1 files changed, 127 insertions, 0 deletions

diff --git a/share/security/advisories/FreeBSD-EN-14:02.mmap.asc b/share/security/advisories/FreeBSD-EN-14:02.mmap.asc
new file mode 100644
index 0000000000..fa61742172
--- /dev/null
+++ b/share/security/advisories/FreeBSD-EN-14:02.mmap.asc
@@ -0,0 +1,127 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-14:02.mmap                                           Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          mmap should not coalesce stack entry
+
+Category:       core
+Module:         kernel
+Announced:      2014-01-14
+Credits:        Konstantin Belousov
+Affects:        All supported versions of FreeBSD.
+Corrected:      2013-12-30 08:57:54 UTC (stable/10, 10.0-PRERELEASE)
+                2013-12-31 08:02:34 UTC (releng/10.0, 10.0-RC4)
+                2013-12-31 08:02:34 UTC (releng/10.0, 10.0-RC3-p1)
+                2013-12-31 08:02:34 UTC (releng/10.0, 10.0-RC2-p1)
+                2013-12-31 08:02:34 UTC (releng/10.0, 10.0-RC1-p1)
+                2013-12-30 09:04:06 UTC (stable/9, 9.2-STABLE)
+                2014-01-14 19:42:28 UTC (releng/9.2, 9.2-RELEASE-p3)
+                2014-01-14 19:42:28 UTC (releng/9.1, 9.1-RELEASE-p10)
+                2014-01-14 19:33:28 UTC (stable/8, 8.4-STABLE)
+                2014-01-14 19:42:28 UTC (releng/8.4, 8.4-RELEASE-p7)
+                2014-01-14 19:42:28 UTC (releng/8.3, 8.3-RELEASE-p14)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:http://security.freebsd.org/>.
+
+I.   Background
+
+The FreeBSD virtual memory system allows growing stack by mapping anonymous
+memory region on top of a stack via mmap(2) system call with MAP_STACK bit
+enabled in flags parameter.
+
+II.  Problem Description
+
+The FreeBSD virtual memory system tries to coalesce adjacent memory regions
+into one single object when possible.  When growing the stack via mmap(2), it
+will also try to coalesce the newly allocated memory into the existing object.
+This would result in a failed assertion later in vm_map_stack(), which expects
+that a new object is returned.
+
+III. Impact
+
+The system will panic when this happens.
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+2) To update your present system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/EN-14:02/mmap.patch
+# fetch http://security.FreeBSD.org/patches/EN-14:02/mmap.patch.asc
+# gpg --verify mmap.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+3) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/8/                                                         r260645
+releng/8.3/                                                       r260647
+releng/8.4/                                                       r260647
+stable/9/                                                         r260082
+releng/9.1/                                                       r260647
+releng/9.2/                                                       r260647
+stable/10/                                                        r260081
+releng/10.0/                                                      r260122
+- -------------------------------------------------------------------------
+
+VII. References
+
+The latest revision of this Errata Notice is available at
+http://security.FreeBSD.org/advisories/FreeBSD-EN-14:02.mmap.asc
+
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAEBCgAGBQJS1ZSuAAoJEO1n7NZdz2rnsPoQAIFs/URebviZjkMpYJBTahwe
+Lr50uJSZIlW2nMvi+urLJAB15fJm/WHDdHqp6+WHh5jjCozb45CoIxDFnP5UB4q8
+oclsQtKrt4R1dBDEa3RZQoJEm6DIk1YhfAfUtJMhDpROlvWCbBMzZWJbVQec5j3E
+iyhY1FIl/BD4KWFw/hDhJX5j4HQWA/oZDagx5WZFMsFapq5rOXkC/fq3YHkTJBeW
+7YEvAyTuZoj9zBVJ28cEYr7+ULtJMphBdTEzAhFZSEegsM+qyMafTf2c54MdtWR0
+pSgoh9i+cSXj444e4eeqLp6LwapW5YGIrKpAmBUwTECBg5F5915i2h8ddCnmJJSM
+4Wq7bXJU6PGzFXTDUsAw9HB2HcCMU2EvVNhtM3wp7dSzojLpvrgEoRZKwanu32r1
+cuN/awHUGA1fzoUkxMygzT5B44IX+9gyT8lJ4N+PfKGnSO00WY41XkLheDmpgf2b
+euDrzTSwbupEp70lT45CW6DUlqPXpw0Fn5vyNYBvoaAXineqyvwMkQ6YZwoNmfiU
+xv2zjY40RkOR8EJKi8L1moBQsfh/i6rtVQhDIHmAU/1VaYBE4zVXS5BYAlUaUJgw
+3rc5ho+F2BB+YV+HeaWszjW+NVhiIswpccw4Js7O2HQUA9M2KEq2+DXRtNdEa8/j
+miG/hWqsuoWjAcrQKjKw
+=rOvi
+-----END PGP SIGNATURE-----