diff options
Diffstat (limited to 'website/static/security/advisories')
89 files changed, 13190 insertions, 0 deletions
diff --git a/website/static/security/advisories/FreeBSD-EN-22:07.la57.asc b/website/static/security/advisories/FreeBSD-EN-22:07.la57.asc new file mode 100644 index 0000000000..ff43d06c1d --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-22:07.la57.asc @@ -0,0 +1,130 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-22:07.la57 Errata Notice + The FreeBSD Project + +Topic: Intel CPU LA57 boot failure + +Category: core +Module: kernel +Announced: 2022-02-01 +Affects: FreeBSD 13.0 +Corrected: 2021-05-03 01:27:22 UTC (stable/13, 13.0-STABLE) + 2022-02-01 17:43:46 UTC (releng/13.0, 13.0-RELEASE-p7) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +Recent Intel x86-64 CPUs support 5-level paging, extending the size of the +virtual address space to 57 bits. The extension is enabled by setting a bit +known as LA57 in a control register, and switching to 5-level paging during +boot. + +II. Problem Description + +LA57 support was tested on and is functional within QEMU, but fails on +physical hardware. + +III. Impact + +The kernel fails to boot on Intel CPUs that support LA57. + +IV. Workaround + +LA57 may be disabled by adding the following to /boot/loader.conf: + + vm.pmap.la57=0 + +This may also be set from the loader prompt (i.e., for initial boot or +installation). + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +After update LA57 will be disabled by default. 5-level paging will be fully +supported in a future FreeBSD release. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-22:07/la57.patch +# fetch https://security.FreeBSD.org/patches/EN-22:07/la57.patch.asc +# gpg --verify la57.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile and reinstall your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash in the +following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ df6241fcef9a stable/13-n245478 +releng/13.0/ f151464add6f releng/13.0-n244775 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-22:07.la57.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmH5kzIACgkQ05eS9J6n +5cJP+Q//be4jFodkfCtiwKwMNr+1RvGZtopWq0X6g5CQCTIrPtUKqdie3ceOhjRi +zl3vNInfus6iTo0jSBMiWCpj7cI3AekZvwLuDHKp1GWv5WWQivDe6A6sbrGSgIQ2 +9MG7RYE7t0L0LVnzTSlHCWXCzTqmpzTXEePw7NqgPhg7J3NtwYLBh5C4MqmScA6Y +vbNzWMGIfa9IJqaDcxxEdqqGoTrv/MEWzVZ7TzM4O8DWIm+oK/5E+qiTk1fSyc/Z +uI6hUMMt7xxP8KkZdlqVODwHzVo6v4kigpNTqNK1epv3nFrL3hJ+e3GhWreV6tkI +XA9pjZT2gyLz+Ryn7QyIzrByrpXKDQK/8nKu9eoQdhDdxN6sWS65PPQKPhzQOemk +qFx3V2oK3UMF7Q2BeF8aDxm48RU8weDACcxn2w6X73VyIHvz1H3MpirxPrcwjm1v +RQJKGUZfnnTfg8zsstVASaj2R2i+Qa0Zk70tbCaXrPH7TB6Cadx6sjBjoLViQYQk +99glmvpc37u2ryW4MKlDNLeae9LnW7jyDMfpGlN3tJ4AD6y+2EcVixiTqAEF8t27 +hZgi/3MVUNltCfSUoOol9y/aqaTjxPHTR9HSjrmCnJAWHwmyk33lC4/17kd8Qx0U +bEFufzp/pDwFur7dWJOxVehFHc0/MoOioJHbeN3oNBMQiFdDoRY= +=efkJ +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-22:08.i386.asc b/website/static/security/advisories/FreeBSD-EN-22:08.i386.asc new file mode 100644 index 0000000000..07b68e1759 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-22:08.i386.asc @@ -0,0 +1,125 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-22:08.i386 Errata Notice + The FreeBSD Project + +Topic: Regression in i386 TLB invalidation logic + +Category: core +Module: i386 +Announced: 2022-02-01 +Affects: FreeBSD 12.2 and 12.3 +Corrected: 2022-01-25 10:40:16 UTC (stable/12, 12.3-STABLE) + 2022-02-01 19:13:44 UTC (releng/12.3, 12.3-RELEASE-p2) + 2022-02-01 19:13:24 UTC (releng/12.2, 12.2-RELEASE-p13) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +The FreeBSD/i386 port supports running FreeBSD on 32-bit Intel and AMD CPUs. + +On the i386 platform, the operating system kernel is responsible for +invalidating per-CPU TLBs (translation lookaside buffer) when virtual memory +mappings are updated. + +II. Problem Description + +The patch which was released as EN-22:04.pcid introduced a regression +affecting FreeBSD 12.2 and 12.3. This regression introduced a bug in the i386 +platform's TLB invalidation logic. + +III. Impact + +The regression causes kernel panics under multi-core CPU load. + +IV. Workaround + +No workaround is available. Single-core systems are not affected. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date and reboot. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for an errata update" + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-22:08/i386.patch +# fetch https://security.FreeBSD.org/patches/EN-22:08/i386.patch.asc +# gpg --verify i386.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/12/ r371519 +releng/12.3/ r371536 +releng/12.2/ r371534 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=261338> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-22:08.i386.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmH5kz4ACgkQ05eS9J6n +5cJVsQ/+KFXts6jb5Nrm2qbZm38x6af3zwiN/v39cz5DumOvIC0OFTiaeaWU91Dc +bytpGp6KIuOK6pYGIP4NrZW5L0pow3mwV/nxpZLATR4QTCiBydOgKekjaAiU6rxX +vX/MS2rm6Th6EcBIw1dept1up73qM2FoM8DC+/e9HlCtqyDqfgBLqbMuSymk0fz+ +Lh1Zj9ywS1sY+fn7eeAq7RmlTpuQBnlZEllDhf9paC5JWR4fu23XQeZHUUIuqOkF +bnPE7hDaXdEvU0zY4b57vzTT7MQx7vCRBdCsk086s2dvInbeqTDEYSk5+R/kqsgR +5+xijYPGb9D9J0tMaETGQp0vLkDI4xJpkX8AhZ8JBIjxyKxKI/VY+KOwX6CfUmon +tgUeo8EYkliLBUtq31L7MLMzzCN1mjA05h78uBvDjmm9ATv8IAmKlSNestIzfl4j +Rw3oYpQU/TsQSxUMnReRth781bORmJdDnEDAvjqGKGOT9VkUJ/3chv13EHJX88/R +No1DYB3LM4MaGf1c7paB9ahJOnV8Z5bk5j3nqLhys2asEvGcWvuWW722LO/wcREL +L4GsQmEbUerTeh8Q5RE147ZTYOnGb5eIQi5McPRozdNQBLjJGUOEhWeSBdBbDgch +8cfYw3UdyNst80puq6t/4Wft4uhvkuNYKiaY9MKNYON/YHrhZ78= +=TqoX +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-22:09.freebsd-update.asc b/website/static/security/advisories/FreeBSD-EN-22:09.freebsd-update.asc new file mode 100644 index 0000000000..a85ee4d0cf --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-22:09.freebsd-update.asc @@ -0,0 +1,125 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-22:09.freebsd-update Errata Notice + The FreeBSD Project + +Topic: freebsd-update creating erroneous boot environments + +Category: core +Module: freebsd-update +Announced: 2022-03-15 +Affects: FreeBSD 12.3 +Corrected: 2022-02-15 06:09:41 UTC (stable/12, 12.3-STABLE) + 2022-03-15 18:17:55 UTC (releng/12.3, 12.3-RELEASE-p3) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +By default, freebsd-update(8) is configured to create new ZFS boot environments +on systems that are compatible with bectl(8). + +II. Problem Description + +When updating a jail or another root that isn't the system root using -b, +freebsd-update(8) will create a spurious boot environment despite the updated +root not causing a change in the boot environment. + +III. Impact + +Users that have used freebsd-update(8) with the -b or -j flags may have some +extra boot environments present on the system that did not meaningfully impact +the boot environment. + +IV. Workaround + +No workaround is available. Systems with "CreateBootEnv" set to "no" in their +/etc/freebsd-update.conf are not affected. Systems that do not use ZFS are also +not affected. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. No reboot is required. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 12.3] +# fetch https://security.FreeBSD.org/patches/EN-22:09/freebsd-update.patch +# fetch https://security.FreeBSD.org/patches/EN-22:09/freebsd-update.patch.asc +# gpg --verify freebsd-update.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/12/ r371637 +releng/12.3/ r371743 +- ------------------------------------------------------------------------- + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=261446> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-22:09.freebsd-update.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmIw44sACgkQ05eS9J6n +5cLudhAAmVnJH5dbgVkjuaiGI2fvdoKCZKlMIwvA+kUqgio6MaoiXIygWXgzbLmV +M3BSzEvyrB/pBen/Af3R+3hljjhiOId/3RCKP596fT53bpmWQh4TyAryDX9SmY/+ +mXfARp4MgkAi7bDjKQQMpDlyA5Lp3i/Hqyq6IjIZnk2O1PxhAAer+yoqnjBsDQUl +1SzM+T802NbclKx0nsM6ODFk8IvKmBjK1d6esApihDRzFX4qCXjuP+QMFSKAYEb4 +shZx6pGeDfqMhn8TkIydVhsjO16f7rUSxYoM1i93QZecVfxpWdQhh2OMG91G6ELu +9aQ+CsYPcQoWgkLqsnTuJXVpKQ+PmzIwfD/DHahFvXvkXhL7cXFNgctp/2kb/lPW +mgwPvguUzSJBu3tOs2RyVQTOTSzB+7Cf6hadhuBlzI4p/ZSViSIhI4hsE0Wln2TK +3k+WCCfhEoGZRt6pR1YEjqvjeSin9Rcjd5nSS0vE137pXpjzheXxGQFVtPDtjq28 +mkr4HM6XUafvCs8oqoitpzFRMRwYODEah+z5PXWSpvguhFfehihFBW82e/3YZhLF +2Ub4WkTFXhGx98lH5ofjnWS3kuqy7stG/5fk5gNHayCzPZjH2O6ecSGbBh4IZ9Xw +5vFR0Tfbzo+N/eTiyTq0pj0QK2JTE4cns+xxfEczfLYiGGyFmPE= +=Uh7O +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-22:10.zfs.asc b/website/static/security/advisories/FreeBSD-EN-22:10.zfs.asc new file mode 100644 index 0000000000..83b00d4553 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-22:10.zfs.asc @@ -0,0 +1,134 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-22:10.zfs Errata Notice + The FreeBSD Project + +Topic: ZFS writes fail to update file size + +Category: contrib +Module: zfs +Announced: 2022-03-15 +Affects: FreeBSD 13.0 +Corrected: 2022-02-21 14:59:58 UTC (stable/13, 13.0-STABLE) + 2022-03-15 18:09:52 UTC (releng/13.0, 13.0-RELEASE-p8) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +ZFS is one of several filesystems available on FreeBSD. ZFS supports +many advanced features, including checksumming, transparent compression, +and snapshots. + +FreeBSD's virtual filesystem layer includes a deadlock-avoidance +mechanism to handle situations where a read(2) or write(2) system call +is invoked and the user-supplied buffer lies within a mmap(2)-created +mapping of the target file. Individual filesystems, such as ZFS, must +implement a portion of the deadlock avoidance protocol. + +II. Problem Description + +The implementation of the deadlock avoidance protocol in ZFS's +implementation of write(2) was incorrect and could, in certain +circumstances, cause an appending write to a file to fail to update the +file size despite returning success to the caller. + +III. Impact + +The bug may cause application misbehavior; the precise effects depend +on the nature of the application triggering the bug. + +IV. Workaround + +No workaround is available, but systems not using ZFS are not affected. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date and reboot. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for an errata update" + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-22:10/zfs.patch +# fetch https://security.FreeBSD.org/patches/EN-22:10/zfs.patch.asc +# gpg --verify zfs.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ b55a7f3422d7 stable/13-n249621 +releng/13.0/ 9dc74c5a4b3d releng/13.0-n244783 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260453> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-22:10.zfs.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmIw44sACgkQ05eS9J6n +5cJP2Q//fDLZ876IGCxtcyCc5eNrOgI7V4P/ajQ2Jz3VYvd3NAag4bbfV8OQKTy8 +dn62/bhjmKEDGjLAs2oHrlT+G0gEEYLnxZGzgcHo0UFo9FIEmCV18zEFXGipFMeH +b9pCexvy1a7EH97voS7Mr6V+Bktj3Vcq3B0yIXRxoGxcRvTFTpc5rpYzs8RZWHiu +tzUij2bmtrtXh7oJgmF83roujwNEJele9IY2+AMJ/URtGmxuJ54KN1hNTkeGknMd +WtEarFz7HDoXuy7WDysgwUSdq6s+o+rWm/+knflCFXvYqetjm3Kwl35wBr0hch6f +rb59AIZ1RVN8LsZZT6UNaxsQINEPb4RF9T132nYlMlQPdulEBjWiKI7Y4VSMUSXr +Xtz54FMouRXi/WdgJL7P7CxY3+t+1zWorBvI25jnkEp5mhEhd7DVTgy2Sw0sNI4F +iAYGBmpFyE6pGmJOaz6WLGV96sK9m0/RmmZXwPah5cwBMy4qUFnuPgoT91h8LRIr +5SKLm010lyPxsThcb1NRrqsd4LIUhYb6bZNgOmCd5OcSC03+aUjxEyrmM90Hjtb4 +yhANSTVExJB9bXNnb1rWtdO1inrjb3YAUpd6CpuK3vct/LWw9b0ehuRdJKFDgLtC +dVPQZYc89dcjZNnDWFJ94D2Inoae7oT0o2+nULURXyLABWSDYs0= +=+FRE +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-22:11.zfs.asc b/website/static/security/advisories/FreeBSD-EN-22:11.zfs.asc new file mode 100644 index 0000000000..58c53b1df5 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-22:11.zfs.asc @@ -0,0 +1,141 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-22:11.zfs Errata Notice + The FreeBSD Project + +Topic: ZFS lseek(2) inconsistencies + +Category: contrib +Module: zfs +Announced: 2022-03-15 +Affects: FreeBSD 13.0 +Corrected: 2021-12-19 15:25:26 UTC (stable/13, 13.0-STABLE) + 2022-03-15 18:09:52 UTC (releng/13.0, 13.0-RELEASE-p8) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +0. Revision History + +v1.0 2022-03-15 -- Initial release +v1.1 2022-03-15 -- Updated Correction Details to point to fixed patch that + was missing a prerequisite in the source tree. The standalone patch + linked in this SA is correct, only the git repo needed updating. +v1.2 2022-03-16 -- Corrected dates in revision history + +I. Background + +ZFS is one of several filesystems available on FreeBSD. ZFS supports +many advanced features, including checksumming, transparent compression, +and snapshots. + +File "holes" are used by filesystems to limit the amount of storage +space occupied by a file containing long runs of zero bytes. Rather +than filling disk blocks with zeroes, file metadata can indicate the +extent of such a run and the filesystem hides the distinction from user +applications. + +II. Problem Description + +When a file containing holes is mapped using mmap(2), mapped regions +of the file may be ignored by lseek(2) when SEEK_HOLE or SEEK_DATA are +passed as the "whence" parameter. + +III. Impact + +The bug may cause application misbehavior; the precise effects depend +on the nature of the application triggering the bug. + +IV. Workaround + +No workaround is available, but systems not using ZFS are not affected. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date and reboot. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for an errata update" + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-22:11/zfs.patch +# fetch https://security.FreeBSD.org/patches/EN-22:11/zfs.patch.asc +# gpg --verify zfs.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 3aa1cabca37d stable/13-n248633 +releng/13.0/ 210991b1f28b releng/13.0-n244787 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=256205> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-22:11.zfs.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmIydNQACgkQ05eS9J6n +5cKN/hAAg/J5CyNcxOQ/+N6xme1mJMmNTFyBLLuZ2RG6UuZsTvRZej/S0vBBw8+D +k/kvXAwiC2Q+cUoeylOyOrADhIsnaVrSB8ARcLnCmxjwVH2mlrq6DGeiflyOvrvh +TTmzVzXAu3dOYa8nCNYgv0jB6OYB4Z6bvLzXU4BHNuRbbVS2SaDTvz3cXOtpSCRj +C8cVrQWalAqPZWSST2+MdNvvkxqPdXe0rRnNfA8rqDz2bczRvUrizo6IR5gnXRjz +qQR/uBUBHO38azVCp2sYC0fJzYeDsLMfu20Ua9Qg7ssyoA9TokBY+39jKa8hb7p1 +2PzrxOKCyUlEwQTr4+zSiULXfOXpNb5Ev0DqSy4U+8ZkpwPY0zdSgBiWE+23OtV5 +k5JtkyXgzYIvJaFdW6KmT8qzjOUez4WiV7YSmgzWvyt9Yj053w1sC5AWbOEOKK4n +A4gCtfi4nALoVh0PxNV2CNGfnT8VpaZ+XOcQTq1s3bazJ6EIKiDga4wKEswgrMWs +0/KHbAGBpSundE1PgGsuiDusHMLi82XVYzXQxc0qrDRwhahDJ8GGOBgUFdFAvCcB +2umYwdQ7N+uGSOkmokAKPOfLWy5h0kRL1fixLqvxyOBwzlJ81onPNTzwsqvG/4EX +9S+GW/k0xgbnJt0oTqh1cwZu5wXnajg7Uqq0evqYBQVkuyomDq4= +=br+T +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-22:12.zfs.asc b/website/static/security/advisories/FreeBSD-EN-22:12.zfs.asc new file mode 100644 index 0000000000..dcb85ca049 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-22:12.zfs.asc @@ -0,0 +1,128 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-22:12.zfs Errata Notice + The FreeBSD Project + +Topic: ZFS panic upon concurrent 'zfs list' calls + +Category: contrib +Module: zfs +Announced: 2022-03-15 +Affects: FreeBSD 13.0 +Corrected: 2021-04-04 13:18:45 UTC (stable/13, 13.0-STABLE) + 2022-03-15 18:09:52 UTC (releng/13.0, 13.0-RELEASE-p8) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +ZFS is one of several filesystems available on FreeBSD. ZFS supports +many advanced features, including checksumming, transparent compression, +and snapshots. + +II. Problem Description + +A race condition due to incorrect locking can cause a panic when multiple +invocations of 'zfs list' occur in rapid succession. + +III. Impact + +An unprivileged user can trigger the race condition, resulting in a +panic and denial of service. + +IV. Workaround + +No workaround is available, but systems not using ZFS are not affected. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date and reboot. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for an errata update" + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-22:12/zfs.patch +# fetch https://security.FreeBSD.org/patches/EN-22:12/zfs.patch.asc +# gpg --verify zfs.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ cf2a72643460 stable/13-n245102 +releng/13.0/ 0abaf7f63023 releng/13.0-n244784 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260884> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-22:12.zfs.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmIw44wACgkQ05eS9J6n +5cLz+Q/9FTU5djSE02eqK6IKqWOZDre30OF8KFnBZz9CwnCagyTlxWFvZNscZe30 +a4vm01GyPhKXzWcCgkze5kc8h0E4hGD2zFU0N+oYRGRBQyl3B+DEpKKMZ+SUlYdo +fRAhW4j1btD/zUhK9F5xshtMsbswMyN9wWu8iuK7QDReEgTnQj21Ca4r/Qwn+Y2z +5vMfjeUdBxfMZNomESBTfFtI6FYgpAQmjmdaT0nfJzOjm+uf+Xe5qTzka+XMjj6/ +7mveWg7qv2OsTa9Wj0isbydGooVH65RBdtFacabWfh8MsNVZaFztHsfxGhyDAIwA +A4YhD8fkFdQk7KpB8R1i2TTWJF+zt0tMQwBVMsv41rUDytINmwVF+y18XGLzKggY +rb0YRsIGLjI6V35ESiepUPYqgNLrhQiYG/uGOX5cs+5vwsm1ecbq3gHB7TL3ZiDR +RimxtHfrXM3wMsFacgcKpYZ+lYlF8QS/xcc+p8FrBztPjnRxco7Pxw7ZAm5jJqlk +AbAN0gMCwyeX4kBX99NKYVrYOiTO6XsE/DDuyO/UCTiLnxh1onKUJZiolgpbatz/ +z1hnBvA6BrXtWuRA5+9SM3zNKNjHh6pmsSCrG/3XAQhOXzI7gwhzKIlunccA8yaJ +4ytPNW16OO+mhpewszXvBU/3OG937W3XmFpgNjzkCtVRGBfUUts= +=YnFH +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-22:13.zfs.asc b/website/static/security/advisories/FreeBSD-EN-22:13.zfs.asc new file mode 100644 index 0000000000..8606925591 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-22:13.zfs.asc @@ -0,0 +1,127 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-22:13.zfs Errata Notice + The FreeBSD Project + +Topic: ZFS data loss + +Category: contrib +Module: zfs +Announced: 2022-03-21 +Affects: FreeBSD 13.0-p8 +Corrected: 2022-03-20 14:10:36 UTC (releng/13.0, 13.0-RELEASE-p9) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +ZFS is one of several filesystems available on FreeBSD. ZFS supports +many advanced features, including checksumming, transparent compression, +and snapshots. + +II. Problem Description + +Erratum FreeBSD-EN-22:11.zfs was addressed by a patch which modified a +ZFS kernel function that determines whether the in-memory copy of a +filesystem object is dirty with respect to its representation on stable +storage. The modification contained a bug which could cause the +function to return false negatives. + +III. Impact + +Under heavy load, files written to a ZFS filesystem may not be correctly +saved to disk. + +IV. Workaround + +No workaround is available, but systems not using ZFS are not affected. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date and reboot. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for an errata update" + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-22:13/zfs.patch +# fetch https://security.FreeBSD.org/patches/EN-22:13/zfs.patch.asc +# gpg --verify zfs.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +releng/13.0/ b8ae329db949 releng/13.0-n244788 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat NNNNNNNNNNNN + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNNNNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-22:13.zfs.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmI4zUQACgkQ05eS9J6n +5cJN8w//cVuY7dgMFIFsxLdMUfWQevqhWKHgT3itBo+WCYgpDixBHGvXrduYbFGO +gBB4Q9qlTKnNqVVR3AQvzmc7t2quJcjI+p6Sfq1UlmjyEEYmsSQndYOSUGeR0zli +P8UgjMx9VDXyugZWy/jGDBIXr3tKYXdeTlfSwJ0Dxkf3k0NpOCPvvpZSCAQlrCXd +dwI25I39fGOZKES8rW6TPcN8K2uSvlHu4i2v3MYfPHkRVOwdbMA33YaX/bCvTwHa +h8hg2hnwLNGUWhQZ6cwW/kPBjp7yVuDc0VIqfCyA7DqgUbo6juYm7ZD+EHUaVfAV +32FFrMY/crH6UoZ1LXYK7I/xmyec5o66VewoGYsiY+5bFb0jNC8Pv/fmtzFPOFGW +rHPxsLP/2rFpqwoNnhTX9wohqxHLOoN/DtjcTzznlL+VutOdQqNuU+U9o8wG5tea +e+8tfNbvxSV2qvEZ/gqliSkpICe70jM04/ZkBw+eFdFqRZdV/tIIfEonzutqCi3x +h/9r335b+6gJvpEkyq1VHesuydY5K21aPPnyETEOGKQAGfPMNyB67LNSd29gATHi +CjJDkylMhMMf/qaTBxViMYSEZ3mzkbTkIQE9Oph2M2YMbZoh8VwNfu0mU6kxBBfT +kSeGF1QZjnHeHWeRpd/lsKxFbNfElwVeoQc8e9evYHqNEdeyle8= +=085i +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-22:14.tzdata.asc b/website/static/security/advisories/FreeBSD-EN-22:14.tzdata.asc new file mode 100644 index 0000000000..3bbe74b91f --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-22:14.tzdata.asc @@ -0,0 +1,176 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-22:14.tzdata Errata Notice + The FreeBSD Project + +Topic: Timezone database information update + +Category: contrib +Module: zoneinfo +Announced: 2022-03-22 +Affects: All supported versions of FreeBSD. +Corrected: 2022-03-21 15:26:58 UTC (stable/13, 13.1-STABLE) + 2022-03-22 15:54:06 UTC (releng/13.1, 13.1-BETA2-p1) + 2022-03-22 15:54:07 UTC (releng/13.0, 13.0-RELEASE-p10) + 2022-03-21 15:29:26 UTC (stable/12, 12.3-STABLE) + 2022-03-22 15:56:37 UTC (releng/12.3, 12.3-RELEASE-p4) + 2022-03-22 15:57:12 UTC (releng/12.2, 12.2-RELEASE-p15) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +The IANA Time Zone Database (often called tz or zoneinfo) contains code and +data that represent the history of local time for many representative +locations around the globe. It is updated periodically to reflect changes +made by political bodies to time zone boundaries, UTC offsets, and +daylight-saving rules. + +FreeBSD releases install the IANA Time Zone Database in /usr/share/zoneinfo. +The tzsetup(8) utility allows the user to specify the default local time +zone. Based on the selected time zone, tzsetup(8) copies one of the files +from /usr/share/zoneinfo to /etc/localtime. A time zone may also be selected +for an individual process by setting its TZ environment variable to a desired +time zone name. + +II. Problem Description + +Several changes to future and past timestamps have been recorded in the IANA +Time Zone Database after previous FreeBSD releases were released. This +affects many users in different parts of the world. Because of these +changes, the data in the zoneinfo files need to be updated. If the local +timezone on the running system is affected, tzsetup(8) needs to be run to +update /etc/localtime. + +III. Impact + +An incorrect time will be displayed on a system configured to use one of the +affected time zones if the /usr/share/zoneinfo and /etc/localtime files are +not updated, and all applications on the system that rely on the system time, +such as cron(8) and syslog(8), will be affected. + +IV. Workaround + +The system administrator can install an updated version of the IANA Time Zone +Database from the misc/zoneinfo port and run tzsetup(8). + +Applications that store and display times in Coordinated Universal Time (UTC) +are not affected. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +Please note that some third party software, for instance PHP, Ruby, Java, +Perl and Python, may be using different zoneinfo data sources, in such cases +this software must be updated separately. Software packages that are +installed via binary packages can be upgraded by executing 'pkg upgrade'. + +Following the instructions in this Errata Notice will only update the IANA +Time Zone Database installed in /usr/share/zoneinfo. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +Restart all the affected applications and daemons, or reboot the system. + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-22:14/tzdata-2022a.patch +# fetch https://security.FreeBSD.org/patches/EN-22:14/tzdata-2022a.patch.asc +# gpg --verify tzdata-2022a.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart all the affected applications and daemons, or reboot the system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 5dbd160076c0 stable/13-n250054 +releng/13.1/ b7e7657b02f2 releng/13.1-n250005 +releng/13.0/ 42f2f9f09cf1 releng/13.0-n244790 +stable/12/ r371759 +releng/12.3/ r371763 +releng/12.2/ r371764 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> + +VII. References + +<URL:https://github.com/eggert/tz/blob/2022a/NEWS> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-22:14.tzdata.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmI5+6AACgkQ05eS9J6n +5cIwzhAAg91JwdZdUTzBofSoem2T4JzpdHQOdC+I6J8oH72PgAkyZo17FWVI9u/w +t34euMJE+dPA48V3hO12fSXO9lgvxWJWTZF/tTiAibvdL9LqxLrGmWvZle7Bx+ne +rdEXH+KmiWZhPB6cN9t7ZU35zM5UGbTc332xI7GnyeYS3tAnGnvKNYRwuiw1SBdc +kpcOgpqg5F6jadzycZMwd/ovWY8+gRlj7JXhF+bbmK7GuH504uIzABZAGpoaiw2o +56YqK9qyW42nxc16QlxgSLIzVhl9XHBuQyHXIeLe/BPcIdqLCw73siumnKCo0ccJ +AWCxCUjdb3fPuM5J+CwcmVJO1Qr2H+0KE+ntNqsyZg1iqDZkKcyW366bDIEU7qw8 +Db4N7iaMkyG/uOjQHgpJX6YO8HjX1+2Bw2KRUF8sueYsVNHTsXs+8yp8093CMOY8 +gvYFKACTziNiEkDN9PFmTTC+r7KzHXlFU9DK+C3nP0hZwd7jN1g5n6uJHfBX0gMx +LN3VdKiu/dxukYJF1srSflq24G8sl0XxMCJ0LFgXSzofP45iG9qSJjvWwRAcxQ3k +/FYwzY+sET+KcjeN3+F1PU/jAf6piWxjr+3FFvQWIOgGb3cgmjM/nlu0x/er7F1W +3e1iO8TB1Y6Gf7qYuvdMQmsn5jjCLpOShtYJrwYNLdSVa9K5Vx8= +=Voiz +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-22:15.pf.asc b/website/static/security/advisories/FreeBSD-EN-22:15.pf.asc new file mode 100644 index 0000000000..83c6bf2721 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-22:15.pf.asc @@ -0,0 +1,128 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-22:15.pf Errata Notice + The FreeBSD Project + +Topic: pf(4) tables may fail to load + +Category: core +Module: pf +Announced: 2022-04-06 +Affects: FreeBSD 13.0 +Corrected: 2022-04-06 03:04:11 UTC (releng/13.0, 13.0-RELEASE-p11) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +pf is an Internet Protocol packet filter originally written for OpenBSD. +pf rules may reference address tables when applying policies to large +sets of source or destination addresses. pf rulesets may optionally set +a limit on the number of table entries allocated by the kernel, via the +"set limit" pf.conf(5) syntax. + +II. Problem Description + +pf rulesets that set a limit on the number of table entries and include +one or more address tables may occasionally fail to load. An initial +load of the rules will succeed, but an attempt to re-load can fail. In +this case, the problem persists until the system is rebooted. + +III. Impact + +Administrators may be prevented from modifying or updating pf rule +sets. + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date, and reboot. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for an errata update" + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-22:15/pf.patch +# fetch https://security.FreeBSD.org/patches/EN-22:15/pf.patch.asc +# gpg --verify pf.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +releng/13.0/ 5b789e0c92a7 releng/13.0-n244792 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260406> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-22:15.pf.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmJNDfcACgkQ05eS9J6n +5cLFghAAkmY0crSbL/btcZ0h/Yoj9L6GGpoLzH68TPX2MK+e+fqoUZGiYdTPGnnW +B+Px5/mEJKGb7kNmib2C/RfdwFiRzGIn+VQk/RrOlZxRz/vjSw9Z5yleMuXD0eFA +r02BdZQS/lL5QVRaUr4GR9cPEdrvzl30NZmCc3Ejj3hTIimOIlGptuD681eIiQ7M +3fwJC8TxSuZVdbrmP9U6uXQdiTxS18QbtscuBJhldhaBDI7+ZVL1ELHU10c+vs5U +vp0AFJ8l87z2oonT2EHy4cOrjlW2T1OQknwdXIW/t9/6MZ7snMVubXjwqKxQVX1z +v7tr9NBSf+FGeb/UdMZ39TxrXYm3kSgMfV4RX9JW2hCUNCbnGAJT8X9HRnK7/x1n +zLY1v2GWbx9V+18oW8apYItEPSp7BcR+qCXMcMbyZaZpfOiYBugO92tkvK1JJlga +BurDLFy+Fkv9L2+BQn++IlEOwTH8XQ9BfALlHMCEZSc//t6ALb9IIg3Wnra+4sZe +EmfSFG7kKt0xa7ww0Xljt3XVsr6y8vEO/sHWopdm7Ydku1jh/ZT2VVPyEJiQpCHk +dqDSZLI+MzXKb0uSFib+nfNlArbwtxv+NjzfTj0PHbBLuVVdtdWwcM45Yv/aNrjN +SkYBk8eXEfhb+kUhfe7hnuwmmYfnFZg9JW4r6C//RBOVYB9u2Fs= +=YFs6 +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-22:16.kqueue.asc b/website/static/security/advisories/FreeBSD-EN-22:16.kqueue.asc new file mode 100644 index 0000000000..4e925763bd --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-22:16.kqueue.asc @@ -0,0 +1,127 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-22:16.kqueue Errata Notice + The FreeBSD Project + +Topic: kevent(2) timers fire too often + +Category: core +Module: kqueue +Announced: 2022-08-09 +Affects: FreeBSD 13.1 +Corrected: 2022-06-08 00:42:21 UTC (stable/13, 13.1-STABLE) + 2022-08-09 20:01:21 UTC (releng/13.1, 13.1-RELEASE-p1) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +kevent(2) is a system call which provides a generic method of notifying +the caller when a caller-specified event happens or a condition holds. +One use for kevent(2) is to wait for a specified timeout to elapse. +This is implemented by the EVFILT_TIMER filter type. + +II. Problem Description + +In FreeBSD 13.1, periodic events of type EVFILT_TIMER will return at +only half of the requested frequency, following the first event. + +III. Impact + +The bug may cause misbehaviour in software that makes use of periodic +kevent(2)-based timers. + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date and reboot. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for an errata update" + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-22:16/kqueue.patch +# fetch https://security.FreeBSD.org/patches/EN-22:16/kqueue.patch.asc +# gpg --verify kqueue.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 129112f80d2b stable/13-n251040 +releng/13.1/ c48048ebdbed releng/13.1-n250150 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264131> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-22:16.kqueue.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmLyzyYACgkQ05eS9J6n +5cIBnQ//edGaUR3lij2DjA6b4sxEVMk+Kss9AL8ZOP+QYnClCT0fyKRPPtW4xGn9 +gxlbGpfhCORVgf/V+Hi9FqB1hjdBdnByPOK+p2kKdNDMivQqD75Awlxw3w/YjTTI +xBkErCIhcoo5vGh4xlTI76UYY2r02Lxl1uH5lj7AOwwTCEwkUdCSOoi4226O6mo8 +AKAErHNVtO0m3NmXW8qtfs9LwAaim6rVpyAYFK1HO0xBQIvMMkES91/iytKDkkLV +XImuOwlDnk+ql6uRrqpCaIk3313+X0k3fvaEX3hpgbDPni8qiCeFsI3wOahZjPdq +59bmrV9HKpNoalB74HsYD3SgG4v0lj8MXOPSNpAcZ9YgK77CZ6V+2WoVTNkvHVCY +x5FuBGG2VQy2k7cNZYlyjNZKvPGi+lluJXPmGt0slI9QRXZhYZrjgyRlXfC5AQy8 +P+vNt+bzGrvdrjUZ4UoV/csvvntNHB3lLH8vT/mb+UuE9VqKUWHVXadeXugRUP18 +xE+48oivScLf4FAFwjIJg5nRlvFafuzwjdiO+KWcgbnsLDfITfx0Ok6q68VDuMii +ZjzOzKKGPmBwuWJsu9WF4mL2kmyWzCJmSvpioEwHLw59Gbz7p4J7YXQDiZKgKX4e +j9AAI1M7i82y5n9PEKPa/sA7lvyZVJgqAwsDtVWnPQAhrJ+kvWE= +=dwL5 +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-22:17.cam.asc b/website/static/security/advisories/FreeBSD-EN-22:17.cam.asc new file mode 100644 index 0000000000..dc5392c743 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-22:17.cam.asc @@ -0,0 +1,151 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-22:17.cam Errata Notice + The FreeBSD Project + +Topic: Kernel memory corruption during SCSI error recovery + +Category: core +Module: cam +Announced: 2022-08-09 +Affects: All supported versions of FreeBSD. +Corrected: 2022-05-03 20:32:45 UTC (stable/13, 13.1-STABLE) + 2022-08-09 20:01:20 UTC (releng/13.1, 13.1-RELEASE-p1) + 2022-08-09 20:00:26 UTC (releng/13.0, 13.0-RELEASE-p12) + 2022-05-04 01:04:43 UTC (stable/12, 12.3-STABLE) + 2022-08-09 19:59:40 UTC (releng/12.3, 12.3-RELEASE-p6) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +CAM (Common Access Method) is a FreeBSD kernel subsystem which handles +various aspects of storage device management. Among other +responsibilities, it handles device error recovery and can automatically +retransmit commands to peripheral devices when a transient error is +encountered. + +II. Problem Description + +When a CAM-managed device responds to a command with an error condition, +CAM may automatically retry the command following some error recovery +protocol. For instance, it may send a SCSI START UNIT command to the +device before retrying the failed command. In this case, an in-memory +copy of the original command is preserved for a later retry. However, +a specific portion of the command state was not saved correctly, and +upon a retry this could lead to memory corruption. + +III. Impact + +The bug can cause kernel panics or other system-level misbehaviour. + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date and reboot. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for an errata update" + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-22:17/cam.patch +# fetch https://security.FreeBSD.org/patches/EN-22:17/cam.patch.asc +# gpg --verify cam.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 84849cfd1dc0 stable/13-n250673 +releng/13.1/ db8082886fd8 releng/13.1-n250149 +releng/13.0/ 5430423b6d63 releng/13.0-n244803 +stable/12/ r372069 +releng/12.3/ r372378 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=262894> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-22:17.cam.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmLyz0YACgkQ05eS9J6n +5cIECxAAo+zofqG4H2ZTffIBo3YElCbB8pkXty/ZnW0+3cA+JWcYtpC+5UoKw68q +wBN+fL8174tzkzsrN3ZZcmtd28NtlmNYpUbCQCji90K8CSSRibsa+IdGxRDkiTAL +s/bHpn4Txyi+XiIDFVABWDuUf3rNxVqgmnWorMTnffukUkXxDYGbwTD4J9eaahhH +eEG/iW/O8KL34Asb4Pg/KoY8TAp8U3ojd+/XrLkLHHm1VyAqiW7cYVLcKFFDArT0 +NUdqI/B329Jk4qy/FDqbturLGQyxpkeAnB1ARLaQ/DvNQNxoLLv2MbS2/92JiR/y +pWrIz0brUp/zrtH5qEQxrvutHKch2CfQnansBs4d/atCyYQsrfTt+1QTpcbqdFJv +L0ysPjuHYuFnizjospjaRJfNYQMUK64q5BBJeymNTMpXjYz2SG1K6BlsU001i51o +tCXTfFJ35GjIJqiXL8K7aCiu0L8HFJ8zHIGBJv8gB8q/kNlDCCluks5nBGwktboM +91WhbskyR/5en5drBB1RxXYsYDYcJiwDENLmTHyJK/9v55tRlsu6yMUb3sxwV5+G +YC4z/GYEBfj5u/ttb0ILZX2eBHx/kIae0wW9x2ch6njOiSp1tcujEH74OIw1a4ja +fOfWZsBjB23rIawn3eDLVnLtE9l1ljIsvy2rbVf4xNxxl3x68ZM= +=Ujr3 +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-22:18.wifi.asc b/website/static/security/advisories/FreeBSD-EN-22:18.wifi.asc new file mode 100644 index 0000000000..16c955af6b --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-22:18.wifi.asc @@ -0,0 +1,130 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-22:18.wifi Errata Notice + The FreeBSD Project + +Topic: WiFi patch update + +Category: core +Module: net80211 +Announced: 2022-08-09 +Affects: FreeBSD 13.0 +Corrected: 2022-08-09 20:11:00 UTC (releng/13.0, 13.0-RELEASE-p12) + +Note: The corrected date and patch revision above (p12) are specific to the + 13.0-RELEASE version published via freebsd-update. The revision details + in the table below reference the git repository information, which was + correct at the time of the original WiFi patch. + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +FreeBSD's net80211 kernel subsystem provides infrastructure and drivers +for IEEE 802.11 wireless (Wi-Fi) communications. + +II. Problem Description + +FreeBSD-SA-22:02.wifi included a number of improvements to net80211 data +validation. Some of these changes were not included in the patch provided +for FreeBSD 13.0 and via freebsd-update. The changes were included in the +git repository. + +III. Impact + +The interface affected by the missing change is only available to the +superuser. The superuser may be able to cause kernel crash. + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date, and reboot. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +5min "Installing errata update" + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-22:18/wifi.patch +# fetch https://security.FreeBSD.org/patches/EN-22:18/wifi.patch.asc +# gpg --verify wifi.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +releng/13.0/ 0d1db5c3257e releng/13.0-n244782 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254737> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-22:18.wifi.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmLyz0YACgkQ05eS9J6n +5cIYBA//VQCS16TK3QcOXDznzTi66YqL5GvCklVWzk52la+D0cIazzNKKWLwuJAF +bAB9c+jjff0IU6J80/QNdTEvXBjw4HZ5CsniXEUbWMmQOdFh1c9mgW8q6W8PV+R9 +DYn7ROO/d8s71Kh8FQh9KzguCYsiSHm8gwfwSzi1bxfBp6J2Af2A/q/4KO7/mN/U +Eltgr3AikjqvLm5vo985Fbv2ExH9Xm3rZcc3UggutyNFAtl4X4N/1Pux5msR38sp +FIzveVKtu2kuQ9jqOceABZfaxCCXRwl5i/MibOdfZb3+JIdjDSnuH6fjVmVT3Qys +4LFnokEFNtSn04z6VJHmtryqIuByVWWSyyFFpm65pKtpvxzEP+Wrql208U7k+r7A +gi1vZVcJpZ5eLEdPgmE7T4IjfuonK0DvVkJlWIigmrFn2n4ss1cyQiNJYyujDDQB +sCcC3HZoy8DE4RBzpfEWDjsoqQXzJ81o3TfnNr69alSVAmMRzcQjH8z6syApuq+0 +RmyHMCfgKnbPCtgQj0si8VRDtMfgqJsTqHsTks6NiL6csQUTtgYc37MgErLsUR05 +4XnfxvslAketx9BvWqgF6eIXnGoJsCopzVKOttxdqpyV1AzanZzl0q+wEBp8WND0 +Jpzhtmar9Pxq9wcRNNx8as5b5IyH1zp4/0FqztGsLgHluazYPbk= +=W4Fk +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-22:19.pam_exec.asc b/website/static/security/advisories/FreeBSD-EN-22:19.pam_exec.asc new file mode 100644 index 0000000000..e181940094 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-22:19.pam_exec.asc @@ -0,0 +1,132 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-22:19.pam_exec Errata Notice + The FreeBSD Project + +Topic: NULL pointer dereference in pam_exec(8) + +Category: core +Module: pam +Announced: 2022-08-09 +Affects: FreeBSD 13.0 and later +Corrected: 2022-06-24 09:09:59 UTC (stable/13, 13.1-STABLE) + 2022-08-09 20:01:22 UTC (releng/13.1, 13.1-RELEASE-p1) + 2022-08-09 20:00:25 UTC (releng/13.0, 13.0-RELEASE-p12) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +pam_exec(8) is a pam(3) module for delegating PAM service functions to an +external program. When used for authentication, it can pass the user's +authentication token to the external program. + +II. Problem Description + +When pam_exec(8) is used for authentication with the `expose_authtok' option +and an application calls pam_setcred(3), it attempts to expose an already +stored authentication token. It is incorrectly assumed that there always is +such a token stored, which leads to dereferencing a NULL pointer if this +isn't the case. + +III. Impact + +It is impossible to reliably use pam_exec(8) for authentication with the +`expose_authtok' option, that is necessary to have the external program check +credentials. In most scenarios, authentication will fail because of a crash +caused by the NULL pointer dereference. + +IV. Workaround + +No workaround is available, however systems not using pam_exec(8) for +authentication are not affected. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-22:19/pam_exec.patch +# fetch https://security.FreeBSD.org/patches/EN-22:19/pam_exec.patch.asc +# gpg --verify pam_exec.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ ea80848e1c06 stable/13-n251487 +releng/13.1/ 26db194f3db1 releng/13.1-n250151 +releng/13.0/ 277c0c4d2512 releng/13.0-n244802 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263893> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-22:19.pam_exec.