136 lines
5.1 KiB
Text
136 lines
5.1 KiB
Text
-----BEGIN PGP SIGNED MESSAGE-----
|
|
Hash: SHA512
|
|
|
|
=============================================================================
|
|
FreeBSD-EN-20:06.ipv6 Errata Notice
|
|
The FreeBSD Project
|
|
|
|
Topic: Incorrect checksum calculations with IPv6 extension headers
|
|
|
|
Category: core
|
|
Module: netinet6
|
|
Announced: 2020-03-19
|
|
Credits: Francis Dupont <fdupont@isc.org>
|
|
Affects: All supported versions of FreeBSD.
|
|
Corrected: 2020-03-02 22:54:32 UTC (stable/12, 12.1-STABLE)
|
|
2020-03-19 16:43:37 UTC (releng/12.1, 12.1-RELEASE-p3)
|
|
2020-03-03 08:24:09 UTC (stable/11, 11.3-STABLE)
|
|
2020-03-19 16:43:37 UTC (releng/11.3, 11.3-RELEASE-p7)
|
|
|
|
For general information regarding FreeBSD Errata Notices and Security
|
|
Advisories, including descriptions of the fields above, security
|
|
branches, and the following sections, please visit
|
|
<URL:https://security.FreeBSD.org/>.
|
|
|
|
I. Background
|
|
|
|
Upper layer transport protocols, e.g., TCP, UDP, or SCTP, include
|
|
checksums in their headers. IPv6 is a network protocol, which can
|
|
add extension headers between its own header and that of the upper
|
|
layer protocol.
|
|
|
|
II. Problem Description
|
|
|
|
Pseudo header checksum calculations can be delayed until the IPv6
|
|
output routine or offloaded to the NIC. In case IPv6 extension
|
|
headers are present, FreeBSD currently never offloads to the NIC.
|
|
When passing the data to the functions doing the delayed checksum
|
|
calculations, the contents of the extension headers were erroneously
|
|
included as part of the checksum.
|
|
|
|
III. Impact
|
|
|
|
Upper layer transport protocol checksums may be wrong for IPv6 packets,
|
|
such as IPv6 fragments, or IPv6 packets with a Destination Options or
|
|
Hop-by-Hop Options extension header.
|
|
|
|
IV. Workaround
|
|
|
|
No workaround is available. Packets sent over IPv4 or IPv6 without
|
|
any extension headers are unaffected.
|
|
|
|
V. Solution
|
|
|
|
Upgrade your system to a supported FreeBSD stable or release / security
|
|
branch (releng) dated after the correction date, and reboot.
|
|
|
|
Perform one of the following:
|
|
|
|
1) To update your system via a binary patch:
|
|
|
|
Systems running a RELEASE version of FreeBSD on the i386 or amd64
|
|
platforms can be updated via the freebsd-update(8) utility:
|
|
|
|
# freebsd-update fetch
|
|
# freebsd-update install
|
|
# shutdown -r +10min "Rebooting for errata update"
|
|
|
|
2) To update your system via a source code patch:
|
|
|
|
The following patches have been verified to apply to the applicable
|
|
FreeBSD release branches.
|
|
|
|
a) Download the relevant patch from the location below, and verify the
|
|
detached PGP signature using your PGP utility.
|
|
|
|
[FreeBSD 11.3]
|
|
# fetch https://security.FreeBSD.org/patches/EN-20:06/ipv6.patch
|
|
# fetch https://security.FreeBSD.org/patches/EN-20:06/ipv6.patch.asc
|
|
# gpg --verify ipv6.patch.asc
|
|
|
|
b) Apply the patch. Execute the following commands as root:
|
|
|
|
# cd /usr/src
|
|
# patch < /path/to/patch
|
|
|
|
c) Recompile your kernel as described in
|
|
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
|
|
system.
|
|
|
|
VI. Correction details
|
|
|
|
The following list contains the correction revision numbers for each
|
|
affected branch.
|
|
|
|
Branch/path Revision
|
|
- -------------------------------------------------------------------------
|
|
stable/12/ r358557
|
|
releng/12.1/ r359137
|
|
stable/11/ r358566
|
|
releng/11.3/ r359137
|
|
- -------------------------------------------------------------------------
|
|
|
|
To see which files were modified by a particular revision, run the
|
|
following command, replacing NNNNNN with the revision number, on a
|
|
machine with Subversion installed:
|
|
|
|
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
|
|
|
|
Or visit the following URL, replacing NNNNNN with the revision number:
|
|
|
|
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
|
|
|
|
VII. References
|
|
|
|
<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=243675>
|
|
|
|
The latest revision of this advisory is available at
|
|
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-20:06.ipv6.asc>
|
|
-----BEGIN PGP SIGNATURE-----
|
|
|
|
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl5zpldfFIAAAAAALgAo
|
|
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
|
|
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
|
|
5cLxaA/+IUDfq39zppv1SsIrwD1a2VZVQvPtNPmM0OUzJK7gt6Jj1lDJjY/WTXl6
|
|
I93Xm1q6VL6u+6n95XfaUe3xu05Oujlq+KE0zu3tOigs50tvyn2+PAQU1waTT3O7
|
|
zFqqLb0mBoQl1WasiLj0NhIpAK3GDYNV/Zd0jYuQzyyhu1kahMpeiVYn5OG7Q1C0
|
|
BUPfObwGfzDYZbDtT4RSok35uVfzLnk5mZ1L+grQaoZbh3OJonlx5GnbRAboncCY
|
|
IJRfeyrHvCX2WMKx0CiUTEHZKJErKWcynYHkWYc+jmSqfTFARWBdIHpxQzF52kuW
|
|
E34WQDuCf9miSRGrlV1CgwjXUExuPOcUN7XcRRJQkkjc2wnpjMi1qudpyZmNW7Ig
|
|
rMQQdRLAmHyuy8ZjNuuBesWqBZYC2pr1p94KGUO7VsRNRVWOe8CEBT5NCRcRzoqw
|
|
rhyGlS1ahc6P/6FliYd86MMpdS4S0olRcylW+r5z3O8DStt0VEvwC5cYubqJJDud
|
|
Crpuces4hq8xZ2E4ZVN2YclT/gKNNvtNXmPfqpWVLdtCJqg6JTjAShX/YH52Q3/Q
|
|
5VOqj1wJmAMV07f68gp6GH+dQIxAnI5uAXwrGBs5Y7PCzRafhUkEy/6m5FHYOpUN
|
|
CR+/5Iqp2S79LeAoxSbZmuVh1pmLrs6bVZcfI21V91d5hSniPPE=
|
|
=/jJ1
|
|
-----END PGP SIGNATURE-----
|