diff options
| author | Gleb Smirnoff <glebius@FreeBSD.org> | 2016-03-16 23:10:13 +0000 |
|---|---|---|
| committer | Gleb Smirnoff <glebius@FreeBSD.org> | 2016-03-16 23:10:13 +0000 |
| commit | 7a3fc19192e884301928af4718c2e813a9377a91 (patch) | |
| tree | 69a15bcf82c0cb60e6d8dc2df293715cb64476d9 /share/security/advisories/FreeBSD-16:05.hv_netvsc.asc | |
| parent | f307cfe43e39570247ab0939172fbae6e6e8cf2d (diff) | |
| download | doc-7a3fc19192e884301928af4718c2e813a9377a91.tar.gz doc-7a3fc19192e884301928af4718c2e813a9377a91.zip | |
Document today updates:
FreeBSD-16:04.hyperv
FreeBSD-16:05.hv_netvsc
FreeBSD-SA-16:14.openssh
FreeBSD-SA-16:15.sysarch
Notes
Notes:
svn path=/head/; revision=48424
Diffstat (limited to 'share/security/advisories/FreeBSD-16:05.hv_netvsc.asc')
| -rw-r--r-- | share/security/advisories/FreeBSD-16:05.hv_netvsc.asc | 129 |
1 files changed, 129 insertions, 0 deletions
diff --git a/share/security/advisories/FreeBSD-16:05.hv_netvsc.asc b/share/security/advisories/FreeBSD-16:05.hv_netvsc.asc new file mode 100644 index 0000000000..ce408f1991 --- /dev/null +++ b/share/security/advisories/FreeBSD-16:05.hv_netvsc.asc @@ -0,0 +1,129 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-16:05.hv_netvsc Errata Notice + The FreeBSD Project + +Topic: hv_netvsc(4) incorrect TCP/IP checksums + +Category: core +Module: hyperv +Announced: 2016-03-16 +Credits: Larry Baird +Affects: FreeBSD 10.2 +Corrected: 2015-12-18 14:56:49 UTC (stable/10, 10.2-STABLE) + 2016-03-16 22:31:04 UTC (releng/10.2, 10.2-RELEASE-p14) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +Hyper-V is a native hypervisor running on Windows operating system. It can +run FreeBSD 10.x as guest in virtual machine. + +When FreeBSD guest runs on Hyper-V, to get the best network performance, +it usually uses the Hyper-V synthetic network device. The driver of the +network device is called hv_netvsc(4). Since FreeBSD 10.2-RELEASE the +driver supports TCP segmentation and TCP/IP checksum offloading. + +II. Problem Description + +Together with the TCP segmentation and TCP/IP checksum offloading a regression +was introduced. The driver checked the inbound checksum flags when deciding +whether to process checksums or not, while it should have checked the outbound +flags only. + +III. Impact + +If the guest running on Hyper-V is configured as a gateway, the host will +silently drop certain packets from the guest. + +IV. Workaround + +No workaround is available. + +V. Solution + +Perform one of the following: + +1) Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. Reboot is required. + +2) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +Reboot is required. + +3) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-16:05/hv_netvsc.patch +# fetch https://security.FreeBSD.org/patches/EN-16:05/hv_netvsc.patch.asc +# gpg --verify hv_netvsc.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/10/ r292439 +releng/10.2/ r296955 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203630> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-16:05.hv_netvsc.asc> +-----BEGIN PGP SIGNATURE----- + +iQIcBAEBCgAGBQJW6eQyAAoJEO1n7NZdz2rnOdQQANX3NYcoY1uMJEJcOMgfKp52 +OUKUriPdJjEr94Yq/QSGaIp5WyZ5O/hu89LI45DlJMHGxQYJrpQuM1Cyf2QS770u +yrmfTkcJpqmwJpr4pOqQuYUHuAXkUsOeOysOO/2ccP7USFWqdWbgLotbq3JAFwIz +cnPwteAawZ3BZLaDRXgsr9Hhqn5d++YIsYC3mhyGNJJI6LlNG/ihba2Vd8lDu9hv +UVv0WW8yfv851jEv/vhCQmhHcHcIAhzZGLn47Shi4s0833icvPeU+Xc/cpL/wifX +vCPKA53DqdsNCsPQbbfzgCgoxV1iC3zb/4EOUAIpCInS00N4YQeQiJePH7Im56rc +y6LsccIf1otr8xCuRuWsUVXuzrmtDBKDzE2gwMx+YHAEWl7ObhgM1VYYWoYnwBlr +g+M2Wynjcj/rSZUpBdtUFFDNhqFlvrFSXDUEl0MbK4IzwtyOQtQfnCjy6kTqr2yB +czWonmU9tgLtaqkN61b5pBx+jR2oEC4M8HPHuA2LmEKLJrgfePHBIAZ7cPnWaZ4O +L4uP97MPmZEQggQeED5SLTMl3jJUe52H9XDkN8RV8/P3oA/YXBD4prhg4fYvNKQT +VR0pWvlnJNmjaupCBWOfJfG1S8+oOfoTNV5/Fq83LVLW0DPKHVmLtQfS5Rs02745 +VnvCDT/XPOCODW1KdsSc +=vkxR +-----END PGP SIGNATURE----- |