132 lines
		
	
	
	
		
			4.9 KiB
		
	
	
	
		
			Text
		
	
	
	
	
	
			
		
		
	
	
			132 lines
		
	
	
	
		
			4.9 KiB
		
	
	
	
		
			Text
		
	
	
	
	
	
| -----BEGIN PGP SIGNED MESSAGE-----
 | |
| Hash: SHA512
 | |
| 
 | |
| =============================================================================
 | |
| FreeBSD-EN-15:15.pkg                                            Errata Notice
 | |
|                                                           The FreeBSD Project
 | |
| 
 | |
| Topic:          Insufficient check of unsupported pkg(7) signature methods
 | |
| 
 | |
| Category:       core
 | |
| Module:         pkg
 | |
| Announced:      2015-08-25
 | |
| Credits:        Fabian Keil
 | |
| Affects:        All supported versions of FreeBSD.
 | |
| Corrected:      2015-08-19 18:32:36 UTC (stable/10, 10.2-STABLE)
 | |
|                 2015-08-25 20:48:51 UTC (releng/10.2, 10.2-RC3-p2)
 | |
|                 2015-08-25 20:48:51 UTC (releng/10.2, 10.2-RELEASE-p2)
 | |
|                 2015-08-25 20:48:58 UTC (releng/10.1, 10.1-RELEASE-p19)
 | |
|                 2015-08-19 18:33:25 UTC (stable/9, 9.3-STABLE)
 | |
|                 2015-08-25 20:49:05 UTC (releng/9.3, 9.3-RELEASE-p24)
 | |
| CVE Name:       CVE-2015-5676
 | |
| 
 | |
| For general information regarding FreeBSD Errata Notices and Security
 | |
| Advisories, including descriptions of the fields above, security
 | |
| branches, and the following sections, please visit
 | |
| <URL:https://security.freebsd.org/>.
 | |
| 
 | |
| I.   Background
 | |
| 
 | |
| The pkg(8) utility is the package management tool for FreeBSD.  The base
 | |
| system includes a pkg(7) bootstrap utility used to install the latest pkg(8)
 | |
| utility.
 | |
| 
 | |
| II.  Problem Description
 | |
| 
 | |
| When signature_type specified in pkg.conf(5) is set to an unsupported method,
 | |
| the pkg(7) bootstrap utility would behave as if signature_type is set to
 | |
| "none".
 | |
| 
 | |
| III. Impact
 | |
| 
 | |
| MITM attackers may be able to use this vulnerability and bypass validation,
 | |
| installing their own version of pkg(8).
 | |
| 
 | |
| IV.  Workaround
 | |
| 
 | |
| No workaround is available, but the default FreeBSD configuration is not
 | |
| affected because it uses "fingerprint" method.
 | |
| 
 | |
| V.   Solution
 | |
| 
 | |
| Perform one of the following:
 | |
| 
 | |
| 1) Upgrade your system to a supported FreeBSD stable or release / security
 | |
| branch (releng) dated after the correction date.
 | |
| 
 | |
| 2) To update your present system via a binary patch:
 | |
| 
 | |
| Systems running a RELEASE version of FreeBSD on the i386 or amd64
 | |
| platforms can be updated via the freebsd-update(8) utility:
 | |
| 
 | |
| # freebsd-update fetch
 | |
| # freebsd-update install
 | |
| 
 | |
| 3) To update your present system via a source code patch:
 | |
| 
 | |
| The following patches have been verified to apply to the applicable
 | |
| FreeBSD release branches.
 | |
| 
 | |
| a) Download the relevant patch from the location below, and verify the
 | |
| detached PGP signature using your PGP utility.
 | |
| 
 | |
| # fetch https://security.FreeBSD.org/patches/EN-15:15/pkg.patch
 | |
| # fetch https://security.FreeBSD.org/patches/EN-15:15/pkg.patch.asc
 | |
| # gpg --verify pkg.patch.asc
 | |
| 
 | |
| b) Apply the patch.  Execute the following commands as root:
 | |
| 
 | |
| # cd /usr/src
 | |
| # patch < /path/to/patch
 | |
| 
 | |
| c) Recompile the operating system using buildworld and installworld as
 | |
| described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
 | |
| 
 | |
| VI.  Correction details
 | |
| 
 | |
| The following list contains the correction revision numbers for each
 | |
| affected branch.
 | |
| 
 | |
| Branch/path                                                      Revision
 | |
| - -------------------------------------------------------------------------
 | |
| stable/9/                                                         r286936
 | |
| releng/9.3/                                                       r287147
 | |
| stable/10/                                                        r286935
 | |
| releng/10.1/                                                      r287146
 | |
| releng/10.2/                                                      r287145
 | |
| - -------------------------------------------------------------------------
 | |
| 
 | |
| To see which files were modified by a particular revision, run the
 | |
| following command, replacing NNNNNN with the revision number, on a
 | |
| machine with Subversion installed:
 | |
| 
 | |
| # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
 | |
| 
 | |
| Or visit the following URL, replacing NNNNNN with the revision number:
 | |
| 
 | |
| <URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
 | |
| 
 | |
| VII. References
 | |
| 
 | |
| <URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5676>
 | |
| 
 | |
| The latest revision of this Errata Notice is available at
 | |
| https://security.FreeBSD.org/advisories/FreeBSD-EN-15:15.pkg.asc
 | |
| 
 | |
| -----BEGIN PGP SIGNATURE-----
 | |
| Version: GnuPG v2.1.7 (FreeBSD)
 | |
| 
 | |
| iQIcBAEBCgAGBQJV3NfOAAoJEO1n7NZdz2rnzHwP/30xvOZqHSRYMykrkQKcIVH7
 | |
| Vhp0lp1z7KaDBq7xD0m08i2WSr0/pSaBU+At141iSKwvCPS0Szx307kZBO9a8gxw
 | |
| j7s6Z15qychKKGukJ5tJtKX4Q3mqAtjBoCC8wmwmJ/YNmr4HrZRL2vFp7nqAiyhl
 | |
| ntTcSuwEElBoalufeMHWd46eguRO/r9D8uWw+O7a+lLeJO9ThjnNZXOPyMfUE3Yh
 | |
| QoFpVcVdf+j6gIGUuPwNsfy4e6hBNvD0T47+PTBECTykiC1eoX+VXqf8PxKKWSOJ
 | |
| 50sKgXOtRy55dMtWbXhu5zjq4jzWFWtBPIRHM5SH/7V898S7zMerh81bsczBUqEA
 | |
| aBu1XJS1fZHlXKlav6/m/G1Wo4QgscBUsV6PhsFNpFmvAdEW2qjnH887FBm7I/Fv
 | |
| a3wvxMmQX1ABPbavFCUZmfS4khLFITYD77XLo8ciu/fyAz/X9n9p1F2EsbL8djis
 | |
| TcTuyUVv3YXeq+gJ9OcOH4CFsYSNlKEYiAd86/9DBnsiVrQJqNzqx+roHjL7ZXg6
 | |
| AA/pqHmOEBq01idYh7PadOf+B5cU5A1CFMhjfpF1qe1yeuFFM30U7ugxjgV4w85O
 | |
| UFotAbyDlftUzeYYTQv2bK6oXzqtVagkhB/xXfQzPK9E3AnysfHA/bLysop7AMyZ
 | |
| CHeFaGA84VB1k9Ky5nSv
 | |
| =a+Ek
 | |
| -----END PGP SIGNATURE-----
 |