125 lines
4.6 KiB
Text
125 lines
4.6 KiB
Text
-----BEGIN PGP SIGNED MESSAGE-----
|
|
Hash: SHA512
|
|
|
|
=============================================================================
|
|
FreeBSD-EN-20:18.getfsstat Errata Notice
|
|
The FreeBSD Project
|
|
|
|
Topic: getfsstat compatibility system call panic
|
|
|
|
Category: core
|
|
Module: getfsstat
|
|
Announced: 2020-09-02
|
|
Credits: Rodrigo Rubira Branco (BSDaemon), Amazon Web Services
|
|
Henrique L. Amorim, Independent Security Researcher
|
|
Affects: FreeBSD 11.3 and 11.4
|
|
Corrected: 2020-06-20 04:39:52 UTC (stable/11, 11.4-STABLE)
|
|
2020-09-02 16:22:14 UTC (releng/11.4, 11.4-RELEASE-p3)
|
|
2020-09-02 16:22:14 UTC (releng/11.3, 11.3-RELEASE-p13)
|
|
|
|
For general information regarding FreeBSD Errata Notices and Security
|
|
Advisories, including descriptions of the fields above, security
|
|
branches, and the following sections, please visit
|
|
<URL:https://security.FreeBSD.org/>.
|
|
|
|
I. Background
|
|
|
|
getfsstat(2) is a system call which provides information about mounted
|
|
filesystems. The kernel provides compatibility system calls for old
|
|
versions of the interface.
|
|
|
|
II. Problem Description
|
|
|
|
A bug in an internal interface used by getfsstat(2) compatibility system
|
|
calls could result in a free of an uninitialized pointer when getfsstat(2)
|
|
is called with an invalid argument.
|
|
|
|
III. Impact
|
|
|
|
A kernel panic can be triggered by an unprivileged user process.
|
|
|
|
IV. Workaround
|
|
|
|
No workaround is available.
|
|
|
|
V. Solution
|
|
|
|
Upgrade your system to a supported FreeBSD stable or release / security
|
|
branch (releng) dated after the correction date, and reboot.
|
|
|
|
Perform one of the following:
|
|
|
|
1) To update your system via a binary patch:
|
|
|
|
Systems running a RELEASE version of FreeBSD on the i386 or amd64
|
|
platforms can be updated via the freebsd-update(8) utility:
|
|
|
|
# freebsd-update fetch
|
|
# freebsd-update install
|
|
# shutdown -r +10min "Rebooting for an errata update"
|
|
|
|
2) To update your system via a source code patch:
|
|
|
|
The following patches have been verified to apply to the applicable
|
|
FreeBSD release branches.
|
|
|
|
a) Download the relevant patch from the location below, and verify the
|
|
detached PGP signature using your PGP utility.
|
|
|
|
# fetch https://security.FreeBSD.org/patches/EN-20:18/getfsstat.patch
|
|
# fetch https://security.FreeBSD.org/patches/EN-20:18/getfsstat.patch.asc
|
|
# gpg --verify getfsstat.patch.asc
|
|
|
|
b) Apply the patch. Execute the following commands as root:
|
|
|
|
# cd /usr/src
|
|
# patch < /path/to/patch
|
|
|
|
c) Recompile your kernel as described in
|
|
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
|
|
system.
|
|
|
|
VI. Correction details
|
|
|
|
The following list contains the correction revision numbers for each
|
|
affected branch.
|
|
|
|
Branch/path Revision
|
|
- -------------------------------------------------------------------------
|
|
stable/11/ r362426
|
|
releng/11.4/ r365254
|
|
releng/11.3/ r365254
|
|
- -------------------------------------------------------------------------
|
|
|
|
To see which files were modified by a particular revision, run the
|
|
following command, replacing NNNNNN with the revision number, on a
|
|
machine with Subversion installed:
|
|
|
|
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
|
|
|
|
Or visit the following URL, replacing NNNNNN with the revision number:
|
|
|
|
<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
|
|
|
|
VII. References
|
|
|
|
The latest revision of this advisory is available at
|
|
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-20:18.getfsstat.asc>
|
|
-----BEGIN PGP SIGNATURE-----
|
|
|
|
iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl9RQrhfFIAAAAAALgAo
|
|
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
|
|
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
|
|
5cKOPRAAqrEteXljHWfgMTSEYBzWkGD7cgZXICmoUzhYpownamVU2yhm3g547v23
|
|
+kwfGMZs/AAlkBRBMiNAVflEFJ9qCHfZjx/+1AVHzMRchIca5R0xukaO5MDBSgvS
|
|
0LmqZM/vdd/15pWp3ptMfX6eeUUyfjxxoe7XWTrfEBdgzo7EHTlHpMKdZ/jjx4Ju
|
|
M3t0rgC5KNMNs7N8CiKpDUU/S79eXBQZ/w8GK3q4HO4Y2WEw3ogbNl8RxrplTVFo
|
|
UWQTii14wmjPOLVjyRro2enggfqEQ6LdQCOxwI6IetQxELUbIOUEeUg4AUdBciqe
|
|
t3R6iSZTKkmqODTUmIYixZxJJztDNBESC44G1/qUOuinqE27CEqFCvgA9pS4sRtP
|
|
PxSrfTN/J0EPbcGL6uJ337I+m2cWsuyTToRDwTL3C87pguQpTk2OpQMNaXqUtKN7
|
|
FUmv7dJ30ybzHEBm3yEUEXSMYSH3YSmweic3ZfoWsAAH7OgbCKrE+DOidds2t7yM
|
|
ffjWyagXVEzLTydLABGBmYPUtFQbV5jKZTZxdyvRc3NtiyD3vGHO3Y8ZzUtUl5PC
|
|
HaHVHC1mUAJfeA3hlu29Ohf8p0Ukv/82ybMh9H2WlTC+VZklvUuUdDpRArgEpnzd
|
|
75kSLTF4k2egWpgrocoUqcaMbSLEB5uiVwMM0/5tm9ly3enk1Yc=
|
|
=r/H7
|
|
-----END PGP SIGNATURE-----
|