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmLyz0cACgkQ05eS9J6n +5cJs9Q//WY8wGjWIUpmQ2Z/R9aHp7+MsFXiJ+bmwiYeX7bAWDC5uienqML62ir7y +Lqnx6B0Njkn8VmV+6/R6ACCXyNbg+zSXbecOFAkclB3x65CZbOAmgvtUYKCuSdGl +EzGTBOoVPIr3aowpMsnc7MULF5WXxsDfb+mqT1MIo5gmsxIIulHwui0AnPzOhmH2 +gUeuA5CIsZk+QgJetAg28K0fB4pbKquX82sSiDbfMK+MrXOVugSTHDq1w+01LbW/ +YKNSo+kkMw+NmDBD46ibrMDJCVucdwpGISDzhJNALnUudLb8f7cbF/NN1Cd14zxA +P8qY7CHmkSUVtREDGcvJ4TYIXtvCuT5iUaWymDkN1URu6MM0Ixa6JkG8yYBMi802 +Vg7/I2Z0I6F0oeDISmFGvF1Kic50sWL7pnPTpoNudI8RhRJzvNQpE67oF1IIdsEy +Ij8aCRbkhirtlETUFmJw7YOWRVnMs9peahimmHVZ0bVwBG5eWuLb/7mSXtSvnUeD +Af7U0Z82GHtb0vyFvc1zJcQa+nvkQGzEPsBTC8PxYdba1ZK5zJ9JW3cuSmJYW6jW +Jao/8DvRQa0PrQe4ahy2xqa/ImYTr9RMaIT+x8ArRm4glfMZNDtbLjfgh0ebRGn+ +Fhh1DS7URCijOwsK9pM1mX7zaROINyyXpGNhnzd2SJsH9p31VaE= +=JZ5O +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-22:20.tzdata.asc b/website/static/security/advisories/FreeBSD-EN-22:20.tzdata.asc new file mode 100644 index 0000000000..25bc1eabab --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-22:20.tzdata.asc @@ -0,0 +1,175 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-22:20.tzdata Errata Notice + The FreeBSD Project + +Topic: Timezone database information update + +Category: contrib +Module: zoneinfo +Announced: 2022-08-30 +Affects: All supported versions of FreeBSD. +Corrected: 2022-08-17 01:48:01 UTC (stable/13, 13.1-STABLE) + 2022-08-30 23:02:48 UTC (releng/13.1, 13.1-RELEASE-p2) + 2022-08-30 23:01:22 UTC (releng/13.0, 13.0-RELEASE-p13) + 2022-08-17 01:56:52 UTC (stable/12, 12.3-STABLE) + 2022-08-30 23:16:54 UTC (releng/12.3, 12.3-RELEASE-p7) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +The IANA Time Zone Database (often called tz or zoneinfo) contains code and +data that represent the history of local time for many representative +locations around the globe. It is updated periodically to reflect changes +made by political bodies to time zone boundaries, UTC offsets, and +daylight-saving rules. + +FreeBSD releases install the IANA Time Zone Database in /usr/share/zoneinfo. +The tzsetup(8) utility allows the user to specify the default local time +zone. Based on the selected time zone, tzsetup(8) copies one of the files +from /usr/share/zoneinfo to /etc/localtime. A time zone may also be selected +for an individual process by setting its TZ environment variable to a desired +time zone name. + +II. Problem Description + +Several changes to future and past timestamps have been recorded in the IANA +Time Zone Database after previous FreeBSD releases were released. This +affects many users in different parts of the world. Because of these +changes, the data in the zoneinfo files need to be updated. If the local +timezone on the running system is affected, tzsetup(8) needs to be run to +update /etc/localtime. + +III. Impact + +An incorrect time will be displayed on a system configured to use one of the +affected time zones if the /usr/share/zoneinfo and /etc/localtime files are +not updated, and all applications on the system that rely on the system time, +such as cron(8) and syslog(8), will be affected. + +IV. Workaround + +The system administrator can install an updated version of the IANA Time Zone +Database from the misc/zoneinfo port and run tzsetup(8). + +Applications that store and display times in Coordinated Universal Time (UTC) +are not affected. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +Please note that some third party software, for instance PHP, Ruby, Java, +Perl and Python, may be using different zoneinfo data sources, in such cases +this software must be updated separately. Software packages that are +installed via binary packages can be upgraded by executing 'pkg upgrade'. + +Following the instructions in this Errata Notice will only update the IANA +Time Zone Database installed in /usr/share/zoneinfo. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +Restart all the affected applications and daemons, or reboot the system. + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-22:20/tzdata-2022c.patch +# fetch https://security.FreeBSD.org/patches/EN-22:20/tzdata-2022c.patch.asc +# gpg --verify tzdata-2022c.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart all the affected applications and daemons, or reboot the system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ f7cb47731675 stable/13-n252124 +releng/13.1/ e86b610b8744 releng/13.1-n250157 +releng/13.0/ 707cecae4e34 releng/13.0-n244809 +stable/12/ r372409 +releng/12.3/ r372461 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> + +VII. References + +<URL:https://github.com/eggert/tz/blob/2022b/NEWS> +<URL:https://github.com/eggert/tz/blob/2022c/NEWS> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-22:20.tzdata.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmMOoGgACgkQ05eS9J6n +5cKipg/6Axbh9KTIXF/Z/KZtna+2/Fvs4zIvV1PnT/6VJge9JrPShRtKuTOHE7at +8tFFFLplDV3uGF3PxJ0vB66sd5A7VchS8UDJoyrr8Q1kfOGlMge5W3UQbHp4u4II +DCRlvocXIv7SygmfWlrQg5Ia6c2CmIa13BcMcxNv8tu/TShsJZD8AUtu/sF01xZh +RaPQE5Y0dMErQx1FpGrxcxqw5DVNz6utpxeGgz8SU/bMRUs17u9HbktiPdDpJVzh +gw26DfMJS9CflrTBF1RKmCj6934ghz6fbHqnw7IrcnLjaitVsVqgktFjgmUje9OH +JyCvY5ysAYEQD74HxncvgiJ3OjkQ/EYTwdL2lfTZRiWqQjncfFHchZ2ioIslR84e +3NQlJYxosvWa/NIFxclR69I8d9outXRkClAEQo5tgjOPF7Q1F4TzH38IN7YMrwK7 +G9N2qXO6+GQo0E2yVmqQbam9KIRsyy9rf5Yp14Lc0P9GFiD0bMok0/C1zfE+Qi9U +Y0lM7vtNFg7QM2Gi9OOhaCWJscDDf4OfuxaCWhh8Mq3cNrdaCY56t0SzPKmgF7qY +sZPRpI6YXv9+m9c8V+sklPituTMXa2maGzSYJNTOWhDNmf4Ah1YvxbMWhoxI0hsF +nSgCr/LQh0c+dTXthIW1fYv4mt5uXXNg5uMs0mIfncLin3syJ7s= +=DcSW +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-22:21.zfs.asc b/website/static/security/advisories/FreeBSD-EN-22:21.zfs.asc new file mode 100644 index 0000000000..658e035d7b --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-22:21.zfs.asc @@ -0,0 +1,135 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-22:21.zfs Errata Notice + The FreeBSD Project +Topic: ZFS B-Tree use-after-free +Category: contrib +Module: zfs +Announced: 2022-11-01 +Credits: Richard Yao and Coverty Static Analysis +Affects: FreeBSD 13.1 +Corrected: 2022-10-04 15:52:45 UTC (stable/13, 13.1-STABLE) + 2022-11-01 18:03:25 UTC (releng/13.1, 13.1-RELEASE-p3) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +ZFS is one of several filesystems available on FreeBSD. ZFS supports +many advanced features, including checksumming, transparent compression, +and snapshots. + +II. Problem Description + +The B-Tree implementation in ZFS contains a heap use-after-free bug. When +removing entries, the node memory is freed before it is removed from the tree, +and the remove operation itself requires modifying the memory containing the +node. This creates a race window when one thread is removing data from the +B-Tree and another is performing an allocation. In the case the removing +thread loses the race, it will corrupt the B-Tree. + +III. Impact + +The use-after-free can cause system instability or data corruption. + +Systems with debug kernels may sometimes detect this issue after a kernel +memory corruption has happened. When they do, they will trigger a kernel +panic to protect the system from further damage. The following is printed +to dmesg at the time of the panic: + +panic: VERIFY3(zfs_btree_find(tree, value, &where) != NULL) failed... + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date, and then reboot. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r now + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-22:21/zfs.patch +# fetch https://security.FreeBSD.org/patches/EN-22:21/zfs.patch.asc +# gpg --verify zfs.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ f193a24ec570 stable/13-n252634 +releng/13.1/ 8838c650cb59 releng/13.1-n250167 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://github.com/openzfs/zfs/pull/13861> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-22:21.zfs.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmNhlpgACgkQ05eS9J6n +5cJtMQ//aZXPrFWqJxVIn87FtHClwKykAaWWcN+iuT4wTVss0OTbaFc1k+UBPf+9 +wdjmt6Io9xUK4FT5TcMIyzF6I7XaxG/up8572NPUQp+eOa4AI8862QLLF7pi26RT +Fyb+Ywjsw1d30NXcTE4+K5UMUgISFVFkor9d07wWd7sQwU/o4bzHBWFSFSI18l70 +zsjyN3wrLQaSHmBb6kZ7OrycBc52Rw00segXCJGxLEpiViPSC5HY6DJYdWyn0bNM +1xvG3DkYQDBWGNQgWB6ldOM5nmOqY6zSPFTK9byqOwz6CHmfRYqmLpx3czuAO3U6 +PpsTYG7PKpFBviP99jg6XsEYigoMHaHIcBzUSP+DYYO9JlyrzRmbQ6MIkRN+YD59 +1CK0n7+WuQpjBXgFmIEKtM2xJ4sh+aQxdV4SwIEmMTAaNs4PFivNzEgwpj4Txh+q +aUbY6l9O2H8ERvFokF94/ea5ahOhVaTgaipN2O92rvldiy3zTqv5DP3hX4tU1oaG +n0s57pn/uF+aYVMtzk1opNpZdqH8AkKX1Q7Opha/IEvnk48Njgbwtf9HVEeo65Ec +njvc63PZel0cbzk6ZA4BS7BX3UtSHURmFOjiRUV1DI9yUsLXuEbM0LtH3Zpgyzr0 +7U+YHLB4z3LxdK9ZuWo2uSCF/5iVyyjGSdOGuu2ISJis+vp9PCg= +=9c/T +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-22:22.tzdata.asc b/website/static/security/advisories/FreeBSD-EN-22:22.tzdata.asc new file mode 100644 index 0000000000..45991ec800 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-22:22.tzdata.asc @@ -0,0 +1,180 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-22:22.tzdata Errata Notice + The FreeBSD Project + +Topic: Timezone database information update + +Category: contrib +Module: zoneinfo +Announced: 2022-11-01 +Affects: All supported versions of FreeBSD. +Corrected: 2022-11-01 01:06:25 UTC (stable/13, 13.1-STABLE) + 2022-11-01 18:03:24 UTC (releng/13.1, 13.1-RELEASE-p3) + 2022-11-01 01:07:17 UTC (stable/12, 12.4-STABLE) + 2022-11-01 20:35:42 UTC (releng/12.3, 12.3-RELEASE-p8) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +The IANA Time Zone Database (often called tz or zoneinfo) contains code and +data that represent the history of local time for many representative +locations around the globe. It is updated periodically to reflect changes +made by political bodies to time zone boundaries, UTC offsets, and +daylight-saving rules. + +FreeBSD releases install the IANA Time Zone Database in /usr/share/zoneinfo. +The tzsetup(8) utility allows the user to specify the default local time +zone. Based on the selected time zone, tzsetup(8) copies one of the files +from /usr/share/zoneinfo to /etc/localtime. A time zone may also be selected +for an individual process by setting its TZ environment variable to a desired +time zone name. + +II. Problem Description + +Several changes to future and past timestamps have been recorded in the IANA +Time Zone Database after previous FreeBSD releases were released. This +affects many users in different parts of the world. Because of these +changes, the data in the zoneinfo files need to be updated. If the local +timezone on the running system is affected, tzsetup(8) needs to be run to +update /etc/localtime. + +III. Impact + +An incorrect time will be displayed on a system configured to use one of the +affected time zones if the /usr/share/zoneinfo and /etc/localtime files are +not updated, and all applications on the system that rely on the system time, +such as cron(8) and syslog(8), will be affected. + +IV. Workaround + +The system administrator can install an updated version of the IANA Time Zone +Database from the misc/zoneinfo port and run tzsetup(8). + +Applications that store and display times in Coordinated Universal Time (UTC) +are not affected. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +Please note that some third party software, for instance PHP, Ruby, Java, +Perl and Python, may be using different zoneinfo data sources, in such cases +this software must be updated separately. Software packages that are +installed via binary packages can be upgraded by executing 'pkg upgrade'. + +Following the instructions in this Errata Notice will only update the IANA +Time Zone Database installed in /usr/share/zoneinfo. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +Restart all the affected applications and daemons, or reboot the system. + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 13.1] +# fetch https://security.FreeBSD.org/patches/EN-22:22/tzdata-2022f.13.patch +# fetch https://security.FreeBSD.org/patches/EN-22:22/tzdata-2022f.13.patch.asc +# gpg --verify tzdata-2022f.13.patch.asc + +[FreeBSD 12.3] +# fetch https://security.FreeBSD.org/patches/EN-22:22/tzdata-2022f.12.patch +# fetch https://security.FreeBSD.org/patches/EN-22:22/tzdata-2022f.12.patch.asc +# gpg --verify tzdata-2022f.12.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch -E < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart all the affected applications and daemons, or reboot the system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 46d324ec6502 stable/13-n252892 +releng/13.1/ 0bcdf24a7cf3 releng/13.1-n250165 +stable/12/ r372688 +releng/12.3/ r372694 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> + +VII. References + +<URL:https://github.com/eggert/tz/blob/2022d/NEWS> +<URL:https://github.com/eggert/tz/blob/2022e/NEWS> +<URL:https://github.com/eggert/tz/blob/2022f/NEWS> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-22:22.tzdata.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmNhl5cACgkQ05eS9J6n +5cLCHg/5AX0d3XNjxGdEhrn8d9xFEtnV75WJKJ+o+jHUCfYNnTD1EJY3Q9EbIoWT ++52Qgcr8HVTZKxKaMoEaR8iDMNwzYbQ1PZrRlXbE8Iant4ULw4cgctIaxtNtUMSM +wRJatQ1LjXp9VjdLv8BCn1jXoVFstUjonLskQ8tNOUrvF1APGgXZRC/B+kt/gs1L +9b2Qs5vZ4e1ycfFiQyw1+ACpQjFB/s4XaN1BQx5JdFBpK8uhg4/LaxMIKA5Fmixh +xNb+VJ6kCxi0swTzsqKnU67OM5k4Dl+loz82d5X3imB4EZmJ6Pv7e9XX2EfGpQXz +5ABxbEzAqN7GCRmCV86dZYThLJiw+vCJnAyX5hXsFup09UpInN7xzrlJ7BiRZ254 +CBtPmj0d6tedkUahG0/GxgU8zl8L3MU/Mwbvg8wHcejciTrjcj94TZBRUxq88E+8 +DHEMsumzSAmD73CWrpUG6KsdtmA55opKodqeCwSG7zmzibaMKYabPJ/4Yq7kZNnq +58uiMLwk2CYwZfbqEHdbUP96G7BxINY1rMHq72kbZ02PzYkFA2vDFM84EqZq1F9B ++ET3Nkucx0FIVhd/zU5cYKuvC7+REXpIxy0SagVumBMgNiREeRwgVC7mghCuM3Vy +DC40UWQBY4SHzU+LpKiagArRJZVPMMA2zbSyp7BkS546oAaHn1Y= +=TNmt +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-22:23.vm.asc b/website/static/security/advisories/FreeBSD-EN-22:23.vm.asc new file mode 100644 index 0000000000..dfdb6cd733 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-22:23.vm.asc @@ -0,0 +1,130 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-22:23.vm Errata Notice + The FreeBSD Project + +Topic: Memory pages become unreclaimable + +Category: core +Module: vm +Announced: 2022-11-01 +Affects: FreeBSD 13.1 +Corrected: 2022-10-12 13:49:25 UTC (stable/13, 13.1-STABLE) + 2022-11-01 13:28:11 UTC (releng/13.1, 13.1-RELEASE-p3) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +The FreeBSD kernel's VM subsystem manages system memory. Among other +responsibilities, it provides a page allocator and maintains a pool of +free pages. When this pool is depleted, the VM reclaims allocated pages +from a set of page queues. + +II. Problem Description + +In certain workloads, allocated pages are not enqueued as they should +be, causing them to become unreclaimable when free memory is scarce. In +some situations the memory may become available again following restarts +of services (e.g., database servers) which are triggering the bug. + +III. Impact + +System memory could become inaccessible to the page daemon, resulting +in less memory available for caching. In some cases this can result in +out-of-memory process kills. + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date and reboot. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +5min "Installing errata update" + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-22:23/vm.patch +# fetch https://security.FreeBSD.org/patches/EN-22:23/vm.patch.asc +# gpg --verify vm.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 6094749a1a5d stable/13-n252707 +releng/13.1/ 4867d7d34dfd releng/13.1-n250160 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=256507> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-22:23.vm.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmNhlqQACgkQ05eS9J6n +5cKKfg//f+YhLk47E5Bk/KZ07ONQ7xN0W9YZyz1P4iLc85LIaszC8+L8auwM+uR4 +ufvo4ToDzbDq0v+2mHUdgQ7CVylOzAb114z8ZFADHhlBJeft5pdzm+/R3wfqADbm +VL2I6uqjsQiH41umNgZQtyQh15LBWUlvrDd7r5dGVMzU0+VXNTngP58Jn7kqiUPg +jwUQk6l/PPRLRGqX5RJHoz8traCLsd7i+58/FPyaofrtrwl97uxtcbBEcPvcXsrL +yTnTcyPHnR8lqgmNXExcOPxfMBFz0sXgfDIXebnEP+inMx4gF2U3CBJuTCww8NWV +M4R7bj1HjWw8WZV1dZUFB73qx4r51iKanYQsqFVEWl7KnhQL6zG8nCt4iPR0wiKJ +x7qIRGtXCgzZieg0fQnsNjSdjjiIQmLCOq6BTmG1X5tcLF7hAM8D42RFGSbvLhNU +cGP/1Gd1iK72VqBRCSHKhZi79//YA8lI+f3b7ORMB9Q5cmy9l0A0nMO2EpBdc7x/ +0VGSXMaVaegaKGb3vXteVvmqtHAWg2NiBMgUHb3oMEXdbjsymmgkCsTciuiYDLxQ +Y/XdbtMHZi7VpZNS3Qt6wIpAEhSDxYsgf2+7/22Ni09Awn5H2/F3DCeo0dU8hWR1 +gksYdLbwRI+By8hguqALkpC1lP/M8Hc/HBrEiG6OqY+OvZr43OA= +=n7Mz +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-22:24.zfs.asc b/website/static/security/advisories/FreeBSD-EN-22:24.zfs.asc new file mode 100644 index 0000000000..b8a30a101f --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-22:24.zfs.asc @@ -0,0 +1,130 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-22:24.zfs Errata Notice + The FreeBSD Project + +Topic: ZFS snapshot directories not accessible over NFS + +Category: core +Module: zfs +Announced: 2022-11-01 +Affects: FreeBSD 13.1 +Corrected: 2022-10-27 12:00:01 UTC (stable/13, 13.1-STABLE) + 2022-11-01 13:28:11 UTC (releng/13.1, 13.1-RELEASE-p3) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +ZFS is one of several filesystems available on FreeBSD. ZFS supports +many advanced features, including checksumming, transparent compression, +and snapshots. + +Snapshots of a ZFS dataset can be accessed through a hidden directory, +.zfs/snapshots, located in the root of the mounted dataset. + +II. Problem Description + +A kernel regression caused all dataset snapshot directories to become +inaccessible over NFS. Any attempt to access individual snapshots would +return an error message mentioning a stale file handle. + +III. Impact + +Workflows which rely on ZFS snapshots being accessible over NFS are +broken. + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date and reboot. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +5min "Installing errata update" + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-22:24/zfs.patch +# fetch https://security.FreeBSD.org/patches/EN-22:24/zfs.patch.asc +# gpg --verify zfs.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 562c9ac58c76 stable/13-n252848 +releng/13.1/ 7ab877cb3f9d releng/13.1-n250159 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=266236> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-22:24.zfs.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmNhlqQACgkQ05eS9J6n +5cJZcg/+MejjhAq/rpPema1jiqGkD8eTRTw+zmufvqBKwnLdZycwndza2su7xpD+ +30dbVVcY5Suhr5mElt5C6mdU+YCrqLG9o1zAI9QX7hx3PsnqIMBzudgK9TkjtK2n +WiG36PvA+rSIdjE8jw2quv9LMLycRiSevQGWDiD4rGm7JLdet2XH4ioHy1v3rPWe +kB4365zSmPGi4fLalpEFYD6pid2kbS0gUZvhxrEAoy11WFwT+upjdlfD0aJDsoTo +8wvZ1hvoHGYjsmYXLSKmJXO+6J0pTnI5QuohySi0RYUEFtws1IlD+JIxWUdP8ejh +ODPX2mDpP3ySl26HbTzCViJkd3z87F9hV8jaxo57azrD9kYpsWLq/UtsB2Fr2hcA +tYFCvqQ7fftx6Pf5xLOQvQTqwlFpx6M+EoWUV8RKa11jdMv6ndbMuZoY0j99iuYD +qEqi4T08b10SeI7aueOJZGuEYAab5ZcULgA1OOmmetIyAZccGcbvDqUajNabS+QC +QKgHNi94ZVJbEyFTQ9cnZBFn1/Bet9pC9Yj/5qtVsN9a5cKD0t1TEeXWZtZ+Qkm8 +V73qmq3qty2QfPqw7spVykIUzHlOyongMGNQx0sPHDDy5UucFtv6Itj6o/nlhuo1 +veecgamjvnPzROzCTe/UVbp7tliv6fpTHDc/T+ewQwF03xJoA1Q= +=8q+F +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-22:25.tcp.asc b/website/static/security/advisories/FreeBSD-EN-22:25.tcp.asc new file mode 100644 index 0000000000..34870f06c0 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-22:25.tcp.asc @@ -0,0 +1,140 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-22:25.tcp Errata Notice + The FreeBSD Project + +Topic: Possible data corruption with TCP SACK retransmissions + +Category: core +Module: tcp +Announced: 2022-08-28 +Credits: Richard Scheffenegger +Affects: FreeBSD 13.1 +Corrected: 2022-09-14 01:28:03 UTC (stable/13, 13.1-STABLE) + 2022-11-01 13:28:11 UTC (releng/13.1, 13.1-RELEASE-p3) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +TCP supports an enhancement that allows faster recovery and retransmission of +data when loss is discovered called Selected Acknowledgements (SACK). + +SACK allows a TCP sender to communicate more information about which segments +are lost. During a SACK episode a TCP sender will reduce its rate to avoid +causing congestion on the network. + +II. Problem Description + +A change made to make TCP more resilient and effective when handling loss +recovery by SACK, could lead to connection interruption when incoming ACKs +suddenly no longer contain SACK blocks. + +III. Impact + +This can lead to correct data being placed at the wrong offset in the +stream in a non-deterministic manner. This can result in termination of +the TCP connection by the application or in the worst case silent data +corruption. + +IV. Workaround + +Disable SACK globally by setting the net.inet.tcp.sack.enable sysctl to 0: + + # sysctl net.inet.tcp.sack.enable=0 + +Note that this will only affect new connections. Thus, either persist the +setting in /etc/sysctl.conf and reboot, or ensure that any critical connections +are restarted after modifying the sysctl setting. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +A reboot is required for these changes to be applied. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +A reboot is required for these changes to be applied. + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-22:25/tcp.patch +# fetch https://security.FreeBSD.org/patches/EN-22:25/tcp.patch.asc +# gpg --verify tcp.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 2b8ee332b938 stable/13-n252399 +releng/13.1/ dd35207e2025 releng/13.1-n250162 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-22:25.tcp.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmNhmIQACgkQ05eS9J6n +5cLiKA/+NSB8VRq7tjXC0+MFQAPEL9YUtQYyRfn8u3YywHli/6RTeTQPKfd6BnvK +T1clrnVFgp97QG948WAQ7ehct1GRAlrOagVHP0DnQqqQnTmoIVO0vyMVlQ1ONcAY +GO3VxZfEUJhbtcSLIdT03RG3Y+lK7R4Bs6mplkBUpVGOtrhtdmNBULgC8N1HiwHg +wJJpr/9/EMPqGXVtm1MzvgeKH4SIfNsDoiS4W90g1CepsPWylY+vsVjPhXR74gxz +peNHKFQM7SpTm1hc9YqwjyU5qFExq/O+je273sykyld6ZcJCpKe50+dE8D+gHpu6 +6CwiLb+uDQcF3RN9ofunRDvpYdtl1muT2/zQQ6yJ6DWJzvWpav+PTA4gEeDj8b+b +eu8wR7IoSPAHxqnGrvmB1EVn1tvFLF/mtcsrE1fdGviNf5LI/P5OYgZ6pkHaEJoN +NNnhPWZlteFsXYvD+Rz6rlhM86wE2/5Zj88oR36K6xUtbUimmES4NOU82q9MFMPU +nzOqflNf194o71ZbjdJK1gIemijRP90helrhGNHMBVdRM6UD/MywL349jIDzwp7Y +V3Jlpd+yU6K5Yuw5+nG7Z6oEJTwQI7vKNkEg6xnjpaaH47NaijGZDFb3SXvvCW4e +f/x3Y7sMPIRJIaKxKIbcRodeGChkkMZDEQ69OyuxBeP6Xo6OKOg= +=GANq +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-22:26.cam.asc b/website/static/security/advisories/FreeBSD-EN-22:26.cam.asc new file mode 100644 index 0000000000..00c02d7e79 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-22:26.cam.asc @@ -0,0 +1,128 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-22:26.cam Errata Notice + The FreeBSD Project + +Topic: CAM ioctl(2) compatibility breakage + +Category: core +Module: cam +Announced: 2022-11-01 +Affects: FreeBSD 13.1 +Corrected: 2022-10-13 00:44:16 UTC (stable/13, 13.1-STABLE) + 2022-11-01 13:28:11 UTC (releng/13.1, 13.1-RELEASE-p3) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +CAM (Common Access Method) is a FreeBSD kernel subsystem which handles +various aspects of storage management. Various CAM components expose +an ioctl(2) interface to userspace. + +II. Problem Description + +A backwards-incompatible change to the CAM ioctl interface was made. +Partial compatibility support for the old version of the interface was +provided, but it was incomplete. In particular, CAM periph drivers +did not handle the old version of the CAMGETPASSTHRU ioctl. + +III. Impact + +Software applications which make use of the CAM ioctl(2) interface +may fail to work following an upgrade to FreeBSD 13.1. + +IV. Workaround + +Affected applications can be recompiled on FreeBSD 13.1. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date and reboot. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +5min "Installing errata update" + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-22:26/cam.patch +# fetch https://security.FreeBSD.org/patches/EN-22:26/cam.patch.asc +# gpg --verify cam.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 16d4c1de7b40 stable/13-n252721 +releng/13.1/ fff5c5fe911e releng/13.1-n250161 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264709> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-22:26.cam.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmNhmLEACgkQ05eS9J6n +5cJRzQ//XtqKLesa2RAQiFgGcWeBjbmSqz+0zriFkfZxHyp4VgORXVwOrqUJrO6M +SX4TnZ5a+ElbZd1yulSB7JgHSV7ZWh/ltSTUIIGAg+514YtfwhrzJ8ID3Kt01lA2 +KGJMaKZOlyLihbaeIyJm1IvgjFi24QxDRLA479PhtZjjMlrVhm49PLum2TDR7qwr +j44pisNGqhxgA6C6YZW4XaNDJ4kISOFjYPmlKLC6qi7i8vsPXJNzgrZq6zJscomh +fvk7Th3/1p65+KNSK26aJbmxqvgJDRJHyCXseAYylxyISvuoVmvWrgDFYmwCgfy0 +/VNsnxDRPvx+tpGvLyWBGcb5slUg/+j8JxK1pgV5xRUQ30CGP42jQWGMmIna3Lud +pv6Q1jhvcZWKC7kuZIdyzj/UgeQPwGw8qLax4DSSvysMU7YDkBwE3l4909eZElkG +okitdWuWeHnz//CC6dtJE2mGmgoIFUr/uKro2TMV5a6/97A/1CFULydc8dd4objV +YHaXEda1scMzq8GevfDFhji2gqg7tZ4eB7M0VVSgMBjcHkbIldpgtm1wKRNDBXPP +rbvi0aKr1GcrBp19Jeuaz6rxGEzvsxEhBC5lW8hIBiYQEaMK6OJrzkJEiUGQCHPl +JrynKvzC6dHnFKFhVfZaG1SZ2wS7hXnV0Y1LnNjPwK9zrJJJcgc= +=KqXj +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-22:27.loader.asc b/website/static/security/advisories/FreeBSD-EN-22:27.loader.asc new file mode 100644 index 0000000000..bfbb585e38 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-22:27.loader.asc @@ -0,0 +1,127 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-22:27.loader Errata Notice + The FreeBSD Project + +Topic: UEFI loader failing to boot older amd64 kernels + +Category: core +Module: loader +Announced: 2022-11-01 +Affects: FreeBSD 13.1 +Corrected: 2022-10-14 03:06:13 UTC (stable/13, 13.1-STABLE) + 2022-11-01 18:03:25 UTC (releng/13.1, 13.1-RELEASE-p3) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +The UEFI loader is the first stage of the FreeBSD boot process on UEFI systems. +Loader is responsible for loading the boot configuration, kernel and modules, +and handing control off to the kernel. + +II. Problem Description + +As of FreeBSD 13.1, the UEFI loader on amd64 systems will detect if the kernel +it loaded is capable of being relocated to a different physical address than the +historical load address. This detection relied on an ELF symbol lookup that was +not correctly filtering symbols based on their type, which caused a false +positive result for older amd64 kernels. + +III. Impact + +The UEFI loader would relocate the kernel to a different physical address than +expected, and the resulting kernel would fail to boot. + +IV. Workaround + +This problem can be worked around by entering the loader prompt and issuing the +command: `copy_staging enable`. Non-amd64 systems are not affected. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. The UEFI system partition will +need to be updated with the new loader.efi. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-22:27/loader.patch +# fetch https://security.FreeBSD.org/patches/EN-22:27/loader.patch.asc +# gpg --verify loader.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 2b31059ea701 stable/13-n252746 +releng/13.1/ 1ee7e4ba70e1 releng/13.1-n250166 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-22:27.loader.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmNhmMsACgkQ05eS9J6n +5cIuFQ/+LdOLKHA1cCH70lEAIwbDjP3S+WPRcv/jdXl8h8447ZzKMcavy8/sTPRF +k91YVngHozGASdFfF4RrYf0kx1/hNhNMOaBQbZKdsEniKAOroiT+gjLCid5ZDoMJ +AQ8P3FohL+53Au8u96F4Shoq8y6zNx61twbZU4dh2rQh3pXjqcEa9fs21dcopmwQ +ssozddGqZeFhqYzvq47ZnBeny/M2vHtxkckbNZd616zCKTUuOGsdNb0kDqcxybZj +tQYQ9dZGbb96LFf2U/3lyhkrk9HK3zl/vdtbJYPvmN/6paCQYzjAxNgbYHJy3ABY +52+BbIeVqjHUffve+Jj0F3RWUGYmXeQ3nNPHCVQR801y0p39bH0nQAN03asHPzMb +wzIzDHXNMcs2qps3ZEBRarOgUOTVzaa90oZXQibp5xqqHyprf4LLOtjXFHSBui7f +AaK7NtEdlM8SbQ2+rSYPj4BTkn2b7wSBUcMA5dJMyqXmFUWx/K8OSnUwz+3ZCCPX +gx6zJxkfCmU9/DI/fN3w6SZvBDATleH6KJEsp8lCIw73ODhpYZgLNdMp8QqPRBoz +mT/j5zYDmONswHlgJ1Er9hivTGsW3H/vftn5Ct2kJgOkViFspUaVTcLgxhc5xKAC +PE2/JaHgfndyi8MdJY0WIylnVzquid+RkOPYaSAMaGA37Ios/XI= +=yeiP +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-22:28.heimdal.asc b/website/static/security/advisories/FreeBSD-EN-22:28.heimdal.asc new file mode 100644 index 0000000000..e8fef4cc8a --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-22:28.heimdal.asc @@ -0,0 +1,158 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-22:28.heimdal Errata Notice + The FreeBSD Project + +Topic: Regression in Heimdal KDC + +Category: contrib +Module: heimdal +Announced: 2022-11-29 +Affects: All supported versions of FreeBSD. +Corrected: 2022-11-18 01:09:42 UTC (stable/13, 13.1-STABLE) + 2022-11-29 23:04:48 UTC (releng/13.1, 13.1-RELEASE-p5) + 2022-11-18 01:10:53 UTC (stable/12, 12.4-STABLE) + 2022-11-29 23:19:12 UTC (releng/12.4, 12.4-RC2-p2) + 2022-11-29 23:16:21 UTC (releng/12.3, 12.3-RELEASE-p10) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +Heimdal implements the Kerberos 5 network authentication protocols. + +A Key Distribution Center (KDC) is trusted by all principals registered +in that administrative "realm" to store a secret key in confidence, of +which, the proof of knowledge is used to verify the authenticity of a +principal. + +FreeBSD-SA-22:14.heimdal corrected multiple vulnerabilities in the Heimdal +implementation of the Kerberos 5 network authentication protocols and KDC +included as part of the FreeBSD base system. + +II. Problem Description + +The patch released with FreeBSD-SA-22:14.heimdal included an inadvertently +merged block of code which prevents the KDC from issuing valid tickets. + +III. Impact + +A system patched with FreeBSD-SA-22:14.heimdal will have a defective KDC. + +IV. Workaround + +No workaround is available. Systems that were not updated with the patch from +FreeBSD-SA-22:14.heimdal are not affected. Note that unpatched systems are +vulnerable to multiple security issues. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +A reboot is recommended. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +A reboot is recommended. + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-22:28/heimdal.patch +# fetch https://security.FreeBSD.org/patches/EN-22:28/heimdal.patch.asc +# gpg --verify heimdal.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart all daemons that use Kerberos, or reboot the system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ b23fe6badeba stable/13-n253102 +releng/13.1/ 10571c04c9dd releng/13.1-n250173 +stable/12/ r372759 +releng/12.4/ r372779 +releng/12.3/ r372776 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> + +VII. References + +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-22:14.heimdal.asc> +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=267827> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-22:28.heimdal.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmOGlvgACgkQ05eS9J6n +5cISog/8DVRGrMXWSdmaqa5KpO3SZ1o5mmhZDWYKRxDQZv0puJ6lTus44VtixzM6 +ft1zRe2yQy3YoTtcxho2jY8zppcdg5r4rIR4rXsxIAjufxd53hxmWYXjN6zObxTB +Owebw+xvJSG5ls020iRECI+YjE32ssXLBI7XkqOVnErF/UmxkTQM86VPHene3WwU +EhwwM1i7ZUdl/11tGPft975u5waKUFxeRF4jpFLu/pbDqHBoFgY4AT2ivs+6jwaO +o4X0gBDKDh/xXU7yFSdPfF09PRgSCosPMr8UNWXBlS6WYEmGPiRlS3NDB8EMFDw/ +AElMEqlT55DzdFi4qD91x+FPeIQ+NbJCNjFuZDXv4lZtAvGF/ue4wfxH/ZNcAo06 +SH1tJolwu0l6Q7e/6a+cU7RsonVhv7K2j5DKddoNSZcla/kg9z1IkYGgt0OrtOWn +eMhuiLNsBZwebWsYWT/MG5nHaL79jWKPy69c+b8yXcpdrpfC4DNVmnTiiHzpus46 +9K4X5aOgCMW6C19hIWvH74s6sWo8ZoEz4BaslJZ7AeHSv6HPGfUZBygtYm739a/J +U8WN+rRIzsaxHQXts6LF8xroJtUvxQ76TZgK58k/Pma+Xa0vdYLcyqd/XEaFm1CW +7rLqVzTsHTlOz7JaMLnNm1aY6KKyERnJ94ii+LOjeldCAVWMNE0= +=aUbR +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-23:01.tzdata.asc b/website/static/security/advisories/FreeBSD-EN-23:01.tzdata.asc new file mode 100644 index 0000000000..584cb095f6 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-23:01.tzdata.asc @@ -0,0 +1,174 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-23:01.tzdata Errata Notice + The FreeBSD Project + +Topic: Timezone database information update + +Category: contrib +Module: zoneinfo +Announced: 2022-02-08 +Affects: All supported versions of FreeBSD. +Corrected: 2022-12-01 01:36:29 UTC (stable/13, 13.1-STABLE) + 2023-02-08 16:08:28 UTC (releng/13.1, 13.1-RELEASE-p6) + 2022-12-01 01:40:23 UTC (stable/12, 12.4-STABLE) + 2023-02-08 18:30:20 UTC (releng/12.4, 12.4-RELEASE-p1) + 2023-02-08 18:28:25 UTC (releng/12.3, 12.3-RELEASE-p11) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +The IANA Time Zone Database (often called tz or zoneinfo) contains code and +data that represent the history of local time for many representative +locations around the globe. It is updated periodically to reflect changes +made by political bodies to time zone boundaries, UTC offsets, and +daylight-saving rules. + +FreeBSD releases install the IANA Time Zone Database in /usr/share/zoneinfo. +The tzsetup(8) utility allows the user to specify the default local time +zone. Based on the selected time zone, tzsetup(8) copies one of the files +from /usr/share/zoneinfo to /etc/localtime. A time zone may also be selected +for an individual process by setting its TZ environment variable to a desired +time zone name. + +II. Problem Description + +Several changes to future and past timestamps have been recorded in the IANA +Time Zone Database after previous FreeBSD releases were released. This +affects many users in different parts of the world. Because of these +changes, the data in the zoneinfo files need to be updated. If the local +timezone on the running system is affected, tzsetup(8) needs to be run to +update /etc/localtime. + +III. Impact + +An incorrect time will be displayed on a system configured to use one of the +affected time zones if the /usr/share/zoneinfo and /etc/localtime files are +not updated, and all applications on the system that rely on the system time, +such as cron(8) and syslog(8), will be affected. + +IV. Workaround + +The system administrator can install an updated version of the IANA Time Zone +Database from the misc/zoneinfo port and run tzsetup(8). + +Applications that store and display times in Coordinated Universal Time (UTC) +are not affected. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +Please note that some third party software, for instance PHP, Ruby, Java, +Perl and Python, may be using different zoneinfo data sources, in such cases +this software must be updated separately. Software packages that are +installed via binary packages can be upgraded by executing 'pkg upgrade'. + +Following the instructions in this Errata Notice will only update the IANA +Time Zone Database installed in /usr/share/zoneinfo. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +Restart all the affected applications and daemons, or reboot the system. + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-23:01/tzdata-2022g.patch +# fetch https://security.FreeBSD.org/patches/EN-23:01/tzdata-2022g.patch.asc +# gpg --verify tzdata-2022g.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch -E < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart all the affected applications and daemons, or reboot the system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ e851e0aabdff stable/13-n253192 +releng/13.1/ 9e3b86743c4b releng/13.1-n250175 +stable/12/ r372783 +releng/12.4/ r372915 +releng/12.3/ r372911 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> + +VII. References + +<URL:https://github.com/eggert/tz/blob/2022g/NEWS> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-23:01.tzdata.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmPj7/8ACgkQbljekB8A +Gu/xNg/9EgSCULshR9xN3vYa4sTdsMVLpz24zuRMxPqYAAFckJ2GDOwDuvIA78r+ +U8u/efb0pE3xJvbAH0vFMUqt7mxsJeO4TVurEpAMrsuQRfjru0FLzNlXhJUnTDF9 +mSveNDs1QeihpaOfG8b8v8onk1Nr6SMuVO37s5FdFNrGxc+WHpmXJiQqHy71r0AG +4CtdgZ+TxjRmvKeU2ue/+xjDVhhTUEFoOjwaeq54dgVP9u3aFENFejcOjPZYVWJt +aNaMAiWvarER1HIhqKppVbui/U7J73lWC0ocBwCAA/NDhC5C0IEw3tPx5KLOmw5c +M4TX4bliFNLWnokPEdTd9OLU0OJzDhPn00awm9NH0c6F3y/dznHoYtKXVirj7GpW +FbKxsrsJf8xFxAHyFApLan7i7I1Y3R+mnRimYMUonfv08tVcCMlSu9QMXNmC+0+r +phCU6mwtrv/RwoRk0QGYyg9z4sfX+eKX2zhHiEigvbD6IHnIpcIRgu6yuZL/eETg +AwG2WUX3WSvi6C6hcQKPYw0mhxp4WnIFz6FmFYWBESDTSDjWRhmHCLU2VV7JvuPn +zRpY1dYJSbulAvWEXbKTh5oALuYfVSeL9qnbL2cmcxFCHJcyMm/yB9VOG9nMBFQD +drCXwK/KGV1jvD0OxHaemLs7hxTJwOaI4RKl9OWIS6J195YdPIc= +=z60r +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-23:02.sdhci.asc b/website/static/security/advisories/FreeBSD-EN-23:02.sdhci.asc new file mode 100644 index 0000000000..ecbdd003ef --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-23:02.sdhci.asc @@ -0,0 +1,126 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-23:02.sdhci Errata Notice + The FreeBSD Project + +Topic: sdhci(4) broken write-protect settings + +Category: core +Module: sdhci +Announced: 2023-02-08 +Affects: FreeBSD 13.1 +Corrected: 2022-03-29 22:24:27 UTC (stable/13, 13.1-STABLE) + 2023-02-08 16:16:32023-02-08 16:16:31.1-RELEASE-p6) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +The sdhci(4) driver supports PCI devices with class 8 and subclass 5 +according to the SD Host Controller Specification. One of the devices +supported is the Marvell Xenon SDHCI controller. + +II. Problem Description + +The write-protect flag on Marvell Xenon SDHCI controllers was incorrectly +handled, resulting in devices being erroneously marked as read-only. + +III. Impact + +On affected systems, SD cards cannot be written to; where an SD card is used +as the root device, this may result in the system failing to boot. + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +5min "Installing errata update" + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-23:02/sdhci.patch +# fetch https://security.FreeBSD.org/patches/EN-23:02/sdhci.patch.asc +# gpg --verify sdhci.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 693af80b7435 stable/13-n250156 +releng/13.1/ 4b31a7861af0 releng/13.1-n250176 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263928> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-23:02.sdhci.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmPj8BMACgkQbljekB8A +Gu9itxAAupVjrBaZYIMnSf9NWwMzG3fUStINrAO8ys8VHOsFxl72C0BcPBKffQw4 +cKgvpcMSK/MO3i+a8Xk8gbGlUcdLdvcL3F+MZI4RM6V8lkp22iz558tzh3c3H7z3 +/uJNC9r9PvUUi9jDgPYfhXKub72Gr0Uae8K27tNoSaeTvZelXNJYHGKs/aB/LVdE +V6f+k7gyIdPjcScHVFG20+Wp5GrongMknZm26Mch+tGMtT2lqPT/5xj/KHHADj53 +pFkxrDWTagpae2Ibr2nsBJUKQ5X6adPQdUEK7TLucQvqsDe/y+WQnzf0YJDUc0ZA +VNg+FcIU1cEuAo4R5yLBrcan436cVGWE4VpjdruxnHOCvCyYaOARk9GK+ZyuIiWw +KtN21MthBljIURJMjaMpKRmb7Dv0IqXHojVps6x6dELIAIo98IEMM14feDHzC1l0 +E7gb2LYOOB+MV71GMWcC2URgcMXDhP3Ew46UGuYJT/G+K6Y/XpmproVR8Mw2SELB +0aTk5qmE+T3j05tThaOt4SkCs/cFkFKqbx8Ix9/ohOzA32293KsPfbKdOYcbOLE9 +aC8/mMmRSF5SJ8spOFApd8PFaHlR6G+KDVuQ3NVfX6ezHzECYVnO2B/SWbVSWBll +Bl0oGrbmhWhrTvBG5hsox/+0NzAqF1U8cSR+IYE33WygQ/o8E3s= +=7hux +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-23:03.ena.asc b/website/static/security/advisories/FreeBSD-EN-23:03.ena.asc new file mode 100644 index 0000000000..0f7811c42b --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-23:03.ena.asc @@ -0,0 +1,133 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +=============================================================================
+FreeBSD-EN-23:03.ena Errata Notice
+ The FreeBSD Project
+
+Topic: ena driver crash after reset in 7th gen AWS instance types
+
+Category: core
+Module: ena
+Announced: 2023-02-08
+Affects: FreeBSD 13.1
+Corrected: 2022-07-26 19:30:17 UTC (stable/13, 13.2-STABLE)
+ 2023-02-08 16:18:27 UTC (releng/13.1, 13.1-RELEASE-p6)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+The ena(4) driver is used to access the Elastic Network Adapter network
+interface on recent Amazon Elastic Compute Cloud (EC2) instances. It is
+designed to make full use of the EC2 cloud architecture for optimal network
+performance.
