os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
doc/share/security/advisories/FreeBSD-EN-09:02.bce.asc
Bjoern A. Zeeb 3571e53040 Import FreeBSD Security Advisories and Errata Notices, as well as their 
patches for easier mirroring, to eliminate a special copy, to make
www.freebsd.org/security a full copy of security.freebsd.org and be
eventually be the same.

For now files are just sitting there.   The symlinks are missing.

Discussed on:	www (repository location)
Discussed with:	simon (so)
2012-08-15 06:19:40 +00:00

113 lines
3.7 KiB
Text
Raw Blame History

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-EN-09:02.bce Errata Notice
The FreeBSD Project
Topic: bce(4) does not work with lagg(4) LACP mode
Category: core
Module: sys/dev
Announced: 2009-06-24
Credits: Pete French <petefrench@ticketswitch.com>
David Christensen
Affects: FreeBSD 7.2
Corrected: 2009-05-20 21:13:49 (RELENG_7, 7.2-STABLE)
2009-06-24 05:28:09 (RELENG_7_2, 7.2-RELEASE-p2)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:http://security.freebsd.org/>.
I. Background
bce(4) is a network device driver for Broadcom NetXtreme II
(BCM5706/5708/5709/5716) PCI/PCIe Gigabit Ethernet adapters. The
lagg(4) driver is a pseudo network interface driver which allows
aggregation of multiple network interfaces as one virtual interface
for the purpose of providing fault-tolerance and high-speed links.
II. Problem Description
The bce(4) driver used an incorrect total packet length calculation. This
bug was accidentally added just after 7.1-RELEASE.
III. Impact
When adding a bce(4) interface on the system as a lagg(4) member with
the LACP aggregation protocol enabled network communication via the
bce(4) interface stops completely. Although the bce(4) interface
works if it is not a lagg(4) member, the incoming traffic statistics
which can be found in netstat(1) output will be incorrect because
every packet is recognized as full-sized one.
IV. Workaround
No workaround is available.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to 7-STABLE or to the RELENG_7_2
security branch dated after the correction date.
2) To patch your present system:
The following patches have been verified to apply to FreeBSD 7.2 system.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch http://security.FreeBSD.org/patches/EN-09:02/bce.patch
# fetch http://security.FreeBSD.org/patches/EN-09:02/bce.patch.asc
b) Apply the patch.
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot
the system.
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
CVS:
Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_7
src/sys/dev/bce/if_bce.c 1.34.2.8
src/sys/dev/bce/if_bcereg.c 1.16.2.3
RELENG_7_2
src/UPDATING 1.507.2.23.2.5
src/sys/conf/newvers.sh 1.72.2.11.2.6
src/sys/dev/bce/if_bce.c 1.34.2.7.2.2
- -------------------------------------------------------------------------
Subversion:
Branch/path Revision
- -------------------------------------------------------------------------
stable/7/ r192477
releng/7.2/ r194808
- -------------------------------------------------------------------------
VII. References
The latest revision of this advisory is available at
http://security.FreeBSD.org/advisories/FreeBSD-EN-09:02.bce.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (FreeBSD)
iEYEARECAAYFAkpBu9cACgkQFdaIBMps37IyrgCeKorJrpSXubynKzNJ2ld4j1K3
RqoAnAjhR8Fld9c8gJUIP/BuQ0wx2atT
=oSkz
-----END PGP SIGNATURE-----
Reference in a new issue View git blame Copy permalink