzTSwbupEp70lT45CW6DUlqPXpw0Fn5vyNYBvoaAXineqyvwMkQ6YZwoNmfiU
xv2zjY40RkOR8EJKi8L1moBQsfh/i6rtVQhDIHmAU/1VaYBE4zVXS5BYAlUaUJgw
3rc5ho+F2BB+YV+HeaWszjW+NVhiIswpccw4Js7O2HQUA9M2KEq2+DXRtNdEa8/j
miG/hWqsuoWjAcrQKjKw
=rOvi
-----END PGP SIGNATURE-----
Reference in a new issue View git blame Copy permalink