+
+Since the 4th generation of AWS instances, there are 2 modes of operation for
+the ENA device: Normal and Low Latency Queues (LLQ). In order to leverage
+EC2's optimal network capabilities on 7th generation instance-types, LLQ is
+the default mode of operation. Users who disable LLQ will experience
+sub-optimal performance and hence this is not recommended.
+
+II. Problem Description
+
+The ENA driver does not properly initialize LLQ when recovering from a device
+reset. The improperly initialized LLQ leads to a performance degradation on
+6th gen instance types and to a kernel panic on 7th gen instance types.
+
+III. Impact
+
+Users with FreeBSD 13.1 using 6th generation AWS instances will suffer from
+performance degredation, and with 7th generation AWS instances will
+experience kernel panic after a device reset.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date and reboot.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+arm64 (on FreeBSD 13 and later) platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for erratum update"
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-23:03/ena.patch
+# fetch https://security.FreeBSD.org/patches/EN-23:03/ena.patch.asc
+# gpg --verify ena.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/13/ e8253e47e1dc stable/13-n251949
+releng/13.1/ b508850e150e releng/13.1-n250177
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-23:03.ena.asc>
+-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmPj8BUACgkQbljekB8A +Gu+zDxAAsM4Fn6a5F0ocswNvMT8RBVxJ2YrOK9WIZdlBH9rV0ZHTOQDpTlo1Mizk +7R+vfAps18dnnjSf2F+IGKR6u/+kR3YJAw4fzIJyRgLBC/qkjsLS+3d7yEPxbIrL +wCB1vfMlJlS333gV0hMTq8CELwYVbqi6Rqb1D2h+L+qDjqhbLStVOHTo1gztAk1U +bVaApXZglaNL8VdFanHYRZg+SmM+saGwOPOCO1O4oEttfwfFfDBqkkfHVtbcaVDA +9h9qSBpV2iLueDcRzfg7Q9/9DzPE7n88pz8aCzyoaXxhXGUcgzhAfJeSpeblRL12 +dq848iI/zn8jTxO+2pqGooBw5HQHwRgw0v1rjDkj9YCKSg9D5BH3Cj60RKV8D6BC +e7eQlOXfO6ubWcKHethxNj/zU3XpQN7CD2rfNtKkMYq6PVBWYIPTLlrIhRVPHmVs +/EKBD2RsHdQHID7rA67V9G0/NQjfFaq5pDzaNbP7NdkhMpgzvW2boixAnyqRtTVK +Jkxqq3MVdOIktOvRTnXHCkyxSXy67R8qmHCKwvW5omVDv7ro8oS+Vq0PvS4NN7LR +Q0r0E/iwM4hCRSWwuKF5brC7wIeeWPExKkWjpQ3i9gOcvyXAUqo9KDpwN622s3gP +Ar1mm82FHUNNcv2uo4WpsLT9p+30bROSU0XUvYcVQHEqazy2A3o= +=9D+P +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-23:04.ixgbe.asc b/website/static/security/advisories/FreeBSD-EN-23:04.ixgbe.asc new file mode 100644 index 0000000000..0a93a5f603 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-23:04.ixgbe.asc @@ -0,0 +1,146 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-23:04.ixgbe Errata Notice + The FreeBSD Project + +Topic: ixgbe incorrectly reports input errors for 82599ES + +Category: core +Module: ixgbe +Announced: 2023-02-08 +Affects: All supported versions of FreeBSD. +Corrected: 2022-11-17 20:13:43 UTC (stable/13, 13.1-STABLE) + 2023-02-08 16:30:38 UTC (releng/13.1, 13.1-RELEASE-p6) + 2022-11-17 20:17:22 UTC (stable/12, 12.4-STABLE) + 2023-02-08 18:30:24 UTC (releng/12.4, 12.4-RELEASE-p1) + 2023-02-08 18:28:28 UTC (releng/12.3, 12.3-RELEASE-p11) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +ixgbe(4) is driver that supports multiple Intel 10Gb Ethernet cards including +the Intel 82599. + +II. Problem Description + +Intel 82599 hardware has errata related to IPv4 UDP frames with a zero +checksum. The L4 integrity error counter is incremented for such frames, +which results in reported interface errors through utilities such as +ifconfig(8). This confuses users, since all frames are in fact handled +correctly by the system. + +III. Impact + +Incorrect interface statistics are reported for affected hardware. + +IV. Workaround + +Ignore reported interface errors. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date and reboot. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for an erratum update" + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-23:04/ixgbe.patch +# fetch https://security.FreeBSD.org/patches/EN-23:04/ixgbe.patch.asc +# gpg --verify ixgbe.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ daf3d88ac184 stable/13-n253100 +releng/13.1/ f3e20eb8d8f0 releng/13.1-n250178 +stable/12/ r372757 +releng/12.4/ r372916 +releng/12.3/ r372912 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=266048> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-23:04.ixgbe.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmPj8BcACgkQbljekB8A +Gu+H7g//dEdyDgXVQeyezAZuL1wqUaKVE0ZzPfpouG9X3+FaXMalo0FzkJy75olx +vv0eOznDoS+IWlwkdvzKCaAGZK8ZFPNT0SkNTGlABh+xvX0FoORdPLh9AmZbDlsx +1FA1Az+Sew0EJ/t0D0v/ZMTpj267664yVXI1G5IFUxTLnFq/bC9w8ssOQCWF4/+z +KgwTt7XfaxE03EE6JasyeIRKF4nobbErNo7Z+yjEkqT43geSS8N3T6uE8JwV8y2w +0wAZT3nj7TBsHnRErHgDQabPXOEdZDODV+iDGTOmu7bwmoG9FKbuuE4tZtDzKNZ1 +wjjG0Gka091Wx7ss5KLO0kD99iqHrtno/I2qJuk/R5HZuNTzOsp56RgQUQu9uxjm +1Lfsd6HdzV2dd4/PZ9dGgU7bTiSIJXCh5pu3NGF3nKshgDPDq05kz3Ho3ktWEccQ +SpWOc6IyMibuxq9T50CFyW+qPMoPa4pN2BsVilwQJ/LeWYp8lcN9T5bY2ssVk33q +s6elPBZsmGOvIMe14mDUL2ANfcZSUDkbZuvCPoOo1LMGnh8TSikbj1uaWH4qntlC +gPJ502ggGaw1CuMuUzddyv14bNCL9PMY1zZOnEi6MWwZWZnVvzdqLvhz4U6BORVJ +OOqJTlxquMYGyILtHqKvqodZ471SaHMC9Sk5MPvO/mk0u3W5Zeg= +=sTJD +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-23:05.tzdata.asc b/website/static/security/advisories/FreeBSD-EN-23:05.tzdata.asc new file mode 100644 index 0000000000..663ca66ebf --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-23:05.tzdata.asc @@ -0,0 +1,174 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-23:05.tzdata Errata Notice + The FreeBSD Project + +Topic: Timezone database information update + +Category: contrib +Module: zoneinfo +Announced: 2023-06-21 +Affects: FreeBSD 13.1, 12.4 +Corrected: 2023-03-29 01:19:25 UTC (stable/13, 13.2-STABLE) + 2023-06-21 05:03:18 UTC (releng/13.1, 13.1-RELEASE-p8) + 2023-03-29 01:20:06 UTC (stable/12, 12.4-STABLE) + 2023-06-21 05:43:27 UTC (releng/12.4, 12.4-RELEASE-p3) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +The IANA Time Zone Database (often called tz or zoneinfo) contains code and +data that represent the history of local time for many representative +locations around the globe. It is updated periodically to reflect changes +made by political bodies to time zone boundaries, UTC offsets, and +daylight-saving rules. + +FreeBSD releases install the IANA Time Zone Database in /usr/share/zoneinfo. +The tzsetup(8) utility allows the user to specify the default local time +zone. Based on the selected time zone, tzsetup(8) copies one of the files +from /usr/share/zoneinfo to /etc/localtime. A time zone may also be selected +for an individual process by setting its TZ environment variable to a desired +time zone name. + +II. Problem Description + +Several changes to future and past timestamps have been recorded in the IANA +Time Zone Database after previous FreeBSD releases were released. This +affects many users in different parts of the world. Because of these +changes, the data in the zoneinfo files need to be updated. If the local +timezone on the running system is affected, tzsetup(8) needs to be run to +update /etc/localtime. + +III. Impact + +An incorrect time will be displayed on a system configured to use one of the +affected time zones if the /usr/share/zoneinfo and /etc/localtime files are +not updated, and all applications on the system that rely on the system time, +such as cron(8) and syslog(8), will be affected. + +IV. Workaround + +The system administrator can install an updated version of the IANA Time Zone +Database from the misc/zoneinfo port and run tzsetup(8). + +Applications that store and display times in Coordinated Universal Time (UTC) +are not affected. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +Please note that some third party software, for instance PHP, Ruby, Java, +Perl and Python, may be using different zoneinfo data sources, in such cases +this software must be updated separately. Software packages that are +installed via binary packages can be upgraded by executing 'pkg upgrade'. + +Following the instructions in this Errata Notice will only update the IANA +Time Zone Database installed in /usr/share/zoneinfo. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +Restart all the affected applications and daemons, or reboot the system. + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-23:05/tzdata-2023c.patch +# fetch https://security.FreeBSD.org/patches/EN-23:05/tzdata-2023c.patch.asc +# gpg --verify tzdata-2023c.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart all the affected applications and daemons, or reboot the system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ bb7b15831531 stable/13-n254928 +releng/13.1/ 0e577c42f61c releng/13.1-n250183 +stable/12/ r373009 +releng/12.4/ r373101 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> + +VII. References + +<URL:https://github.com/eggert/tz/blob/2023c/NEWS> +<URL:https://github.com/eggert/tz/blob/2023b/NEWS> +<URL:https://github.com/eggert/tz/blob/2023a/NEWS> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-23:05.tzdata.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmSSki0ACgkQbljekB8A +Gu8TvxAAtPUGUHuME21ttewmNzBuW6CHhD3MFYheFFs3CiuLsUbla7BRKgXPMOmT +WzXHOe/PDKefrrrW09lPLG63DChu9WgmAfEQyvDK+uV8gazfTTkDN3wD+XS1k5Uh +PNk9ZE2jAGOY7vbzmJyXAXVYx1MJcT9jGpT0S1s5AhOWL3GgsjlUb/IXMHaDIpRy +r0L6snLzLypZzHmTf9HJ3dvkXAqiMv6Km1SwMeWibnm0ChCwhHzktOihbVcPQBoY +vlUbAb0zKSZmNblbQS89vZtdtwgzFW8t+/F6esMEvrxwlW3hU1f8dZTBsRoIsKCR +VqE2SSTu9O5wG0Huj4UR64EQ116Co8xU2JlVmdp0jFqu8SYa4kq5O3f0sVbRSVzi +agwzaS0U7h8FzxBIyaSOQX1k+tWVIbXViKI/BD17NXqR/LXCLT1e7Eu4uxJn3mqE +zmeyXEQ1TvP9VkGrLmuKrv2h+cqFrWVqFWlzRG3jq8x21r1fL7sTC2cnw54cqItN +lAci5GUpc02LBo+74sz0J5WSpLFj/0sA+5W4EkUZ4EyoTpmR/d5L22eU1h91ZJx6 +mg/5xxTCvvEL0woMOIHeUf5essP4JiWWwGLv1dblVUiq5UuP9R9UdZef3xt/s+gD +Ew8Tyqv80ZJiamfWGOYQbbY6Bi7cUgzBvQkOXDVAXXeUXcCfWF4= +=fStA +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-23:06.loader.asc b/website/static/security/advisories/FreeBSD-EN-23:06.loader.asc new file mode 100644 index 0000000000..cfe389dc89 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-23:06.loader.asc @@ -0,0 +1,129 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-23:06.loader Errata Notice + The FreeBSD Project + +Topic: x86 kernel console configuration + +Category: core +Module: loader +Announced: 2023-06-21 +Affects: FreeBSD 13.x +Corrected: 2023-04-26 17:30:19 UTC (stable/13, 13.2-STABLE) + 2023-06-21 05:05:15 UTC (releng/13.2, 13.2-RELEASE-p1) + 2023-06-21 05:05:51 UTC (releng/13.1, 13.1-RELEASE-p8) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +The x86 loader's "comconsole" driver drives an ns16550-like uart for the loader +output, and it also generates a console specification for the kernel to use. + +II. Problem Description + +comconsole will unconditionally clear the hw.uart.console environment variable, +whether the system is configured to use comconsole or not. + +III. Impact + +Systems with uart hardware that the kernel supports but loader doesn't cannot be +configured to use this uart for console output if comconsole clears the +hw.uart.console variable even when it's not in use. + +IV. Workaround + +No workaround is available, but non-x86 machines and x86 machines using UEFI to +boot are not affected. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. A reboot will be required to +get console output. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# reboot + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-23:06/loader.patch +# fetch https://security.FreeBSD.org/patches/EN-23:06/loader.patch.asc +# gpg --verify loader.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Reboot the system to use the new /boot/loader. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 362677cae8e9 stable/13-n255172 +releng/13.2/ 525ac1948af8 releng/13.2-n254618 +releng/13.1/ 5d2bbb9db2d2 releng/13.1-n250184 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-23:06.loader.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmSSkjkACgkQbljekB8A +Gu/4HQ//WJFI/SehPJhbpyGKsePYJSecIA6FYS3/pEYmffxEHCxAlWIovYfZwEsl +7UrqQfCOFIEtF2Au4GAhI2srH7+ecEFYyHzMfrWANLRMnHlqqLUqCdgmY6FKSM+v +L0kIOh2ygMCU4s1nNjXDT5rwjLhS8rl+oaVbDvSHBIcwyNL0FdouuMnQR2GcHW1q +nu+iYXCG0OAS7DAJ1hmPG5f85iXvt8dRfC9i/EH7sQSLJ8wZQIgQXOGbwwpMbPDW +dsPP3mvxZ2h2i3WAMd2bidby+ImbDynpiabT8BuTg7vOo6P6pf+bREKKnHOQrN4C +sZGzpPDGPKo0rAJ94R5qAS2QgzGX5gS/p0vporpwnvKZWL18AoioHp/Bh9TXFWfW +8aQn2LcIEjd/vhU1B1Erg1ctavD71W6A5ZTxU5BocNot3ZIts2VTuF2LajUJ8bSp +y2DBP3FmpFZi3CHvDV3NmJvUyasHb12EipYhamzAWpvUxRC0YP1zLaYbFRusSlFA +D6rjrRh0sd9AGip6gZ0ZSLd0v7kuebpqCh8nTEd1Betyg1pa00SGLTp++RsPcgow +D6ty5KWjItqbS1UGibFAexXRTc0PPW+/Jd+UmgoAWA6HYuw4HwznxIdfBGy4qMsN +V30TjUxl7ulInD3Ts92TOU5FpHiS2yGNFLBkeT/RClbnaXHIC0Y= +=gAQK +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-23:07.mpr.asc b/website/static/security/advisories/FreeBSD-EN-23:07.mpr.asc new file mode 100644 index 0000000000..10df65cee6 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-23:07.mpr.asc @@ -0,0 +1,136 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-23:07.mpr Errata Notice + The FreeBSD Project + +Topic: mpr(4) may fail to initialize devices + +Category: core +Module: mpr +Announced: 2023-06-21 +Affects: All supported versions of FreeBSD. +Corrected: 2023-05-02 12:21:35 UTC (stable/13, 13.2-STABLE) + 2023-06-21 05:06:39 UTC (releng/13.2, 13.2-RELEASE-p1) + 2023-06-21 05:07:50 UTC (releng/13.1, 13.1-RELEASE-p8) + 2023-05-02 12:21:26 UTC (stable/12, 12.4-STABLE) + 2023-06-21 05:43:37 UTC (releng/12.4, 12.4-RELEASE-p3) + +I. Background + +mpr(4) is a driver for Broadcom SAS controllers. + +II. Problem Description + +The mpr(4) driver did not correctly initialize command data sent to the +controller when attaching. + +III. Impact + +mpr(4) would fail to initialize the controller in some cases, making the +attached storage devices inaccessible. + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date and reboot. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for an erratum update" + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-23:07/mpr.patch +# fetch https://security.FreeBSD.org/patches/EN-23:07/mpr.patch.asc +# gpg --verify mpr.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ e7a3a08febd0 stable/13-n255252 +releng/13.2/ e63d8b8fa6d9 releng/13.2-n254619 +releng/13.1/ bc61a15ededc releng/13.1-n250185 +stable/12/ r373058 +releng/12.4/ r373102 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> + +VII. References + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-23:07.mpr.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmSSkjsACgkQbljekB8A +Gu/jiw/9HCji9U0ygORSvETbwBg9eBNJNtQTqqnAEKPv7kjBUYhYkKwqyyzzaoCF +7rj0dw3heObLTdsDhDynnLinmTN1htXAoVE4F4RpS7li44eUnVp2hDSr//ft/bxR +Zrd0NbxDt9OCuPVPxWclVyAnG+fi446pwpX5zBMz1U8STQHDe7N8DRUlzOmCxY1z +N3pEJdFoYt8zUUixymBdpAmXyvBL5FAi9yvm0dt20Dl1e8EKVkdT+38x6RhYgjkO +Cr//HnldHyoVXnIzqOIIv+VpEwAV4nYcKei9EvI8bJ/LSWUIk+7PHzzpmygk7fPM +HFyIIlNQbkL0/KsEi/I07LUIBVoFEeB2pRHuOfF5jYhc6J4zcZ2pGX8BY3Ai8gdn +hRAVvUHbiKKIFjezwl4S+8N+jipP8xIovEW5LG4MTp8BSpq0aNy1VtXYLyTvZhEb +XhrepXUnPjh85sD2gLTfM4JDqCyuaNFTKqi0w+vCunvXjCfDhAFC+ttzJvDeijKG +cuW2nF2Iniug3Y7BjGIe4xWYFEBiDTp+vOYOg/J4Me4cd1+BJzD4Enmu60dmtCd3 +6u4HceA/CjVEV1iuZZXty9RkSqA5S6xCinZihho1fLrYLUOBA7MvSkIgZl1VH+RD +XkgQtO3LyurJ2Hi7O7LIcG9IOI5XmpNH0i2S3i7BOcQvMdTjamY= +=/a3j +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-23:08.vnet.asc b/website/static/security/advisories/FreeBSD-EN-23:08.vnet.asc new file mode 100644 index 0000000000..fc722d9cff --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-23:08.vnet.asc @@ -0,0 +1,147 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-23:08.vnet Errata Notice + The FreeBSD Project + +Topic: VNET and DPCPU module panic on arm64 + +Category: core +Module: kernel +Announced: 2023-08-01 +Affects: FreeBSD 13.2 +Corrected: 2023-07-26 18:03:46 UTC (stable/13, 13.2-STABLE) + 2023-08-01 19:50:47 UTC (releng/13.2, 13.2-RELEASE-p2) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +VNET is the name of a technique to virtualize the network stack. It changes +global resources, most notably variables, into per network stack resources +and handles them in the context of the correct instance. VNET is enabled by +default in GENERIC kernels on all architectures except 32-bit ARM. + +DPCPU is a dynamic per-CPU memory allocator which can instantiate one +instance of a global variable with each CPU in the system. Dynamically +allocated per-CPU variables can be defined with custom names and types. +DPCPU is always enabled. + +II. Problem Description + +After FreeBSD 13.1 was released, the contributed LLVM components (LLVM, +clang, compiler-rt, libc++, libunwind, lld, lldb and openmp) were +upgraded to upstream version 14.0.5. The new version of lld, the llvm +linker, got additional optimizations for arm64 in the form of so-called +relocation relaxations. + +These relaxations are fine for regular userland applications, as the +dynamic linker can handle the optimized relocations. However, due to the +way the VNET and DPCPU features are implemented, the optimized +relocations can cause panics if they are used in kernel modules. + +III. Impact + +On arm64 systems, loading kernel modules that use VNET or DPCPU features can +cause panics. A known example is the WireGuard kernel module, if_wg(4). + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +A reboot is required, because the kernel and several kernel modules are +updated. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +A reboot is required, because the kernel and several kernel modules are updated. + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-23:08/vnet.patch +# fetch https://security.FreeBSD.org/patches/EN-23:08/vnet.patch.asc +# gpg --verify vnet.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 98e7f836e65e stable/13-n255888 +releng/13.2/ e3e6fc371322 releng/13.2-n254623 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://github.com/ARM-software/abi-aa/blob/844a79fd4c77252a11342709e3b27b2c9f590cf1/aaelf64/aaelf64.rst#relocation-optimization> + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264094> +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264115> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-23:08.vnet.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmTJd+EACgkQbljekB8A +Gu+2XRAAnIRnEfyWHe8XQa3ElzCx3gwyldIkZJqjqEX1hWm1uhASJGV3Zk/xj6gv +6yyr8P5nij6rbblpo/YpUzwFeRVUX3foMU+R4blTB0nriJuW6P1vMiHpD1w52oS5 +OWpsyAouJ4/IsDh73jCqrJk3M7ZKOkfQ5tHn/E+bLl20ASQy/5S/t3G9QU8o8TeH +Ak+zakq8Gf13BA6vMyq0beA34A0zT0niznKhbTqAc3czdsd18Rkeg/9txXU2iOkV +8VBqnN2kJQ/gBfM79PtUOfz8uK/7tIWMpNoept4Kp0XlDPpJUhqBwjjmTBsuxB8w +fpYpfNF5ADX50L1nzm24oxBjFsbA+YUNXzO1VHCQZeWNxI2cubZWFtzu7WoxT7QQ +trdhUWlSI28jtRJSg5eBwfSI/iT/iESIH9f5wFdVo3iORPXe28CrW6EtEHXhVk37 +JQaQdIPr48n2IfsEzuogQyEMAWuD6hSUDksfZsArkPcS9QJFBzv1xkiTXmInn1CL +JQK4XaVXSELKh0JWgnGTA3/Xsi/DRXcPbN+1saKi8Dp5LzwaMN26UmvWzMFYpQuY +hrfFDpk3IP9iacvnnObuMretppd1LdwFx3O2Pq4Fs0nRYIKSU3OVpIVzu75otiwE +GtArfSeRWgwy9moWd8W4wSWNFosTkFMFbZONS0n9SfEYzabpCzM= +=0mU9 +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-23:09.freebsd-update.asc b/website/static/security/advisories/FreeBSD-EN-23:09.freebsd-update.asc new file mode 100644 index 0000000000..7cf538a97f --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-23:09.freebsd-update.asc @@ -0,0 +1,147 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-23:09.freebsd-update Errata Notice + The FreeBSD Project + +Topic: freebsd-update incorrectly merges files on upgrade + +Category: core +Module: freebsd-update +Announced: 2023-09-06 +Affects: FreeBSD 13.2 +Corrected: 2023-05-16 21:34:10 UTC (stable/13, 13.2-STABLE) + 2023-09-06 16:56:24 UTC (releng/13.2, 13.2-RELEASE-p3) + 2023-09-28 13:42:18 UTC (stable/12, 12.4-STABLE) + 2023-10-03 22:15:35 UTC (releng/12.4, 12.4-RELEASE-p6) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +2023-09-06 Initial Revision +2023-10-03 Updated to include the patch for 12.4-RELEASE. + +I. Background + +freebsd-update provides binary updates for supported releases of FreeBSD on +amd64, arm64, and i386. + +II. Problem Description + +freebsd-update incorrectly deleted files in /etc/ in the event the file to be +updated matched the new release and was different than the old release. This +has not been an issue previously because the $FreeBSD$ tag expansion from +subversion virtually guaranteed the existing file was going to be different +from the new release. With the conversion to git in the 13.x releases, +$FreeBSD$ is no longer expanded, making it much more likely that a file would +find this issue. + +III. Impact + +Unmodified files in /etc/ may be deleted on running freebsd-update upgrade. + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-23:09/freebsd-update.patch +# fetch https://security.FreeBSD.org/patches/EN-23:09/freebsd-update.patch.asc +# gpg --verify freebsd-update.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 866e5c6b3ce7 stable/13-n255386 +releng/13.2/ 0b39d9de2e71 releng/13.2-n254628 +stable/12/ r373221 +releng/12.4/ r373231 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> + +VII. References + +<URL:https://reviews.freebsd.org/D39973> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-23:09.freebsd-update.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmUclTsACgkQbljekB8A +Gu+mvBAAumfz3Q0E3r4JXRaYDUBHgMN+L86xn9gzt/+sbrMtHCdJ1NariCwXO3lH +tGgPW97xRZG4r1IQYayydYo3N7X4u4egzyz/HNKWhxJjkSBkgQG19IDryi9n/2B4 +g5lFaLUGT57pKJDpbDWwvdKbpgUDEfHVTG2hthDVFcnJRuPVSaqdEcOi0eWuX/Dy +8t9CA+9TkvmaY9bl4Lbyltsf0ycSYOp2FDVOKorm0D1GvVAcA+5+9pw02IdFZuGo +CFiXhstcIGs9kKGdtC21tkxemz8oV4Ub9gjsVYyVDzbvKcYtsb/EIKCiTnPcgL9M +DBrekG3LhUK+pZ+V+eHFGToBukITPcZ/gkSwl59Zu1fB1ITBm9QoriwL5R6udpYA +mymzlTYTnLIrGAu4u1Ft2RSXvxwfIAtErM0MyijI1KFl9q5EFhSJzSnTG411FJP4 +w51r0iKHtMJdeL+gYFkWUQrZM+oDHOhuvhYwzbh0cZD2DFksCT2OB0F/zVCHvPsD +uQag2aCttm1uEEhUeMqIYmByR93ctN+TuwmH3Qev0u0lamG5xfzxDEBtDVB2ThyC +9TLFXTrgR5ENmwaCkRkj1YwHdwfBmqPyoN4BBOIFYCXzvA1UIN3nCcm4FpeHXvWs +EToL2Z1MUDCc7lfOsPNRrTBrDyqYUjOP9qlKR8F9CJfhR6eSMLc= +=wkOB +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-23:10.pci.asc b/website/static/security/advisories/FreeBSD-EN-23:10.pci.asc new file mode 100644 index 0000000000..3755634e2d --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-23:10.pci.asc @@ -0,0 +1,129 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-23:10.pci Errata Notice + The FreeBSD Project + +Topic: PCI-e hot-plug is broken with certain devices + +Category: core +Module: pci +Announced: 2023-09-06 +Affects: FreeBSD 13.2 +Corrected: 2023-06-28 01:32:47 UTC (stable/13, 13.2-STABLE) + 2023-09-06 16:57:02 UTC (releng/13.2, 13.2-RELEASE-p3) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +FreeBSD's pcib(4) PCI-e bridge driver implements support for hot-plugging PCIe +devices. When attaching to a hot-plug-capable slot, the pcib(4) driver +allocates a MSI or MSI-X vector used to trigger handling of hot-plug +events. + +II. Problem Description + +The code which allocated the hot-plug interrupt did not allocate MSI-X +vectors properly. When attaching to devices which support only MSI-X +messages, the interrupt would not be allocated. + +III. Impact + +PCIe hot-plug would fail to work for certain devices. In particular, +this affects certain Amazon EC2 instance types which require functional +hot-plug support in order to attach network devices. + +IV. Workaround + +No workaround is available for affected devices. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date and reboot. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for an erratum update" + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-23:10/pci.patch +# fetch https://security.FreeBSD.org/patches/EN-23:10/pci.patch.asc +# gpg --verify pci.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 12ce57e6d3e7 stable/13-n255700 +releng/13.2/ e80d2d894ff1 releng/13.2-n254629 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://reviews.freebsd.org/D40581> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-23:10.pci.asc> +-----BEGIN PGP SIGNATURE----- + +iQIyBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmT4vyUACgkQbljekB8A +Gu9jsQ/3cpks/UuN/HHjGQdnqwRbwwMI44jysniwnetaXwZ+z6JoDQYFZyRFZGGb +BKNo7asZlPgfrRYCqaZ3sH6pwzj7aU/ImLvQyLuTWo14C/29nM8koFi0vCGnJD/2 +oQK8GUZLR5PZfGIsW0swGcmPYQ7NQtBiBQj/B+xqpPIllIcrTK0vCyCf2JIIGohy +o8YIvd//FOs738Yb8ZAX6wta3KUu92SiWZH49BI/dJjkXbXSfhshDupx9EP2cfx/ +uxYzdcEvLPWvpd0KaaVqbYMpw05wRt/23ir/E1fj4uDBL9tDWEgn150uqVbErm8F +/W+gP9DMjkA6IlredXLD1Q0pZpUlo/CbjNQLpojQcJcuQhzcy7msb9TP6oHjW2Gi +JRed3MqBWxrZJ/KdmCttC5qlzEPVq05aejRQXM1F3+FG/hUXo5a7tSUNvZ2LIQYC +CW4C+AbWsQwzPUdRxidAhUflRBM95p8ifKZC8qWZ0f67FBYvo3OB0hGo+5PReimc +fIzJDVL05/XgaXX2dH+sUjZO2PgG07Q343uVPCqYwFYPx43PMYlfWkqT99G1dleV +rWryNrO3WtLpzxWmY15h8f1I4sq8E+8rboN/HdVZm6vCLSOqfvAbnAN5Kf/hWMRj +logaqv/WE7DX3qpoY9eZ/foMvF72Q+FXJ5atSIWJX3w6UrzKRA== +=N9UQ +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-23:11.caroot.asc b/website/static/security/advisories/FreeBSD-EN-23:11.caroot.asc new file mode 100644 index 0000000000..1deee71eb8 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-23:11.caroot.asc @@ -0,0 +1,125 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-23:11.caroot Errata Notice + The FreeBSD Project + +Topic: Root certificate bundle update + +Category: core +Module: caroot +Announced: 2023-09-06 +Affects: FreeBSD 13.2 +Corrected: 2023-07-11 15:05:57 UTC (stable/13, 13.2-STABLE) + 2023-09-06 16:57:41 UTC (releng/13.2, 13.2-RELEASE-p3) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +The root certificate bundle is the trust store that is used by OpenSSL +programs and libraries to aid in determining whether it should trust a given +TLS certificate. + +II. Problem Description + +Several certificates were added to the bundle after the latest release of +FreeBSD 13.2. + +III. Impact + +TLS connections using the missing root certificates as a trust anchor would +not be trusted causing an error. + +IV. Workaround + +No workaround is available. Software that uses an internal trust store is not +affected. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-23:11/caroot.patch +# fetch https://security.FreeBSD.org/patches/EN-23:11/caroot.patch.asc +# gpg --verify caroot.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart all daemons that use OpenSSL, or reboot the system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 565712db0dfa stable/13-n255804 +releng/13.2/ 902c13c4cf68 releng/13.2-n254630 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-23:11.caroot.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmT4vycACgkQbljekB8A +Gu+f5BAAytNLuwte1XCdFW+5I+4Y4TC2crzZ1Om3xmC9bp1DoI8oVaCO8m7bkUr5 +9K1afCqj8+rPt0uPUwyqONuVDSusQtmUte3mLUH78BStf0kLJDEUS4dLIUJ27liI +CuBDsUyEK+bh8oiQhOmw7OqM+bZfpekTJbe6C/VuBDGBkCY4HNhjg5QHBehLFPxz +oaCvNMJy/71kSPrgtqOGZJMEZ4LHmosJPu9mHzjCuwBBnzV+uCt7zvAnt2hybMt0 +itYaBlGX4r3NmknHDz271+1VT4xkfw01oN5FgsAYAezzaP71+nNgxmo0cAAfLs+0 +4mZ4O4LFMbXIdjqvxduqpX9BII8ZxU+XFE7hJRGyyENuROWBt0rs4e2/M5ljneew +IhxTut38cBCHBwQgDFM84HeramYwYwx92LpkAxj+Honsn4V3e4aoygnpJJvYw0TR +jqO5wBe8XKwUgBdf6Jttaz4JpPTxG2Sjf2yvJDD7Q5vrdu9kxjKS/X+5pJb+0xvp +w1bSoPF+KtXTmr3sZJy018GT7v8LbvlNXSRZmciJEi3958MHOaLPdyqhqYnvear7 +Fk9GUzb182Zm0uNGDNqEg+kDUUSs9M6pEWbKa+hqyWg3M5ySgCiirpseQnneNN+K +q6sSdlj25+12bIUMRLtb3WTSWM0/HsuxUo8YBNjmbpI/Uo7zEJ4= +=QFAS +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-23:12.freebsd-update.asc b/website/static/security/advisories/FreeBSD-EN-23:12.freebsd-update.asc new file mode 100644 index 0000000000..9020f53b72 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-23:12.freebsd-update.asc @@ -0,0 +1,142 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-23:12.freebsd-update Errata Notice + The FreeBSD Project + +Topic: freebsd-update to 14.0 fails + +Category: core +Module: freebsd-update +Announced: 2023-10-03 +Affects: All supported versions of FreeBSD. +Corrected: 2023-10-01 16:33:03 UTC (stable/13, 13.2-STABLE) + 2023-10-03 21:22:19 UTC (releng/13.2, 13.2-RELEASE-p4) + 2023-10-01 16:35:16 UTC (stable/12, 12.4-STABLE) + 2023-10-03 22:15:37 UTC (releng/12.4, 12.4-RELEASE-p6) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +freebsd-update provides binary updates for supported releases of FreeBSD on +amd64, arm64, and i386. + +II. Problem Description + +freebsd-update was unable to handle the case where a file in the "old" +version changed to a directory in the "new" version. This case occurs with +upgrades to FreeBSD 14.0, as /usr/include/c++/v1/__string exists as a file +in 12.4 and 13.2, and as a directory in FreeBSD 14.0. + +III. Impact + +Using freebsd-update to upgrade to FreeBSD 14.0 emits errors during install +and results in a system with broken C++ headers. + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-23:12/freebsd-update.patch +# fetch https://security.FreeBSD.org/patches/EN-23:12/freebsd-update.patch.asc +# gpg --verify freebsd-update.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 774cc6348a50 stable/13-n256442 +releng/13.2/ cfb624d7e250 releng/13.2-n254634 +stable/12/ r373223 +releng/12.4/ r373232 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=273661> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-12:12.freebsd-update.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmUclUgACgkQbljekB8A +Gu+9fRAArZE0IrnLNZedxplzPbqrhErZAvomp04D+FR/FGiawgSuItfYmmX7sfxG +6MDlnfsIiumrxjWPr7btxN6tD9ouo6M1LLEz2WKRdRJfuhXsghjyP8TqSGb7DBZG +wIThOxz5akSVGLAWF2ShRGe42bloNfSJjnYWos0bkHpKo/m8ljOMbkQU9kjvsLXR +jV6vYvWJAkPanGJ30g4Hu1tucPUReCbnXRUJ66MzsAerQPRCYoCYx7to4ljPnwN2 +RBOKSeB+yE5ShVwOSCREcPYlsnE/ah7ayb0P4Vcskfy1CT7bN+yK8+DTfHCdICgr +R4h0FcmSXGls7S7OmewUZYjqnJHkpE6AH3s+fennOGB3Fv06QX7xxrP3l/5jqFgc +ffONEv0mYMDE49PnXTttXZL/trIBLWbqIO8KOGlQneOXciQYokbw4hZnyK0G64mn +M/bszNU2gjwei5BvlcCQLs9n84TgTRhfLPJMR+QFK5bNMlZM/b5/wETYjbqZBEDX +rjUsIuUzkLKAJr9MA4BItCGhRMjkViRJ06WcfLsSOdlNrNF7vBfGtcLbt7BiyWos +P4VPMPVKdt3XBR5c4EAC2y4j0s+On2Ts0SMqBXwmQ5/D+gGlIdPgHLMrq8gbvN0Q +ZF/qdH6EWIFLHAmBcWxYmqRhzmPeV3y8RrHxaPriffb6ko9KW4s= +=SfBw +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-23:13.freebsd-update.asc b/website/static/security/advisories/FreeBSD-EN-23:13.freebsd-update.asc new file mode 100644 index 0000000000..08dafcfa78 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-23:13.freebsd-update.asc @@ -0,0 +1,153 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-23:13.freebsd-update Errata Notice + The FreeBSD Project + +Topic: freebsd-update does not handle deep boot environments + +Category: core +Announced: 2023-11-08 +Affects: All supported versions of FreeBSD. +Corrected: 2023-10-24 00:04:14 UTC (stable/14, 14.0-STABLE) + 2023-10-24 16:12:01 UTC (releng/14.0, 14.0-RC3) + 2023-10-24 00:04:18 UTC (stable/13, 13.2-STABLE) + 2023-11-08 00:59:45 UTC (releng/13.2, 13.2-RELEASE-p5) + 2023-10-24 00:05:10 UTC (stable/12, 12.4-STABLE) + 2023-11-08 01:10:13 UTC (releng/12.4, 12.4-RELEASE-p7) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +freebsd-update will create a new boot environment as a backup when performing +updates. + +II. Problem Description + +Some systems use non-default configurations referred to as "deep" boot +environments. Deep boot environments place datasets belonging to the boot +environment subordinate to the boot environment dataset itself, rather than +elsewhere in the pool structure. + +This kind of boot environment requires the -r flag to bectl(8) for most +operations in order to recurse on these subordinate datasets, but +freebsd-update(8) was not recursing when creating a backup boot environment. + +III. Impact + +Without recursing in bectl(8), backups taken of a deep boot environment are not +complete snapshots of the system state before the upgrade takes place. This +means that it's potentially painful to try and rollback to the pre-upgrade state +after the upgrade has completed. + +IV. Workaround + +No workaround is available, but the default configuration is not affected and +deep boot environment users may create their own backups prior to an upgrade +with a manual `bectl create -r ...` + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-23:13/freebsd-update.patch +# fetch https://security.FreeBSD.org/patches/EN-23:13/freebsd-update.patch.asc +# gpg --verify freebsd-update.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ 5c2a559876d1 stable/14-n265583 +releng/14.0/ e34fdb7c119e releng/14.0-n265341 +stable/13/ 80f747781f12 stable/13-n256596 +releng/13.2/ e79edfaf68c5 releng/13.2-n254641 +stable/12/ r373256 +releng/12.4/ r373266 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=267535> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-23:13.freebsd-update.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVLKZUACgkQbljekB8A +Gu+SVw/9FKEzcR7kUudFRwnNsY1LI7YphmuEA7xT6pdiMxizHmh/iWOF8yc5l3Ky +lpXcIhbNXwOcI06Jv9OswIZyOXTtLZat+MVLyx4uoMgdHuM4wuPx4N9lo6FwvE1v +Ehtf1GkEnOANcxou0PdrS+fHzUKx/hjn/WVKcdp+YmYzf19LnIqj2H58QWTP7INr +cP/rj3EiqGi7XkBEh4te6nTyy27Wu+ihZZDdLFv43sf/cOEl2wsd8HJxVxfz9aEP +lhJSBVMFq46YfNSLIsYLLN5v6d2C5ag4JJ2tvuX2sazLl3TXafDZ+OtAok0h8iiE +qGrad3dt/g/5/WnSVK68GQ4MfyXJtfywxK18CX3fojeCuDJ5D9j7XUUXaqHHty9r +CdcI4yZkswijkKIhtBRYdGh7Nvue54br6cnf7L8i/6hbPnLbdue3gs+v5OLNEttm +LthNPViDJWid2TD+mRDS/2JubpiHspzb06Z+q2Hpt5wLRdISu1qPnjgGXgzXgPNB +3PYbsPp2i1rHmz52K08hK+582QL5PMS5/hpB6pN2bakugvAGz5ocrBn1C5ejNIeo +4FAFV5w4cvgaJJf7eI8Lo+IzEcg4gA6h8ibDsFXIzMf3Fnn9p7qH7cw85AoemW4a +ZZBDYL81fEy9hJBqhQC4cmjEdzuvptPV5arFzX8J9M6Hirrnt9g= +=l1ce +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-23:14.regcomp.asc b/website/static/security/advisories/FreeBSD-EN-23:14.regcomp.asc new file mode 100644 index 0000000000..796c1e6368 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-23:14.regcomp.asc @@ -0,0 +1,151 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-23:14.regcomp Errata Notice + The FreeBSD Project + +Topic: Incorrect regular expression escape handling + +Category: core +Module: libc +Announced: 2023-11-08 +Affects: All supported versions of FreeBSD. +Corrected: 2023-09-30 01:40:59 UTC (stable/14, 14.0-STABLE) + 2023-10-01 04:46:02 UTC (releng/14.0, 14.0-BETA5) + 2023-09-30 01:41:23 UTC (stable/13, 13.2-STABLE) + 2023-11-08 00:59:51 UTC (releng/13.2, 13.2-RELEASE-p5) + 2023-09-30 01:41:57 UTC (stable/12, 12.4-STABLE) + 2023-11-08 01:11:09 UTC (releng/12.4, 12.4-RELEASE-p7) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +The libc regex(3) implementation is responsible for compiling and applying +regular expressions as used in, e.g., grep(1) and sed(1). + +II. Problem Description + +In some instances, the regcomp() implementation would inadvertently sign-extend +a character in the regular expression. Additionally, alphabetic wide-characters +were not properly being considered as such. + +III. Impact + +Regular expressions supplied to grep(1) or sed(1) that contained an alphabetic +wide-character would incorrectly error out as if a bogus trailing backslash had +been supplied. + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +Rebooting after the update is not strictly necessary, but it is recommended +in case the error affects some daemon in use. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-23:14/regcomp.patch +# fetch https://security.FreeBSD.org/patches/EN-23:14/regcomp.patch.asc +# gpg --verify regcomp.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart all daemons that use the library, or reboot the system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ 56b09feb23d9 stable/14-n265274 +releng/14.0/ 408daf2caa92 releng/14.0-n265163 +stable/13/ ac695744e2cf stable/13-n256440 +releng/13.2/ 67264bfe4992 releng/13.2-n254642 +stable/12/ r373222 +releng/12.4/ r373267 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264275> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-23:14.regcomp.