diff options
Diffstat (limited to 'share/security/advisories/FreeBSD-SA-19:10.ufs.asc')
-rw-r--r-- | share/security/advisories/FreeBSD-SA-19:10.ufs.asc | 153 |
1 files changed, 0 insertions, 153 deletions
diff --git a/share/security/advisories/FreeBSD-SA-19:10.ufs.asc b/share/security/advisories/FreeBSD-SA-19:10.ufs.asc deleted file mode 100644 index 23ab2b2d7d..0000000000 --- a/share/security/advisories/FreeBSD-SA-19:10.ufs.asc +++ /dev/null @@ -1,153 +0,0 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA512 - -============================================================================= -FreeBSD-SA-19:10.ufs Security Advisory - The FreeBSD Project - -Topic: Kernel stack disclosure in UFS/FFS - -Category: core -Module: Kernel -Announced: 2019-07-02 -Credits: David G. Lawrence <dg@dglawrence.com> -Affects: All supported versions of FreeBSD. -Corrected: 2019-05-10 23:45:16 UTC (stable/12, 12.0-STABLE) - 2019-07-02 00:02:16 UTC (releng/12.0, 12.0-RELEASE-p7) - 2019-05-10 23:46:42 UTC (stable/11, 11.2-STABLE) - 2019-07-02 00:02:16 UTC (releng/11.2, 11.2-RELEASE-p11) -CVE Name: CVE-2019-5601 - -For general information regarding FreeBSD Security Advisories, -including descriptions of the fields above, security branches, and the -following sections, please visit <URL:https://security.FreeBSD.org/>. - -I. Background - -The Berkeley Fast File System (FFS) is an implementation of the UNIX File -System (UFS) filesystem used by FreeBSD. - -II. Problem Description - -A bug causes up to three bytes of kernel stack memory to be written to disk -as uninitialized directory entry padding. This data can be viewed by any -user with read access to the directory. Additionally, a malicious user with -write access to a directory can cause up to 254 bytes of kernel stack memory -to be exposed. - -III. Impact - -Some amount of the kernel stack is disclosed and written out to the -filesystem. - -IV. Workaround - -No workaround is available but systems not using UFS/FFS are not affected. - -V. Solution - -Special note: This update also adds the -z flag to fsck_ffs to have it scrub -the leaked information in the name padding of existing directories. It only -needs to be run once on each UFS/FFS filesystem after a patched kernel is -installed and running. - -Upgrade your vulnerable system to a supported FreeBSD stable or release / -security branch (releng) dated after the correction date. - -Perform one of the following: - -1) To update your vulnerable system via a binary patch: - -Systems running a RELEASE version of FreeBSD on the i386 or amd64 -platforms can be updated via the freebsd-update(8) utility: - -# freebsd-update fetch -# freebsd-update install - -Afterwards, reboot the system and run: - -# fsck -t ufs -f -p -T ufs:-z - -to clean up your existing filesystems. - -2) To update your vulnerable system via a source code patch: - -The following patches have been verified to apply to the applicable -FreeBSD release branches. - -a) Download the relevant patch from the location below, and verify the -detached PGP signature using your PGP utility. - -[FreeBSD 12.x] -# fetch https://security.FreeBSD.org/patches/SA-19:10/ufs.12.patch -# fetch https://security.FreeBSD.org/patches/SA-19:10/ufs.12.patch.asc -# gpg --verify ufs.12.patch.asc - -[FreeBSD 11.x] -# fetch https://security.FreeBSD.org/patches/SA-19:10/ufs.11.patch -# fetch https://security.FreeBSD.org/patches/SA-19:10/ufs.11.patch.asc -# gpg --verify ufs.11.patch.asc - -b) Apply the patch. Execute the following commands as root: - -# cd /usr/src -# patch < /path/to/patch - -c) Recompile your kernel as described in -<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the -system and run: - -# fsck -t ufs -f -p -T ufs:-z - -to clean up your existing filesystems. - -VI. Correction details - -The following list contains the correction revision numbers for each -affected branch. - -Branch/path Revision -- ------------------------------------------------------------------------- -stable/12/ r347474 -releng/12.0/ r349623 -stable/11/ r347475 -releng/11.2/ r349623 -- ------------------------------------------------------------------------- - -Note: This patch was applied to the stable/11 branch before the branch point -for releng/11.3. As such, no patch is needed for any 11.3-BETA or -RC. - -To see which files were modified by a particular revision, run the -following command, replacing NNNNNN with the revision number, on a -machine with Subversion installed: - -# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base - -Or visit the following URL, replacing NNNNNN with the revision number: - -<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> - -VII. References - -<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5601> - -The latest revision of this advisory is available at -<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:10.ufs.asc> ------BEGIN PGP SIGNATURE----- - -iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl0b9WVfFIAAAAAALgAo -aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD -MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n -5cJgRhAAic+yb4boY5k2TotBe9xBBO2VEGwvcolARpvUg+78ya4RGh1d3FBH5R36 -N6uEvaAclrRsPHnDSeCD3BVmQkWBzD5a7t+z+m5Siye+01mA4XjKycNDl9BXm7sT -t01GP7TPBmaJZ45RPqT4M/iB1Ulud0kdKvi/apwDLbqJrbzcuxyBNs+wiQhbG2Ip -07REBqabnsL8dV2ysPtBlHd1nxyNyyF8EzkDUKYUWDnwPxzlrfrJAt+F7sneRrPf -tL3UsN+qh3JThI39CjFWPllVRv412QCFBDmGXHdbm+mWrxIecX5pUEoLfQQLJ82x -03TOYbZpu4d4CvgeSEXl3VkbHl6F6u/ii8ls/7aUDNnZcHWamraP84aJpLBG2cUa -ExDDL6K0x1LMhlGWxjGr0qp2ObdQ0sKTgQZ/RUmJO4pc4zuPc0yY3jOv4U+kP2G/ -znHEVVRs8/X95OYA0fdvnG0rOdcKGdqKEDxeTvFhyvxM372erT/dMz9flGnptA51 -30eAwyKmzj5Mzpo5y/NARyGLRTfOB2F6++BFrlqbsKCXcyK1R5jtxu1TLaliPvA/ -Aux8D4OQHIXIGk/sVQSJKOO4oH6U7S2aNtYTxaYHAJrtbC9udnyjVau2txlObEZr -pCbd+a02Btid0bBRUSFYugl4XHtakTVvtu93Fa19wASYDnZJIUE= -=uUz9 ------END PGP SIGNATURE----- |