diff options
Diffstat (limited to 'share/security/advisories/FreeBSD-SA-12:08.linux.asc')
-rw-r--r-- | share/security/advisories/FreeBSD-SA-12:08.linux.asc | 123 |
1 files changed, 0 insertions, 123 deletions
diff --git a/share/security/advisories/FreeBSD-SA-12:08.linux.asc b/share/security/advisories/FreeBSD-SA-12:08.linux.asc deleted file mode 100644 index 13f9910b2e..0000000000 --- a/share/security/advisories/FreeBSD-SA-12:08.linux.asc +++ /dev/null @@ -1,123 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 - -============================================================================= -FreeBSD-SA-12:08.linux Security Advisory - The FreeBSD Project - -Topic: Linux compatibility layer input validation error - -Category: core -Module: kernel -Announced: 2012-11-22 -Credits: Mateusz Guzik -Affects: All supported versions of FreeBSD. -Corrected: 2012-11-22 23:15:38 UTC (RELENG_7, 7.4-STABLE) - 2012-11-22 22:52:15 UTC (RELENG_7_4, 7.4-RELEASE-p11) - 2012-11-22 22:52:15 UTC (RELENG_8, 8.3-STABLE) - 2012-11-22 22:52:15 UTC (RELENG_8_3, 8.3-RELEASE-p5) - 2012-11-22 22:52:15 UTC (RELENG_9, 9.1-PRERELEASE) - 2012-11-22 22:52:15 UTC (RELENG_9_0, 9.0-RELEASE-p5) - 2012-11-22 22:52:15 UTC (RELENG_9_1, 9.1-RC1-p1) - 2012-11-22 22:52:15 UTC (RELENG_9_1, 9.1-RC2-p1) - 2012-11-22 22:52:15 UTC (RELENG_9_1, 9.1-RC3-p1) -CVE Name: CVE-2012-4576 - -For general information regarding FreeBSD Security Advisories, -including descriptions of the fields above, security branches, and the -following sections, please visit <URL:http://security.FreeBSD.org/>. - -I. Background - -FreeBSD is binary-compatible with the Linux operating system through a -loadable kernel module/optional kernel component. - -II. Problem Description - -A programming error in the handling of some Linux system calls may -result in memory locations being accessed without proper validation. - -III. Impact - -It is possible for a local attacker to overwrite portions of kernel -memory, which may result in a privilege escalation or cause a system -panic. - -IV. Workaround - -No workaround is available, but systems not using the Linux binary -compatibility layer are not vulnerable. - -The following command can be used to test if the Linux binary -compatibility layer is loaded: - - # kldstat -m linuxelf - -V. Solution - -Perform one of the following: - -1) Upgrade your vulnerable system to 7-STABLE, 8-STABLE, or 9-STABLE, -or to the RELENG_7_4, RELENG_8_3, RELENG_9_0, or RELENG_9_1 security -branch dated after the correction date. - -2) To update your vulnerable system via a source code patch: - -The following patches have been verified to apply to FreeBSD 7.4, -8.3, 9.0, and 9.1 systems. - -a) Download the relevant patch from the location below, and verify the -detached PGP signature using your PGP utility. - -# fetch http://security.FreeBSD.org/patches/SA-12:08/linux.patch -# fetch http://security.FreeBSD.org/patches/SA-12:08/linux.patch.asc - -b) Apply the patch. - -# cd /usr/src -# patch < /path/to/patch - -c) Recompile your kernel as described in -<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the -system. - -3) To update your vulnerable system via a binary patch: - -Systems running 7.4-RELEASE, 8.3-RELEASE, 9.0-RELEASE, 9.1-RC1, -9.1-RC2, or 9.1-RC3 on the i386 or amd64 platforms can be updated via -the freebsd-update(8) utility: - -# freebsd-update fetch -# freebsd-update install - -VI. Correction details - -The following list contains the revision numbers of each file that was -corrected in FreeBSD. - -Subversion: - -Branch/path Revision -- ------------------------------------------------------------------------- -stable/7/ r243418 -releng/7.4/ r243417 -stable/8/ r243417 -releng/8.3/ r243417 -stable/9/ r243417 -releng/9.0/ r243417 -releng/9.1/ r243417 -- ------------------------------------------------------------------------- - -VII. References - -http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4576 - -The latest revision of this advisory is available at -http://security.FreeBSD.org/advisories/FreeBSD-SA-12:08.linux.asc ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.9 - -iEYEARECAAYFAlCutVoACgkQFdaIBMps37JA4QCfZ/wp/ysDIJd1VwF525PzimTt -BUwAoJdU6pddJeJCsHfZ8812cAsrsLqP -=KVp4 ------END PGP SIGNATURE----- |