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVLKaAACgkQbljekB8A +Gu+LkRAA3/sUdxhrZ2iv6JBThfYSW0d3aTNLz9z4bv41wGqXoYyXnUaQqwi0bxqN +ckbtEB6jpoAArlZvcYnP6vmS7BdFHjaeXCI5pFsVtbhz7xlLVjlEgZwPNv69MT+2 +Uzg+cyHF0PU+7Mfh+Pxx3yURnBCXMljdMKrIkFK61nyHjHjL1HFMS07DxkZh3m24 +rG/WOJ9/fT+ICa3SAeREuydUUbXVvr1nmff8BJDV2PjQp2y8RaeYCjshfvHBA7AJ +kC7y2TNUYtosFZkGAU33d0HZw/LNiWGQR0t4xjDBRNbQOF7vmOwmVHXqb+47bq6Z +DajjnHTZcIs8edXpHC99EQu/1GVpc4zqPYZeO7VRZJg/EnYgXv2WYZr0zr0PsSw5 +mrnXIqt9c1YRZ6h5XEFv6G4L++8/FjbjZZUqriBurvYWwbXRr8Y6UY1r9Mbz6W+z +h5jDwbrXB9kd+7az6m+jF5hFRe+74NQDtPFlRfP5ZpWZUb1NAmfU3x2s28m4ovWk +Pg5kbiU4mDmml0pnLuIEOtr4ukvURY+V9NVhN7QW3WhP6TTvHwilgdfO8QNG847x +eh2xFIF1cH/Ce1PK0PuvNwmWu8RlHaQpDIKWZ5qMzehk3Sk7da+p9cGzXGUyrWTC +AdEAuIwPiNo0Lcj9isRaMB7TDDu4Wgv0Z9UVQtHikRrs1ul5s1c= +=TY3O +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-23:15.sanitizer.asc b/website/static/security/advisories/FreeBSD-EN-23:15.sanitizer.asc new file mode 100644 index 0000000000..ff869155bb --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-23:15.sanitizer.asc @@ -0,0 +1,158 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-23:15.sanitizer Errata Notice + The FreeBSD Project + +Topic: Clang sanitizer failure with ASLR enabled + +Category: contrib +Module: compiler-rt +Announced: 2023-12-01 +Affects: FreeBSD 13.2 and FreeBSD 14.0 +Corrected: 2023-11-25 09:05:09 UTC (stable/14, 14.0-STABLE) + 2023-12-01 00:38:35 UTC (releng/14.0, 14.0-RELEASE-p1) + 2023-11-25 09:05:14 UTC (stable/13, 13.2-STABLE) + 2023-12-05 18:20:00 UTC (releng/13.2, 13.2-RELEASE-p7) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +0. Revision History + +v1.0 2023-12-01 -- Initial release +v1.1 2023-12-05 -- Updated affected versions and added patch FreeBSD 13.2 + +I. Background + +Compiler-RT is an implementation of various compiler runtime support routines, +provided by the LLVM project. This library also provides a number of so-called +Sanitizers, which help to catch buffer overruns, thread data races, and so on: +AddressSanitizer, ThreadSanitizer, UndefinedBehaviorSanitizer, and more. + +II. Problem Description + +Some of the Sanitizers cannot work correctly when ASLR is enabled. Therefore, at +the initialization of such Sanitizers, ASLR is detected via procctl(2). If ASLR +is enabled, it is first disabled, and then the main executable containing the +Sanitizer is re-executed, after printing an appropriate message. + +However, the Sanitizers work by intercepting various function calls, and by +mistake the already-intercepted procctl(2) function was used. This causes an +internal error, which usually results in a segfault. + +III. Impact + +Binaries linked to AddressSanitizer (using -fsanitize=address), MemorySanitizer +(using -fsanitize=memory) or ThreadSanitizer (using -fsanitize=thread) can crash +at startup with a segfault, if ASLR is enabled. Other binaries are not affected. + +IV. Workaround + +If ASLR is enabled system-wide, the problem can be worked around by running the +specific binary with proccontrol(1), to temporarily disable ASLR for only that +program. For example: + + proccontrol -m aslr -s disable /path/to/example_program + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +No reboot is necessary, but Sanitized binaries must be re-linked, because the +Sanitizer libraries are statically linked in. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +or the i386 platform on FreeBSD 13 and earlier, can be updated via +the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +No reboot is necessary, but Sanitized binaries must be re-linked, because the +Sanitizer libraries are statically linked in. + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 14.0] +# fetch https://security.FreeBSD.org/patches/EN-23:15/sanitizer.patch +# fetch https://security.FreeBSD.org/patches/EN-23:15/sanitizer.patch.asc +# gpg --verify sanitizer.patch.asc + +[FreeBSD 13.2] +# fetch https://security.FreeBSD.org/patches/EN-23:15/sanitizer.13.patch +# fetch https://security.FreeBSD.org/patches/EN-23:15/sanitizer.13.patch.asc +# gpg --verify sanitizer.13.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ 1e4798e9677f stable/14-n265803 +releng/14.0/ 78b4c762b20b releng/14.0-n265381 +stable/13/ 7c25a53a2cb9 stable/13-n256726 +releng/13.2/ 6d94fc2b0db9 releng/13.2-n254646 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275270> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-23:15.sanitizer.asc> + +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVvdI0ACgkQbljekB8A +Gu/tzA//WlbAichQYjs2EOKsBkikGpWRf/Vg3PNpwfT0Bh8Nkuapf8H41Cm0prRT +ZNgwqOcckJK+pj/e99nz3/nxdIJLkzyGMUblAhpkvklXK4KXGT9ASgkzXShyKlIC +nXY7OfEwxUJ/N74Ty6+2d/ZkAIVV+f7A3r4OJ6sPVkB5TDbddg4NbzhMNi+yg3lg +tujrBdmXxSTlBEKy2WVwMyWTrK9lfkDmp0GfbaGvODYhzdNZpfvQ5WEw4rCiC7x9 +4zE5YbbtOgZ1zG2tJz/Mklv+dQQFmCf6W3E2aCzhtyw0qcvy5LlYO8oTeDA6LVD5 +neWRVXjRk7/g/fLe1dBAbn7loRxglWtnvSdYZU3iZRxgX3Mn+s5zrKhNXmF6QIVM +ppuSI6N9dXaeI4dlFTF+oZkNuP9UFS5thhFmRONES55gifWYGm3YphetrcEIRGBW +WgLUdxE33mALlFOhHSSCmkrqWe59iLjRnbC14HaB4K/fzePZsRd9onqRarEeVQz5 +BzDN6t+w0kuBKjjMpmZS3wg0waK7E2YuVdk9nazGS3Mg3YXEdB0Z7lK8AnNLKRJr +Ih/4h1Cj/vyie0j9n0zezgcTdCR/1sNU7+19NCGWhXr3Bwl9OhDuRsz1056Bt1N+ +CvdwFB7e7CzoMcOrQC/X2z0qSmX7TvQ6Fx777vK+Cr167NE9mM4= +=Lf9R +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-23:16.openzfs.asc b/website/static/security/advisories/FreeBSD-EN-23:16.openzfs.asc new file mode 100644 index 0000000000..4836b85008 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-23:16.openzfs.asc @@ -0,0 +1,197 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-23:16.openzfs Errata Notice + The FreeBSD Project + +Topic: OpenZFS data corruption + +Category: contrib +Module: OpenZFS +Announced: 2023-12-01 +Affects: All supported versions of FreeBSD. +Corrected: 2023-11-28 21:00:48 UTC (stable/14, 14.0-STABLE) + 2023-12-01 00:38:38 UTC (releng/14.0, 14.0-RELEASE-p1) + 2023-11-28 21:07:30 UTC (stable/13, 13.2-STABLE) + 2023-12-01 00:38:47 UTC (releng/13.2, 13.2-RELEASE-p6) + 2023-11-30 05:28:33 UTC (stable/12, 12.4-STABLE) + 2023-12-01 00:40:23 UTC (releng/12.4, 12.4-RELEASE-p8) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +FreeBSD has included a version of the powerful and feature-rich ZFS file +system beginning with FreeBSD 7.0 released in 2008. The ZFS implementation +in FreeBSD 12 and earlier is based on the Illumos ZFS codebase. In FreeBSD +13 and later OpenZFS is used as the ZFS implementation. + +Sparse files in a file system refer to a technique that optimizes storage +space by allowing the creation of files with unallocated or unwritten gaps, +known as holes. When reading a file, holes appear as zero or NUL bytes. +Certain system calls can access hole location metadata, including lseek(2) +with SEEK_HOLE and copy_file_range(2). + +In OpenZFS a dnode is a data structure used to represent and manage metadata +about files and directories. In file systems, "dirty" refers to data or +metadata that has been modified in memory but not yet written to the storage +device. Thus, a dirty dnode is one which has uncommitted data or metadata. + +In FreeBSD 13.2 and FreeBSD 14.0 cp(1) uses copy_file_range(2) to perform the +data copying in the kernel. copy_file_range attempts to find file holes in +the source file and preserve them in the copy. In FreeBSD 12.4 cp does not +use copy_file_range. + +II. Problem Description + +A check did not test both the dnode itself and its data for dirtiness. This +provides a very small window of time while a file is being modified where the +dirtiness check can falsely report that the dnode is clean. If this happens +a hole may incorrectly be reported where data was written. + +III. Impact + +If an access occurs while a file is being modified and a hole is incorrectly +reported, the data may instead be interpreted as zero bytes. Any application +which checks for holes may be affected by this issue; if this occurs during a +file copy it will result in a corrupt copy that retains the incorrect data. +Note that the source file remains intact (a subsequent read will return the +correct data). + +IV. Workaround + +Setting the vfs.zfs.dmu_offset_next_sync sysctl to 0 disables forcing +TXG sync to find holes. This is an effective workaround that greatly +reduces the likelihood of encountering data corruption, although it does +not completely eliminate it. Note that with the workaround holes will +not be reported in recently dirtied files. See the zfs(4) man page for +more information of the impact of this sysctl setting. + +The workaround should be removed once the system is updated to include the +fix described in this notice. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date, and reboot. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +or the i386 platfrom on FreeBSD 13 and earlier, can be updated via +the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting to apply OpenZFS erratum update" + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +NOTE: The FreeBSD 14.0 patch includes additional bug fixes which were found +during the investigation of this issue. These bug fixes do not apply to +FreeBSD 13.2 or FreeBSD 12.4. + +[FreeBSD 14.0] +# fetch https://security.FreeBSD.org/patches/EN-23:16/openzfs.14.patch +# fetch https://security.FreeBSD.org/patches/EN-23:16/openzfs.14.patch.asc +# gpg --verify openzfs.14.patch.asc + +[FreeBSD 13.2] +# fetch https://security.FreeBSD.org/patches/EN-23:16/openzfs.13.patch +# fetch https://security.FreeBSD.org/patches/EN-23:16/openzfs.13.patch.asc +# gpg --verify openzfs.13.patch.asc + +[FreeBSD 12.4] +# fetch https://security.FreeBSD.org/patches/EN-23:16/openzfs.12.patch +# fetch https://security.FreeBSD.org/patches/EN-23:16/openzfs.12.patch.asc +# gpg --verify openzfs.12.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://docs.freebsd.org/en/books/handbook/kernelconfig/> and reboot the +system. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ 99385ec7c296 stable/14-n265836 +releng/14.0/ 154870526943 releng/14.0-n265384 +stable/13/ 5858f93a8b66 stable/13-n256744 +releng/13.2/ 0bb76997ce58 releng/13.2-n254644 +stable/12/ r373278 +releng/12.4/ r373279 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> + +VII. References + +<URL:https://bugs.freebsd.org/275308> +<URL:https://github.com/openzfs/zfs/issues/11900> +<URL:https://github.com/openzfs/zfs/issues/15526> +<URL:https://github.com/openzfs/zfs/pull/15566> +<URL:https://github.com/openzfs/zfs/pull/15571> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-23:16.openzfs.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVpPo4ACgkQbljekB8A +Gu/7rg/8DV0CgrVWVW8lvywaBry/oFOAcB1s+b49fcW1wt4g4GOnFtU0VGuRYXJh +2pT2xnCVKgWKWciaFAoFN/N29GOxCuMkcPNoYPf8laiBNAmYTGGBMK6FI4YukI2V +6GKSU8hYPgxwRSRW7ZSXfzWl2MuLI2NdrRZwY+L/2cgr/uJVq/u7b1s7y7A9CdbQ +0euotytR77yrSHecA7Ye5PVRFp1behuiK9kbIVUTdFJRB0eQkpap5e3Af9b7GeLe +t3kFI5cHKim7PnquLpljxjRxwcWKeJBMf0a8X6nhXYJ7FHxh6YfRL1t4tPQIRHLq +5A4x9oDoZP5kPRQgdxYT4J/VuoCEsq9/D83DwLK6fMY9qcY/TYrp1rOnYKwBQDUj +FMIbaipxss/j8KWEyAwc3dIwJBFCW40yRFR2cg7SCeZ0UJzZEkuDOaIvzkWIGtc3 +AqW0R+lvAQ2f+ObbP7iQCGj4HrCgIlPUCDX2SckNuAwaXQIdu5GO+HDjuKb49sw3 +8zimt4dAT+OuvZxXDacIhIz53LCJHD/cAyF2CqTdNYpwne892drfiK4FQZ1Jq75Q +4nRedE8YLD2ZwuUALqR1PqHJQKra5hlAhAoITHuTpBG1fggSx6dyj6kSkMR8p6Mb +tADR8onFzUHZgOlkEOjddKaVqAP3z4jW+lfrlk7J/9j5jgRrtLM= +=pM+u +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-23:17.ossl.asc b/website/static/security/advisories/FreeBSD-EN-23:17.ossl.asc new file mode 100644 index 0000000000..7959bf01f7 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-23:17.ossl.asc @@ -0,0 +1,142 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-23:17.ossl Errata Notice + The FreeBSD Project + +Topic: ossl(4)'s AES-GCM implementation may give incorrect results + +Category: core +Module: ossl +Announced: 2023-12-05 +Affects: FreeBSD 14.0 +Corrected: 2023-12-03 17:48:09 UTC (stable/14, 14.0-STABLE) + 2023-12-05 18:27:34 UTC (releng/14.0, 14.0-RELEASE-p2) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +ossl(4) is a kernel module which implements some cryptographic operations +using implementations derived from OpenSSL. It integrated into the FreeBSD +kernel's OpenCrypto Framework (OCF). + +II. Problem Description + +ossl(4) contains an implementation of AES-GCM for amd64. This implementation +did not properly implement some aspects of the OCF interface. In particular, +ossl(4) AES-GCM sessions were not thread-safe, and did not handle an AAD +buffer outside of the main plaintext/ciphertext buffer. The former bug +affects consumers which dispatch multiple requests in parallel on a single +session, such as ZFS when encrypted datasets are configured. External AAD +buffers are used by some network features such as ktls(4). + +III. Impact + +On amd64 systems, ossl(4) could give incorrect output for AES-GCM operations +if consumers trigger either of the bugs described above. This could, for +example, result in packet loss, if ossl is used to encrypt/decrypt tunnelled +traffic, or data corruption if ossl is used to encrypt/decrypt filesystem +data. + +Users are not affected by default, as ossl.ko is not loaded by default. To +be affected, a system must either be running a custom kernel which contains +ossl(4), or be configured to load ossl.ko via loader.conf(5). + +IV. Workaround + +Disable the use of ossl(4), either by removing it from loader.conf or the +kernel configuration, and reboot the system. The built-in aesni(4) module +currently implements all of the same operations as ossl, so consumers will +not notice any functional difference. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. A reboot is required +following the upgrade. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +or the i386 platfrom on FreeBSD 13 and earlier, can be updated via +the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r now + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-23:17/ossl.patch +# fetch https://security.FreeBSD.org/patches/EN-23:17/ossl.patch.asc +# gpg --verify ossl.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ 118b866d9c39 stable/14-n265898 +releng/14.0/ 433fe061fc59 releng/14.0-n265388 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275306> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-23:17.ossl.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVvmVoACgkQbljekB8A +Gu/dvQ/+KCck7lbRZYax4QZ7JxLpbutOWDITGFVMtELT7njcMMpIH6TIKLwTDpcR +XPz/znROLquDkTpke6uf0IZyC1nMHxaYwgiTImpA0ecd3Z5n6hNj2EEhOhlitDfc +N+UNhpQa8689CYkcm4ofgb2MQdzc/0HDTX+6tUpLuwuLhqGxyJK5bgQo63MK2osb +qlj5TntXjVIbd33dN97JZfV9JDSapS2xLBFShe0R9+do0ucvDVOiPErHvKsLSm9P +iYxrezxw3X6fi1BbLVe7u3B3ELeNgKnreh7CakDn/UF3hhn138d4XQ2+3ppRaadG +81kbzMtHQHOKTRzVBrdi2sd7wDOgTapGmeeSr/87GYCOU2ZfXpZjr5k4tuD/RUOB +44ZxeWnaNKWa4C8xr1ESr3pebTF1la2tqNQwiG/9euUn3Kl/NZFRCzaruiEmaLaG +DeOAu3VZCucHPowA3rr80J6XPx/295Bq/bN6J5/Qd+TzKjzbqzvelXXHsn5AMjur +tPUtG5iCLQZvivM5Wd4jaOVrZvp0ps7qlugNnOZPr/qBcW04YdwCamzwUipIDNnP +XrxmxJdhFJhy//hnTNgJiKS6LJP5lh2ogAN6tRnvKKZrb11OAcHPIUqIyI51Bieh +w4Yqrq2cOxMDgi7jKlSi2DLWs56WWEDob8cHhRhKhI6Fre2Yizs= +=Vn8m +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-23:18.openzfs.asc b/website/static/security/advisories/FreeBSD-EN-23:18.openzfs.asc new file mode 100644 index 0000000000..892e2cfaef --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-23:18.openzfs.asc @@ -0,0 +1,135 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-23:18.openzfs Errata Notice + The FreeBSD Project + +Topic: High CPU usage by ZFS kernel threads + +Category: contrib +Module: zfs +Announced: 2023-12-05 +Affects: FreeBSD 14.0 +Corrected: 2023-11-22 11:43:59 UTC (stable/14, 14.0-STABLE) + 2023-12-05 18:27:35 UTC (releng/14.0, 14.0-RELEASE-p2) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +ZFS is an advanced and scalable file system originally developed by Sun +Microsystems for its Solaris operating system. ZFS was integrated as part of +the FreeBSD starting with FreeBSD 7.0, and it has since become a prominent +and preferred choice for storage management. + +II. Problem Description + +Because ZFS may consume large amounts of RAM to cache various types of +filesystem objects, it continuously monitors system RAM available to decide +whether to shrink its caches. Some caches are shrunk using a dedicated +thread, to which work is dispatched asynchronously. + +In some cases, the cache shrinking logic may dispatch excessive amounts of +work to the "ARC pruning" thread, causing it to continue attempting to shrink +caches even after resource shortages are resolved. + +III. Impact + +The bug manifests as a kernel thread, "arc_prune", consuming 100% of a CPU +core for indefinite periods, even while the system is otherwise idle. This +behavior may impact workloads running on the system, by reducing available +CPU resources and by triggering lock contention in the kernel. + +IV. Workaround + +No workaround is available. Systems not using ZFS are unaffected. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. A reboot is required +following the upgrade. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +or the i386 platfrom on FreeBSD 13 and earlier, can be updated via +the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-23:18/openzfs.patch +# fetch https://security.FreeBSD.org/patches/EN-23:18/openzfs.patch.asc +# gpg --verify openzfs.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ f7f5c2419ea7 stable/14-n265783 +releng/14.0/ 64c5eaab835b releng/14.0-n265389 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275063> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-23:18.openzfs.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVvmWEACgkQbljekB8A +Gu9bwQ//XsLmkl7ttR+LKXCYUCLCzAZF9PXYA8IQQlUWQ39SMrEaCRP5XSBOznuy +UtxdSfH/aQJaGb7P8b88IxMiOteYovRCApkdEY4RstaisdgDFie7XdXUDizzPZL/ +jPDSxU9I3dsHs3diQxqJRMTVtABYkErwLizLlCOJByKGUAXe+xpOibtSf2p1RtuJ +4+EaUS6j5TDpRyocEvR/x3DsbKVZcyHevd5XCgwFl69YyX7ShmrQMJA+ytAuF6or +l3dty1KxpwY7GJq6wIF8nM1Xo08t4uDsXyxHHOtFLBkyK5710KhrzbkDzamwKl5j +7PhyOfj4r4+k4NhOiDPBM3O72DU4zoOpZak2BwPeT4iDoSeeJslR2SyU3dk1w76X +bSfPWq7I3gSPcpndkskY1jCXwKo8Zm9gzu8ROF9Fg31ve/x7dVUYF+ZItppFq5k7 ++o/0klvA+pCJpRWpSuDLsVyPcdmu5E25iTLDoJMjSKUiDXwdhI+AvKac4HLmd84C +PhNmc6pVMdlFH9GdV/34wyvfyfSfhiWxxoel+ZOHZ2gjfFkwcSIFS7BNGBYvMKFi +0k/DAsLxNlQk+nv5Z8MKaYDpAyjW3CQi+14TmLudhxqmtt25cod2+dxoyJg6F7jE +Na47H6+jdAB3dBnNhSKaIE1eoOy1kz+RukHQxScm9kX+8x0A9o0= +=4CJg +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-23:19.pkgbase.asc b/website/static/security/advisories/FreeBSD-EN-23:19.pkgbase.asc new file mode 100644 index 0000000000..8ed2c9f4ad --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-23:19.pkgbase.asc @@ -0,0 +1,128 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-23:19.pkgbase Errata Notice + The FreeBSD Project + +Topic: Incorrect pkgbase version number for FreeBSD 14.0 + +Category: core +Module: bin +Announced: 2023-12-05 +Affects: FreeBSD 14.0 +Corrected: 2023-11-16 08:19:08 UTC (stable/14, 14.0-STABLE) + 2023-12-05 18:27:36 UTC (releng/14.0, 14.0-RELEASE-p2) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +In addition to the traditional release artifacts (such as base.txz), the base +system is also packaged into a few hundred packages installable with pkg(8) +as part of the experimental pkgbase project. + +II. Problem Description + +The pkgbase package versions for 14.0-RELEASE packages are set to "14" +instead of "14.0". This differs from earlier releases, for instance the +latest pkgbase version number for releng/13.2 is "13.2p5". + +III. Impact + +Using package versions without the minor version will cause package version +conflicts in the future for FreeBSD 14.1 and later. + +IV. Workaround + +No workaround is available. This problem only affects systems using the +experimental pkgbase package sets. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. No reboot is required. +If pkgbase is not in use on your system, no action is required. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems using pkgbase can be updated via the pkg(8) utility. + +# pkg update -r FreeBSD-base +# pkg upgrade -r FreeBSD-base + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable FreeBSD +release branches. Note that since this issue mainly affects people that +build pkgbase packages locally, consumers of pkbbase (i.e users that have +installed experimental pkgbase packages should update using pkg(8) as +described above. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-23:19/pkgbase.patch +# fetch https://security.FreeBSD.org/patches/EN-23:19/pkgbase.patch.asc +# gpg --verify pkgbase.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and buildkernel and create +a package set with correct version numbers using 'make packages' + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ da7e9601a99a stable/14-n265735 +releng/14.0/ ad3edd66d15e releng/14.0-n265390 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275051> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-23:19.pkgbase.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVvmWMACgkQbljekB8A +Gu+GgRAAo/xP3ZVWXUhcg9JXK2RnqTH2K4V/8f67e//HEs4wjYjkfvZe2m7yiYzu +pvwKo+ifCmWiMEHzHiMuVIknmfD2eDfVWH687KCHBhG7CJztxickSWIIFJyuTzKb +leg1ZBQo546SQVtamkGo8TEb+TMJhaRBz3McQ0ZxsyQJU59f02SH8Ua2swpTbZ58 +irL7PiDJi85dlmLiVry33osotdfoSkmPeNHDZFtXMhWWIy/5MVy0FBvkmA9NzR6S +R1QozM9kXmcpEEOmt9EmW/asDFtF9p/2Ozi6wEnB67oNh2+ASynGlOD4mjYcRgYh +/RBLT0+j4FlB2FVU7n94oysPN72dYDCAMqk7tqzGFeOjNBJ2cdlN/7iGNvi7kp65 +kgmHUd0Rr4txMb2XcxKfMOyOoknPluktNcQ2QoU9oBFR7ejNgGmSMaXIWI3O5NaQ +pdZJEj/4eOn0A5xuWCKCW16ymgXlGYdC3DzQ71nlKREV5uZJqYBmQBI+PbVJij+C +Z7Cxw1Ia3TKZn1B7NocRQNjPQIKLo12SLwJ+TcbxjRHE3QC8sLyYl8moXRaG4UWy +8C4yBatzAOmn4d50JzElNHDnE+XXaKExDBBcSVab3T+Y+4z7HNINH+d6+RdNSI3L +2MgKURXoaegGB7ExqA/kgKQliuFUg320LOrIq7gnQ47SaCBZ6xI= +=cn6s +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-23:20.vm.asc b/website/static/security/advisories/FreeBSD-EN-23:20.vm.asc new file mode 100644 index 0000000000..7c80a32eff --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-23:20.vm.asc @@ -0,0 +1,171 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-23:20.vm Errata Notice + The FreeBSD Project + +Topic: Incorrect results from the kernel physical memory allocator + +Category: core +Module: vm +Announced: 2023-12-05 +Affects: FreeBSD 14.0 +Corrected: 2023-11-25 01:26:35 UTC (stable/14, 14.0-STABLE) + 2023-12-05 18:27:37 UTC (releng/14.0, 14.0-RELEASE-p2) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +The FreeBSD kernel implements a physical memory allocator which is +responsible for managing the system's RAM. This allocator provides +interfaces which allow kernel code to request the allocation of memory which +satisifies certain constraints, such as bounds on the physical address range +for returned memory, and alignment of the returned physical pages. + +One use of the physical memory allocator is to allocate memory for DMA for +device drivers, which may have special requirements. For example, a common +constraint is that DMA memory be allocated from the lowest 4GB of the +physical address space. + +II. Problem Description + +The code which implements the physical memory allocator in FreeBSD 14.0 +contains a bug such that the returned physical memory may, in some +circumstances, fail to satisfy the specified constraints. + +III. Impact + +The effects of the bug do not have a simple characterization, as different +users of the interface may be affected differently by the bug. In one case, +the symptom was that the affected system would occasionally panic during +boot. It is believed that most users will be unaffected by the problem. + +IV. Workaround + +No workaround is available. + +V. Solution + +<insert solution here> + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. A reboot is required +following the upgrade. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +or the i386 platfrom on FreeBSD 13 and earlier, can be updated via +the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 12.4] +# fetch https://security.FreeBSD.org/patches/EN-23:20/vm.patch +# fetch https://security.FreeBSD.org/patches/EN-23:20/vm.patch.asc +# gpg --verify vm.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +<for a userland utility:> + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +<for a daemons> + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart the applicable daemons, or reboot the system. + +<for a common library> + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart all daemons that use the library, or reboot the system. + +<for a kernel bug:> + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ 210fce73ae0e stable/14-n265801 +releng/14.0/ 4be96902ba82 releng/14.0-n265391 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274592> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-23:20.vm.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVvmWUACgkQbljekB8A +Gu+kRhAAtUSzuLKhrxQc3+FfL4M+GvebvPkQASFygFCzQR1mXJJFnFl4UkLMNlnN +83zzFbSC5jVxGUrlu1BDmgIZobmB1/INKE/dcl/GRTqJuQhzYGJ+Q5lAGX5AQV2H +kmYEUuGmMT8YR1KsDY9f+4yB61hkSbm8snOO4VRb1D+CBUCF2skKPrZu25+xDsxV +888LY1X0LAO7Udvk9DEldWRM6IYeXuIn24mfUIkPYF62sBb82jW1w+LC148W2xIz +F6jr9N9CBqhthpujWSMmKymOFSEg9HcKPJ55CEE1LCIhuxtz7h0GxP+GN9l4vc3b +FfvQHcoxin9wpmaYevPXLoAW415lMvvgurP12NirDgB5lEadPEfnhckLO9ndw5y7 +PmSOKwKQlDfBHMwjTnlUUE3G8kw5FOXcT7/qr3x++Cl3tBNTGaei9A6EpFD3mzNS +y0BH7bwYbr/GjSMJAeH3SI9il3hTA9/4jP8KATIUGuIWJJGqlFJR3uuubh2pIdR9 +qrHpA6JqcYjbRyK3+AkV1EXPoRmOjt/uYbRld/8HIkFMrD/cBvh7R+mP4+XU4k5y +eYgoPxjJat63XIfzqtFPkAVH+h+bbvUpzaikrArQuvshq/4IrO3NV1ub6gZWc6N7 +QfsBKolQQ37FgHKmIbrBFOegmDuiaaXGVLDH3s7fWYmKl9DRr/8= +=con6 +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-23:21.tty.asc b/website/static/security/advisories/FreeBSD-EN-23:21.tty.asc new file mode 100644 index 0000000000..d0475aa4d3 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-23:21.tty.asc @@ -0,0 +1,133 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-23:21.tty Errata Notice + The FreeBSD Project + +Topic: tty(4) IUTF8 causes a kernel panic + +Category: core +Module: tty +Announced: 2023-11-24 +Affects: FreeBSD 14.0 +Corrected: 2023-11-20 16:54:54 UTC (stable/14, 14.0-STABLE) + 2023-12-05 18:27:38 UTC (releng/14.0, 14.0-RELEASE-p2) + 2023-11-20 16:57:49 UTC (stable/13, 13.2-STABLE) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +Note: This issue does not affect 13.2-RELEASE, as the bug was introduced into +the stable/13 branch after the 13.2 release. + +I. Background + +The IUTF8 flag was added to the tty(4) subsystem in order to add proper +backspace handling for UTF-8 characters. Without this flag, tty(4) treats +all characters as single-byte-wide characters and so, in the case of a UTF-8 +character two bytes in size or larger, tty(4) deletes only one byte during a +backspace event, instead of all bytes, which results in the tty buffer +containing garbage. + +II. Problem Description + +The implementation of backspace handling failed to check whether the TTY +buffer was empty, in which case the kernel could panic. + +III. Impact + +An unprivileged user may be able to trigger a kernel panic. + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security branch +(releng) dated after the correction date, and reboot. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +or the i386 platfrom on FreeBSD 13 and earlier, can be updated via +the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-23:21/tty.patch +# fetch https://security.FreeBSD.org/patches/EN-23:21/tty.patch.asc +# gpg --verify tty.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ ae8387cc818a stable/14-n265760 +releng/14.0/ 31f6cfca851f releng/14.0-n265392 +stable/13/ 8647fe60b8c3 stable/13-n256709 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275009> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-23:21.tty.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVvmWcACgkQbljekB8A +Gu+WfxAA4+u5wXTSy1UcpO17JzFuo0JjhQUcOEh3uWRCPdgpokEkv7xnjJQz8W3u +0c1GtigtKLOvJx6gF4ilFQhVbxtFNj5a73ODPqcy0K0x7YPw/5Rbrl+jk7389NXT +A5H7kT7bscF6x9D7YfAkA2/JSgSS3opx6KJhOP8x8DvNuNpl/v2ja1LAcIVjytu6 +YYBz/GaODjX4iOw8dYzQetmbeEOiKZX660Eq5Sm2UySRz/BpJpT3y1Ncl84dWC+H +otBihg1iezD5Ju4TIbGz6/N2oSf6mEQ2jx+ahNPGHj/A4fUeBajZWJZrge4Birii +c45EIcPUzyt8Q4Xjcn4qCKJ3MHGCR65/39oK5DbOXD62t3l/vbLSbHToYjeJWyTN +Fl/hOtVSrF7Om0qhlrNOfS2jXIcTQDBQJ/vgjC+m+FTDtnyiSSAZfYXQz4Ckkqfw +KMPc3N9YI7aoifyTQxj508WN1dma7eRwyupLabwfOij03vmN/4tAI89v6EEefhpM +wTUPTgebQWgHJjjUi7Mo8EXSzWxtPbdt2UX8XtVw3EpjQOqqc0vv+VJxkCAdMdDO +fE8614WWcHppswXi7dlWgKUcMEEdtZ48+QjM1h+fA8DeNk6FSLBJXLUQnll1QPEW +VDj9oKnoXquQyuxWB8MwbiUfrLlAhAXhfC8nG+Ci75sts0E4jQE= +=wp8X +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-23:22.vfs.asc b/website/static/security/advisories/FreeBSD-EN-23:22.vfs.asc new file mode 100644 index 0000000000..e6fb59ced8 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-23:22.vfs.asc @@ -0,0 +1,133 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-23:22.vfs Errata Notice + The FreeBSD Project + +Topic: ZFS snapshot directories not accessible over NFS + +Category: core +Module: vfs +Announced: 2023-12-05 +Affects: FreeBSD 14.0 +Corrected: 2023-12-01 13:27:28 UTC (stable/14, 14.0-STABLE) + 2023-12-05 18:27:40 UTC (releng/14.0, 14.0-RELEASE-p2) + 2023-12-04 21:03:42 UTC (stable/13, 13.2-STABLE) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +ZFS is one of several filesystems available on FreeBSD. ZFS supports many +advanced features, including checksumming, transparent compression, and +snapshots. + +Snapshots of a ZFS dataset can be accessed through a hidden directory, +.zfs/snapshots, located in the root of the mounted dataset. + +II. Problem Description + +When a process attempts to access a snapshot under /<dataset>/.zfs/snapshot, +the snapshot is automounted. However, without this patch, the automount does +not properly set some metadata in the kernel's representation of the mount +point, which results in the snapshot not being accessible over NFS. + +III. Impact + +Workflows which rely on ZFS snapshots being accessible over NFS are broken. + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. A reboot is required after +the upgrade procedure has been completed. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +or the i386 platfrom on FreeBSD 13 and earlier, can be updated via +the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r now + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-23:22/vfs.patch +# fetch https://security.FreeBSD.org/patches/EN-23:22/vfs.patch.asc +# gpg --verify vfs.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ 62304a0c3b8b stable/14-n265867 +releng/14.0/ 889ecd8fd178 releng/14.0-n265394 +stable/13/ 00f0b99e63c3 stable/13-n256835 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275200> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-23:22.vfs.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVvmWkACgkQbljekB8A +Gu+7TBAAt31ElRhk83oPelDQ0Trq1ngDk7qWabeG+ODjS6mptke5mqBn0ZvFyTNb +z+x6biXUGnE9o9P4T0mdE/euSGSHQWASU+DwycRqkEM4Xo7rMWrheOGwFBJ+1g/z +ZQyowYL8HRIOQ7Ijal1NTZ2S/HpAvXdyuGsxYYimyZyckOAe+ZzmUiCmlvvLJCdk +m8uUnRidevXWiUrRW9MNBHG5XoNwT7je5KT/RxqqeJQ4ObWEywjsHxwZn1Px1vQw +ycjbL82sKrv2FiXf2FdvC2xbji5QkrLTf+EOecreTKaiyMcooT9h+ZQUiRj3ChbW +KHszVdwYrGmDx9OOq+JWWqf+KgEfmiisFQsqHpq4Zc4RTKhPwAV/PX7+cLvBlX85 +QgNupyGLkwOkrAb3hdC7dsPTZl4htFJzC49CDH4IZNIJxQ7pTa0LDujyybacnYE+ +reCe6DZ5aY+TULHlCTfGZ21OcpiEDrCmvFoZhZHuEZxMl9LjIf1jjpGPFP+lPJ7u +nG5VXRjFfFdGtuiyfzs4UsYD5XOn+hgcZl8vkMgfXQU0LwPyKHxo3k+vg5rdxImI +HWZPYlo6D+lrtIBW3LLjiHrhHrekruqN2RT8cmkSOftihLdNuO8KC72DE0Co/D49 +QeVeOv5tkNyc0/M7TVEYapIYGCTb5VpawZNyr6ABLwnXDyQ8rck= +=ufsO +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-24:01.tzdata.asc b/website/static/security/advisories/FreeBSD-EN-24:01.tzdata.asc new file mode 100644 index 0000000000..a724f566d8 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-24:01.tzdata.asc @@ -0,0 +1,191 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-24:01.tzdata Errata Notice + The FreeBSD Project + +Topic: Timezone database information update + +Category: contrib +Module: zoneinfo +Announced: 2024-02-14 +Affects: All supported versions of FreeBSD +Corrected: 2024-02-05 00:30:01 UTC (stable/14, 14.0-STABLE) + 2024-02-14 06:21:06 UTC (releng/14.0, 14.0-RELEASE-p5) + 2024-02-05 00:30:42 UTC (stable/13, 13.3-STABLE) + 2024-02-14 06:27:47 UTC (releng/13.2, 13.2-RELEASE-p10) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +The IANA Time Zone Database (often called tz or zoneinfo) contains code and +data that represent the history of local time for many representative +locations around the globe. It is updated periodically to reflect changes +made by political bodies to time zone boundaries, UTC offsets, and +daylight-saving rules. + +Leap seconds are occasional adjustments added to -- or potentially subtracted +from -- Coordinated Universal Time (UTC). An authoritative list of leap +second adjustments is maintained by the International Earth Rotation and +Reference Systems Service (IERS). + +FreeBSD releases install the IANA Time Zone Database in /usr/share/zoneinfo. +The tzsetup(8) utility allows the user to specify the default local time +zone. Based on the selected time zone, tzsetup(8) copies one of the files +from /usr/share/zoneinfo to /etc/localtime. A time zone may also be selected +for an individual process by setting its TZ environment variable to a desired +time zone name. + +The latest list of leap seconds at the time of release is installed on FreeBSD +in /var/db/ntpd.leap-seconds.list. The startup rc(8) scripts of the ntpd(8) +Network Time Protocol implementation included in the FreeBSD base system can +periodically download an updated leap-seconds.list file from configurable +internet sites. + +II. Problem Description + +Several changes to future and past timestamps have been recorded in the IANA +Time Zone Database after previous FreeBSD releases were released. This +affects many users in different parts of the world. Because of these +changes, the data in the zoneinfo files need to be updated. If the local +timezone on the running system is affected, tzsetup(8) needs to be run to +update /etc/localtime. + +In the default configuration, the ntpd(8) startup script included with FreeBSD +checks for an updated leap-seconds.list on the IETF's web server. As of 2023, +the IETF no longer distributes a copy of this file. + +III. Impact + +An incorrect time will be displayed on a system configured to use one of the +affected time zones if the /usr/share/zoneinfo and /etc/localtime files are +not updated, and all applications on the system that rely on the system time, +such as cron(8) and syslog(8), will be affected. + +With the default configuration, FreeBSD systems cannot file updates to the +installed leap-seconds.list file. Since no leap second was introduced at the +end of 2023, the leap-seconds.list file included with all supported FreeBSD +releases is still accurate. Moreover, ntpd(8) is able to receive updated leap +second information from its peers. However, a diagnostic warning about an +expired leap-seconds.list is printed at startup. + +IV. Workaround + +The system administrator can install an updated version of the IANA Time Zone +Database from the misc/zoneinfo port and run tzsetup(8). + +Applications that store and display times in Coordinated Universal Time (UTC) +are not affected. + +The ntpd(8) startup script can be configured to download an updated +leap-seconds.list file from IERS with the following rc.conf(5) setting: + +ntp_leapfile_sources="https://hpiers.obspm.fr/iers/bul/bulc/ntp/leap-seconds.list" + +Larger sites, or sites without reliable connectivity to the internet, may wish +to point to their locally maintained copy of this file. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +Please note that some third party software, for instance PHP, Ruby, Java, +Perl and Python, may be using different zoneinfo data sources, in such cases +this software must be updated separately. Software packages that are +installed via binary packages can be upgraded by executing 'pkg upgrade'. + +Following the instructions in this Errata Notice will only update the IANA +Time Zone Database installed in /usr/share/zoneinfo. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) +utility: + +# freebsd-update fetch +# freebsd-update install + +Restart all the affected applications and daemons, or reboot the system. + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-24:01/tzdata-2024a.patch +# fetch https://security.FreeBSD.org/patches/EN-24:01/tzdata-2024a.patch.asc +# gpg --verify tzdata-2024a.