diff options
Diffstat (limited to 'website/static/security/advisories/FreeBSD-EN-23:21.tty.asc')
| -rw-r--r-- | website/static/security/advisories/FreeBSD-EN-23:21.tty.asc | 133 |
1 files changed, 133 insertions, 0 deletions
diff --git a/website/static/security/advisories/FreeBSD-EN-23:21.tty.asc b/website/static/security/advisories/FreeBSD-EN-23:21.tty.asc new file mode 100644 index 0000000000..d0475aa4d3 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-23:21.tty.asc @@ -0,0 +1,133 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-23:21.tty Errata Notice + The FreeBSD Project + +Topic: tty(4) IUTF8 causes a kernel panic + +Category: core +Module: tty +Announced: 2023-11-24 +Affects: FreeBSD 14.0 +Corrected: 2023-11-20 16:54:54 UTC (stable/14, 14.0-STABLE) + 2023-12-05 18:27:38 UTC (releng/14.0, 14.0-RELEASE-p2) + 2023-11-20 16:57:49 UTC (stable/13, 13.2-STABLE) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +Note: This issue does not affect 13.2-RELEASE, as the bug was introduced into +the stable/13 branch after the 13.2 release. + +I. Background + +The IUTF8 flag was added to the tty(4) subsystem in order to add proper +backspace handling for UTF-8 characters. Without this flag, tty(4) treats +all characters as single-byte-wide characters and so, in the case of a UTF-8 +character two bytes in size or larger, tty(4) deletes only one byte during a +backspace event, instead of all bytes, which results in the tty buffer +containing garbage. + +II. Problem Description + +The implementation of backspace handling failed to check whether the TTY +buffer was empty, in which case the kernel could panic. + +III. Impact + +An unprivileged user may be able to trigger a kernel panic. + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security branch +(releng) dated after the correction date, and reboot. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +or the i386 platfrom on FreeBSD 13 and earlier, can be updated via +the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-23:21/tty.patch +# fetch https://security.FreeBSD.org/patches/EN-23:21/tty.patch.asc +# gpg --verify tty.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ ae8387cc818a stable/14-n265760 +releng/14.0/ 31f6cfca851f releng/14.0-n265392 +stable/13/ 8647fe60b8c3 stable/13-n256709 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275009> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-23:21.tty.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVvmWcACgkQbljekB8A +Gu+WfxAA4+u5wXTSy1UcpO17JzFuo0JjhQUcOEh3uWRCPdgpokEkv7xnjJQz8W3u +0c1GtigtKLOvJx6gF4ilFQhVbxtFNj5a73ODPqcy0K0x7YPw/5Rbrl+jk7389NXT +A5H7kT7bscF6x9D7YfAkA2/JSgSS3opx6KJhOP8x8DvNuNpl/v2ja1LAcIVjytu6 +YYBz/GaODjX4iOw8dYzQetmbeEOiKZX660Eq5Sm2UySRz/BpJpT3y1Ncl84dWC+H +otBihg1iezD5Ju4TIbGz6/N2oSf6mEQ2jx+ahNPGHj/A4fUeBajZWJZrge4Birii +c45EIcPUzyt8Q4Xjcn4qCKJ3MHGCR65/39oK5DbOXD62t3l/vbLSbHToYjeJWyTN +Fl/hOtVSrF7Om0qhlrNOfS2jXIcTQDBQJ/vgjC+m+FTDtnyiSSAZfYXQz4Ckkqfw +KMPc3N9YI7aoifyTQxj508WN1dma7eRwyupLabwfOij03vmN/4tAI89v6EEefhpM +wTUPTgebQWgHJjjUi7Mo8EXSzWxtPbdt2UX8XtVw3EpjQOqqc0vv+VJxkCAdMdDO +fE8614WWcHppswXi7dlWgKUcMEEdtZ48+QjM1h+fA8DeNk6FSLBJXLUQnll1QPEW +VDj9oKnoXquQyuxWB8MwbiUfrLlAhAXhfC8nG+Ci75sts0E4jQE= +=wp8X +-----END PGP SIGNATURE----- |