os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
doc/share/security/advisories/FreeBSD-EN-14:05.ciss.asc
Xin LI 6705d61482 Add the latest advisory and 3 new errata notices: 
Fix OpenSSL NULL pointer deference vulnerability. [SA-14:09]

  Add pkg bootstrapping, configuration and public keys. [EN-14:03]
  Improve build repeatability for kldxref(8). [EN-14:04]
  Fix data corruption with ciss(4). [EN-14:05]
2014-05-13 23:55:52 +00:00

127 lines
4.5 KiB
Text
Raw Blame History

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-EN-14:05.ciss Errata Notice
The FreeBSD Project
Topic: data corruption with ciss(4)
Category: core
Module: ciss
Announced: 2014-05-13
Credits: Sean Bruno
Affects: FreeBSD 10.x and FreeBSD 9.x
Corrected: 2014-04-15 17:52:22 UTC (stable/9, 9.2-STABLE)
2014-05-13 23:24:14 UTC (releng/9.2, 9.2-RELEASE-p6)
2014-05-13 23:24:14 UTC (releng/9.1, 9.1-RELEASE-p13)
2014-04-15 17:49:47 UTC (stable/10, 10.0-STABLE)
2014-05-13 23:22:28 UTC (releng/10.0, 10.0-RELEASE-p3)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:http://security.freebsd.org/>.
I. Background
The ciss driver supports HP Smart Array line of hardware RAID controllers.
II. Problem Description
There is a programming error discovered in the ciss(4) driver, where a missing
lock can trigger a failed assertion when the volume state changes, such as
disk failure or a disk rebuild.
III. Impact
Systems using the ciss(4) driver may experience system crashes or data
corruption when the volume state change.
IV. Workaround
No workaround is available, but systems that do not use ciss(4) devices are
not affected.
V. Solution
Perform one of the following:
1) Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.
2) To update your present system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch http://security.FreeBSD.org/patches/EN-14:05/ciss.patch
# fetch http://security.FreeBSD.org/patches/EN-14:05/ciss.patch.asc
# gpg --verify ciss-10.patch.asc
b) Apply the patch.
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
3) To update your system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
Branch/path Revision
- -------------------------------------------------------------------------
stable/9/ r264511
releng/9.1/ r265988
releng/9.2/ r265988
stable/10/ r264510
releng/10.0/ r265987
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
<URL:http://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
VII. References
The latest revision of this Errata Notice is available at
http://security.FreeBSD.org/advisories/FreeBSD-EN-14:05.ciss.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (FreeBSD)
iQIcBAEBCgAGBQJTcq5IAAoJEO1n7NZdz2rnNqAQAJCfdCBubWSDRO/dsSaqK6yT
bnPY4Xly523ABRCQySe0vajSIK1qqfE0bAmhYa/7BTMqyJKz0BRhx819D8SiWNS9
Hdy4yU/hOjBkbT6KAtpBaSUNXX4ODWaNbd78c+uDSvj9UeQgrunAQC7OJR6iYWuq
25fBUXgovSr4g9puNyBs8sH+c7IzbG4HvhoPrjRDwdasEyCBzx6RggpnxusfVsd9
91Eg/WPG3hIJW6kaHOWWeVwz4vCRZjv0u7myeJBcAa7gcwDX/J2DHeDrG60O3BNY
/fZT2UcfDxE0rEVuVnV3Vc0XkIQjuNk7G9SkGjH4Zdx+I34UT05cxU5ZrdpKNiGL
fjbo4H/KBML4agRGAPzeo3KU3rxOUmss+mh7Mu+CVoZP5uQUr1sEUkfQ+FkJjjbv
es47Ij6ZmfGyUPuVKVCW34bXm6Ieyc0QZ10kRv8paOmPsWBA+WYWGibEhvwp5v0p
AHdlGGO/FpOac4h/YEqOh6ryN8QldjCI+SCqkfs38DjeTX5IWecgax586oH7BpJm
RGc/fgx3YSO8tmMaTwKZm5VVlujsld6t95XrA2dGWOhiWcRsoWGs+SaUTNf5Y0Te
k2vD7tMsk37PG4jbp7pk4FH2Mfb9KRHe82ebdOnkOj4C5kWIB8FwYJyMIjDl3C4r
OdXZDrbyKh/swjJZJIuP
=orSF
-----END PGP SIGNATURE-----
Reference in a new issue View git blame Copy permalink