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart all the affected applications and daemons, or reboot the system. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash in the +following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ 26fe22019cb2 stable/14-n266642 +releng/14.0/ a3b7bafd2acc releng/14.0-n265409 +stable/13/ f4256acec1c9 stable/13-n257384 +releng/13.2/ 66bb668fe5f2 releng/13.2-n254660 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://github.com/eggert/tz/blob/2023d/NEWS> +<URL:https://github.com/eggert/tz/blob/2024a/NEWS> +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275419> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-24:01.tzdata.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmXMY7QACgkQbljekB8A +Gu+fHhAAmDag450+55aZqz9vmY6yEr9gLH0h6Y+yJpvNegzIXaBT+bltNiuO60Dt +r5N/Q9W5Ovwk2cER+jkZ7jvsY6YCtj1lWlv7w9jW2yRNkhDYwY3NBANgEueUsVww +fsZq9lkhQjrtsWnygCSdd+6qj7FZ0ufs53rs35bYxt0/aYx510wBQ6+i6eV0kS2C +2fSWX26/feCHsjd1wyWSvrw7xA1eq8YxVc1Psx8hCYnqOSxuVhL/PpmP1EXl+gF0 +VBHdnmVMibDGRYpiBKxZD+LGCt/KD2oyBEtCXHohkXmIGhouojeSolL7f8IG25ZM +HW0HjKQSTozcjADl4HQpEE7DIYcxc9O2hW2l6WoEf7KAOitsq7nMQHMVp5qd1BsJ +24NihZJ4LNDCpzC4C0jpX9FpKwzrWjldVCBSMCVTZCo2MW+7WXNNDX4TbN66CPqN +cl8bnBCs9Znn6/JrkBR1Bf5TFrGpowEBw9sMVzp4S/QnZkT14mLgV6wlBq8WYmDz +aspdBTq8GWLekl4wIiCKFBV+C3KluPSDlnFF2utcXNZuBVyXyke2Bxsuul7vXnE8 +nTWwegaWWRg3ki9Lnk3dtxN3/5EQ4KfJZdfouT9DwRt3/Ja0aWqkc4GU9L4K8GkL +ag2CzVlnUiqjsOplONpoKqYrg5vqLfdojOshCs42cNZco5r3USw= +=OaBj +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-24:02.libutil.asc b/website/static/security/advisories/FreeBSD-EN-24:02.libutil.asc new file mode 100644 index 0000000000..c5c33a7863 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-24:02.libutil.asc @@ -0,0 +1,169 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-24:02.libutil Errata Notice + The FreeBSD Project + +Topic: Login class resource limits and CPU mask bypass + +Category: core +Module: libutil +Announced: 2024-02-14 +Credits: Olivier Certner +Affects: All supported versions of FreeBSD. +Corrected: 2023-10-24 00:57:11 UTC (stable/14, 14.0-STABLE) + 2023-02-14 06:05:41 UTC (releng/14.0, 14.0-RELEASE-p5) + 2023-12-21 13:39:03 UTC (stable/13, 13.2-STABLE) + 2023-02-14 06:05:57 UTC (releng/13.2, 13.2-RELEASE-p10) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +setusercontext() is a high-level API generally used by login-like programs to +set the general environment of new processes launched on behalf of other +users, including the credentials (users, groups, MAC security label), resource +limits, CPU mask and process priority. + +This function only applies the settings of the types requested by the caller +via flags (e.g., LOGIN_SETALL for all types, LOGIN_SETUSER to set the real, +effective and saved user IDs, etc.), and for some of them requires privileges +to do so. Among these, the resource limits (flag LOGIN_SETRESOURCES) and CPU +mask (flag LOGIN_SETCPUMASK) types are set not only based on the target user's +login class, which is controlled by the system administrator, but also on his +personal configuration file '~/.login_conf' (see login.conf(5)). + +In order to prevent unprivileged users from overriding the administrator +settings, setusercontext() applies a personal configuration file only if the +real user ID of the process that runs it matches that of the target user, with +the goal to avoid applying the user-controlled settings with privileges. + +II. Problem Description + +When deciding to apply a target user's personal configuration file, +setusetcontext() checks the real user ID of the process whereas it should +instead check the effective user ID, which is the one affecting the process' +privileges and consequently which settings it can change and to which values. + +III. Impact + +An unprivileged user may bypass the administrator's resource limits and/or CPU +mask settings stemming from his login class provided he can run a (setuid) +login-like program that: +- - Calls setusercontext() with the LOGIN_SETRESOURCES and/or LOGIN_SETCPUMASK + flags but without LOGIN_SETUSER (which excludes the use of LOGIN_SETALL), + and with a non-NULL 'pwd' argument. +- - Does so before changing the effective user ID to the target user. + +No programs in FreeBSD's base system, including login(1) and su(1), meet these +requirements, but third-party programs may. In particular, sudo(8) does when +using the default sudoers(5) plugin configured with the 'use_loginclass' flag +enabled. doas(8) does not. + +IV. Workaround + +There are at least two possible workarounds. + +The first one is for an administrator is to prepare for all users a +'~/.login_conf' they can't write or replace, e.g., using filesystem flags +'schg' or 'sunlnk' (see chflags(1)), defeating user's own customizations. + +The second one is to review setuid login programs accessible to users, +determine if they meet the requirements above, and deactivate those that do or +reconfigure them when possible, as mentioned above for sudo(8). + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) +utility: + +# freebsd-update fetch +# freebsd-update install + +It should be followed by a restart of all third-party daemons that use the +'libutil' library, or a reboot of the system. + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-24:02/libutil.patch +# fetch https://security.FreeBSD.org/patches/EN-24:02/libutil.patch.asc +# gpg --verify libutil.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart of all third-party daemons that use the 'libutil' library, or reboot the +system. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash in the +following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ ede6fd06726c stable/14-n265587 +releng/14.0/ c2a9cfc55046 releng/14.0-n265403 +stable/13/ 9fcf54d3750e stable/13-n256941 +releng/13.2/ 9deb5ca77beb releng/13.2-n254655 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=271750> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-24:02.libutil.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmXMYQoACgkQbljekB8A +Gu8m9Q//cmgbS/PZPMBjARTQa2kkEpIy7zYgDq9/oriREfUBgbN+hFdxlwN5q59r +t+lJGJYSynMQDFglQcsD61nECP6fnjco1RxLPpzf+aBmP/VebOh7irsI7QElisY+ +SoiCHhZrpXcZGU5OBTA0Nd7NbKVmCflF6aJN0bOCZHvONSUH+ijsXPd98Pjx6TgF +0yQV3ryMYtEBbIaXdR751HLe011hcQYBnlU+/0B9bzL5JCr67NaYM3MDkMkwvXSs +zJaefj9xxMlJdB4EvkJGtcau4Kw/qdM0iFllUMmOPl3QK+s4LKguaVtuWWI0bSvL +VlFbGVCoRmaVzV+ZaCrDZrsl3NOC92Trhg5QdLV5HJUP3sSRAo5PGNostdWB6VsT +mfgJp0owv7LSSt/irDgtY2OGFb3Y/RZmqTBXR7ScFAguuA5dJva44eDkUX8YXBU/ +7ZlXMuF94dmaTmcDqOqWBmfeIWlIKdVsol6fzoKQhLjtZuUg5vdl2rUlj6GSNSL9 +6GLU2/LiobuBhfc0qL/mmtyovqHO2HDLsNX54zusBEzy7lI2URvTcCjcHX0Tbwwi +cuj6b/XzvAnQ2qFyA4l8bhCSpECkGybLgar+ig199K077HrwRUjLt666JQtMBkKQ +LZafucjfGCSpDJFcVjfGfliYnYQFyAd4NAfDsnR15xz9Pxw7MOg= +=mDl9 +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-24:03.kqueue.asc b/website/static/security/advisories/FreeBSD-EN-24:03.kqueue.asc new file mode 100644 index 0000000000..6ddfa84ef7 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-24:03.kqueue.asc @@ -0,0 +1,131 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-24:03.kqueue Errata Notice + The FreeBSD Project + +Topic: kqueue_close(2) page fault on exit using rfork(2) + +Category: core +Module: kqueue +Announced: 2024-02-14 +Affects: All supported versions of FreeBSD. +Corrected: 2023-12-05 00:43:27 UTC (stable/14, 14.0-STABLE) + 2024-02-14 06:05:42 UTC (releng/14.0, 14.0-RELEASE-p5) + 2023-12-05 00:44:13 UTC (stable/13, 13.2-STABLE) + 2024-02-14 06:05:58 UTC (releng/13.2, 13.2-RELEASE-p10) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +The kqueue(2) system call provides a generic method of notifying the user +when an event happens or a condition holds. + +II. Problem Description + +Normally, when a process exits, all its kqueue fds will be destroyed at the +moment p_klist is detached. However, if the process was created with rfork(2) +with shared file descriptors, its signal knotes can survive. This can +eventually result in a page fault when the process exits. + +III. Impact + +Using kqueue(2) with a process using rfork(2) can panic the system. + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date, and reboot the system. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) +utility: + +# freebsd-update fetch +# freebsd-update install + +Reboot the system. + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-24:03/kqueue.patch +# fetch https://security.FreeBSD.org/patches/EN-24:03/kqueue.patch.asc +# gpg --verify kqueue.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash in the +following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ 24346a2f7775 stable/14-n265907 +releng/14.0/ bb06104dce0b releng/14.0-n265404 +stable/13/ 55e91944998c stable/13-n256837 +releng/13.2/ 154dedade465 releng/13.2-n254656 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275286> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-24:03.kqueue.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmXMYQwACgkQbljekB8A +Gu+GSxAA5voCfr4a2LrMmBjQvgD7XwpCNH9yvYN3chKG07TTqNWkHbCxNvc4Brzm +IXKGxvolrY3PZhXgN2KZhe/wAOf0I1ZazeW9wdk13O9G2SF5aaUYBkCvoMmPME42 +f7lVXnkxhTQAovVFQRZAK6sYCVspIPQEpavoa7rq5dDDtO9g2AqB53aAbgdBpQ0j +ClIcMzM2HdiYQBi4WuL36XVbeX6N++N5ouE8Hdz+pDcQSHuOm3VHUKlpRsEXLmYI +3uDJ8py+PGbtcLnSVALEcnreirJcCJ5em7Gaec2KXHDRis/dLW+DPlPyZp1mpIBZ +l073AME8hEOxnJOUALvxTVHQS3L35JjFmxnSGwnLzXH16v/fGUKlnAZkOftNcRan +JW1fLXB2EH+H+hdnOWiQeTCk8duIIvXuWEYf8dfP6SBMm9FfzBAoTv/K1mHxGFKZ +s3iR4WyC7Y6r56meVdNfs/F4XtVh3edhVfOdjf/5I8+Ut9HGRNuHOCepLG9DASOd +eQbhHAnHnUB21qq4Tme0eKoA130gVcBMr2NsE0lifNArLzEvvGB0Bw+9ZP9IfFeS +/fPs4Yq1XIjpgk+TDdOPGexLWCIBl0ursjZMSuGyhXkDaD1oYzF3SKWrJRkahpUq ++tN6jVPkG7Iy36myKSHofuPh641hSmk88IJPJHVrdNjo88hUti0= +=xsIs +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-24:04.ip.asc b/website/static/security/advisories/FreeBSD-EN-24:04.ip.asc new file mode 100644 index 0000000000..a5fbf4e1a1 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-24:04.ip.asc @@ -0,0 +1,130 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-24:04.ip Errata Notice + The FreeBSD Project + +Topic: Kernel panic triggered by bind(2) + +Category: core +Module: ip +Announced: 2024-02-14 +Affects: FreeBSD 14.0 +Corrected: 2024-01-09 00:30:05 UTC (stable/14, 14.0-STABLE) + 2024-02-14 06:05:43 UTC (releng/14.0, 14.0-RELEASE-p5) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +The inpcb subsystem of the kernel is responsible for implementing +portions of socket-related system calls (e.g., bind(2)) on behalf of +IP-based network protocol implementations. This layer provides lookup +tables which can be used within the kernel to translate between sockets +and the internet addresses to which they are bound or connected. + +II. Problem Description + +The inpcb layer maintains several hash tables which are synchronized by +a combination of mutexes and the use of lock-free data structures. The +implementation of the latter was flawed such that a locked lookup could +return a socket that was in the process of being removed from the table. + +III. Impact + +The race condition can trigger a NULL pointer dereference in the kernel, +resulting in a kernel panic. + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) +utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r now + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-24:04/ip.patch +# fetch https://security.FreeBSD.org/patches/EN-24:04/ip.patch.asc +# gpg --verify ip.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash in the +following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ 2bfe735277b8 stable/14-n266255 +releng/14.0/ 9db5ae3ec45f releng/14.0-n265405 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=273890> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-24:04.ip.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmXMYQ4ACgkQbljekB8A +Gu8ffg/7BY7BfPU1emJ7YfFNKszPKJooefFS8dejskN6ic55hCt8fh0RuV9g/Lwg +25QehLwGl821HaoTBijM9EBt4RTT9qdzU0m+9MKKATxy5wfnfANtU3fa+nwvuWhB +fM6kLJcnViobhGHDoFN29Nz2BjfGodh4XXf1uE4zOLytw9WrM69H/UbHPMn7xSzM +mPqGppk/TdxEdWXywaHLhSKf8Y21jtcidQBQ3aILnLbNObt2uii+hqVQw5+CDRYw +NnHi1QBWMTP3blwmwGV3rtpytDMhhXUptA0ILpzVm6YAtGTsTLL4VrssGtcuW+Sh +o7wkwmNzQLayoKNwdUkx8S/X+ilCBeHVXBH3A2GHjisMstP8cU3fRAuPVI5QvIyh +rWsCLyoL+QwtZ58KJLpe6WQtLfG/xpq20+7lUJtyLaInZ7YStkNLXMZHJUbjx7yO +xZsraeCI3Y6qtdHYxk4wH3HBqR2w6WmU30iXMA5UWXjL9LaB0Az/8cHlXoTA6apB +XoHCzfC/LbV972c28P7Nky97oFkYTPvB0+iHPqMB77pciMO6gKWitf4FFA9fsp7H +QfWjUHMJSIbtzCgskKurO93UmlogQbfbgahmzSA7SDTryObbXdre2SuSrfDwbW/O +scgug9GgFuTjAp9GB7SYFA+eYUQsakyVHK1gnxt3Su7lcw/GMG0= +=2K5v +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-24:05.tty.asc b/website/static/security/advisories/FreeBSD-EN-24:05.tty.asc new file mode 100644 index 0000000000..979d0c2c5f --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-24:05.tty.asc @@ -0,0 +1,132 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-24:05.tty Erratum Notice + The FreeBSD Project + +Topic: TTY Kernel Panic + +Category: core +Module: kernel +Announced: 2024-03-28 +Affects: FreeBSD 13.2 and FreeBSD 14.0 +Corrected: 2024-02-29 00:29:13 UTC (stable/14, 14.0-STABLE) + 2024-03-28 05:06:21 UTC (releng/14.0, 14.0-RELEASE-p6) + 2024-02-29 00:30:12 UTC (stable/13, 13.2-STABLE) + 2024-03-28 05:07:53 UTC (releng/13.2, 13.2-RELEASE-p11) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +tty(4) is the general terminal device. The kern.ttys sysctl provides tty +information for tools such as `pstat -t`. + +FreeBSD-SA-24:02.tty addressed an information leak about outside processes +from within a jail. + +II. Problem Description + +A missing check resulted in a null pointer dereference if a tty had a session +associated, but no session leader. + +III. Impact + +Under certain conditions an unprivileged user could provoke a kernel panic. + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date, and reboot. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) +utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for an erratum update" + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-24:05/tty.patch +# fetch https://security.FreeBSD.org/patches/EN-24:05/tty.patch.asc +# gpg --verify tty.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash in the +following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ 8d22744f5be1 stable/14-n266915 +releng/14.0/ a3ec3054762f releng/14.0-n265411 +stable/13/ a60220bbb551 stable/13-n257543 +releng/13.2/ f3195cc08ccc releng/13.2-n254662 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277240> +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277329> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-24:05.tty.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmYFGaEACgkQbljekB8A +Gu8NTw//Rqyq8heDUZZyz0TKMs/ObZY9h7VbL3Pces9mpnE6mgZx9g1kalo1xml3 +x0kRIJ0L606oBxhrJYqam3DrcJsPWs/8LOmmUa9u4/M2sAPuw03pyPEYNnokhf05 +NvC6mjNCpuJY4jzoa1hYdjvUHJe6u66reEoWuARPxoT6ZGPLiVhYPmoYIJFtoEAy +tLEIH4GRjfRuOEgSDY7sIy5MoxjObBqPQl4VtbCSZDN/PN4z6WuxC/f2N0vpN1uq +IyDGWCvEOa6g+7kDEiBJo4LRp30mQtMJalfQUlLm653Do2Jh6L5tUuQ+T0qIOlqc +gTlKnnaa0m/hMUD9t4lJHQbLfGFaYpXbyJpblO8hPoM7Trk2vsoGubksMYZSRHIy +/9IiZafdnNoHxa5+ZTRSqxYw9e38gwTlWsNjQpCezhtaZo0FWkhcgC7zUG+yMUXz +zYhYXCQkZXpEvIg+BJs3ZdigGK7wRjC9qsC8jfnhOU+q452qqnKjg8bxJdGxBbZ0 +HKFfAVgtqAEgU3PzPN7Nmu4QJ+VOu9L/e1mOhrqcmHtYDYLfdelCT8DjHj85oggn +C5iDPG6AxnLczTlTxVsHTiQcmTy6awfeTf1N1JCbfZPovrO/CTaOLnMy/PNeZIml +UnarxLtQNeK6BDKd0E/rEym9wL0YJ1Xj/3XE1qPAjz52YufRHHM= +=w167 +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-24:06.wireguard.asc b/website/static/security/advisories/FreeBSD-EN-24:06.wireguard.asc new file mode 100644 index 0000000000..a7c7fb1c09 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-24:06.wireguard.asc @@ -0,0 +1,138 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-24:06.wireguard Errata Notice + The FreeBSD Project + +Topic: Insufficient barriers in WireGuard if_wg(4) + +Category: core +Module: if_wg +Announced: 2024-03-28 +Affects: All supported versions of FreeBSD. +Corrected: 2024-03-22 15:21:39 UTC (stable/14, 14.0-STABLE) + 2024-03-28 05:06:22 UTC (releng/14.0, 14.0-RELEASE-p6) + 2024-03-22 15:21:42 UTC (stable/13, 13.3-STABLE) + 2024-03-28 07:14:19 UTC (releng/13.3, 13.3-RELEASE-p1) + 2024-03-28 05:07:54 UTC (releng/13.2, 13.2-RELEASE-p11) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +if_wg is the kernel module that implements WireGuard tunnels between two +endpoints. When packets arrive from the tunnel or are sent over the tunnel, +they are decrypted or encrypted in a separate thread from the one that delivers +the packet to its final destination. + +II. Problem Description + +Insufficient barriers between the encrypt/decrypt threads and the delivery +threads may result in the wrong part of an mbuf chain being read and sent along +through the network stack on architectures with a weaker memory model, e.g., +aarch64, under certain workloads. + +III. Impact + +The part of the mbuf chain being sent along may contain some invalid state that +causes a later fault and panic. + +IV. Workaround + +No workaround is available, but X86 platforms (that is, i386 and amd64) are +not affected. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date and reboot or reload the +if_wg kernel module. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD arm64 platform can be updated +via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +After the updates have installed, you will need to reboot the system or reload +the if_wg kernel module. + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-24:06/wireguard.patch +# fetch https://security.FreeBSD.org/patches/EN-24:06/wireguard.patch.asc +# gpg --verify wireguard.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system or reload the if_wg kernel module. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ 590e02d3c088 stable/14-2576116 +releng/14.0/ 56be7cd84447 releng/14.0-n265412 +stable/13/ 806e51f81dba stable/13-n257611 +releng/13.3/ f07351f90aa3 releng/13.3-n257429 +releng/13.2/ 8f1f4e60ceb9 releng/13.2-n254663 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264115> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-24:06.wireguard.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmYFGagACgkQbljekB8A +Gu/p2g//cupzJnkQB/sXm0EWroHjy/I6X6gbZlDpHZFbetGx8niyCH/xK3FMySuq +q1XGKpXqQKBR3R+VmTNs+Tfd0DbFK8nwStPHXnewKZJ+Qddah27Y3zEuj9+vmmmq +rzgJNDNv53eZj0c2ExIWVSfjn1faiE4ctVUOROtvxvxr9RtFpatGTzT5i/wgoNnj +gyO/VoFIn3C4ya8F/7EMicnEdQuXW55Ds+3ub9MO4DcXDds3QLWnYIVYfnvnBNV4 +YX7N+yynBxGOwD1Isbee6dCFTslsOgqV8WGkN4hMXvikPGvD+lXwCpDftfJCEFbR +xDUzf+M/6eBDgTztMmg7bTQO53Dp1iv5nd6Sw71rqS6tCwJ4BoxHV8Cx31yBbPRq +S2JsUjT0UsH5Cdvq8Ky5vMPSuSa/n8Ma/CeNtAQ0wvMw9WXkDGOZQSfBuEvJIItB +WQyfpBgrWjUZ3fMX7URPc5hca04y/bLyBV+gRfRqVy2nc4T4AwplWYOvBb5f8EXs +2+Jq1Bh3PQTBM4ZdXJtGmBct7ciZn3tZSrAt8c2sNLV5tUfVhWgNTYmcj5ffpPGh +r6D9m++Oq4ZORrFpydDfgv/0qXJQrp/9nFVxv8TdhwHBOkdYWP9mJpIUJxVxwfYp +jlFBr6yZWp4bWsGGgdtQqQ5+gKo8B25aQ52IE22weZsFxxaYn24= +=oKHT +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-24:07.clang.asc b/website/static/security/advisories/FreeBSD-EN-24:07.clang.asc new file mode 100644 index 0000000000..eeaceee0b4 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-24:07.clang.asc @@ -0,0 +1,127 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-24:07.clang Errata Notice + The FreeBSD Project + +Topic: Clang crash when certain optimization is enabled + +Category: contrib +Module: clang +Announced: 2024-03-28 +Affects: FreeBSD 14.0 and FreeBSD 13.3 +Corrected: 2024-03-08 08:19:28 UTC (stable/14, 14.0-STABLE) + 2024-03-28 05:06:23 UTC (releng/14.0, 14.0-RELEASE-p6) + 2024-03-08 08:19:49 UTC (stable/13, 13.3-STABLE) + 2024-03-28 07:14:20 UTC (releng/13.3, 13.3-RELEASE-p1) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +FreeBSD includes the Clang C/C++ compiler in the base system. FreeBSD 14.0 +and FreeBSD 13.3 include Clang version 17. + +II. Problem Description + +Clang 17 has a bug that results in a crash under certain circumstances. + +III. Impact + +The compiler crashes instead of generating an object file. + +IV. Workaround + +Avoid use of -fzero-call-used-regs, or install a version of Clang other than +17 from ports or packages. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) +utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-24:07/clang.patch +# fetch https://security.FreeBSD.org/patches/EN-24:07/clang.patch.asc +# gpg --verify clang.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash in the +following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ fc31d474c40a stable/14-n266942 +releng/14.0/ 711422d54795 releng/14.0-n265413 +stable/13/ 961271f952fc stable/13-n257558 +releng/13.3/ 26059a4f2c14 releng/13.3-n257430 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=277474> +<URL:https://github.com/llvm/llvm-project/issues/75168> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-24:07.clang.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmYFGaoACgkQbljekB8A +Gu/y4RAAqXAE1WeZIk1tYMnlgqcw1SM5ojKvzK2iZegpPND0Yov7gzkwmNYNqCGY +GLEKVJcVqS5hagCowAZkptq0dh8JtHusBVWq53IZdI5RB81xQOa2yYp+87GkVacn +j8UnnbmAbb0rfMQyzVbMc5Kv3fkeAkZYZxiKmm+2iKt1cFHXv8yU4DIsTkxLAOUM +AlextCl+SO6NLyZ6+64XkArc9ekcrrTs4QpKhZwHcBWNOogDzvFxCokObVGM98cb +AN9pS09BTquuN5Yq5kXgFVzp8KLM0uruFKuEy+yNTCFJMMix1/9hj84yA2STm1iu +AGd0lp8N7JXfnGKdktBZ4YeOL7GRTTgrInixJ3KbzjFbwmwrgQSzBC1neZqjPbAf +iomKNIo23wsaMpjDh+RBBIOpDZnfPOO+imWh6A4ErdObMWyNw3+2MqUSHgMI9STO +qqWIAHvQQwlB0lZAYvh6/iHntfLfIa3vdUH+g7kl8d5xzZlV18HkqsF6LtzbXbE5 +tJ6QxtqlZjLa7eq/7qyg5bQFk7eJ0bhN7al+P5FOjezJo/tCFOIStWaFgTWntNep +FkysAdgJUnkMreaccWT3YrIKKKyjBUVYvh1UWf6GudSdPs9ZPzsAR3X1RmixGO6H +Y5EjL5hvuaNdqM3RiCF2/Vm/sVwF8KkEJs1rDbFFhM1HKCt9000= +=lTOH +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-24:08.kerberos.asc b/website/static/security/advisories/FreeBSD-EN-24:08.kerberos.asc new file mode 100644 index 0000000000..32ac450b39 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-24:08.kerberos.asc @@ -0,0 +1,127 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-24:08.kerberos Errata Notice + The FreeBSD Project + +Topic: Kerberos segfaults when using weak crypto + +Category: contrib +Module: heimdal +Announced: 2024-03-28 +Affects: FreeBSD 14.0 +Corrected: 2024-01-22 15:49:24 UTC (stable/14, 14.0-STABLE) + 2024-03-28 05:06:25 UTC (releng/14.0, 14.0-RELEASE-p6) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +FreeBSD includes Heimdal, an implementation of ASN.1/DER, PKIX, and Kerberos. +It uses OpenSSL to provide a number of cryptographic routines. + +II. Problem Description + +Weak crypto is provided by the openssl "legacy" provider which is not loaded +by default. + +III. Impact + +Attempting to use weak crypto routines when the legacy provider is not loaded +results in the application crashing. + +IV. Workaround + +Edit /etc/ssl/openssl.cnf to load the legacy provider unconditionally. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) +utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-24:08/kerberos.patch +# fetch https://security.FreeBSD.org/patches/EN-24:08/kerberos.patch.asc +# gpg --verify kerberos.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart all daemons that use the library, or reboot the system. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash in the +following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ c7db2e15e404 stable/14-n266467 +releng/14.0/ c48fe39ad139 releng/14.0-n265415 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<other info on the problem> + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272835> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-24:08.kerberos.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmYFGawACgkQbljekB8A +Gu9Euw/+LX8qcrGUvA11MNOVemD+SEH/Ol97L4gLHhzGlWSf3VMq5F1KtY0VRwGK +ykM3VsSAk3PoYHLn+jbHPuAMjJVym+MLg27ZZWlqnx2Z7/wk2KuAb9RVCUl4FnPy +eTXzBNt3tCSYa2ZCRWEH+uN6dZh4o8VP0DWfrNdaazH7R7ezRmTzirvcQ39MXTcE +8wI+zQedVZG4OSuqOSFY21d70nlzqgs6ThY3K6KrtcaQGfenYBSQgFmjMJlBqtrb +Mr1Yvgc+wE66Ara/Hz+/2L11bwjyFwT1dpO57DKrcyTaGTnSYiDQiDscUIAW0gCh +bUMCgWCHq+kk7pAyUIMlRbdrA/6N/wmvwP/iO6GGxYmN0lNX8udxeZWz3OPPnbif +anM5OGnvKFkkTzCqnpHumljolvJL0/VeD7XCNBBgWa1I46gFmmNZ7R2esm7UEdU8 +IR4Hk9EqGhfl+EwU7OW04/Hq3br667kXbVsq1TTVM4ht39K+WhVoxzirp7QzOGTJ +WjRq6DK+44PyhQgnnAJgM/4gOGr5O/Y3ezRx4uj1S9L9faXTC5xlT8Vw78xU2wXq +BjG7vXi5r9d4POjtRcNiaMVKXQPF/saGjHcPGrGnuBLC8AFG54bFycmvM5QzWqng +AeRFOg+O8lkxLoQMDqJsNt8OMIk7vZHguwL7pt0tRtouuoaszU0= +=UnED +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-EN-24:09.zfs.asc b/website/static/security/advisories/FreeBSD-EN-24:09.zfs.asc new file mode 100644 index 0000000000..3a3b203d3a --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-24:09.zfs.asc @@ -0,0 +1,144 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-24:09.zfs Errata Notice + The FreeBSD Project + +Topic: High CPU usage by kernel threads related to ZFS + +Category: contrib +Module: zfs +Announced: 2024-04-24 +Affects: FreeBSD 13.3 +Corrected: 2024-04-12 13:00:11 UTC (stable/13, 13-STABLE) + 2024-04-24 20:21:10 UTC (releng/13.3, 13.3-RELEASE-p2) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +ZFS is an advanced and scalable file system originally developed by Sun +Microsystems for its Solaris operating system. ZFS was integrated as part of +the FreeBSD starting with FreeBSD 7.0, and it has since become a prominent +and preferred choice for storage management. + +II. Problem Description + +Because ZFS may consume large amounts of RAM to cache various types of +filesystem objects, it continuously monitors system RAM available to decide +whether to shrink its caches. Some caches are shrunk using a dedicated +thread, to which work is dispatched asynchronously. + +In some cases, the cache shrinking logic may dispatch excessive amounts of +work to the "ARC pruning" thread, causing it to continue attempting to shrink +caches even after resource shortages are resolved. + +III. Impact + +The bug manifests as a kernel thread, "arc_prune", consuming 100% of a CPU core +for indefinite periods, even while the system is otherwise idle. This behavior +also impacts workloads running on the system, by reducing available CPU +resources and by triggering lock contention in the kernel, in particular with +the "vnlru" process whose function is to recycle vnodes (structures representing +files, whether opened or cached), a mechanism frequently triggered by intensive +filesystem workloads. + +IV. Workaround + +No workaround is available. Systems not using ZFS are unaffected. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security branch +(releng) dated after the correction date. A reboot is required following the +upgrade. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +or the i386 platform on FreeBSD 13 and earlier, can be updated via +the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# reboot + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-24:09/zfs.patch +# fetch https://security.FreeBSD.org/patches/EN-24:09/zfs.patch.asc +# gpg --verify zfs.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 330954bdb822 stable/13-n257698 +releng/13.3/ 266b3bd3f26d releng/13.3-n257432 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +See problem reports +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274698> and +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275594>. + +See also the previous, similar errata notice issued for FreeBSD 14.0: +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-23:18.openzfs.asc>. + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-24:09.zfs.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmYpapQACgkQbljekB8A +Gu8gBxAAiuUNqeGaKNQ1XbV0kSucwnae5uOrQmthHQBY98PJJKUZpm1RTt/FnBB7 +qPxEY5vFRcGgZ43GVlnmfmH/EmqOg6WPpsgKfdq1XTy/ERU815JOsD+wKUWa/9Ia +g67pnl8HPMSF5eZ1FreWfzNsWmxakiDLg2VXtFx7x3+qocifD/WwGvDTjdDBzzyK ++cIrBqvTlbOCRdHzl49wmNLz46ha5bmxTb7MzXB3jIQ1v+PZ71biyQxBZTrZgR6S +La8oVe4Kj2lJTJw5S2xvsoyo5PzqmPCyD1m22fzgKTyaAUCXiioUUQDuFTxu9rhW +I3lSvqdIRw28yRFjGslxlq9x1vShQTw3ILcH31ucxKUNow7hlDz4Ow2NzqXhSjxN +RMGamxLTA5BcNCR4/DexAjfeh6OKnCG7n0ntlhxI0LWGr4ceT3/ySck7xhCNCSm1 +Ze/Gf9/j4+zR2jyauRANkITPkVHUV79/Sgjn1IlcMDLpzegH+QfQsX6CosG5uSWS +UlpK2hhCv2g3lE7XuBItz7E/8i5Nx9RZgnh047Nj3ZB/6dCauAeUYKnY5X3xJa5X +OKJWIGyJAyrCoFIg+LdBS47ggg8wswyyb1XBF2rZgZNqVmzZrJd7lBV/sjDaEC1H +13lHhIIwtpTagDAT1Nbji++IT+2DatjhLZnMQwvALno0tIE19mg= +=IgLQ +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-22:02.wifi.asc b/website/static/security/advisories/FreeBSD-SA-22:02.wifi.asc new file mode 100644 index 0000000000..3cedbeaedd --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-22:02.wifi.asc @@ -0,0 +1,165 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-22:02.wifi Security Advisory + The FreeBSD Project + +Topic: Multiple WiFi issues + +Category: core +Module: net80211 +Announced: 2022-03-15 +Affects: FreeBSD 12.x and FreeBSD 13.0 +Corrected: 2021-11-19 00:01:25 UTC (stable/13, 13.0-STABLE) + 2022-03-15 17:45:36 UTC (releng/13.0, 13.0-RELEASE-p8) + 2022-02-15 16:05:49 UTC (stable/12, 12.3-STABLE) + 2022-03-15 18:18:08 UTC (releng/12.3, 12.3-RELEASE-p3) + 2022-03-15 18:17:30 UTC (releng/12.2, 12.2-RELEASE-p14) +CVE Name: CVE-2020-26147, CVE-2020-24588, CVE-2020-26144 + +Note: This issue is already fixed in FreeBSD 13.1-BETA1. + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +FreeBSD's net80211 kernel subsystem provides infrastructure and drivers +for IEEE 802.11 wireless (Wi-Fi) communications. + +II. Problem Description + +The paper "Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and +Fragmentation" reported a number of security vulnerabilities in 802.11 +specification related to frame aggregation and fragmentation. + +Additionally, FreeBSD 12.x missed length validation of SSIDs and Information +Elements (IEs). + +III. Impact + +As reported on the FragAttacks website, the "design flaws are hard to abuse +because doing so requires user interaction or is only possible when using +uncommon network settings." Under suitable conditions an attacker may be +able to extract sensitive data or inject data. + +IV. Workaround + +No workaround is available, but the ability to extract or inject data is +mitigated by the use of application (e.g. HTTPS) or transport (e.g. TLS, +IPSEC) layer encryption. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date, +and reboot. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 13.0] +# fetch https://security.FreeBSD.org/patches/SA-22:02/wifi.13.patch +# fetch https://security.FreeBSD.org/patches/SA-22:02/wifi.13.patch.asc +# gpg --verify wifi.13.patch.asc + +[FreeBSD 12.x] +# fetch https://security.FreeBSD.org/patches/SA-22:02/wifi.12.patch +# fetch https://security.FreeBSD.org/patches/SA-22:02/wifi.12.patch.asc +# gpg --verify wifi.12.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 6acb9d5f955b stable/13-n248098 +releng/13.0/ 0d1db5c3257e releng/13.0-n244782 +stable/12/ r371640 +releng/12.3/ r371748 +releng/12.2/ r371740 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26147> +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24588> +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26144> +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=254737> +<URL:https://www.fragattacks.com/> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-22:02.wifi.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmIxJ3wACgkQ05eS9J6n +5cJsaA/7BsIUL3gBLdYp66sHgsrtmYoGWaRJfjd+YhMCIYBHwKew4aG05U1aRgP4 +B9NO0qaVavAeN4fnre13rzjGuJrPwu1tRiZkpxRb6PYbqECBpMNR/OLAzXnLEMgR +ZRgaDOFmmmmgNR2sssBORhokpGBY//ikEw8VoXGNqdT/XgGaeX9uGU3U5kkR4u7c +1DmFXCUeEDhuoiYBeys4BrhHeUDhbjyFdtri46Xe3igsDEvZmhoOocrY9ASuns5g +2o2xk+gXJGBuHbSztXxdO9yeZugy8Y3nZclHk1eTIrqT1AoDfwxytRz7XOjf/HE7 +Uv3g8ZOKQyvJGcf1DTpglF23ELPz4ODnUrlDcds5Oq6Dzje7hsXFswd1aRKVwcRO +GKMcZeWXp2hlqMC8dAQ9g2Vs3Sm9j6bPuZK4mskiXfPv1AMgkJaf70sYomiTdrNp +mHCym51zrkkPYLWpxfq78z9cbDiG6LiIBC7+MfhE31qqiqGrTyVc3p/Onuw2c495 +aYloxB+u7Mt7IscCCXyIzBklsoyrr1IKtNavYW+1SkKdXFO5sWJX2yJTZKDqnRdF +BqawMysMi9Z9w2EQ1sUkmTv7VjDExlXqiwswgnXLhn6+JUJMNToMZf3bwBmsXB18 +azxH2sOeOgaIAI46mzy5HmjSQyrOeg/cbcC17QCmZLvcbiKJacY= +=iyjb +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-22:03.openssl.asc b/website/static/security/advisories/FreeBSD-SA-22:03.openssl.asc new file mode 100644 index 0000000000..79aa990d28 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-22:03.openssl.asc @@ -0,0 +1,153 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-22:03.openssl Security Advisory + The FreeBSD Project + +Topic: OpenSSL certificate parsing infinite loop + +Category: contrib +Module: openssl +Announced: 2022-03-15 +Credits: Tavis Ormandy from Google +Affects: All supported versions of FreeBSD. +Corrected: 2022-03-15 16:51:46 UTC (stable/13, 13.1-STABLE) + 2022-03-15 17:42:48 UTC (releng/13.1, 13.1-BETA1-p1) + 2022-03-15 17:43:02 UTC (releng/13.0, 13.0-RELEASE-p8) + 2022-03-15 16:56:09 UTC (stable/12, 12.3-STABLE) + 2022-03-15 18:17:50 UTC (releng/12.3, 12.3-RELEASE-p3) + 2022-03-15 18:17:16 UTC (releng/12.2, 12.2-RELEASE-p14) +CVE Name: CVE-2022-0778 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a +collaborative effort to develop a robust, commercial-grade, full-featured +Open Source toolkit for the Transport Layer Security (TLS) protocol. It is +also a general-purpose cryptography library. + +II. Problem Description + +The BN_mod_sqrt() function, which computes a modular square root, contains +a bug that can cause it to loop forever for non-prime moduli. This function +is used when parsing certificates that contain certain forms of elliptic +curves. + +III. Impact + +A specially crafted certificate with invalid explicit curve parameters may +trigger an infinite loop, leading to a denial of service. Since certificate +parsing happens prior to verification of the certificate signature, any +process that parses an externally supplied certificate may be affected. + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-22:03/openssl.patch +# fetch https://security.FreeBSD.org/patches/SA-22:03/openssl.patch.asc +# gpg --verify openssl.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart all daemons that use the library, or reboot the system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 5f3d952f6e6b stable/13-n250020 +releng/13.1/ 942b5e156d41 releng/13.1-n249979 +releng/13.0/ 3847c17aa23a releng/13.0-n244777 +stable/12/ r371734 +releng/12.3/ r371742 +releng/12.2/ r371735 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-22:03.openssl.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmIw5a0ACgkQ05eS9J6n +5cKZqQ/8D7qHRsnXGENtJqjN9Nt2VRiBeO5GKrhBJFVS8/cgVvlgDPFIrWOA/b7v +p386eSIRPA3BGpEzP6cQddM/pogHFjSuskSznkNvfsUeZ7B9avODNvHykiODMajU +ACv/JZ8IU9rWR2C3DqtlnVqKt3N8Pa8ZpxUCpYDeBEMIaYn/UOUZ9PmZZtaCJ1jz +ZSsel99VvA7RdSd58ahb9Mga6KLDdp4bVVftfpepihTOu7pfmxZqrG7W+1pld/wd +R88yGEDxyDD9/qDToA13i8+gAU5P5ASmzfNNqVwzJ4QLlkk2OrJBFKCLl+1BrR2p +w6r3eZzx9SexCSJ9jLw54rezpXgLyJ/+fURHtKVOu39ELqZmftBgBYS0gxWiQ6jH +Wx3lrPjjskFBp4MO5uBChnF8BIpGZN2guLpQkPtHCiaa469OI/NI5zarvXYvGPJL +j4BMZtQQWGj2WIFWmMu7fvkhYOgVWmyjS4SWEwom7UGLq1EJKb9Rau9e4TOr8bYw +EQV5c71Wn7IV9Oga1rPVRUe2hHAX1VkvhVm49G47V2gyvmPwXwwbVe7byW8Mz46j +znkTSmAzHNbXFcJV+aPXejGRDvg0H+wfDyQFlN32IXdyVrbphRjekOu2Ftn8eWS9 +SkEdbvYP5x192NpBgfpHo5tc2CJHcM4xKg7WAIUk0vrK7aSgPoc= +=TDUh +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-22:04.netmap.asc b/website/static/security/advisories/FreeBSD-SA-22:04.netmap.asc new file mode 100644 index 0000000000..989e7458f9 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-22:04.netmap.asc @@ -0,0 +1,155 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-22:04.netmap Security Advisory + The FreeBSD Project + +Topic: Potential jail escape vulnerabilities in netmap + +Category: core +Module: netmap +Announced: 2022-04-06 +Credits: Reno Robert and Lucas Leong (@_wmliang_) + Trend Micro Zero Day Initiative +Affects: All supported versions of FreeBSD. +Corrected: 2022-03-19 17:53:35 UTC (stable/13, 13.1-STABLE) + 2022-04-06 03:26:07 UTC (releng/13.1, 13.1-RC1-p1) + 2022-04-06 03:04:13 UTC (releng/13.0, 13.0-RELEASE-p11) + 2022-03-20 09:08:23 UTC (stable/12, 12.3-STABLE) + 2022-04-06 03:06:25 UTC (releng/12.3, 12.3-RELEASE-p5) +CVE Name: CVE-2022-23084, CVE-2022-23085 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +netmap is a framework for extremely fast and efficient packet I/O for +userspace and kernel clients, and for Virtual Machines. + +II. Problem Description + +The total size of the user-provided nmreq to nmreq_copyin() was first +computed and then trusted during the copyin. This time-of-check to +time-of-use bug could lead to kernel memory corruption. [CVE-2022-23084] + +A user-provided integer option was passed to nmreq_copyin() without checking +if it would overflow. This insufficient bounds checking could lead to kernel +memory corruption. [CVE-2022-23085] + +III. Impact + +On systems configured to include netmap in their devfs_ruleset, a privileged +process running in a jail can affect the host environment. + +IV. Workaround + +No workaround is available. Systems that do not include netmap in their +devfs_ruleset are unaffected. A default installation of FreeBSD does not +include netmap in its devfs_ruleset. