diff options
Diffstat (limited to 'share/security/advisories/FreeBSD-SA-16:25.bspatch.asc')
| -rw-r--r-- | share/security/advisories/FreeBSD-SA-16:25.bspatch.asc | 140 |
1 files changed, 0 insertions, 140 deletions
diff --git a/share/security/advisories/FreeBSD-SA-16:25.bspatch.asc b/share/security/advisories/FreeBSD-SA-16:25.bspatch.asc deleted file mode 100644 index 5902dafead..0000000000 --- a/share/security/advisories/FreeBSD-SA-16:25.bspatch.asc +++ /dev/null @@ -1,140 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA512 - -============================================================================= -FreeBSD-SA-16:25.bspatch Security Advisory - The FreeBSD Project - -Topic: Heap vulnerability in bspatch - -Category: core -Module: bsdiff -Announced: 2016-07-25 -Affects: All supported versions of FreeBSD. -Corrected: 2016-07-25 14:52:12 UTC (stable/11, 11.0-BETA2-p1) - 2016-07-25 14:52:12 UTC (stable/11, 11.0-BETA1-p1) - 2016-07-25 14:53:04 UTC (stable/10, 10.3-STABLE) - 2016-07-25 15:04:17 UTC (releng/10.3, 10.3-RELEASE-p6) - 2016-07-25 15:04:17 UTC (releng/10.2, 10.2-RELEASE-p20) - 2016-07-25 15:04:17 UTC (releng/10.1, 10.1-RELEASE-p37) - 2016-07-25 14:53:04 UTC (stable/9, 9.3-STABLE) - 2016-07-25 15:04:17 UTC (releng/9.3, 9.3-RELEASE-p45) -CVE Name: CVE-2014-9862 - -For general information regarding FreeBSD Security Advisories, -including descriptions of the fields above, security branches, and the -following sections, please visit <URL:https://security.FreeBSD.org/>. - -I. Background - -The bspatch utility generates newfile from oldfile and patchfile where -patchfile is a binary patch built by bsdiff(1). - -II. Problem Description - -The implementation of bspatch does not check for a negative value on numbers -of bytes read from the diff and extra streams, allowing an attacker who -can control the patch file to write at arbitrary locations in the heap. - -This issue was first discovered by The Chromium Project and reported -independently by Lu Tung-Pin to the FreeBSD project. - -III. Impact - -An attacker who can control the patch file can cause a crash or run arbitrary -code under the credentials of the user who runs bspatch, in many cases, root. - -IV. Workaround - -No workaround is available. - -V. Solution - -Perform one of the following: - -1) Upgrade your vulnerable system to a supported FreeBSD stable or -release / security branch (releng) dated after the correction date. - -No reboot is needed. - -2) To update your vulnerable system via a binary patch: - -Systems running a RELEASE version of FreeBSD on the i386 or amd64 -platforms can be updated via the freebsd-update(8) utility: - -# freebsd-update fetch -# freebsd-update install - -No reboot is needed. - -3) To update your vulnerable system via a source code patch: - -The following patches have been verified to apply to the applicable -FreeBSD release branches. - -a) Download the relevant patch from the location below, and verify the -detached PGP signature using your PGP utility. - -# fetch https://security.FreeBSD.org/patches/SA-16:25/bspatch.patch -# fetch https://security.FreeBSD.org/patches/SA-16:25/bspatch.patch.asc -# gpg --verify bspatch.patch.asc - -b) Apply the patch. Execute the following commands as root: - -# cd /usr/src -# patch < /path/to/patch - -c) Recompile the operating system using buildworld and installworld as -described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. - -VI. Correction details - -The following list contains the correction revision numbers for each -affected branch. - -Branch/path Revision -- ------------------------------------------------------------------------- -stable/9/ r303301 -releng/9.3/ r303304 -stable/10/ r303301 -releng/10.1/ r303304 -releng/10.2/ r303304 -releng/10.3/ r303304 -stable/11/ r303300 -- ------------------------------------------------------------------------- - -To see which files were modified by a particular revision, run the -following command, replacing NNNNNN with the revision number, on a -machine with Subversion installed: - -# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base - -Or visit the following URL, replacing NNNNNN with the revision number: - -<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> - -VII. References - -<URL:https://bugs.chromium.org/p/chromium/issues/detail?id=372525> - -<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9862> - -The latest revision of this advisory is available at -<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:25.bspatch.asc> ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2.1.13 (FreeBSD) - -iQIcBAEBCgAGBQJXlir7AAoJEO1n7NZdz2rnTtAP/iFnhrcmRuxmeMGtVPWHZFhH -/I2iB62wGf4vNGVedwh3fHPEgjEpMvDVP7S+OCLB7Fnf+Mwm9uL47cjxdr/P5dy8 -iKRsojG7HVE3Iia7DyaSEQwbJMQZGWsy2wr9epiHPoOpnSaWKUBx94C+oc7gPdM5 -8LW5OpUgSpFCztQ82gbM/2Bjy5OREJQP6ASW62WO+MkD7n+ZUzsUCdR13bzvpA23 -BaNeInQArn5Zf3OiZXjQ9Go1muml2llQmqxeb8p3V9IbJ3mdUBQat1AtF/yXfpWA -tkUfgqAaoKbjOrk22h/wBRssPlqqftZDXWqi2KlkEltqyU1evnsb5UVCu0SZdgkW -lQlnE1vymJCnxC211SweDNbbP8laR0OpjRxUxljSXVMXag4Lh9+9aD6zIZ9zZNi7 -MxXEasLZViwq8gEbZLlLUfcOQVv6T+3jTiH8aRUYFp5PsBGBgQCAQgGCEaztQTNr -lnSp/rqnP7FEu7gsHtP3wGK03RItNketbKMSUzV5eXiWmVYC3a6/WboqqJuqhDka -zs3W0h0Fw6iqk6CfImHnhD1unarXnSQU5vRcf9srnUvS0XgYS/113BQK23SjGmki -OIJe3Wm0CrcChAf8lKdeyPlKFcN906EkQ8Hh8vB00B9BZCXYLY9zBK6lW40NA1UN -cy+ljfLX/xwCNIJJXdwH -=FL3H ------END PGP SIGNATURE----- |