diff options
Diffstat (limited to 'share/security/advisories/FreeBSD-EN-14:02.mmap.asc')
-rw-r--r-- | share/security/advisories/FreeBSD-EN-14:02.mmap.asc | 127 |
1 files changed, 127 insertions, 0 deletions
diff --git a/share/security/advisories/FreeBSD-EN-14:02.mmap.asc b/share/security/advisories/FreeBSD-EN-14:02.mmap.asc new file mode 100644 index 0000000000..fa61742172 --- /dev/null +++ b/share/security/advisories/FreeBSD-EN-14:02.mmap.asc @@ -0,0 +1,127 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-14:02.mmap Errata Notice + The FreeBSD Project + +Topic: mmap should not coalesce stack entry + +Category: core +Module: kernel +Announced: 2014-01-14 +Credits: Konstantin Belousov +Affects: All supported versions of FreeBSD. +Corrected: 2013-12-30 08:57:54 UTC (stable/10, 10.0-PRERELEASE) + 2013-12-31 08:02:34 UTC (releng/10.0, 10.0-RC4) + 2013-12-31 08:02:34 UTC (releng/10.0, 10.0-RC3-p1) + 2013-12-31 08:02:34 UTC (releng/10.0, 10.0-RC2-p1) + 2013-12-31 08:02:34 UTC (releng/10.0, 10.0-RC1-p1) + 2013-12-30 09:04:06 UTC (stable/9, 9.2-STABLE) + 2014-01-14 19:42:28 UTC (releng/9.2, 9.2-RELEASE-p3) + 2014-01-14 19:42:28 UTC (releng/9.1, 9.1-RELEASE-p10) + 2014-01-14 19:33:28 UTC (stable/8, 8.4-STABLE) + 2014-01-14 19:42:28 UTC (releng/8.4, 8.4-RELEASE-p7) + 2014-01-14 19:42:28 UTC (releng/8.3, 8.3-RELEASE-p14) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:http://security.freebsd.org/>. + +I. Background + +The FreeBSD virtual memory system allows growing stack by mapping anonymous +memory region on top of a stack via mmap(2) system call with MAP_STACK bit +enabled in flags parameter. + +II. Problem Description + +The FreeBSD virtual memory system tries to coalesce adjacent memory regions +into one single object when possible. When growing the stack via mmap(2), it +will also try to coalesce the newly allocated memory into the existing object. +This would result in a failed assertion later in vm_map_stack(), which expects +that a new object is returned. + +III. Impact + +The system will panic when this happens. + +IV. Workaround + +No workaround is available. + +V. Solution + +Perform one of the following: + +1) Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +2) To update your present system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/EN-14:02/mmap.patch +# fetch http://security.FreeBSD.org/patches/EN-14:02/mmap.patch.asc +# gpg --verify mmap.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +3) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/8/ r260645 +releng/8.3/ r260647 +releng/8.4/ r260647 +stable/9/ r260082 +releng/9.1/ r260647 +releng/9.2/ r260647 +stable/10/ r260081 +releng/10.0/ r260122 +- ------------------------------------------------------------------------- + +VII. References + +The latest revision of this Errata Notice is available at +http://security.FreeBSD.org/advisories/FreeBSD-EN-14:02.mmap.asc + +-----BEGIN PGP SIGNATURE----- + +iQIcBAEBCgAGBQJS1ZSuAAoJEO1n7NZdz2rnsPoQAIFs/URebviZjkMpYJBTahwe +Lr50uJSZIlW2nMvi+urLJAB15fJm/WHDdHqp6+WHh5jjCozb45CoIxDFnP5UB4q8 +oclsQtKrt4R1dBDEa3RZQoJEm6DIk1YhfAfUtJMhDpROlvWCbBMzZWJbVQec5j3E +iyhY1FIl/BD4KWFw/hDhJX5j4HQWA/oZDagx5WZFMsFapq5rOXkC/fq3YHkTJBeW +7YEvAyTuZoj9zBVJ28cEYr7+ULtJMphBdTEzAhFZSEegsM+qyMafTf2c54MdtWR0 +pSgoh9i+cSXj444e4eeqLp6LwapW5YGIrKpAmBUwTECBg5F5915i2h8ddCnmJJSM +4Wq7bXJU6PGzFXTDUsAw9HB2HcCMU2EvVNhtM3wp7dSzojLpvrgEoRZKwanu32r1 +cuN/awHUGA1fzoUkxMygzT5B44IX+9gyT8lJ4N+PfKGnSO00WY41XkLheDmpgf2b +euDrzTSwbupEp70lT45CW6DUlqPXpw0Fn5vyNYBvoaAXineqyvwMkQ6YZwoNmfiU +xv2zjY40RkOR8EJKi8L1moBQsfh/i6rtVQhDIHmAU/1VaYBE4zVXS5BYAlUaUJgw +3rc5ho+F2BB+YV+HeaWszjW+NVhiIswpccw4Js7O2HQUA9M2KEq2+DXRtNdEa8/j +miG/hWqsuoWjAcrQKjKw +=rOvi +-----END PGP SIGNATURE----- |