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date, +and reboot. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-22:04/netmap.patch +# fetch https://security.FreeBSD.org/patches/SA-22:04/netmap.patch.asc +# gpg --verify netmap.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 9f600a260a73 stable/13-n250049 +releng/13.1/ 7c55c52696d2 releng/13.1-n250081 +releng/13.0/ 4996f46e03a4 releng/13.0-n244794 +stable/12/ r371757 +releng/12.3/ r371870 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23084> +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23085> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-22:04.netmap.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmJNDgUACgkQ05eS9J6n +5cJ5oA/7BbWWbR3NEYYOSYBYDGtuRVUFFQYFLh35qcammhfATek0yMyqN47wHwq1 +/Nh+91ZHJBV/wNkr5aFsMcNda9c/a9CVQLjWwiT5wtOGHt3tip0dy4Kalc1bwewI +tGhlCX5bROy0x7xP0+qNHmDRvEVDviash3Wp7Ysk2uzpZsXl0bew1dBwH/9dxnYv +XwfCHfU3fUdeyWtAvswwTlx5XXXBdgvGAShsdZTjYlowUioL6E+m3w0xFdyae7q+ +MjaI9w06p+WJ89WTnwefLq5DwAi6eS+3qmZNJaU3Shq6tQo0TqrOfIuT3l8Id8tv +f6XJBjZHDFJBbEofUREHjl0q7qAbZ2tBzxvDJWzGmBp98lSg0diIzyMmgOeUBT/1 +MG8LLK3e4Z+l5ZknDRJJ38yiUCR4ANaUEygYFVXAcb7QylMhmqcJ6hIAMpCiJ7NJ +S+ftBNjC1S6RccATBJUX3/IyTvwigvQIybNzKlqIMEjSPd8mVSTpbir43dK8Vr5v +kKmaqSsTN5Df3s+yPn8uBG9VXhO0cNtLBxFJ8eWsI5mLigpCFD2KkvO06oLE9ALa +fhEZxIy0bD4GbambenfZ2xxaSoZSIeAh1pM5aL4x/C4r7R0p8dH3ldkTDKWfqtfE +/gaVGCSle/K0I6y1LUhWLdD7FlOLScHRkVF2sIGSDP4KTbH7H18= +=EwyH +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-22:05.bhyve.asc b/website/static/security/advisories/FreeBSD-SA-22:05.bhyve.asc new file mode 100644 index 0000000000..3d8ba5176c --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-22:05.bhyve.asc @@ -0,0 +1,160 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-22:05.bhyve Security Advisory + The FreeBSD Project + +Topic: Bhyve e82545 device emulation out-of-bounds write + +Category: core +Module: bhyve +Announced: 2022-04-06 +Credits: Mehdi Talbi, Synacktiv +Affects: All supported versions of FreeBSD. +Corrected: 2022-04-05 22:59:52 UTC (stable/13, 13.1-STABLE) + 2022-04-06 01:56:57 UTC (releng/13.1, 13.1-RC1-p1) + 2022-04-06 03:04:14 UTC (releng/13.0, 13.0-RELEASE-p11) + 2022-04-05 23:03:35 UTC (stable/12, 12.3-STABLE) + 2022-04-06 03:06:28 UTC (releng/12.3, 12.3-RELEASE-p5) +CVE Name: CVE-2022-23087 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +bhyve(8) is a hypervisor that supports running a variety of guest +operating systems in virtual machines. It implements a number of device +models, including an emulated Intel 82545 network interface adapter. + +II. Problem Description + +The e1000 network adapters permit a variety of modifications to an Ethernet +packet when it is being transmitted. These include the insertion of IP and +TCP checksums, insertion of an Ethernet VLAN header, and TCP segmentation +offload ("TSO"). The e1000 device model uses an on-stack buffer to generate +the modified packet header when simulating these modifications on transmitted +packets. + +When checksum offload is requested for a transmitted packet, the e1000 device +model used a guest-provided value to specify the checksum offset in the on- +stack buffer. The offset was not validated for certain packet types. + +III. Impact + +A misbehaving bhyve guest could overwrite memory in the bhyve process on the +host, possibly leading to code execution in the host context. + +The bhyve process runs in a Capsicum sandbox, which (depending on the FreeBSD +version and bhyve configuration) limits the impact of exploiting this issue. + +IV. Workaround + +Only the e1000 device model is affected; the virtio-net device is not +affected by this issue. If supported by the guest operating system, +presenting only the virtio-net device to the guest is a suitable workaround. +No workaround is available if the e1000 device model is required. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date, +and restart bhyve virtual machines. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386 platforms can +be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-22:05/bhyve.patch +# fetch https://security.FreeBSD.org/patches/SA-22:05/bhyve.patch.asc +# gpg --verify bhyve.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart the applicable bhyve virtual machines, or reboot the system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 53f722094798 stable/13-n250272 +releng/13.1/ 5a28d8befda0 releng/13.1-n250078 +releng/13.0/ b85c68857da3 releng/13.0-n244795 +stable/12/ r371867 +releng/12.3/ r371871 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23087> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-22:05.bhyve.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmJNDgYACgkQ05eS9J6n +5cJERBAAoqZXVIwucgIMLepm3hQdmYsuYGDhfp12ggOR8GO/a9oL9c21u5JSSNUq +w966VU8u2Tv3JjKhNpXWSR9hbUSTuEWarkcrutNDe69GwcWv0Q8DU3DwhfrT6e9K ++IO/yMNUUBL9LlWRW4XftiowNV2r9KvqzYsGbk8Wi+bN1Vd9gXo1r31Nu3Y3JBls +EOjk8aoDuCCUqZKVjKw7VNXDjAo3MKnnt7s6nRLSJRvJH7iDGxttWGbAiREqLO07 +Aqg0ZUbbtUs8PvOL38yj/eiC4tLdOGna+Nm7VNoiS+Ee2uL/tbGU079UCgqgSJ7k +/0U8nrDss8NRirsFEbpYiNFs2zi+6dtRKjAzMGKxMU6TTnHodzfLBGsrOws5TmlS +bblLVykXBT1egNT180gCNjBRdK2mYaF23wVEPbd8bg0+JPfG5MyylG137uJJw2B0 +24RZpY3ciRCUw6xn9mRk//SOQh4fvtLSdNPfGtoYtHmzhao8wvWBqPw7SvkMkUP4 +hsdNeutyIZjqTCDvtUD4Ge81BPLnW8fUkd7yNLbWFLGBqZGlCs/xBdmTqCS/XLF7 +y9cPEsS7wb1sZS087uULgUrEDFPCnktozZ1ycCwoqCZy7dt6/zYFrYH1xu3AN+Ji +hso4aoM18gVNadHfMRqHNClBDO0iaxuXPrg+SMqffOrdQCznQ3k= +=CgB+ +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-22:06.ioctl.asc b/website/static/security/advisories/FreeBSD-SA-22:06.ioctl.asc new file mode 100644 index 0000000000..59e4942f2f --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-22:06.ioctl.asc @@ -0,0 +1,153 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-22:06.ioctl Security Advisory + The FreeBSD Project + +Topic: mpr/mps/mpt driver ioctl heap out-of-bounds write + +Category: core +Module: mpr, mps, mpt +Announced: 2022-04-06 +Credits: Lucas Leong (@_wmliang_), Trend Micro Zero Day Initiative +Affects: All supported versions of FreeBSD. +Corrected: 2022-04-04 00:46:25 UTC (stable/13, 13.1-STABLE) + 2022-04-04 16:24:36 UTC (releng/13.1, 13.1-RC1-p1) + 2022-04-06 03:04:16 UTC (releng/13.0, 13.0-RELEASE-p11) + 2022-04-04 00:47:44 UTC (stable/12, 12.3-STABLE) + 2022-04-06 03:06:31 UTC (releng/12.3, 12.3-RELEASE-p5) +CVE Name: CVE-2022-23086 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +mpr(4), mps(4), and mpt(4) are disk controller drivers. They export an +ioctl(2) interface used by command-line utilities to query or set properties +on the device. + +II. Problem Description + +Handlers for *_CFG_PAGE read / write ioctls in the mpr, mps, and mpt drivers +allocated a buffer of a caller-specified size, but copied to it a fixed size +header. Other heap content would be overwritten if the specified size was +too small. + +III. Impact + +Users with access to the mpr, mps or mpt device node may overwrite heap data, +potentially resulting in privilege escalation. Note that the device node is +only accessible to root and members of the operator group. + +IV. Workaround + +No workaround is available. Systems that do not use mpr(4), mps(4) or +mpt(4) are not affected. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date, +and reboot. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-22:06/ioctl.patch +# fetch https://security.FreeBSD.org/patches/SA-22:06/ioctl.patch.asc +# gpg --verify ioctl.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 0b29e1b9f9df stable/13-n250225 +releng/13.1/ aef190f298af releng/13.1-n250066 +releng/13.0/ e724f3ce7970 releng/13.0-n244796 +stable/12/ r371855 +releng/12.3/ r371872 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> + +VII. References + +<other info on vulnerability> + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23086> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-22:06.ioctl.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmJNDgYACgkQ05eS9J6n +5cJ1FRAAopRAsQL1viniZ9DvKUbq5cDwRvvaoTn4nzTs5+T51KoTwkzwfsAZy6jR +ixOlaGTSRxWzTrLa5Kq6DxHEevrzxmJRc03YZ0GrfbSQNoaW6SGv+lXY9SEbm86K +T3D//J42pSAmxLOteQDXqds5I4Xd9eDrrLzQjATxb9KqO1BYCWXCvPUQfRNksL6t +eXnwT0+1AluGOw0YkyZ4nB62mtO5qwFPI1T/paIRAe8G38gW5xn821fYcJUR/fbd +K6GUDdHvVsobI99nohiZcPoMH8peAoBntmWsOxMtd2goc6useAGE5xdvXB1EDBMe +W/4ZCUNg5jhw+ceVIPw248DcvT9YVp6NtYbqvxcz2SQ5MNY3B4sgZCSuYeDUqtYF +uYmJN5EHALyQPe1vPwTqM+INm5/T3Ft3Y3kWKgk5+PNSrClJNpkOASPps3hnJmM+ +i7kK/GnH0TEZbinPY4J//8o6IuZpX1o+5JWWbSZPcDo/2IxlR+sAe72hOVq5w/Bp +2GT9aJmktRlJ8Spfr7QYy2LJBRUVN9zAlnfyZJ2Hil4i03lrmP/nByEBiAWxSfo4 +ECIs5viR34U0gTJ8qbl6YJQrikWqUcYPcrPcx3iMT0fLXCaVGfB7jxZZc7jXsVc+ +nf+uJPY4z95eqbCrTHuLj9ReBLOA7nG3Vi/FI0N3sEJkBOb1tHU= +=kPAj +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-22:07.wifi_meshid.asc b/website/static/security/advisories/FreeBSD-SA-22:07.wifi_meshid.asc new file mode 100644 index 0000000000..c2ce62f3b0 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-22:07.wifi_meshid.asc @@ -0,0 +1,147 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-22:07.wifi_meshid Security Advisory + The FreeBSD Project + +Topic: 802.11 heap buffer overflow + +Category: core +Module: net80211 +Announced: 2022-04-06 +Credits: m00nbsd working with Trend Micro Zero Day Initiative +Affects: All supported versions of FreeBSD. +Corrected: 2022-04-05 22:59:53 UTC (stable/13, 13.1-STABLE) + 2022-04-06 01:56:58 UTC (releng/13.1, 13.1-RC1-p1) + 2022-04-06 03:04:17 UTC (releng/13.0, 13.0-RELEASE-p11) + 2022-04-05 23:03:40 UTC (stable/12, 12.3-STABLE) + 2022-04-06 03:06:33 UTC (releng/12.3, 12.3-RELEASE-p5) +CVE Name: CVE-2022-23088 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +FreeBSD's net80211 kernel subsystem provides infrastructure and drivers +for IEEE 802.11 wireless (Wi-Fi) communications. + +II. Problem Description + +The 802.11 beacon handling routine failed to validate the length of an +IEEE 802.11s Mesh ID before copying it to a heap-allocated buffer. + +III. Impact + +While a FreeBSD Wi-Fi client is in scanning mode (i.e., not associated with +a SSID) a malicious beacon frame may overwrite kernel memory, leading to +remote code execution. + +IV. Workaround + +No workaround is available. Systems not using Wi-Fi are not affected. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date, +and reboot. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-22:07/wifi_meshid.patch +# fetch https://security.FreeBSD.org/patches/SA-22:07/wifi_meshid.patch.asc +# gpg --verify wifi_meshid.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 72617f9246e3 stable/13-n250273 +releng/13.1/ 00cc1ce78da3 releng/13.1-n250079 +releng/13.0/ b2b23824272d releng/13.0-n244797 +stable/12/ r371868 +releng/12.3/ r371873 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23088> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-22:07.wifi_meshid.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmJNDgYACgkQ05eS9J6n +5cL+FQ/9FPr6zxTpQ9HMQym2BYnZZHXLFWE2ALDLXE8UYiNa6vLaeIvO4f/bzS6b +StHq4YoLTU6tPtTVXu1MTv+BZmDcavtKtBohppkcSdV2Xs2zHrlcUGNBlJdWWUR6 +vgcRsI8EhdrFltKoeJ+L7bfHCzE4oGAFKhvap7DL8URrt+a7S0mkfdaX9o7RSQi3 +vku98kns+ylV4T+DgY5KO21rnzwopIkmw3XlRO+S0XILK/h+7EWvcrOTTEV+byQM +vZL17NlumXhrZvg3nQIgpTmai7B8hFCVvRYy8aT8ygRSgEWG5ZtJVuPtgmJ7TMPg +mZneNAQ3eJep4l53nRu3mlxvwJYm9KR/RYDIf6iHhkVStPGv4+9wPSqHZXzn/bDy +MLTHNcOi6wBmRMi+JsR4QkhS6VukFlZvNl4UhXRG7Lx2Tss5CG/SKXCEHcwOYcZY +TEIJY2iDoTTU3jEYWclvcmLMKn3yRfyox1vpv71Ugh33L0lgM22P/5+p/jebeQvL +xl62ZEZZUzOeHfDzMNKi4yFhi4RvRA8exmVTKjPbqiDPIpUQFrCLWvbzeQhUbeSm +zsldDRAf51jeJbahwSfujqjJ7NOum0iY1qTSqgV3JLvAjShQHCMYCK12zlwT42CM +3Op+ruTU7mx9UhjerQtklrzP1qE9i6A9D5Kk/MZSOA4zRbuFTRw= +=uFZx +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-22:08.zlib.asc b/website/static/security/advisories/FreeBSD-SA-22:08.zlib.asc new file mode 100644 index 0000000000..14ba774c80 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-22:08.zlib.asc @@ -0,0 +1,155 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-22:08.zlib Security Advisory + The FreeBSD Project + +Topic: zlib compression out-of-bounds write + +Category: zlib +Module: contrib +Announced: 2022-04-06 +Credits: Danilo Ramos of Eideticom + Tavis Ormandy of Google Project Zero +Affects: All supported versions of FreeBSD. +Corrected: 2022-04-04 19:30:33 UTC (stable/13, 13.1-STABLE) + 2022-04-04 20:02:42 UTC (releng/13.1, 13.1-RC1-p1) + 2022-04-06 03:04:19 UTC (releng/13.0, 13.0-RELEASE-p11) + 2022-04-04 01:07:59 UTC (stable/12, 12.3-STABLE) + 2022-04-06 03:06:39 UTC (releng/12.3, 12.3-RELEASE-p5) +CVE Name: CVE-2018-25032 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +zlib is a compression library used by numerous applications, as well as some +FreeBSD kernel components, to provide data compression/decompression +routines. + +II. Problem Description + +Certain inputs can cause zlib's compression routine to overwrite an internal +buffer with compressed data. This issue may require the use of uncommon or +non-default compression parameters. + +III. Impact + +The out-of-bounds write may result in memory corruption and an application +crash or kernel panic. + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date, +and reboot. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-22:08/zlib.patch +# fetch https://security.FreeBSD.org/patches/SA-22:08/zlib.patch.asc +# gpg --verify zlib.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>. + +Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Reboot the system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ c4727a47f18c stable/13-n250251 +releng/13.1/ f5196112e8bd releng/13.1-n250070 +releng/13.0/ 9854ff088002 releng/13.0-n244799 +stable/12/ r371856 +releng/12.3/ r371875 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> + +VII. References + +<other info on vulnerability> + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-22:08.zlib.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmJNDgcACgkQ05eS9J6n +5cKzTxAAm61INadG6kdCuFYEYez9Fb3bT0L+bVElfmVhiQ80BqVKwE7EpeNN+OUC +820eYu5KnSGT2SKq6IIi605MUvhjpECLdjmdIEbER6G97nWxwSEEhpQ64br+3ely +J7SJWYpR5ydsxOYitICHV6YDJNK2mIMl0IYhSPgJqwb0zMWIupGPYisgdlqUSJV4 +SVxqQL8Z1GE+rUW2Br3QamENXkRRZwIUNpAxGfGK+YWjqjZ+378y6R5nj4+TL3c8 ++kDKL4jLyyQxnmkhLjfdX2sFOhI7bxcsmj0JuutAaCwvxlZ8gPglKMKZLEz4fula +hA6AuFFGpgoPpP2ZCThXglJ4UWYrPJhRX7c5G1W/mdaLZACeHwz+1SOW6v0Ud0GI +fxI6uweov8zDp5RIjWHU5Ir40nE3WqwYVGamy4xWN0PnrfzYlMidP7bV9pakalUn +lkXPIcFmgY6Yc8efPsHGoyskIjarquZ8gNqAv6CmumaHiu20PcPNXbwuMIVGABcf +p1WEIOYD8C1eDsPnR+QiFj9/8JcN/MyElJOz8wFr/XdRkixGx2mqCxQt9d8QDAaF +84/phYipwC1rdPjQs9HTcI6x52+MiyJGU+W6o27uS2vIQYycqkCjc08viZP5bNKT +kt281rEoIcvmv9HUzMXvjLzWGTGvGLw9lf5PueMzZwbkGV4o1fY= +=7Iaq +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-22:09.elf.asc b/website/static/security/advisories/FreeBSD-SA-22:09.elf.asc new file mode 100644 index 0000000000..f13cd3662b --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-22:09.elf.asc @@ -0,0 +1,156 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-22:09.elf Security Advisory + The FreeBSD Project + +Topic: Out of bound read in elf_note_prpsinfo() + +Category: core +Module: kernel +Announced: 2022-08-09 +Credits: Josef 'Jeff' Sipek +Affects: All supported versions of FreeBSD. +Corrected: 2022-08-09 19:47:32 UTC (stable/13, 13.1-STABLE) + 2022-08-09 20:00:43 UTC (releng/13.1, 13.1-RELEASE-p1) + 2022-08-09 19:59:14 UTC (releng/13.0, 13.0-RELEASE-p12) + 2022-08-09 19:57:35 UTC (stable/12, 12.3-STABLE) + 2022-08-09 19:59:47 UTC (releng/12.3, 12.3-RELEASE-p6) +CVE Name: CVE-2022-23089 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +Process information known as "prpsinfo" is written when dumping core of a +process as an ELF note. + +The sbuf family of functions allows one to safely allocate, compose and +release strings in kernel or user space. + +II. Problem Description + +When dumping core and saving process information, proc_getargv() might +return an sbuf which have a sbuf_len() of 0 or -1, which is not properly +handled. + +III. Impact + +An out-of-bound read can happen when user constructs a specially crafted +ps_string, which in turn can cause the kernel to crash. + +IV. Workaround + +The system administrator can workaround this issue by disabling coredump. +This can be done by adding: + +kern.coredump=0 + +to /etc/sysctl.conf and run `service sysctl start`. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +A reboot is required after applying the fix. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-22:09/elf.patch +# fetch https://security.FreeBSD.org/patches/SA-22:09/elf.patch.asc +# gpg --verify elf.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 8a44a2c644fc stable/13-n252079 +releng/13.1/ 69a456c0b60b releng/13.1-n250152 +releng/13.0/ 056ffc74a769 releng/13.0-n244804 +stable/12/ r372376 +releng/12.3/ r372380 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23089> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-22:09.elf.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmLyz1EACgkQ05eS9J6n +5cJ6tw//VycxB1Il6TKajIo9VQE5lN1M/h1j0fbyUokXWpcGH/+iGl4sLkxtrFuv +Ekjshp9AezGgSIWCEdcwx8ck3LUeU0kVhAjcJjI/p+YfSWcWlLTQk13/Z3FsF6pv +EK1VjKDiMpZHbddbkvY2q4JKIdO2UXgBYwtshvwHL+Y8Ev2cxvJdQfwtclf+N0Q6 +Shgf25XPqkrG9vCJ30ldlJs902PoHKyGUOqU0+4741rcaZBjeF26RQPOXT+z4yQz +RpVQvyQ01OnXgXO8X+7hoW83m3C7hNz5KnmX5YLMQCBUgYjBk4edeOlnq1wnRTtW +k0qPdkIa5Rj8Yq8k+VP3PMiKezXOmxrmXUV16j64KZM9+r0eNPYx0C8sgkLZSrRe +osk57jIYtI0M7fTVNlhMY7uCLFaK3xHb+/Md+ExpCs79ZbH+CxgnU+HPyIIVV4zX +RhDRAh/w/MVKcHJM7y2TM6VDDhiLNqWeV9ruMj92ZnkB+QnRqrah53JUlo8PQcFn +oDfe/pSGhchpjwyhwHoXTBQNQjUlbm/7iC95D0UdtfuH2eFcSdDq6aWMO5amxui0 +Kkm+nswlYIpJsq3Addu2pEEhh2DHIwF9wiz8DKFJ1et+BF+GW+V4XKvXSd8sO7j3 +19GK3xtf9cGnYYoPBpNSxuFLP+zcb+1gXTX+N9gG1EqQfXdjMtI= +=lK0G +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-22:10.aio.asc b/website/static/security/advisories/FreeBSD-SA-22:10.aio.asc new file mode 100644 index 0000000000..c7cc4430e0 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-22:10.aio.asc @@ -0,0 +1,151 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-22:10.aio Security Advisory + The FreeBSD Project + +Topic: AIO credential reference count leak + +Category: core +Module: kernel +Announced: 2022-08-09 +Credits: Chris J-D <chris@accessvector.net> +Affects: FreeBSD 12.3, FreeBSD 13.0 +Corrected: 2021-10-01 00:32:22 UTC (stable/13, 13.0-STABLE) + 2022-08-09 20:00:24 UTC (releng/13.0, 13.0-RELEASE-p12) + 2022-06-27 17:27:50 UTC (stable/12, 12.3-STABLE) + 2022-08-09 19:59:44 UTC (releng/12.3, 12.3-RELEASE-p6) +CVE Name: CVE-2022-23090 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +FreeBSD's aio(4) subsystem implements asynchronous I/O. + +II. Problem Description + +The aio_aqueue function, used by the lio_listio system call, fails to release +a reference to a credential in an error case. + +III. Impact + +An attacker may cause the reference count to overflow, leading to a +use after free (UAF). + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date, +and reboot. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 12.3] +# fetch https://security.FreeBSD.org/patches/SA-22:10/aio.12.patch +# fetch https://security.FreeBSD.org/patches/SA-22:10/aio.12.patch.asc +# gpg --verify aio.12.patch.asc + +[FreeBSD 13.0] +# fetch https://security.FreeBSD.org/patches/SA-22:10/aio.13.patch +# fetch https://security.FreeBSD.org/patches/SA-22:10/aio.13.patch.asc +# gpg --verify aio.13.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 9499d3c1e40d stable/13-n247480 +releng/13.0/ c864c8cf08a9 releng/13.0-n244801 +stable/12/ r372172 +releng/12.3/ r372379 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23090> + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=258698> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-22:10.aio.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmLyz1EACgkQ05eS9J6n +5cI0ZBAAi90yUPtPxBcshN+DldO6WSuQEWBE5XU+7Ivesns80PMF+QuQ9S/YfurC +I0LNfjGe48Q4/CIfixLf3Xsari9IBmHpUPvJS3+TaoxrOLRTLv2uTCZl6mGj1iqL +H4ufrtMCbaA830EAKlEfCfI6eY8eDJpKh+he86adW3qNPWewTKGeEK8Mi4st009F +DcCcHquy+IC2DnZaeoO+dttKyMoyEJgvo8F0oej8Jg7OBPdW6yTuabutQkuxSur/ +JChz+Gn0tKj9qtN6023T/JvDXBKsQVlURbGofHhcm5JkpFFVd0A4+2MLbAO24gJa +fnYRJDaWbRHvF0joy3qbZWZ/a3iHHC+yq7jupHoOkP7yULUQRftoj2kdPPZic6eQ +XcyZE3rKgk7CHJq1ofg/Ye6WTgEghWjUlp5yrTniL+uWp6YuSVZNKPvXweDpi45M +segQvlLoDWG3GEhaRyvaeBkA4v1lLucdkLQCM9bAFPhq5S27lcHPf9r4jiWBR5HB +yQKddJZGa5lzsiYhKfX+pJ4rQa3QPN7N1NRygXDp4WRcPCqV3r4owZNJs6rsPkVM +c0+wyGZhv4jH8lRrludMeXkiusoYOHEE+hslA+xU3M+19ak7W3DkJZKvEZQgBMNs +bobKi/rl0GmAJthxd+vLXmdRK8g50RhPP+Fq80eLct151DDBdd0= +=7sbf +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-22:11.vm.asc b/website/static/security/advisories/FreeBSD-SA-22:11.vm.asc new file mode 100644 index 0000000000..d88f109c97 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-22:11.vm.asc @@ -0,0 +1,149 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-22:11.vm Security Advisory + The FreeBSD Project + +Topic: Memory disclosure by stale virtual memory mapping + +Category: core +Module: vm +Announced: 2022-08-09 +Credits: Mark Johnston +Affects: All supported versions of FreeBSD. +Corrected: 2022-08-09 19:47:40 UTC (stable/13, 13.1-STABLE) + 2022-08-09 20:01:00 UTC (releng/13.1, 13.1-RELEASE-p1) + 2022-08-09 19:59:49 UTC (releng/13.0, 13.0-RELEASE-p12) + 2022-08-09 19:57:38 UTC (stable/12, 12.3-STABLE) + 2022-08-09 19:59:48 UTC (releng/12.3, 12.3-RELEASE-p6) +CVE Name: CVE-2022-23091 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +Memory mappings shared between processes are a feature of the FreeBSD +virtual memory system. They may be established by unprivileged +processes with the mmap(2), fork(2), and other system calls. + +II. Problem Description + +A particular case of memory sharing is mishandled in the virtual memory +system. This is very similar to SA-21:08.vm, but with a different root +cause. + +III. Impact + +An unprivileged local user process can maintain a mapping of a page +after it is freed, allowing that process to read private data belonging +to other processes or the kernel. + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date, +and reboot. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-22:11/vm.patch +# fetch https://security.FreeBSD.org/patches/SA-22:11/vm.patch.asc +# gpg --verify vm.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 3ea8c7ad90f7 stable/13-n252080 +releng/13.1/ 0c88ecaa1255 releng/13.1-n250153 +releng/13.0/ dd349089ff92 releng/13.0-n244805 +stable/12/ r372377 +releng/12.3/ r372381 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23091> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-22:11.vm.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmLyz1EACgkQ05eS9J6n +5cK+mQ//V5ZGy6Hx4dfngafOWuSnC/5usXbu69iKnHQONPVZoVO72ZZKbm1fyMn7 +HlDyAfhEtYuh67JNROH7KJUf3lPeHQUd/rfSbTv8usXhxeAu09/kWi74/kviDLd5 +5Ocaja6DSN457c4gd6Lght1IrzDjnrL/oR8sHf7QWP0UAPjzi9CAcN5R90e7UP0u +J5/w76zl4ApGu4na3CNi3OTCf4xOf4ncosOXFyZHOAsnbyXjjl0qp17MtxDpsvNn +xAXOF3PvtFsO8r2MyLqRkcvPZE3n1LNvAPaI5jlVaXS6Nw7enZMqokj8XLmiUxcg +FXipr9nhdL+Rihj3JjIY3uSXv7x+ZacET9cM03a9LlI7kSzfuWA+hkiDExfITJZ5 +jJFqZ+PV+TvNqXfeatnOC9o2iyW0tAj7j1JPO3NEowdJSh/cpgzDfniDhm5dMA7G +TTFyxCrX5ZwhbPgHwKdb6J6oVYc0v8Rlnbb4bIpIeFO/OP0QwAU0f/GnxCeTEoXn +0s26Azsi2l31HKhSha7KVz66IWCdyBjwGApC2lNM9G2zKlD4NXEr976mG9WA09wS +jUM290y1uj2igdfq6gcgno37c6xQiAypDpOnOCGAL0+sbPT5ak7y/NFDFppR0uB4 +x7USiGEonMNswkKHtaOf7df6RAwNQZG7F+ADwtaMlC/C+c6hlUk= +=WXZW +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-22:12.lib9p.asc b/website/static/security/advisories/FreeBSD-SA-22:12.lib9p.asc new file mode 100644 index 0000000000..48e468cd34 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-22:12.lib9p.asc @@ -0,0 +1,136 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-22:12.lib9p Security Advisory + The FreeBSD Project + +Topic: Missing bounds check in 9p message handling + +Category: contrib +Module: lib9p +Announced: 2022-08-09 +Credits: Robert Morris +Affects: FreeBSD 13.0 and 13.1 +Corrected: 2022-08-09 13:33:14 UTC (stable/13, 13.1-STABLE) + 2022-08-09 20:01:13 UTC (releng/13.1, 13.1-RELEASE-p1) + 2022-08-09 20:00:03 UTC (releng/13.0, 13.0-RELEASE-p12) +CVE Name: CVE-2022-23092 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +lib9p provides an implementation of the 9p file system protocol. It is +used by bhyve(8) to provide guest access to a host file system tree via +the virtio-9p device model. The FreeBSD base system does not contain +any other users of lib9p. + +II. Problem Description + +The implementation of lib9p's handling of RWALK messages was missing a +bounds check needed when unpacking the message contents. The missing +check means that the receipt of a specially crafted message will cause +lib9p to overwrite unrelated memory. + +III. Impact + +The bug can be triggered by a malicious bhyve guest kernel to overwrite +memory in the bhyve(8) process. This could potentially lead to +user-mode code execution on the host, subject to bhyve's Capsicum +sandbox. + +IV. Workaround + +No workaround is available. Systems not using bhyve's virtio-9p device +model are not affected. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date, +and restart any VMs utilizing virtio-9p devices. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-22:12/lib9p.patch +# fetch https://security.FreeBSD.org/patches/SA-22:12/lib9p.patch.asc +# gpg --verify lib9p.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart restart any VMs utilizing virtio-9p devices, or reboot the system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ c536045c51da stable/13-n252071 +releng/13.1/ 7dfe949791e7 releng/13.1-n250154 +releng/13.0/ 70a2cf7bb2e0 releng/13.0-n244806 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23092> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-22:12.lib9p.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmLyz1IACgkQ05eS9J6n +5cI0vxAAoIkoKbB7T2cGS3k4sNM0SCB8/akhccPCVLgDc5aNnCJSD21gSWVY//Qc +IoxNgYBiP5Y0t2f8y6pzE4f9IuNRwhiLMAVgNHJgf7oRvsQyUAAqv+kXiXuutYQm +qYZOYM6vYk7bw6yLPwyS1S0QPWFZraBA3wRxAXLn3NcU3blKc6psPPqLuqfdR+0a +13s305/lw1uoaMYHtlS5S4rcnZm9uLPVMQZL6NMVtkLjRbuN2vUrZy81zSHVGQUN +RAN8qAPXjeD22a5gy7ZIqgt07OjYn331rAPPIpNtADU0vaYzVUkwrilY8ogIIJH2 +Be2NPmqbZEWTHFYcOQHWW/16rDXYXx7ZfvHHYzsrId+9G97I/nTMmN8dPeUJTtgh +syG6DSsbrYmssfGDXFX/nTdKDcT5UkNE3W3er7+RwQ54d9SlUwuY5SyycPJNBDim +018+Gb3GobScJGwSID+DyYEHxaj9e0WmLC6tpm8ZBlZnUTrdBqxEX+xhfxsm0Yds +dPVXHICXebgXzHs9RO5s4eNa+miu3W8QRkbyLmL8ReUHwsWSLS5p91hgOheHji4e +0vO5T99f11+lp1FFw9iLlpo09klsN26nGTJ4/XXtlCjD85GIJINR7JI/Fg1NRF4N +S5CmUPVutyvzGPkrNVUI9QwL/O0CEg55KTiqtQKjgjCCHhChZ+0= +=ILeT +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-22:13.zlib.asc b/website/static/security/advisories/FreeBSD-SA-22:13.zlib.asc new file mode 100644 index 0000000000..546b8282bc --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-22:13.zlib.asc @@ -0,0 +1,148 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-22:13.zlib Security Advisory + The FreeBSD Project + +Topic: zlib heap buffer overflow + +Category: contrib +Module: zlib +Announced: 2022-08-30 +Credits: Evgeny Legerov of @intevydis +Affects: All supported versions of FreeBSD. +Corrected: 2022-08-09 14:40:35 UTC (stable/13, 13.1-STABLE) + 2022-08-30 23:02:48 UTC (releng/13.1, 13.1-RELEASE-p2) + 2022-08-30 22:57:49 UTC (releng/13.0, 13.0-RELEASE-p13) + 2022-08-09 14:45:04 UTC (stable/12, 12.3-STABLE) + 2022-08-30 23:16:45 UTC (releng/12.3, 12.3-RELEASE-p7) +CVE Name: CVE-2022-37434 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +zlib is a software library implementing compression and decompression. +It is used in various places in the FreeBSD kernel and userland. + +II. Problem Description + +zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow +in inflate in inflate.c via a large gzip header extra field. + +III. Impact + +Applications that call inflateGetHeader may be vulnerable to a buffer +overflow. Note that inflateGetHeader is not used by anything in the +FreeBSD base system, but may be used by third party software. + +IV. Workaround + +No workaround is available, but applications that do not call +inflateGetHeader are not vulnerable. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date, and +restart daemons if necessary. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-22:13/zlib.patch +# fetch https://security.FreeBSD.org/patches/SA-22:13/zlib.patch.asc +# gpg --verify zlib.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart all daemons that use the library, or reboot the system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 10cc2bf5f7a5 stable/13-n252073 +releng/13.1/ 289231c9634a releng/13.1-n250156 +releng/13.0/ 77cd23716ffb releng/13.0-n244808 +stable/12/ r372370 +releng/12.3/ r372460 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37434> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-22:13.zlib.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmMOoG4ACgkQ05eS9J6n +5cIITA//WMND8i3L8agw4QBMZTmL8M6bbbKK+eua7bhH4MNxguruULwcWNoHvhuO ++ebgomd4cWlPfY2TJcpd9OCXCjuMGMLvwE6XmPlGzW5DuMdD893wWPdsYJtDK+6p +yMSihFyZP+ELWFbLeO3SFedRRKBQiDEmO3X2oOR1Ukj5wjsUOFPv0/dLphyBiq3t +3tn/0O9NfAmyONvHSozoVs34MIFC9Qc/8oxlp5wKjomFn6OifPRwNu4yeWDfVL/c +11IwotsKNTR6QNckdNBwbFC2NwdWfl8Tqv7gbJ3PhXDlzCDC5hOQoIeOol3Nf8et +9+FjCr9y/jTH0tzEHCgevO3U711UZYIu2s+STHTlJRNly/n+2CMG+YOn1XkKtu6A +4x4Pw+YRHl5VesQCNcJOkwVwRiyrirp5yOaaUPhSKo0teykypgV/WS9Z1U0VVfGP +xgxJ7ElcT2HoNiz06QUSG374dPyEBKqoZTo/g2tJ0mL17JLW7IAtlUpIHzU475YR +1itARL0z7O3bbUa/h35LxRTCxT2Ojt0qZO9WsS4dIraz2gb8QbHkgUXETnLAx9Ih +UwaPrLGkzqpMjkQFASDS+LeacFOZARdxT/tUFwTRCQI27Aujl1OJzy7t0drL5I9f +pO529OH4plSsT0x4j89tAUZxIHB2RQet94777vP4T0J5UcBegxc= +=y87U +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-22:14.heimdal.asc b/website/static/security/advisories/FreeBSD-SA-22:14.heimdal.asc new file mode 100644 index 0000000000..663a2236bf --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-22:14.heimdal.asc @@ -0,0 +1,195 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-22:14.heimdal Security Advisory + The FreeBSD Project + +Topic: Multiple vulnerabilities in Heimdal [REVISED] + +Category: contrib +Module: heimdal +Announced: 2022-11-15 +Revised: 2022-11-29 +Affects: All supported versions of FreeBSD. +Corrected: 2022-11-15 21:15:35 UTC (stable/13, 13.1-STABLE) + 2022-11-16 01:50:27 UTC (releng/13.1, 13.1-RELEASE-p4) + 2022-11-15 21:16:56 UTC (stable/12, 12.4-STABLE) + 2022-11-16 01:47:57 UTC (releng/12.4, 12.4-RC2-p1) + 2022-11-16 01:40:21 UTC (releng/12.3, 12.3-RELEASE-p9) +CVE Name: CVE-2019-14870, CVE-2022-3437, CVE-2022-42898, + CVE-2022-44640, CVE-2021-44758 + +0. Revision history + +v1.0 2022-11-15 Initial release. +v1.1 2022-11-29 Updated with reference to FreeBSD-EN-22:28.heimdal. + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +Heimdal implements the Kerberos 5 network authentication protocols. + +A Key Distribution Center (KDC) is trusted by all principals registered +in that administrative "realm" to store a secret key in confidence, of +which, the proof of knowledge is used to verify the authenticity of a +principal. + +II. Problem Description + +Multiple security vulnerabilities have been discovered in the Heimdal +implementation of the Kerberos 5 network authentication protocols and KDC. + +- - CVE-2022-42898 PAC parse integer overflows +- - CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and arcfour +- - CVE-2021-44758 NULL dereference DoS in SPNEGO acceptors +- - CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec +- - CVE-2019-14870 Validate client attributes in protocol-transition +- - CVE-2019-14870 Apply forwardable policy in protocol-transition +- - CVE-2019-14870 Always lookup impersonate client in DB + +III. Impact + +A malicious actor with control of the network between a client and a service +using Kerberos for authentication can impersonate either the client or the +service, enabling a man-in-the-middle (MITM) attack circumventing mutual +authentication. + +Note that, while CVE-2022-44640 is a severe vulnerability, possibly enabling +remote code execution on other platforms, the version of Heimdal included with +the FreeBSD base system cannot be exploited in this way on FreeBSD. + +IV. Workaround + +No workaround is available, but only systems using Kerberos are affected. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +A reboot is recommended. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +A reboot is recommended. + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-22:14/heimdal.patch +# fetch https://security.FreeBSD.org/patches/SA-22:14/heimdal.patch.asc +# gpg --verify heimdal.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) The original revision of this advisory included a patch which renders the +KDC inoperative. This was corrected in FreeBSD-EN-22:28.heimdal. Systems +using the KDC must download and verify an additional patch: + +# fetch https://security.FreeBSD.org/patches/EN-22:28/heimdal.patch +# fetch https://security.FreeBSD.org/patches/EN-22:28/heimdal.patch.asc +# gpg --verify heimdal.patch.asc + +d) Apply the additional patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +e) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart all daemons that use the Kerberos, or reboot the system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ d0b6550173d2 stable/13-n253097 +releng/13.1/ a1e014e89282 releng/13.1-n250170 +stable/12/ r372752 +releng/12.4/ r372755 +releng/12.3/ r372753 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> + +VII. References + +<URL:https://github.com/heimdal/heimdal/releases/tag/heimdal-7.8.0> + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14870> +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44758> +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3437> +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42898> +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44640> + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=267827> +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-22:28.heimdal.asc> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-22:14.heimdal.