1 files changed, 165 insertions, 0 deletions
diff --git a/website/static/security/advisories/FreeBSD-SA-22:15.ping.asc b/website/static/security/advisories/FreeBSD-SA-22:15.ping.asc
new file mode 100644
index 0000000000..5c4224ec06
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-22:15.ping.asc
@@ -0,0 +1,165 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-22:15.ping                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Stack overflow in ping(8)
+
+Category:       core
+Module:         ping
+Announced:      2022-11-29
+Credits:        NetApp, Inc.
+Affects:        All supported versions of FreeBSD.
+Corrected:      2022-11-29 22:56:33 UTC (stable/13, 13.1-STABLE)
+                2022-11-29 23:00:43 UTC (releng/13.1, 13.1-RELEASE-p5)
+                2022-11-29 22:57:16 UTC (stable/12, 12.4-STABLE)
+                2022-11-29 23:19:09 UTC (releng/12.4, 12.4-RC2-p2)
+                2022-11-29 23:16:17 UTC (releng/12.3, 12.3-RELEASE-p10)
+CVE Name:       CVE-2022-23093
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+0.   Revision History
+
+v1.0  2022-11-29 -- Initial release
+v1.1  2022-12-14 -- Corrected Credits and updated Impact section.
+
+I.   Background
+
+ping(8) is a program that can be used to test reachability of a remote
+host using ICMP messages.  To send and receive ICMP messages, ping makes
+use of raw sockets and therefore requires elevated privileges.  To make
+ping's functionality available to unprivileged users, it is installed
+with the setuid bit set.  When ping runs, it creates the raw socket
+needed to do its work, and then revokes its elevated privileges. 
+
+II.  Problem Description
+
+ping reads raw IP packets from the network to process responses in the
+pr_pack() function.  As part of processing a response ping has to
+reconstruct the IP header, the ICMP header and if present a "quoted
+packet," which represents the packet that generated an ICMP error.  The
+quoted packet again has an IP header and an ICMP header.
+
+The pr_pack() copies received IP and ICMP headers into stack buffers
+for further processing.  In so doing, it fails to take into account the
+possible presence of IP option headers following the IP header in
+either the response or the quoted packet.  When IP options are present,
+pr_pack() overflows the destination buffer by up to 40 bytes.
+
+III. Impact
+
+The memory safety bugs described above can be triggered by a remote
+host, causing the ping program to crash.
+
+The ping process runs in a capability mode sandbox on all affected
+versions of FreeBSD and is thus very constrained in how it can interact
+with the rest of the system at the point where the bug can occur.
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-22:15/ping.patch
+# fetch https://security.FreeBSD.org/patches/SA-22:15/ping.patch.asc
+# gpg --verify ping.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+VI.  Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path                             Hash                     Revision
+- -------------------------------------------------------------------------
+stable/13/                              186f495d4be1    stable/13-n253187
+releng/13.1/                            66c7b53d9516  releng/13.1-n250172
+stable/12/                                                        r372774
+releng/12.4/                                                      r372778
+releng/12.3/                                                      r372775
+- -------------------------------------------------------------------------
+
+For FreeBSD 13 and later:
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+For FreeBSD 12 and earlier:
+
+Run the following command to see which files were modified by a particular
+revision, replacing NNNNNN with the revision number:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23093>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-22:15.ping.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmOatTwACgkQ05eS9J6n
+5cJuig/8DQ3kQmQN8R7W+tFrtYmA/tIQYs+t5Eenx2Qc3XynQOuk7KQTHv0mFWLJ
+zEPy5fB8iwcZnR5ZDL2H5J3vJ2tBdukFMU/nGqIWeJEzIJa0G2/KriZFxz5QnJFQ
+bJ/4IVWNPyW0G4jredOVtjOo1J3FuftNJ/cpcbcYM0/f+7WfmVxAwN7ngtV0DtMT
+G+s883BsVXNNHOShqulGelIa1fAgTjP9N9cZyFwgW8sGmDtqswoUOcpLnSxkPrK9
+N06gNKPePhN47LUr02JVIQe+ERO5ss8bXQrSO1GNWt4tPynWYXfmiqDBmIjAdhIK
+/gEbEnR/roD5qX86hr5sFqPe90hurrXRT0gNo6mrWVKVUTHsTjvr+DBWy8WlEhzM
+e8SmJzK06rD1T9bjRnobzF3dD46VccdMYVdakFeAfwNa2bplmABWcGBAdCrwgOyU
+qs+cv9DdAfyHVmniKZrsZWTC9KBsi+8hSqhsF5uR+J5hAynBt9rsCXig9lQaFojW
+uzOaLsIwtrvjn977S/Smkq9vAMh0k4QuQgwZqZAZZTGpYHqEtDIho7sJfTO+vuPP
+t4N23FnrMyK8sCiwweYI4hNHqPVwRGD/nvRadZYOgSLTLN5rZAi+JhJWXc7J5unE
+ssgWSH/7mcxHbOT7aW6Rs40zCWkMcrgrp33fEBgXWwuStGOQ6jY=
+=ADME
+-----END PGP SIGNATURE-----