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmOGlpAACgkQ05eS9J6n +5cJFGQ//TbsJox2faNwQaBoQy/gFSP6TgauZTZJR5A5Y6bRMcvkNJyl3KIM2XlWD +W+lJlxL7kERjv9zD6iI8rns4+FOO2p9f4ICZsWy88ABQrmpuz2N22MSd8NyXeRv0 +30HyftaUMZdAPHVk5Piu7l3U6S4tPiO1BZEoMucG8cby1eWlPMtuH3K/0/CLZmPc +F8U+oRDwB5KnZgP39JmvejvGoXik1lhCrvaLZ5fG1QEmyb1xtjHfT+QSkh9FWLxz +jrHfwgpZFERprpMzqZAicbinV/LjZMfEbckJygzGNzSTTPD+uqT/jDmY+iHnkdF1 +Lw9R8pJoJIpvckRrPLQIOZZuz/Xd4FRB7Gc/q4/x4HTP/8y/x1uKZmcbrh86W9xu +9jCLMgpqETEjHhqADX7Z4+7oxhCPmgSJP8dX5o0HvORs4bqqxbkLqkCsp8QXdcES +vftJGgpt1IPO8MBcr4pG6+cEcZQuk7qX0/D3PArxLkwU2coimP2MmjxyeWBX5GrI +zgdF2HiUYvuZXyt1FMgve+8JkS1RYEE+yPWeOJ5RnIuHnIaNTD81o1gIYuFL3ECb +UAREi6FYskzeJQ/W2ZRMwQPGMPDQI901+msfStjxgx92rKhxLW+rDsg0EUsApoOv +DzIaeCtOGCZMG/mLvVhOLYbqmFrHDbWy8cMoSti/lnx7OdLpnn4= +=L299 +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-22:15.ping.asc b/website/static/security/advisories/FreeBSD-SA-22:15.ping.asc new file mode 100644 index 0000000000..5c4224ec06 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-22:15.ping.asc @@ -0,0 +1,165 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-22:15.ping Security Advisory + The FreeBSD Project + +Topic: Stack overflow in ping(8) + +Category: core +Module: ping +Announced: 2022-11-29 +Credits: NetApp, Inc. +Affects: All supported versions of FreeBSD. +Corrected: 2022-11-29 22:56:33 UTC (stable/13, 13.1-STABLE) + 2022-11-29 23:00:43 UTC (releng/13.1, 13.1-RELEASE-p5) + 2022-11-29 22:57:16 UTC (stable/12, 12.4-STABLE) + 2022-11-29 23:19:09 UTC (releng/12.4, 12.4-RC2-p2) + 2022-11-29 23:16:17 UTC (releng/12.3, 12.3-RELEASE-p10) +CVE Name: CVE-2022-23093 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +0. Revision History + +v1.0 2022-11-29 -- Initial release +v1.1 2022-12-14 -- Corrected Credits and updated Impact section. + +I. Background + +ping(8) is a program that can be used to test reachability of a remote +host using ICMP messages. To send and receive ICMP messages, ping makes +use of raw sockets and therefore requires elevated privileges. To make +ping's functionality available to unprivileged users, it is installed +with the setuid bit set. When ping runs, it creates the raw socket +needed to do its work, and then revokes its elevated privileges. + +II. Problem Description + +ping reads raw IP packets from the network to process responses in the +pr_pack() function. As part of processing a response ping has to +reconstruct the IP header, the ICMP header and if present a "quoted +packet," which represents the packet that generated an ICMP error. The +quoted packet again has an IP header and an ICMP header. + +The pr_pack() copies received IP and ICMP headers into stack buffers +for further processing. In so doing, it fails to take into account the +possible presence of IP option headers following the IP header in +either the response or the quoted packet. When IP options are present, +pr_pack() overflows the destination buffer by up to 40 bytes. + +III. Impact + +The memory safety bugs described above can be triggered by a remote +host, causing the ping program to crash. + +The ping process runs in a capability mode sandbox on all affected +versions of FreeBSD and is thus very constrained in how it can interact +with the rest of the system at the point where the bug can occur. + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-22:15/ping.patch +# fetch https://security.FreeBSD.org/patches/SA-22:15/ping.patch.asc +# gpg --verify ping.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 186f495d4be1 stable/13-n253187 +releng/13.1/ 66c7b53d9516 releng/13.1-n250172 +stable/12/ r372774 +releng/12.4/ r372778 +releng/12.3/ r372775 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23093> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-22:15.ping.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmOatTwACgkQ05eS9J6n +5cJuig/8DQ3kQmQN8R7W+tFrtYmA/tIQYs+t5Eenx2Qc3XynQOuk7KQTHv0mFWLJ +zEPy5fB8iwcZnR5ZDL2H5J3vJ2tBdukFMU/nGqIWeJEzIJa0G2/KriZFxz5QnJFQ +bJ/4IVWNPyW0G4jredOVtjOo1J3FuftNJ/cpcbcYM0/f+7WfmVxAwN7ngtV0DtMT +G+s883BsVXNNHOShqulGelIa1fAgTjP9N9cZyFwgW8sGmDtqswoUOcpLnSxkPrK9 +N06gNKPePhN47LUr02JVIQe+ERO5ss8bXQrSO1GNWt4tPynWYXfmiqDBmIjAdhIK +/gEbEnR/roD5qX86hr5sFqPe90hurrXRT0gNo6mrWVKVUTHsTjvr+DBWy8WlEhzM +e8SmJzK06rD1T9bjRnobzF3dD46VccdMYVdakFeAfwNa2bplmABWcGBAdCrwgOyU +qs+cv9DdAfyHVmniKZrsZWTC9KBsi+8hSqhsF5uR+J5hAynBt9rsCXig9lQaFojW +uzOaLsIwtrvjn977S/Smkq9vAMh0k4QuQgwZqZAZZTGpYHqEtDIho7sJfTO+vuPP +t4N23FnrMyK8sCiwweYI4hNHqPVwRGD/nvRadZYOgSLTLN5rZAi+JhJWXc7J5unE +ssgWSH/7mcxHbOT7aW6Rs40zCWkMcrgrp33fEBgXWwuStGOQ6jY= +=ADME +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-23:01.geli.asc b/website/static/security/advisories/FreeBSD-SA-23:01.geli.asc new file mode 100644 index 0000000000..01448c87c6 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-23:01.geli.asc @@ -0,0 +1,159 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-23:01.geli Security Advisory + The FreeBSD Project + +Topic: GELI silently omits the keyfile if read from stdin + +Category: core +Module: geli +Announced: 2023-02-08 +Credits: Nathan Dorfman <ndorf@rtfm.net> +Affects: All supported versions of FreeBSD. +Corrected: 2023-02-08 18:03:19 UTC (stable/13, 13.1-STABLE) + 2023-02-08 18:06:31 UTC (releng/13.1, 13.1-RELEASE-p6) + 2023-02-08 18:05:45 UTC (stable/12, 12.4-STABLE) + 2023-02-08 18:30:27 UTC (releng/12.4, 12.4-RELEASE-p1) + 2023-02-08 18:28:31 UTC (releng/12.3, 12.3-RELEASE-p11) +CVE Name: CVE-2023-0751 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +GELI is a block device-layer disk encryption utility. It uses a random +master key to perform symmetric cryptography on sectors. The master key is +encrypted using a user key, which might consist of up to two components: a +user passphrase and a key file. The key file might be read from a file or a +standard input. GELI also allows to initialization of multiple devices with +a single command. + +II. Problem Description + +When GELI reads a key file from a standard input, it doesn't store it +anywhere. If the user tries to initialize multiple providers at once, for +the second and subsequent devices the standard input stream will be already +empty. In this case, GELI silently uses a NULL key as the user key file. If +the user used only a key file without a user passphrase, the master key was +encrypted with an empty key file. This might not be noticed if the devices +were also decrypted in a batch operation. + +III. Impact + +Some GELI providers might be silently encrypted with a NULL key file. + +IV. Workaround + +On affected systems, instead of initializing GELI devices in a batch +operation, the recommended way is to do this operation on a single provider. + +V. Solution + +If the system already has the device initialized with a null key, the master +key has to be encrypted: +echo -n | geli setkey -k- -p -K /path/to/keyfile -P /dev/provider + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date, +and reboot. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-23:01/geli.patch +# fetch https://security.FreeBSD.org/patches/SA-23:01/geli.patch.asc +# gpg --verify geli.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 88bb08452ee3 stable/13-n254412 +releng/13.1/ 98933c7013a5 releng/13.1-n250179 +stable/12/ r372910 +releng/12.4/ r372917 +releng/12.3/ r372913 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0751> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-23:01.geli.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmPj8B8ACgkQbljekB8A +Gu8Q2g//WfBcATFcQsXQC/fO8oGa90pZl3+mBIBabMO7bMsZ3jzmsZM0DjEuztDM +sOY6g9ExN5Fmh4O6Mvg12FjtsbJwp/4KxsrfjG3F8aTKjTKTdbBqhDodwQwCL9ZF +u+qkNMrtdqFvigGqmCpKq6vC7kYx12NVFvr4X81kgBmwCOPUKlD351lnkQKv0C5B +G3HeLdQb7stMRcnHWcqOw7m98aRSU0gE2/9BAMqfvtVWboa6LrdF6PQVav8Lq417 +qh8Md71IAAWyFm8jcOtsX949KdtI1kcwDbVyuO5mT6TNFTuEu/lIx78/YpvGVZUt +1a7FAkiekr6c19xC01o6muc6E1XiwxO/vQMMwEsW9lv+N2fm4d7EGUP3nvFZTzgt +OOKVORcqEsdZj92/UDdUXsIFV7fja0t7rGUXhI/YTAtnOvESTvDkUzfNQ3fxIMcG +COFQdxJ0+P2oItMSeY2dlN8A/z41N6BqAilmg/LxuzZkCblC8q0JxLoAsAEydT4j +RHA7dTwFNeM+6kVluERX302l6JGogg6mB+o/O+vqKWfDrvEzv7CLHEGnBT6lcAkX +x1RQwXFd84fHwWXAffsUNKxrQe0QI+dbPcGH0YtHZntno1Azds3oVBAFa5nUcYVD +3A8ShP18hwkVLRyG9680fSD5cQwYKZpLuasujikLqnme/PkYDy4= +=6d7v +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-23:02.openssh.asc b/website/static/security/advisories/FreeBSD-SA-23:02.openssh.asc new file mode 100644 index 0000000000..7004d68e02 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-23:02.openssh.asc @@ -0,0 +1,151 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-23:02.openssh Security Advisory + The FreeBSD Project + +Topic: OpenSSH pre-authentication double free + +Category: contrib +Module: openssh +Announced: 2023-02-16 +Credits: Mantas Mikulenas +Affects: FreeBSD 12.4 +Corrected: 2023-02-08 21:06:22 UTC (stable/13, 13.2-STABLE) + 2023-02-08 21:07:30 UTC (stable/12, 12.4-STABLE) + 2023-02-16 18:04:07 UTC (releng/12.4, 12.4-RELEASE-p2) +CVE Name: CVE-2023-25136 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +0. Revision History + +v1.0 2023-02-16 -- Initial release +v1.1 2022-03-01 -- Corrected stable/13 Correction details + +I. Background + +OpenSSH is an implementation of the SSH protocol suite, providing an +encrypted and authenticated transport for a variety of services, +including remote shell access. + +II. Problem Description + +A flaw in the backwards-compatibility key exchange route allows a pointer +to be freed twice. + +III. Impact + +A remote, unauthenticated attacker may be able to cause a denial of service, +or possibly remote code execution. + +Note that FreeBSD 12.3 and FreeBSD 13.1 include older versions of OpenSSH, +and are not affected. FreeBSD 13.2-BETA1 and later include the fix. + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 12.4] +# fetch https://security.FreeBSD.org/patches/SA-23:02/openssh.patch +# fetch https://security.FreeBSD.org/patches/SA-23:02/openssh.patch.asc +# gpg --verify openssh.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart the applicable daemons, or reboot the system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 296ec8eae0c8 stable/13-n254414 +stable/12/ r372919 +releng/12.4/ r372938 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25136> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-23:02.openssh.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmQAFWYACgkQbljekB8A +Gu9QvA//fTfUZsc+p8ElVqCiVjvMukyLbIA9uPzGeUWoDOwB8ke1VMck8gwsBhTD +vEFpf8N79SXrZrYVcCjUtzrUbAIeCKpahnfiFL8TrZZx0oO20gqo0L01UFqJXJzz +954o6ddQ5G2z6Td3fT23ZdBD2iOD5iN7rEg7QEeRHGyhhC0qNcyZiT3icZin/dkR +h4ihCWsgtdI/amhYKaLtajAgV0X+Oibms6ANYGYdYAqeN1MSqMb0wrU5mj8iRVFO +vX6aBybcaKUbW1Hxh1zUR3h8Og1moNqJ6DzOP7PRqKp6bqCcupfT6ydZumWS4pvo +gYlaN8pU3T9EKmwMHqulcwI5ArGleYfaLso+gwpeL77Gb/rNXmVnGTv8ursfP/4k +sRoLmmdeM6Phla1dH5KJdDF7xZSWqeCoMCdLiZZ0K0sgwlOaqe/r/CAoM8CYWIjS +U76zjZmkzBTDsPa4REk37NXFBeB4UsPbNuORd7BuUyRPpmMVbV4DpyAxK8Sx8fzQ +bwZSSoHjnl3yaFIoCHrinlYlb7MiQSObD16bPrnbQCtPoi3lakYru+ywvkIRhGo5 +1R8xRhoxPKtPdFn+P59qrFZVfCd8TAEW5S/HlL/Mu2h9EyDAKfwVY9ak04MwScTY +OTgAd768GplUPZhsgOuwf4CYry/dXEIJ8O0SLh0MEuuuGBoVxjc= +=YxkN +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-23:03.openssl.asc b/website/static/security/advisories/FreeBSD-SA-23:03.openssl.asc new file mode 100644 index 0000000000..d953338970 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-23:03.openssl.asc @@ -0,0 +1,222 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-23:03.openssl Security Advisory + The FreeBSD Project + +Topic: Multiple vulnerabilities in OpenSSL + +Category: contrib +Module: openssl +Announced: 2023-02-16 +Credits: See referenced OpenSSL advisory. +Affects: All supported versions of FreeBSD. +Corrected: 2023-02-07 22:38:40 UTC (stable/13, 13.1-STABLE) + 2023-02-16 17:58:13 UTC (releng/13.1, 13.1-RELEASE-p7) + 2023-02-07 23:09:41 UTC (stable/12, 12.4-STABLE) + 2023-02-16 18:04:12 UTC (releng/12.4, 12.4-RELEASE-p2) + 2023-02-16 18:03:37 UTC (releng/12.3, 12.3-RELEASE-p12) +CVE Name: CVE-2023-0286, CVE-2023-0215, CVE-2022-4450, CVE-2022-4304 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a +collaborative effort to develop a robust, commercial-grade, full-featured +Open Source toolkit for the Transport Layer Security (TLS) protocol. It is +also a general-purpose cryptography library. + +II. Problem Description + +* X.400 address type confusion in X.509 GeneralName (CVE-2023-0286) + +There is a type confusion vulnerability relating to X.400 address processing +inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but +the public structure definition for GENERAL_NAME incorrectly specified the type +of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by +the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an +ASN1_STRING. + +* Timing Oracle in RSA Decryption (CVE-2022-4304) + +A timing based side channel exists in the OpenSSL RSA Decryption +implementation. + +* Use-after-free following BIO_new_NDEF (CVE-2023-0215) + +The public API function BIO_new_NDEF is a helper function used for streaming +ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support +the SMIME, CMS and PKCS7 streaming capabilities, but may also be called +directly by end user applications. + +The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter +BIO onto the front of it to form a BIO chain, and then returns the new head +of the BIO chain to the caller. Under certain conditions, for example if a +CMS recipient public key is invalid, the new filter BIO is freed and the +function returns a NULL result indicating a failure. However, in this case, +the BIO chain is not properly cleaned up and the BIO passed by the caller +still retains internal pointers to the previously freed filter BIO. + +* Double free after calling PEM_read_bio_ex (CVE-2022-4450) + +The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and +decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload +data. If the function succeeds then the "name_out", "header" and "data" +arguments are populated with pointers to buffers containing the relevant +decoded data. The caller is responsible for freeing those buffers. It is +possible to construct a PEM file that results in 0 bytes of payload data. In +this case PEM_read_bio_ex() will return a failure code but will populate the +header argument with a pointer to a buffer that has already been freed. + +III. Impact + +* X.400 address type confusion in X.509 GeneralName (CVE-2023-0286) + +When CRL checking is enabled (i.e. the application sets the +X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass +arbitrary pointers to a memcmp call, enabling them to read memory contents or +enact a denial of service. In most cases, the attack requires the attacker to +provide both the certificate chain and CRL, neither of which need to have a +valid signature. If the attacker only controls one of these inputs, the other +input must already contain an X.400 address as a CRL distribution point, which +is uncommon. As such, this vulnerability is most likely to only affect +applications which have implemented their own functionality for retrieving CRLs +over a network. + +* Timing Oracle in RSA Decryption (CVE-2022-4304) + +A timing based side channel exists in the OpenSSL RSA Decryption implementation +which could be sufficient to recover a plaintext across a network in a +Bleichenbacher style attack. To achieve a successful decryption an attacker +would have to be able to send a very large number of trial messages for +decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, +RSA-OEAP and RSASVE. + +* Use-after-free following BIO_new_NDEF (CVE-2023-0215) + +A use-after-free will occur under certain conditions. This will most likely +result in a crash. + +* Double free after calling PEM_read_bio_ex (CVE-2022-4450) + +A double free may occur. This will most likely lead to a crash. This could be +exploited by an attacker who has the ability to supply malicious PEM files +for parsing to achieve a denial of service attack. + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-23:03/openssl.patch +# fetch https://security.FreeBSD.org/patches/SA-23:03/openssl.patch.asc +# gpg --verify openssl.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart all daemons that use the library, or reboot the system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 0904c29a0a11 stable/13-n254398 +releng/13.1/ e237b128e080 releng/13.1-n250181 +stable/12/ r372906 +releng/12.4/ r372939 +releng/12.3/ r372936 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> + +VII. References + +<URL:https://www.openssl.org/news/secadv/20230207.txt> +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286> +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215> +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450> +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304> + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-23:03.openssl.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmPucZwACgkQbljekB8A +Gu9HjQ//Re9YWzj2N2OaIbEljpogMIUxDzltPdCk+v6SODdiMh2ZesKojEHv9u3G +3pFkJxzvqPX1BID8S7arZHnHUTeDKGq+eJef+q6gVmSA7F92l9eAK9UhTgeV5CDT +VzFijM225KzFWA6VeD5pUtnCxze+Cor1y/XHAFPU1Ld5O+Tiem+vpN3OQt/hRlxI +3YC2zOKbpZiXX0vAiSsJw4r31yLqbY97Lmu3ccEAnKSNagkuFzuXyCSHroOPrIuB +zvNmFK6Brv6hnG+yucqdGi2g21oIW2i/UhObohCcxnUXBIa6xAbVVoiEy+fmutXx +T0JAOR75GqMuBUv4B4OT32cVkhZZJqWzSmeDed28cr5J3fWov+z7iePTezcFVMKj +gY3G5Awm41Qg6zjVqxZdj5n56yFSUgD63ZN0MKBPy8VDgSOv9vQzVR12/XyGOQrv +LnMtwtiI1qAoLiHXBLhrUOqrYw/WABHGNJVIVer4dzZCXw3VUqqxluqsUw0r5h9A +J9Ox1zcTV3N6wTHeVwUsScwjANg5dfQ2xnDZHWsPwPJuyCCiDXx8X7D13ACkHYVS +3MqvRC4+wZTNttp3jH1JINe0CE7Z/euLDtPUdM3/xD/+mtO9g9ADg+GHkF5Tief2 +i+AAWY/igHC1jQiXvmdFHf3IddxLoyhJAL5MiPxyTwAErR/8Xwc= +=G1z4 +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-23:04.pam_krb5.asc b/website/static/security/advisories/FreeBSD-SA-23:04.pam_krb5.asc new file mode 100644 index 0000000000..821ec26fbf --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-23:04.pam_krb5.asc @@ -0,0 +1,187 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-23:04.pam_krb5 Security Advisory + The FreeBSD Project + +Topic: Network authentication attack via pam_krb5 + +Category: core +Module: pam_krb5 +Announced: 2023-06-21 +Credits: Taylor R Campbell <riastradh@NetBSD.org> +Affects: All supported versions of FreeBSD +Corrected: 2023-06-21 05:25:18 UTC (stable/13, 13.2-STABLE) + 2023-06-21 05:27:12 UTC (releng/13.2, 13.2-RELEASE-p1) + 2023-06-21 05:27:22 UTC (releng/13.1, 13.1-RELEASE-p8) + 2023-06-21 05:27:27 UTC (stable/12, 12.4-STABLE) + 2023-06-21 05:43:39 UTC (releng/12.4, 12.4-RELEASE-p3) +CVE Name: CVE-2023-3326 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +Note: This advisory has been supplemented by FreeBSD-SA-23:09.pam_krb5. +Please refer to +https://security.FreeBSD.org/advisories/FreeBSD-SA-23:09.pam_krb5.asc +for more information. + +I. Background + +Kerberos 5 (krb5) is a computer-network authentication protocol that works on +the basis of tickets to allow nodes communicating over a non-secure network +to prove their identity to one another in a secure manner. + +The PAM (Pluggable Authentication Modules) library provides a flexible +framework for user authentication and session setup / teardown. + +pam_krb5 is a PAM module that allows using a Kerberos password to +authenticate the user. pam_krb5 is disabled in the default FreeBSD +installation. + +pam_krb5 uses passwords for authentication, which is distinct from +Kerberos native protocols like GSSAPI, which allows for login without the +exchange of passwords. GSSAPI is not affected by this issue. + +II. Problem Description + +pam_krb5 authenticates the user by essentially running kinit(1) with the +password, getting a `ticket-granting ticket' (tgt) from the Kerberos KDC (Key +Distribution Center) over the network, as a way to verify the password. + +Normally, the system running the pam_krb5 module will also have a keytab, a +key provisioned by the KDC. The pam_krb5 module will use the tgt to get a +service ticket and validate it against the keytab, ensuring the tgt is valid +and therefore, the password is valid. + +However, if a keytab is not provisioned on the system, pam_krb5 has no way to +validate the response from the KDC, and essentially trusts the tgt provided +over the network as being valid. + +III. Impact + +In a non-default FreeBSD installation that leverages pam_krb5 for +authentication and does not have a keytab provisioned, an attacker that is +able to control both the password and the KDC responses can return a valid +tgt, allowing authentication to occur for any user on the system. + +IV. Workaround + +If you are not using Kerberos at all, ensure /etc/krb5.conf is missing from +your system. Additionally, ensure pam_krb5 is commented out of your PAM +configuration located as documented in pam.conf(5), generally /etc/pam.d. +Note, the default FreeBSD PAM configuration has pam_krb5 commented out. + +If you are using Kerberos, but not using pam_krb5, ensure pam_krb5 is +commented out of your PAM configuration located as documented in pam.conf(5), +generally /etc/pam.d. Note, the default FreeBSD PAM configuration has +pam_krb5 commented out. + +If you are using pam_krb5, ensure you have a keytab on your system as +provided by your Kerberos administrator. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-23:04/pam_krb5.patch +# fetch https://security.FreeBSD.org/patches/SA-23:04/pam_krb5.patch.asc +# gpg --verify pam_krb5.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart all daemons that use the PAM module, or reboot the system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 6322a6c9daaa stable/13-n255613 +releng/13.2/ 58d21e3e8e56 releng/13.2-n254620 +releng/13.1/ 07e3f54f2ea1 releng/13.1-n250186 +stable/12/ r373100 +releng/12.4/ r373103 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3326> + +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-23:09.pam_krb5.asc> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-23:04.pam_krb5.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmTJi1kACgkQbljekB8A +Gu9IPw//cnm4e+rywSXhDow4ilX3oa3kLbApaol5lJshrBv1wiwaDTkymRJX4au4 +kqJlGlUIduLQmUqCUOygkE6VdTa8dJdstVCQm4UYm1+jEu89hzNc6tyAAZ7NdYRn +FV3ttVQF/DHQthiiryyFPd6rcuW1qTFuHhEHDxaXBjzy6DCE5M9d82gitPgEhCNb +bEx0/8OIxg/5KA3qTbk1ow9CgsRjZviCMeq8Ky/4DrQf0ROZG092MMG8yzz9r6LZ +yKlB57YEvW15Ie3xewmJ5IxO3styUhrklHePsbyBa6bU1aj1J76jfet/lD7cOPqQ +r98Gmt5+iTY22EeuNEzjt4F02car+AyXgPzhw9k2DVXLRcBX4Zi9QO+SIeEykzlg +Lgvrkj5dPpOLujOXvMa3hynb4VoYnBc6MT6LBndSx2cpdDUtllYVshPSFUByq9Vm +6kDdsyaPG17Wb+D2ja90hMfowmZG1Qpbt/JfPl2yHekRusVQ4FdMjeHYp5fMuBom +/JVC8Uh4ZJ1uM6ypqgyA+4else/I0gHjO+6kdeDm/LWEgZs75mCA6cGdmSdqiO+L +rtzIN9fhr8BqdJH4kry3LyXdwiUes0cTxvgvgRUaGE6zU03CydWNCqoGC8MJOwgs +6zlvvhQHr/K0f9nJeIAUzEVW/EczRze59Vp7eyEqWgFFRXaNbqw= +=HVWl +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-23:05.openssh.asc b/website/static/security/advisories/FreeBSD-SA-23:05.openssh.asc new file mode 100644 index 0000000000..a989e564f4 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-23:05.openssh.asc @@ -0,0 +1,124 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-23:05.openssh Security Advisory + The FreeBSD Project + +Topic: ssh-add does not honor per-hop destination constraints + +Category: contrib +Module: openssh +Announced: 2023-06-21 +Credits: Luci Stanescu +Affects: FreeBSD 12.4 +Corrected: 2023-06-05 16:04:15 UTC (stable/12, 12.4-STABLE) + 2023-06-21 05:43:42 UTC (releng/12.4, 12.4-RELEASE-p3) +CVE Name: CVE-2023-28531 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +OpenSSH is an implementation of the SSH protocol suite, providing an +encrypted and authenticated transport for a variety of services, including +remote shell access. + +II. Problem Description + +When using ssh-add(1) to add smartcard keys to ssh-agent(1) with per-hop +destination constraints, a logic error prevented the constraints from being +sent to the agent resulting in keys being added to the agent without +constraints. + +III. Impact + +A malicious server could leverage the keys provided by a forwarded agent that +would normally not be allowed due to the logic error. + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-23:05/openssh.patch +# fetch https://security.FreeBSD.org/patches/SA-23:05/openssh.patch.asc +# gpg --verify openssh.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/12/ r373093 +releng/12.4/ r373104 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=271839> + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28531> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-23:05.openssh.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmSSkl8ACgkQbljekB8A +Gu+p6Q//YJCvfTB82/cs++ok7D/bKGdwq5rvf9CaNMPrvEp7eVvzlTTDtxO6fU1P +eT9IZNSBxQHQEnbDyhN0kiTSp+cumGUl44azMwXrHmatN8SZ0FJ/SwEF/VIkxLq5 +suHmWh+E2JYdEKfBahjYiO6WJRL/WnKUGPkoDwcqszMyVEVcWh1Jr7nd8VmAJL54 +Q5IADSZYpZHJTgdKM/jwkI0yUdsm3qRdMpfnHrNRHUoo84JIpr69bKAISwRF/w5m +AgSFrV/0fW4EEqN0roXip6fyM3BlpOI8BjBE0V6mlPOkwxqzGvM7GwuEMGbxRWEj +pBv00Kqr0wdDmwge2EFaPLnd1wlB9dvy3+Z4GN2bmdwtM+tW5PXUgZ4iiKaD9/yK +Xf4dvSX8vs0IS4Rbk6e/MdZQHDXSzEFxPYz/a1PK/mMPVVeyyzCrQ8/66qUF5Uht +grItkiiD+20c/7SEoy7Tj/sDfYpohHYcUbFRxtFp4RlMBZtUgpUwSrvipixb/iKd +JkwUHrN5y6ct/oep7FiiGkHmQ3krXn6o5X4JiDf4JjoqbhPQLWMWdmLI+EeHOTcs +EtN2JUHK+uVnMoKIOY12D9EzbMH/haBAmHSldXyk/pkxxz0OrSKytjXuYQMo9ooG +wlwKMhEOMU6Jhb0YX4nR4jnKEtUx73/i08GBAV7tUuu5he0q6/I= +=8fxE +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-23:06.ipv6.asc b/website/static/security/advisories/FreeBSD-SA-23:06.ipv6.asc new file mode 100644 index 0000000000..77b3701de3 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-23:06.ipv6.asc @@ -0,0 +1,171 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-23:06.ipv6 Security Advisory + The FreeBSD Project + +Topic: Remote denial of service in IPv6 fragment reassembly + +Category: core +Module: ipv6 +Announced: 2023-08-01 +Credits: Zweig of Kunlun Lab +Affects: All supported versions of FreeBSD +Corrected: 2023-08-01 19:49:07 UTC (stable/13, 13.2-STABLE) + 2023-08-01 19:51:27 UTC (releng/13.2, 13.2-RELEASE-p2) + 2023-08-01 19:49:52 UTC (releng/13.1, 13.1-RELEASE-p9) + 2023-08-01 20:05:08 UTC (stable/12, 12.4-STABLE) + 2023-08-01 20:05:42 UTC (releng/12.4, 12.4-RELEASE-p4) +CVE Name: CVE-2023-3107 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +IPv6 packets may be fragmented in order to accommodate the maximum +transmission unit (MTU) of the network path between the source and +destination hosts. The FreeBSD kernel keeps track of received packet +fragments and will reassemble the original packet once all fragments +have been received, at which point the packet is processed normally. + +II. Problem Description + +Each fragment of an IPv6 packet contains a fragment header which +specifies the offset of the fragment relative to the original packet, +and each fragment specifies its length in the IPv6 header. When +reassembling the packet, the kernel calculates the complete IPv6 payload +length. The payload length must fit into a 16-bit field in the IPv6 +header. + +Due to a bug in the kernel, a set of carefully crafted packets can +trigger an integer overflow in the calculation of the reassembled +packet's payload length field. + +III. Impact + +Once an IPv6 packet has been reassembled, the kernel continues +processing its contents. It does so assuming that the fragmentation +layer has validated all fields of the constructed IPv6 header. This bug +violates such assumptions and can be exploited to trigger a remote +kernel panic, resulting in a denial of service. + +IV. Workaround + +Users with IPv6 disabled on untrusted network interfaces are not +affected. Such interfaces will have the IFDISABLED nd6 flag set in +ifconfig(8). + +The kernel may be configured to drop all IPv6 fragments by setting the +net.inet6.ip6.maxfrags sysctl to 0. Doing so will prevent the bug from +being triggered, with the caveat that legitimate IPv6 fragments will +be dropped. + +If the pf(4) firewall is enabled, and scrubbing and fragment reassembly +is enabled on untrusted interfaces, the bug cannot be triggered. This +is the default if pf(4) is enabled. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date and +reboot. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-23:06/ipv6.patch +# fetch https://security.FreeBSD.org/patches/SA-23:06/ipv6.patch.asc +# gpg --verify ipv6.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 9515f04fe3b1 stable/13-n255919 +releng/13.2/ da38eaca4a22 releng/13.2-n254626 +releng/13.1/ 4e548c72914a releng/13.1-n250191 +stable/12/ r373149 +releng/12.4/ r373152 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3107> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-23:06.ipv6.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmTJdsAACgkQbljekB8A +Gu8rERAA2iGzA4ydDrYsKnNGXMtQEXRIkGOPOkCSB1fC6CGIWLD//XuPw7sISPNu +vvt0DVlkOC/ZKjgUQVWDLHd/DWcEv6prhhCUEPEQ57nwvgfa9/oZNqF0ZvVgdyst +OUc7wO3Pt9lAp6fPkay0LGmsHLlgRJR1VqUQ6fnWvJ7jRllsvIdjxr8krIwYyyVn +E7U8+lBYoBmQLMql0jgiQ3S4FZ5kYX6MN9r2I1/nSQdE6IUOiqL0oux9H2PDTz3r +mx9nYSrsd0WPNVO7n7GRnk48STwJryJNdY7tCZOUGsmOOtQAnXvF/ZYDQOMK1L66 +4d5XFVXTwYdHDwDbXMPCCqa+MsZyjrgz8NmNzcto1l0mClz1SGNW9MKmxTKU7op/ +dNTjziffvwxZefpFPv+r9ZEyJpPe1rcNgOskJFW4DVq0uNSaujPkHE77hkE93ozF +ScDErtexPV+OEQyqGTgO4MxTjlk2l9DZGFVrLl+8Js1sFfLXlReGHLA2xtDtxJL0 +mLo1WtKq8Oq3XPBdU0UoAw3Wlp+BOZ7cY5AVk7IY5zU0T2jQP636QgzX33ZTynkD +oLtFufJBOWMSPNx9bTFautEoNsivtKcOl3XWEKKgEqt4b+9h6VGU0tFjfRuozjxJ +QAaYf0qXk9kfHp4EdHj4CeSoeZKgHCExJxpfX54qBGH/TY3Dd4c= +=V/jE +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-23:07.bhyve.asc b/website/static/security/advisories/FreeBSD-SA-23:07.bhyve.asc new file mode 100644 index 0000000000..770be95081 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-23:07.bhyve.asc @@ -0,0 +1,148 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-23:07.bhyve Security Advisory + The FreeBSD Project + +Topic: bhyve privileged guest escape via fwctl + +Category: core +Module: bhyve +Announced: 2023-08-01 +Credits: Omri Ben Bassat and Vladimir Eli Tokarev from Microsoft +Affects: FreeBSD 13.1 and 13.2 +Corrected: 2023-08-01 19:48:53 UTC (stable/13, 13.2-STABLE) + 2023-08-01 19:50:47 UTC (releng/13.2, 13.2-RELEASE-p2) + 2023-08-01 19:48:26 UTC (releng/13.1, 13.1-RELEASE-p9) +CVE Name: CVE-2023-3494 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +bhyve(8)'s fwctl interface provides a mechanism through which guest +firmware can query the hypervisor for information about the virtual +machine. The fwctl interface is available to guests when bhyve is run +with the "-l bootrom" option, used for example when booting guests in +UEFI mode. + +bhyve is currently only supported on the amd64 platform. + +II. Problem Description + +The fwctl driver implements a state machine which is executed when the +guest accesses certain x86 I/O ports. The interface lets the guest copy +a string into a buffer resident in the bhyve process' memory. A bug in +the state machine implementation can result in a buffer overflowing when +copying this string. + +III. Impact + +A malicious, privileged software running in a guest VM can exploit the +buffer overflow to achieve code execution on the host in the bhyve +userspace process, which typically runs as root. Note that bhyve runs +in a Capsicum sandbox, so malicious code is constrained by the +capabilities available to the bhyve process. + +IV. Workaround + +No workaround is available. bhyve guests that are executed without the +"-l bootrom" option are unaffected. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +Restart all affected virtual machines. + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 13.2] +# fetch https://security.FreeBSD.org/patches/SA-23:07/bhyve.13.2.patch +# fetch https://security.FreeBSD.org/patches/SA-23:07/bhyve.13.2.patch.asc +# gpg --verify bhyve.13.2.patch.asc + +[FreeBSD 13.1] +# fetch https://security.FreeBSD.org/patches/SA-23:07/bhyve.13.1.patch +# fetch https://security.FreeBSD.org/patches/SA-23:07/bhyve.13.1.patch.asc +# gpg --verify bhyve.13.1.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart all affected virtual machines. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 9fe302d78109 stable/13-n255918 +releng/13.2/ 2bae613e0da3 releng/13.2-n254625 +releng/13.1/ 87702e38a4b4 releng/13.1-n250190 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3494> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-23:07.bhyve.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmTJdsIACgkQbljekB8A +Gu8Q1Q/7BFw5Aa0cFxBzbdz+O5NAImj58MvKS6xw61bXcYr12jchyT6ENC7yiR+K +qCqbe5TssRbtZ1gg/94gSGEXccz5OcJGxW+qozhcdPUh2L2nzBPkMCrclrYJfTtM +cnmQKjg/wFZLUVr71GEM95ZFaktlZdXyXx9Z8eBzow5rXexpl1TTHQQ2kZZ41K4K +KFhup91dzGCIj02cqbl+1h5BrXJe3s/oNJt5JKIh/GBh5THQu9n6AywQYl18HtjV +fMb1qRTAS9WbiEP5QV2eEuOG86ucuhytqnEN5MnXJ2rLSjfb9izs9HzLo3ggy7yb +hN3tlbfIPjMEwYexieuoyP3rzKkLeYfLXqJU4zKCRnIbBIkMRy4mcFkfcYmI+MhF +NPh2R9kccemppKXeDhKJurH0vsetr8ti+AwOZ3pgO21+9w+mjE+EfaedIi+JWhip +hwqeFv03bAQHJdacNYGV47NsJ91CY4ZgWC3ZOzBZ2Y5SDtKFjyc0bf83WTfU9A/0 +drC0z3xaJribah9e6k5d7lmZ7L6aHCbQ70+aayuAEZQLr/N1doB0smNi0IHdrtY0 +JdIqmVX+d1ihVhJ05prC460AS/Kolqiaysun1igxR+ZnctE9Xdo1BlLEbYu2KjT4 +LpWvSuhRMSQaYkJU72SodQc0FM5mqqNN42Vx+X4EutOfvQuRGlI= +=MlAY +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-23:08.ssh.asc b/website/static/security/advisories/FreeBSD-SA-23:08.ssh.asc new file mode 100644 index 0000000000..37d9c0df7f --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-23:08.ssh.asc @@ -0,0 +1,167 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-23:08.ssh Security Advisory + The FreeBSD Project + +Topic: Potential remote code execution via ssh-agent forwarding + +Category: contrib +Module: OpenSSH +Announced: 2023-08-01 +Credits: Qualys +Affects: All supported versions of FreeBSD. +Corrected: 2023-07-21 14:41:41 UTC (stable/13, 13.2-STABLE) + 2023-08-01 19:50:47 UTC (releng/13.2, 13.2-RELEASE-p2) + 2023-08-01 19:48:26 UTC (releng/13.1, 13.1-RELEASE-p9) + 2023-07-21 16:25:51 UTC (stable/12, 12.4-STABLE) + 2023-08-01 19:47:00 UTC (releng/12.4, 12.4-RELEASE-p4) +CVE Name: CVE-2023-38408 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +ssh-agent is a program to hold private keys used for OpenSSH public key +authentication. Connections to ssh-agent may be forwarded from further +remote hosts using the -A option to ssh. The server to which the ssh-agent +connection is forwarded may cause the ssh-agent process to load (and unload) +operating system-provided shared libraries to support the addition and +deletion of PKCS#11 keys. + +II. Problem Description + +The server may cause ssh-agent to load shared libraries other than those +required for PKCS#11 support. These shared libraries may have side effects +that occur on load and unload (dlopen and dlclose). + +III. Impact + +An attacker with access to a server that accepts a forwarded ssh-agent +connection may be able to execute code on the machine running ssh-agent. +Note that the attack relies on properties of operating system-provided +libraries. This has been demonstrated on other operating systems; it is +unknown whether this attack is possible using the libraries provided by +a FreeBSD installation. + +IV. Workaround + +Avoid using ssh-agent forwarding, or start ssh-agent with an empty +PKCS#11/FIDO allowlist (ssh-agent -P '') or by configuring an allowlist that +contains only specific provider libraries. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date and +restart any ssh sessions using ssh-agent forwarding. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 13.2] +# fetch https://security.FreeBSD.org/patches/SA-23:08/ssh.13.2.patch +# fetch https://security.FreeBSD.org/patches/SA-23:08/ssh.13.2.patch.asc +# gpg --verify ssh.13.2.patch.asc + +[FreeBSD 13.1] +# fetch https://security.FreeBSD.org/patches/SA-23:08/ssh.13.1.patch +# fetch https://security.FreeBSD.org/patches/SA-23:08/ssh.13.1.patch.asc +# gpg --verify ssh.13.1.patch.asc + +[FreeBSD 12.4] +# fetch https://security.FreeBSD.org/patches/SA-23:08/ssh.12.4.patch +# fetch https://security.FreeBSD.org/patches/SA-23:08/ssh.12.4.patch.asc +# gpg --verify ssh.12.4.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. +Restart all ssh sessions that use ssh-agent forwarding, or reboot. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ d578a19e2cd3 stable/13-n255848 +releng/13.2/ 20bcfc33d3f2 releng/13.2-n254624 +releng/13.1/ 3d3a1cbfd7a2 releng/13.1-n250189 +stable/12/ r373142 +releng/12.4/ r373151 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38408> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-23:08.ssh.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmTJdsUACgkQbljekB8A +Gu9M3A//ftE38dmRBx//0dm0sY6Pb++OprS7SKkm/dPlv2ywFMrUOZJl47pcfEuJ +h+jeHOMWzQJYwSQBxPii/PbJRbxd4w4c0pjLDKXO3fc74anmuLQh7b8DLip6jQ/S +C4LM11e0lGfxwJmrQl49r8eKkm4ta+TOn+IoSzGzsYUYkpqX3jpBuP/yhFvueXO7 +9ZaXCIsg99/tZvXU34b4ZA5t3vVjkAhtbV9HSAza0RnM4ZFJnXJoZbheVMgp63qp +yg2pieDnA5U/c1exC8joRQoiyXtSZjmq2+8e4HYXc9+LZvWr+/fyfBXO6BXn4hmU +KSB6t2aldvB0ywWEbge+mM9I+h0jPKHNo/HsAwwF4gKfLqzZ1XNLnHC+LVTTe0cD +lNHw6kBgH9qx4oLBXg8fZwxtPGv5qvSjC4qisDWi/BMDeVsTfr8wa+LoKHIp0KOH +AnhuNKs1/TYpyHZfa2l7OfvSc70jSGYyG6Flcr5lYrhfDnXEFR6En4qbRLjIS6GA ++8otM6AyuLLiwfaLdha2G9scuA/RUfyixB7AAhrFrxJPBQypC/kIi+lF0TKmEx69 +Q2TlWktN/zzHzPJLafor5g9W9dft2Kt4T8hHsmQVwwwN58l3Q49FSrKAib5Agv66 +1QuQDP5hhsq7VISG81ZzMZbgvhNgCM5EPjggZ65Qrk9/NCyWhOw= +=scNH +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-23:09.pam_krb5.asc b/website/static/security/advisories/FreeBSD-SA-23:09.pam_krb5.asc new file mode 100644 index 0000000000..9d40ed76db --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-23:09.pam_krb5.asc @@ -0,0 +1,166 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-23:09.pam_krb5 Security Advisory + The FreeBSD Project + +Topic: Network authentication attack via pam_krb5 + +Category: core +Module: pam_krb5 +Announced: 2023-08-01 +Affects: All supported versions of FreeBSD +Corrected: 2023-07-08 05:44:29 UTC (stable/13, 13.2-STABLE) + 2023-08-01 19:50:30 UTC (releng/13.2, 13.2-RELEASE-p2) + 2023-08-01 19:48:09 UTC (releng/13.1, 13.1-RELEASE-p9) + 2023-07-08 05:44:51 UTC (stable/12, 12.4-STABLE) + 2023-08-01 19:46:53 UTC (releng/12.4, 12.4-RELEASE-p4) +CVE Name: CVE-2023-3326 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +Kerberos 5 (krb5) is a computer-network authentication protocol that works on +the basis of tickets to allow nodes communicating over a non-secure network +to prove their identity to one another in a secure manner. + +The PAM (Pluggable Authentication Modules) library provides a flexible +framework for user authentication and session setup / teardown. + +pam_krb5 is a PAM module that allows using a Kerberos password to +authenticate the user. pam_krb5 is disabled in the default FreeBSD +installation. + +pam_krb5 uses passwords for authentication, which is distinct from +Kerberos native protocols like GSSAPI, which allows for login without the +exchange of passwords. GSSAPI is not affected by this issue. + +II. Problem Description + +The problem detailed in FreeBSD-SA-23:04.pam_krb5 persisted following +the patch for that advisory. + +III. Impact + +The impact described in FreeBSD-SA-23:04.pam_krb5 persists. + +IV. Workaround + +If you are not using Kerberos at all, ensure /etc/krb5.conf is missing from +your system. Additionally, ensure pam_krb5 is commented out of your PAM +configuration located as documented in pam.conf(5), generally /etc/pam.d. +Note, the default FreeBSD PAM configuration has pam_krb5 commented out. + +If you are using Kerberos, but not using pam_krb5, ensure pam_krb5 is +commented out of your PAM configuration located as documented in pam.conf(5), +generally /etc/pam.d. Note, the default FreeBSD PAM configuration has +pam_krb5 commented out. + +If you are using pam_krb5, ensure you have a keytab on your system as +provided by your Kerberos administrator. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-23:09/pam_krb5.patch +# fetch https://security.FreeBSD.org/patches/SA-23:09/pam_krb5.patch.asc +# gpg --verify pam_krb5.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart all daemons that use the PAM module, or reboot the system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ d295e418ae7e stable/13-n255792 +releng/13.2/ 9b45d8eddfac releng/13.2-n254622 +releng/13.1/ 140f65a20533 releng/13.1-n250188 +stable/12/ r373127 +releng/12.4/ r373150 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3326> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-23:09.pam_krb5.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmTJdskACgkQbljekB8A +Gu9QjQ/7BlRQJGHtf/tljjCbzVKAOTcknk/d2VncZ4dDidsHWgO4umaYIrQzYxX0 +1mBtLEPZ7vHt2t4IC4NZ1FP7wrdLNDWCfHcKlP9p9tCzhh2zQXgv6NHbruUTMtJX +/LN+fxdOcRo++23ae0ohaBUwFVo69/nel0KnSq3QOeSwzJdvaW9cggimOK96pvB1 +QXsqJvb9uBZGdv0yufZ4xJ174xDVnchBY/wvLx2qSdAsXGPO6ihvoeJHFJ7JAYLP +JYtEAKkgHnkDtG9cw9DQigskwr8VC0x8J+9JG5H4zTXtzofng4pFD7+LBDhozoPy +FRGi5IfWA4VkeQYDaMB9mE37R333PpKFfJZWF8cwOyeLXNTTUvtPEu2k0DRvljqs +6lmKcqNLJMbbHa7jIDwdYs5wrSqXJuKOD0Fsj/QScfqWphK86oz6VBdft71A+g55 +D9QFVoXZ2kYTdJ3mMvcKPCdsnixVdtIaaTQ+Embeu2dnMUemc9xsRiPNp18a5y1a +EgLJ5WHIVJoCjte7HROnPKN6IeB7G/laPeewpoO8AJqL46Z+Ch0PMJacYLhNp5fn +9rDnJkurJBa4hqii05MztQvhvaoJyy1WFQbObrzfNQI7Hl+EtMb8dlP09qsiWeGq +27gca8AB1KaMbG+Wwc92n1cn8ZSiF6WT0cV/+Cx3lYuIbmMgnBU= +=eKnj +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-23:10.pf.asc b/website/static/security/advisories/FreeBSD-SA-23:10.pf.asc new file mode 100644 index 0000000000..cefc0c5999 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-23:10.pf.asc @@ -0,0 +1,164 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-23:10.pf Security Advisory + The FreeBSD Project + +Topic: pf incorrectly handles multiple IPv6 fragment headers + +Category: core +Module: pf +Announced: 2023-09-06 +Credits: Enrico Bassetti bassetti@di.uniroma1.it + (NetSecurityLab @ Sapienza University of Rome) +Affects: All supported versions of FreeBSD. +Corrected: 2023-08-04 14:08:05 UTC (stable/13, 13.2-STABLE) + 2023-09-06 16:58:39 UTC (releng/13.2, 13.2-RELEASE-p3) + 2023-08-04 14:14:08 UTC (stable/12, 12.4-STABLE) + 2023-09-06 17:38:31 UTC (releng/12.4, 12.4-RELEASE-p5) +CVE Name: CVE-2023-4809 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +pf is an Internet Protocol packet filter originally written for OpenBSD. +pf can reassemble fragmented IPv6 packets in order to apply rules on the +reassembled packet. This allows pf to filter based on the upper layer +protocol (e.g. TCP, UDP) information. + +IPv6 packets may be fragmented by the originating node, and will then contain +a fragment extension header. An IPv6 packet will normally contain only one +fragment extension header. + + +II. Problem Description + +With a 'scrub fragment reassemble' rule, a packet containing multiple IPv6 +fragment headers would be reassembled, and then immediately processed. That +is, a packet with multiple fragment extension headers would not be recognized +as the correct ultimate payload. Instead a packet with multiple IPv6 fragment +headers would unexpectedly be interpreted as a fragmented packet, rather than +as whatever the real payload is. + +III. Impact + +IPv6 fragments may bypass firewall rules written on the assumption all +fragments have been reassembled and, as a result, be forwarded or processed +by the host. + +IV. Workaround + +No workaround is available but systems not using the pf firewall are not +affected. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date +and reboot. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 13.2] +# fetch https://security.FreeBSD.org/patches/SA-23:10/pf.13.patch +# fetch https://security.FreeBSD.org/patches/SA-23:10/pf.13.patch.asc +# gpg --verify pf.13.patch.asc + +[FreeBSD 12.4] +# fetch https://security.FreeBSD.org/patches/SA-23:10/pf.12.patch +# fetch https://security.FreeBSD.org/patches/SA-23:10/pf.12.patch.asc +# gpg --verify pf.12.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 3a0461f23a4f stable/13-n255953 +releng/13.2/ 41b7760991ef releng/13.2-n254631 +stable/12/ r373157 +releng/12.4/ r373186 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4809> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-23:10.pf.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmT4vykACgkQbljekB8A +Gu9Mow//ZodkaAf0AGC2T+CSDco592Mq7+T8V5YyqIZxGXRn55sFuVKS8cQ8a0cT +DJ98QV0ht0WITYrBPGbllzVvT4w3bos1U0SB2z3tPjrbfNL8vaXgVl/Du3KZaPAs +0h4fNR/R3b6XzHgFhqYKG8Q7/u21fLmwu9HpYHQ7nplWg2mS2uQeuTMtr+uoOBS2 +XPc/FpYtL2VXO2aEY3K1A/QCY6lBRxqKTTEi01j9gnyuK4L3QoLWqDdrAKM3RoDc +wmstnn/KQAJkeMnmIOmDh0GdnAVdVyPBdI0KM86pz5L0AT0uQib0sal0yj72kCsg +oi6flocqESDNzYPgh/nZEjCHzcRhGWxcsjhTzjBQSTW/HSarQ+wbZuIpUlUQG3A6 +oEhRBj201t4+FUSwCQfr5QdivxwtMHHJYSXqo4nyD3AsRQ2HTnFNcqq26h+bgjhR +HmdBvffQ5lQUrtDKDb4XXr8RLFbk2RmjeD/zZfb1zhezSmJi4cD6LrClxer5aRFo +djoqVwjzKsg/9gLaDqr/UDObF6Ke6hs03yTs1Hjrp/DV29wWjJ8NKShezIEJOPTm +lgK+jhcEbs5vR4woG3vll7Jfaz7W8vniM9cOz/7bvWOp924cHMmwWFod4DMVf9ry +USB3v/ClFl5caJnoYYwKiIfc/EyYrprTvMLcO6yzDkhWUlaws88= +=bpCy +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-23:11.wifi.asc b/website/static/security/advisories/FreeBSD-SA-23:11.wifi.asc new file mode 100644 index 0000000000..8cb94c6316 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-23:11.wifi.asc @@ -0,0 +1,153 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-23:11.wifi Security Advisory + The FreeBSD Project + +Topic: Wi-Fi encryption bypass + +Category: core +Module: net80211 +Announced: 2023-09-06 +Credits: See the paper linked in the References section. +Affects: All supported versions of FreeBSD. +Corrected: 2023-06-26 12:02:00 UTC (stable/13, 13.2-STABLE) + 2023-09-06 17:13:25 UTC (releng/13.2, 13.2-RELEASE-p3) + 2023-06-26 12:30:23 UTC (stable/12, 12.4-STABLE) + 2023-09-06 17:38:34 UTC (releng/12.4, 12.4-RELEASE-p5) +CVE Name: CVE-2022-47522 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +FreeBSD's net80211 kernel subsystem provides infrastructure and drivers +for IEEE 802.11 wireless (Wi-Fi) communications. Wi-Fi communications rely +on both unicast and multicast keys to secure transmissions. + +II. Problem Description + +The net80211 subsystem would fallback to the multicast key for unicast +traffic in the event the unicast key was removed. This would result in +buffered unicast traffic being exposed to any stations with access to the +multicast key. + +III. Impact + +As described in the "Framing Frames: Bypassing Wi-Fi Encryption by +Manipulating Transmit Queues" paper, an attacker can induce an access point +to buffer frames for a client, deauthenticate the client (causing the unicast +key to be removed from the access point), and subsequent flushing of the +buffered frames now encrypted with the multicast key. This would give the +attacker access to the data. + +IV. Workaround + +No workaround is available. Systems not using Wi-Fi are not affected. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date +and reboot + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-23:11/wifi.patch +# fetch https://security.FreeBSD.org/patches/SA-23:11/wifi.patch.asc +# gpg --verify wifi.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 6c9bcecfb296 stable/13-n255680 +releng/13.2/ 7f34ee7cc56b releng/13.2-n254632 +stable/12/ r373115 +releng/12.4/ r373187 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> + +VII. References + +<URL:https://papers.mathyvanhoef.com/usenix2023-wifi.pdf> + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47522> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-23:11.wifi.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmT4vywACgkQbljekB8A +Gu+GuRAA1BydNZjSchRULzII3OtSfiF2Q3fF+d6bXOuUKuEOgKJvguTdeg1vqlOK +4V/1pEOUfYQE+nn+7s4Dc8L3TKLcPECYo8nvaO+5JvhEDpEbmHZRf9P6vz9Isi5X +jjDP+ybY5pl1Gv74AkPeWzp9OZxBBAp/CJcpAMS/y3Onn3J6Okwsns5TXlaPA401 +/iamphDSBhH1fUP0OeE9fFAWZrVnFHkrDNr+T+dd7vFyr964g/xRCQaCI5mDf+Z3 +dYIydrOgdvmev/7h460bygz+NOQ5Hd+YAgHmNbXZd9WUvE0iJtFZh2EPWshSNmRj +5Tw+VocK8xRNCL0w6owC5Ag/pAAHURY7ffJbgMv5N4xAp6js9MSggIsyJ0YV1Own +4JfAXPib6YTlhdfHWoUaaFSRBPCOoF72mj7jTMCz/iFJj78XMtp/rk9iGT5cfKsF +RQ7zfqm6qbg9lEbjGAM2OR4SWvW2umiiXDZDTKHyGzdWoFA6WNlkKIxYi8e7ti9E +ksvqDN1v9A6FD3KD+ygPCVvAZwxbFmInAd5HPZFi8UjdhFZ4ql5HYFfjTVBmE1co +H+I1apa+9Ssq7CRQmAc/blY03i/SmhTNNNnNoIbwAC4DLI9nx/orYdoJksaneYkP +QcOT19Jh83UYGHx2bqlVZGfggvXQgwffXhLliLwwUxtCJhGwElQ= +=lSpK +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-23:12.msdosfs.asc b/website/static/security/advisories/FreeBSD-SA-23:12.msdosfs.asc new file mode 100644 index 0000000000..4cfc8f9e08 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-23:12.msdosfs.asc @@ -0,0 +1,152 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-23:12.msdosfs Security Advisory + The FreeBSD Project + +Topic: msdosfs data disclosure + +Category: core +Module: msdosfs (FAT) file system driver +Announced: 2023-10-03 +Credits: Maxim Suhanov +Affects: All supported versions of FreeBSD. +Corrected: 2023-07-18 05:46:13 UTC (stable/13, 13.2-STABLE) + 2023-10-03 21:23:40 UTC (releng/13.2, 13.2-RELEASE-p4) + 2023-09-11 18:51:21 UTC (stable/12, 12.4-STABLE) + 2023-10-03 22:15:40 UTC (releng/12.4, 12.4-RELEASE-p6) +CVE Name: CVE-2023-5368 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +The msdosfs driver provides read and write access to MS-DOS (FAT) file +systems. Systems may be configured to allow unprivileged users to have +read and write access to mounted msdosfs file systems. + +II. Problem Description + +In certain cases using the truncate or ftruncate system call to extend a +file size populates the additional space in the file with unallocated data +from the underlying disk device, rather than zero bytes. + +III. Impact + +A user with write access to files on a msdosfs file system may be able to +read unintended data (for example, from a previously deleted file). + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date, +and reboot. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 13.2] +# fetch https://security.FreeBSD.org/patches/SA-23:12/msdosfs.13.2.patch +# fetch https://security.FreeBSD.org/patches/SA-23:12/msdosfs.13.2.patch.asc +# gpg --verify msdosfs.13.2.patch.asc + +[FreeBSD 12.4] +# fetch https://security.FreeBSD.org/patches/SA-23:12/msdosfs.12.4.patch +# fetch https://security.FreeBSD.org/patches/SA-23:12/msdosfs.12.4.patch.asc +# gpg --verify msdosfs.12.4.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 868f3eadc5e0 stable/13-n255824 +releng/13.2/ 7d08a7e6908b releng/13.2-n254635 +stable/12/ r373207 +releng/12.4/ r373233 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5368> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-23:12.msdosfs.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmUclUoACgkQbljekB8A +Gu9CSw/9G+9cwxNruCQaEOcNGCIUdOe9itmZzVJKVtIIWqXZhq+unXRS0D2YDMdA +EKkfGj6GYaPnFlRe7T3cfrqUFhlNMb4Na5SW0wJp8HUqhKzKB4/SNZSs+iXNQE2z +WdhYFl582Gg2+vuoije4Z9Idl0WYPqXHXyRC7TCtSwUHDwRsU9jA6g/GNM0X+0dl +mOzFxFSSGoORF5aJYtp91KeNwGdNwORc75k6xxMWGGDc0sba9Fbupfrjc/XQ8SaQ +tYil3Eomh/cbYOKneppGQo9ohY+PAC1u/2XxRBxXYFCDtNLed4SGEWp4pLKjq2QM +X8jkDooTPLwDiVaM6Cps54PmUI3YBrYKSpt3Z1SdTHWyh0hDtpAJb/1f/sPUu90D +oWCiFI5p6oZjFNJxskZZ8T6xFgjqiII70ULfHQ3GxGhMZ0Pe5QyzmqIFGvkn0UtX +uGechgeL+jwqnyviIFyfVTGORmbcWj60WHajUAVUbb5aF/WV5QS0XDOLhTFkeY/P +WQjOBFAH/pf93ahUnA0NuDqAe5yX/3NEXLzMg8bnSBDJRIPRWsPfIE3lqWl0zNmD +sdtsugBS74zTM3MUn/Lq5MdtozuvEWK6Hs60i1wuiTMT39X8oE89r5LLVgTyc0Tj +2nML+7TKutMqWgeRvYsXBp6VtEiZd9Qc6nx8FWtSq8UMODa57C8= +=T0YO +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-23:13.capsicum.asc b/website/static/security/advisories/FreeBSD-SA-23:13.capsicum.asc new file mode 100644 index 0000000000..b04d6fc23d --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-23:13.capsicum.asc @@ -0,0 +1,137 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-23:13.capsicum Security Advisory + The FreeBSD Project + +Topic: copy_file_range insufficient capability rights check + +Category: core +Module: capsicum +Announced: 2023-10-03 +Credits: David Chisnall +Affects: FreeBSD 13.2 +Corrected: 2023-10-02 16:00:27 UTC (stable/13, 13.2-STABLE) + 2023-10-03 21:24:41 UTC (releng/13.2, 13.2-RELEASE-p4) +CVE Name: CVE-2023-5369 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +Capsicum is a lightweight OS capability and sandbox framework. It provides +two kernel primatives, capability mode and capabilities. Capabilities limit +operations that can be performed on file descriptors. + +copy_file_range is a system call that performs a kernel copy of a byte range +from one file to another or within one file. copy_file_range accepts +optional pointers to offsets for the input and output file descriptors. + +II. Problem Description + +The syscall checked only for the CAP_READ and CAP_WRITE capabilities on the +input and output file descriptors, respectively. Using an offset is +logically equivalent to seeking, and the syscall must additionally require +the CAP_SEEK capability. + +III. Impact + +A sandboxed process with only read or write but no seek capability on a file +descriptor may be able to read data from or write data to an arbitrary +location within the file corresponding to that file descriptor. + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date, +and reboot. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-23:13/capsicum.patch +# fetch https://security.FreeBSD.org/patches/SA-23:13/capsicum.patch.asc +# gpg --verify capsicum.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 3f0ce63828dc stable/13-n256458 +releng/13.2/ 2d23f6c33431 releng/13.2-n254636 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://reviews.freebsd.org/D41967> + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5369> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-23:13.capsicum.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmUclU0ACgkQbljekB8A +Gu/a3Q//aXO1+HdImFnqAzKEto8E97DEv6vB2HUZAoxrmwSX9VNjkrIo9Z9+LRyL +q7WXMcok1OPQCCE3ad+g05eqXwnmJ55CpToP/jEXrOOZRDInK0Z5owZbwVpmyAmW +zF/+xoEjcw90H7ReIQQ3+TNGDf025tCoXlTQKdzWtNN6BcY3px4zuDYHPUKgMwSv +XJDrjYWBzBede00CnlolwmsBorjvZvRMfllTIpiVTlmtD73s+sRDI7rc768MY0RZ +gCplCL9S9EkIGL8XJhDWB2+TsG7nvwrUII5M2u0Db252IK7nmgty4l03PtYotx4p +jH/a3oXWKeqExGHJaqNcaUwS6xdu+pvMRuJgY4mH6rd+uvOMbC5jvac3FopSlmXq +aVIctA2LCRomyYmVDsWXIGLcBT5cAOhsqkrw+JE0kA/k2Pl6NDNK7HNgo6Fj01TR +lVf91A1mTsDJxfymU4SWB/KGgImAnR9e7gHUo4gLZCNyYXvcnFa/ntHoswNZ+12L +e/b4+PnHts2X4/+I4K6qdF522yzF/vpyF6UjfwAGtT6qmbmGyW9VbDcn6TIL9I3p +IDKJCWeHPBfyspWua2hCUIi3/EwpSFvIECPad3hFT6cej1pZ6hfJt8XT0ma82QGp +ocbh3tb3E1phSGvgZitk8J0oyWDehuck3YfZ+6nHMwzPBgmr6Lo= +=lS69 +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-23:14.smccc.asc b/website/static/security/advisories/FreeBSD-SA-23:14.smccc.asc new file mode 100644 index 0000000000..f815574ae2 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-23:14.smccc.asc @@ -0,0 +1,140 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-23:14.smccc Security Advisory + The FreeBSD Project + +Topic: arm64 boot CPUs may lack speculative execution protections + +Category: core +Module: arm64 +Announced: 2023-10-03 +Affects: FreeBSD 13.2 +Corrected: 2023-09-25 12:13:47 UTC (stable/13, 13.2-STABLE) + 2023-10-03 21:29:11 UTC (releng/13.2, 13.2-RELEASE-p4) +CVE Name: CVE-2023-5370 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +To mitigate speculative execution side channel attacks on some AArch64 +hardware the kernel can call into the boot firmware using the Secure Monitor +Call Calling Convention (SMCCC) mechanism. + +To decide if the kernel needs to use the SMCCC mitigation on a given CPU it +can query the firmware if the SMCCC workaround is present. + +II. Problem Description + +On CPU 0 the check for the SMCCC workaround is called before SMCCC support +has been initialized. + +III. Impact + +No speculative execution workarounds are installed on CPU 0. + +IV. Workaround + +No workaround is available. Not all AArch64 CPUs are affected. + +Systems where CPU 0 has the CSV2 and PSTATE.SSBS processor +features are unaffected by the speculative execution attacks. +The kernel will print the following under CPU 0 on unaffected +CPUs: + +Processor Features 0 = <...CVS2...> +Processor Features 1 = <...PSTATE.SSBS...> + +The Arm Cortex-A35, Cortex-A53, and Cortex-A55 CPUs are +unaffected. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date +and reboot. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-23:14/smccc.patch +# fetch https://security.FreeBSD.org/patches/SA-23:14/smccc.patch.asc +# gpg --verify smccc.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/13/ 4df1447f2c76 stable/13-n256420 +releng/13.2/ 485912e051bb releng/13.2-n254637 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5370> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-23:14.smccc.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmUclU8ACgkQbljekB8A +Gu8zqQ//bCjUB/hXZxypEFmnnnyUPr0Y/pzHd1i7EcIFQubd6kosUw4k2VGzwOsi +/BwKU4W/MrUyr/wwSkjJ/lmeA+CRX2TAPWPTPC0umnN58fOXRqhKpVAi0yfho+L9 +lYUfdLWM0xS4XWsZk7DapjfN8XznLnn6iQrWmFLmZd0ViJFGkGJcxjdWr7aSs7ZX +C8v8GoqFx6GUUdOgRERdpZ/2mxi7ibs9LbCt4PUTwKV8clAmq4w4Mv+q4xfZPSnM +nXGrTd+t2G5ZrmEZ9Rq32C9JqGaAaQUTp/NsOw8yQq5YVBXanA12VJLx2kdoVKsj +84e3rJz/QTpXTpgiSkVmWdT3ziZW8Zs9aygvUXyzK6C/s2ZiKd8o65dnF3MGCyJs +Y7aNgAS51mX/fgPyXwicF/eYA1nm/1AJAK9J/eUBbsi+hu9DW5XjpiLUYAe10KKf +9XsgJ1vTJMKXIv/UAlN0d78SfSfcGyUCbH0qk7zCzw9XfLYj+r9a7de/vnAc0qtm +8Gh0hqbacA6dqtxrNEDC9R1Tp6inf0YYR6gP5HPjjy96FvfZCGmHk5XUmbmk4C4T +UylvLXrO4gJiyBXhdZ3P3Mib6HdMWkLMRh095Y2revdAGMv0BrGs3G+eaMVIgNt2 +puELCPfLgJF1ljcHV8svdQcuy0Fea2R2R22cqwsT1vPuKqgmP60= +=lOTX +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-23:15.stdio.asc b/website/static/security/advisories/FreeBSD-SA-23:15.stdio.asc new file mode 100644 index 0000000000..8af0b2ef17 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-23:15.stdio.asc @@ -0,0 +1,172 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-23:15.libc Security Advisory + The FreeBSD Project + +Topic: libc stdio buffer overflow + +Category: core +Module: libc +Announced: 2023-11-07 +Credits: inooo + All supported versions of FreeBSD. +Corrected: 2023-11-07 17:31:34 UTC (stable/14, 14.0-STABLE) + 2023-11-08 00:45:25 UTC (releng/14.0, 14.0-RC4-p1) + 2023-11-07 18:41:55 UTC (stable/13, 13.2-STABLE) + 2023-11-08 00:48:03 UTC (releng/13.2, 13.2-RELEASE-p5) + 2023-11-08 14:30:51 UTC (stable/12, 12.4-STABLE) + 2023-11-08 01:09:31 UTC (releng/12.4, 12.4-RELEASE-p7) +CVE Name: CVE-2023-5941 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +0. Revision History + +v1.0 2023-11-07 -- Initial release +v1.1 2023-11-29 -- Corrected stable/14 and stable/13 Correction details + +I. Background + +The FreeBSD C library (libc) Standard I/O (stdio) component provides +essential functionality for input and output operations including file +handling and buffering. It includes functions like "fopen", "printf", and +"fflush". Streams may be unbuffered, line buffered, or fully buffered. +The library writes buffered data when the buffer is full or when the +application explicitly requests so by calling the fflush(3) function. + +II. Problem Description + +For line-buffered streams the __sflush() function did not correctly update +the FILE object's write space member when the write(2) system call returns +an error. + +III. Impact + +Depending on the nature of an application that calls libc's stdio functions +and the presence of errors returned from the write(2) system call (or an +overridden stdio write routine) a heap buffer overflow may occur. Such +overflows may lead to data corruption or the execution of arbitrary code at +the privilege level of the calling program. + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 14.0] +# fetch https://security.FreeBSD.org/patches/SA-23:15/stdio.14.patch +# fetch https://security.FreeBSD.org/patches/SA-23:15/stdio.14.patch.asc +# gpg --verify stdio.14.patch.asc + +[FreeBSD 13.2] +# fetch https://security.FreeBSD.org/patches/SA-23:15/stdio.13.patch +# fetch https://security.FreeBSD.org/patches/SA-23:15/stdio.13.patch.asc +# gpg --verify stdio.13.patch.asc + +[FreeBSD 12.4] +# fetch https://security.FreeBSD.org/patches/SA-23:15/stdio.12.patch +# fetch https://security.FreeBSD.org/patches/SA-23:15/stdio.12.patch.asc +# gpg --verify stdio.12.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart all daemons that use the library, or reboot the system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ d2c65a1c9486 stable/14-n265707 +releng/14.0/ 1f9c4610dde5 releng/14.0-n265376 +stable/13/ 0b7939d725ba stable/13-n256681 +releng/13.2/ d51a39b13ee4 releng/13.2-n254639 +stable/12/ r373263 +releng/12.4/ r373265 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5941> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-23:15.stdio.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVnmQkACgkQbljekB8A +Gu/QUA/+L3iTtXqyMYWT/uI8JHbc+cFjS89GOd14jV2MKUT9ajkUcmkEDC2atzXT +rUswGxo1sPWZtuVaKdDQrhT12bTKJzV2C0NK0Doj+f9EDEmphvf9kpleMAwkeloR +g5idsHgEN+gmQHR4Ki5oofvk6FlvGacan407rTvmRdEdTobO4ZM2zOTeTgcCMwzA +dyA+CeRSIRluVdzu56PLVLYimgs0Xni/JmEatFXXXjGb25lIb4YDq32uO9Xvdhhi +7cRX6MiFsh702Tt6mo7ajo5B85khOEH/vlJkvgBQ8dcfaGIwpM00SoZFbL1SHk4y +XSM92YK42XY8ME0gJDndM7gcEy9aODFJTtUuga57Og676/LRlJBVS8xh3kReT6p1 +QY1fmnYXzCmIalumvcY1DjFWBPLDddLLuGIQoBtTHFPd3DDEg7ZpLSUUUqZGmQ+3 +oJSLxBz5Ig+D50MlgD/R8Zmzn4bMCCjZjYahJtK/cjZzC0u5jlDfiF6lofETAypH +oU9LM9M1lEOxuPS8a+1oCtJn3HZaYNgPp+8NajJlDeDzXpOo8+9cpm+9M5yjxIOF +mARYZDD42diF3S8Z4ax6Z3H13CxcwHjTZSqVFf3JYpuZehz5aFgZ0xK7AVBWm5We +4JZ+vwZqdmvSDL00aEdaVJQ4bGxKREwq2cF2grtXWf5nS4ApB0s= +=koz0 +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-23:16.cap_net.asc b/website/static/security/advisories/FreeBSD-SA-23:16.cap_net.asc new file mode 100644 index 0000000000..249a838ac8 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-23:16.cap_net.asc @@ -0,0 +1,140 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-23:16.cap_net Security Advisory + The FreeBSD Project + +Topic: Incorrect libcap_net limitation list manipulation + +Category: core +Module: libcap_net +Announced: 2023-11-08 +Credits: Shawn Webb, Mariusz Zaborski +Affects: FreeBSD 13.2 and later +Corrected: 2023-11-06 19:19:04 UTC (stable/14, 14.0-STABLE) + 2023-11-08 00:45:34 UTC (releng/14.0, 14.0-RC4-p1) + 2023-11-06 19:19:54 UTC (stable/13, 13.2-STABLE) + 2023-11-08 00:49:31 UTC (releng/13.2, 13.2-RELEASE-p5) +CVE Name: CVE-2023-5978 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +libcasper(3) allows Capsicum-sandboxed applications to define and use system +interfaces which would otherwise be disallowed, through implementing special +services. One of these services, libcap_net, enables networking capabilities +within the restriced environment. + +II. Problem Description + +Casper services allow limiting operations that a process can perform. Each +service maintains a specific list of permitted operations. Certain operations +can be further restricted, such as specifying which domain names can be +resolved. During the verification of limits, the service must ensure that the +new set of constraints is a subset of the previous one. In the case of the +cap_net service, the currently limited set of domain names was fetched +incorrectly. + +III. Impact + +In certain scenarios, if only a list of resolvable domain names was specified +without setting any other limitations, the application could submit a new list +of domains including include entries not previously in the list. + +IV. Workaround + +No workaround is available. Note that no FreeBSD base system software is +vulnerable to this issue. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64, i386, or +(on FreeBSD 13 and later) arm64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-23:16/cap_net.patch +# fetch https://security.FreeBSD.org/patches/SA-23:16/cap_net.patch.asc +# gpg --verify cap_net.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart all daemons that use the library, or reboot the system. + +VI. Correction details + +This issue is corrected by the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ 765757c6301f stable/14-n265696 +releng/14.0/ 5f4fc91cc87c releng/14.0-n265377 +stable/13/ 114c6d9bef76 stable/13-n256672 +releng/13.2/ acd860c3622d releng/13.2-n254640 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5978> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-23:16.cap_net.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVLKaYACgkQbljekB8A +Gu8Ofg/6AxzPey7hIS6rRO5Mv5ufiKEiYDwPo3t6epUiaLid21KhkLry1CofqFHd +pC0zsYDJiWCkvieGBHhCkNYmffL9TCgLqNxSSH7plwMHwrLLQKxYRVn9V0ReGdc9 +qRY5XB1W0Ocns0CbpEXuMRNde5UNwc63xN0/xlnBESfex6+fP9kPNB7VLoYY4Foj +jDzn6s8YNaUOVO7YtlZDjPRRazwVLriQ3Bf+lCNkJFq4VyyhRPFkeknOFHt5olA2 +dp+DIVQGUVRGjeaZDlxLZ4j0Nw39ZK8T6mSXSskjtSfQtHd6DPgDFBzZKjhtzRFd ++5lutnrXpZemQjUcOKqVG1ZmlbDQChIWVlJ1kyORRjb8ZO+vknhFo/w3a5o4sq1A +ZtK1w2CFo0+jL+oWxJdFEiRFR0jwMtVfMCzZAoLsDXnYbmni/353BKGMlBFgdsAy +Php3E/LsxCoFaZ+r87Z6O2UefEYMCr1FDM99SQkU1Ui3kzWEskHEvPR6JS31Htu2 +9ry3c4T08r1Qhp7J9Zdfnwvtd0fyEWn16ewzeiV4M6+gPErWZncar+86b87IRKof +bTJ4XiK7kcORyD5ksgcBINUd5njOvXGIYTfkqSmlyikAhnoM7MN3npUGyRq6KQTE +NPAr3gWrch7pegBVP3JuDQaYwfJarg6BmPb9sWWfkzQHRf9pfOI= +=XNt1 +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-23:17.pf.asc b/website/static/security/advisories/FreeBSD-SA-23:17.pf.asc new file mode 100644 index 0000000000..e06ff7e005 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-23:17.pf.asc @@ -0,0 +1,165 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-23:17.pf Security Advisory + The FreeBSD Project + +Topic: TCP spoofing vulnerability in pf(4) + +Category: core +Module: pf +Announced: 2023-12-05 +Credits: Yuxiang Yang, Ao Wang, Xuewei Feng, Qi Li and Ke Xu from + Tsinghua University +Affects: All supported versions of FreeBSD. +Corrected: 2023-12-05 18:24:35 UTC (stable/14, 14.0-STABLE) + 2023-12-05 18:26:28 UTC (releng/14.0, 14.0-RELEASE-p2) + 2023-12-05 18:25:22 UTC (stable/13, 13.2-STABLE) + 2023-12-05 18:28:12 UTC (releng/13.2, 13.2-RELEASE-p7) + 2023-12-05 18:31:13 UTC (stable/12, 12.4-STABLE) + 2023-12-05 18:38:14 UTC (releng/12.4, 12.4-RELEASE-p9) +CVE Name: CVE-2023-6534 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +pf(4) is an Internet Protocol packet filter originally written for +OpenBSD. pf implements TCP state tracking, wherein it maintains +metadata for each TCP connection tracked by the firewall and uses this +metadata to decide whether to accept or reject packets matching the +connection identifiers. + +II. Problem Description + +As part of its stateful TCP connection tracking implementation, pf +performs sequence number validation on inbound packets. This makes it +difficult for a would-be attacker to spoof the sender and inject packets +into a TCP stream, since crafted packets must contain sequence numbers +which match the current connection state to avoid being rejected by the +firewall. + +A bug in the implementation of sequence number validation means that the +sequence number is not in fact validated, allowing an attacker who is +able to impersonate the remote host and guess the connection's port +numbers to inject packets into the TCP stream. + +III. Impact + +An attacker can, with relatively little effort, inject packets into a +TCP stream destined to a host behind a pf firewall. This could be used +to implement a denial-of-service attack for hosts behind the firewall, +for example by sending TCP RST packets to the host. + +IV. Workaround + +No workaround is available. + +Systems which do not use pf(4) are unaffected. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date +and reboot. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +or the i386 platfrom on FreeBSD 13 and earlier, can be updated via +the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-23:17/pf.patch +# fetch https://security.FreeBSD.org/patches/SA-23:17/pf.patch.asc +# gpg --verify pf.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ a47a44c0d69c stable/14-n265915 +releng/14.0/ 0019b7058a7a releng/14.0-n265395 +stable/13/ ee1d1e38fae6 stable/13-n256844 +releng/13.2/ 45e256e24c97 releng/13.2-n254647 +stable/12/ r373284 +releng/12.4/ r373287 +- ------------------------------------------------------------------------- + +For FreeBSD 13 and later: + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +For FreeBSD 12 and earlier: + +Run the following command to see which files were modified by a particular +revision, replacing NNNNNN with the revision number: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6534> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-23:17.pf.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVvmWsACgkQbljekB8A +Gu8kgxAA0SNvDNzfrivMBDrp3s4q86rLLsDSe3DN4kc+Rtid4R2tf/AzjSO7BVcg +O3jvzXtx5RdX+udEbwK26ej+B2N2JCR4L5UC2N0ECo5ECdVd7jCZ5yty9CRawAeE +cZZoT028eWeDCMrMI35iO4HTZeT0zF0lER1gTlogQbTzCu4uODSjPvOat/bilmh/ +VaXI2ofiVrOpwjhq4t7ksTUK6O0g7LogDF/CEhj1ohEULtHCIDomm+9JuN86CFxJ +T0Zd5nePCGMhQBewXir25XFKTFOOAOVGRy79Otx5+gPEg9SucWlwBxMwmhASAHPO +60SCWUt95q/5C2OCyWoFhi6H7303YvinFKO/3FCx9/iTxAh/O86y1d2CU8PRStzk +0kPOoN9fnXP2P27+o0q0Uqn9AiViRWMHC99nM1w6Kxz7wTSvs0dMGrLRQENRs7YF ++9Zte+1yqsi/gcWsDkoTJstCJ8E2hjn/h12/LSZyLY3D3qNSdczFWauhIOQFTloj +8MHmzLGUBvWpQNWair4+mb5TpXVuJfFW3XBcQ2XGkUnT0Ws8hU0W/Lxef+wrNHFh +aPvT5rF683RH7qX8cnJGkMgPPI4/CTS+U+WePlAITumND8gf/jHaa3qourqLkmSM +XV8+9LIVfPimjFDmqpbyi6QxdWo834KP83c8TmzLDNUgEXe9L/k= +=s8QG +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-23:18.nfsclient.asc b/website/static/security/advisories/FreeBSD-SA-23:18.nfsclient.asc new file mode 100644 index 0000000000..66c41bd5bd --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-23:18.nfsclient.asc @@ -0,0 +1,153 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-23:18.nfsclient Security Advisory + The FreeBSD Project + +Topic: NFS client data corruption and kernel memory disclosure + +Category: core +Module: nfsclient +Announced: 2023-12-12 +Credits: Hostpoint AG +Affects: FreeBSD 13.2 and 14.0 +Corrected: 2023-12-12 19:13:50 UTC (stable/14, 14.0-STABLE) + 2023-12-12 19:17:36 UTC (releng/14.0, 14.0-RELEASE-p3) + 2023-12-12 19:14:16 UTC (stable/13, 13.2-STABLE) + 2023-12-12 19:18:17 UTC (releng/13.2, 13.2-RELEASE-p8) +CVE Name: CVE-2023-6660 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +The Network File System (NFS) is a distributed file system that allows remote +systems to access files and directories over a network as if they were local. +FreeBSD includes both server and client implementations of NFS. + +II. Problem Description + +In FreeBSD 13.2 and 14.0, the NFS client was optimized to improve the +performance of IO_APPEND writes, that is, writes which add data to the end of +a file and so extend its size. This uncovered an old bug in some routines +which copy userspace data into the kernel. The bug also affects the NFS +client's implementation of direct I/O; however, this implementation is +disabled by default by the vfs.nfs.nfs_directio_enable sysctl and is only +used to handle synchronous writes. + +III. Impact + +When a program running on an affected system appends data to a file via an +NFS client mount, the bug can cause the NFS client to fail to copy in the +data to be written but proceed as though the copy operation had succeeded. +This means that the data to be written is instead replaced with whatever data +had been in the packet buffer previously. Thus, an unprivileged user with +access to an affected system may abuse the bug to trigger disclosure of +sensitive information. In particular, the leak is limited to data previously +stored in mbufs, which are used for network transmission and reception, and +for certain types of inter-process communication. + +The bug can also be triggered unintentionally by system applications, in +which case the data written by the application to an NFS mount may be +corrupted. Corrupted data is written over the network to the NFS server, and +thus also susceptible to being snooped by other hosts on the network. + +Note that the bug exists only in the NFS client; the version and +implementation of the server has no effect on whether a given system is +affected by the problem. + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date +and reboot. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +or the i386 platfrom on FreeBSD 13 and earlier, can be updated via +the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-23:18/nfsclient.patch +# fetch https://security.FreeBSD.org/patches/SA-23:18/nfsclient.patch.asc +# gpg --verify nfsclient.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ 8d42f85d9d7b stable/14-n265954 +releng/14.0/ ab60666a00c9 releng/14.0-n265397 +stable/13/ f1d1d50e1d08 stable/13-n256860 +releng/13.2/ 3f079b3f2f33 releng/13.2-n254649 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6660> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-23:18.nfsclient.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmV4s/kACgkQbljekB8A +Gu8kvg//RUe/q2SFiVyo94disTET5JjVAPjKzMrHuhoI92OA994zS3MXmU6cQZAh +ikWzMTf25/tgGvN8/Cujhp6zIXiPwUvwJXQqL6JN2/lqHHztxYz/m3Ol8Pc2q2yx +hDbY0dOeyaGK9CuH7hjMtu/jeh6vj+TyvzLg/KuxgdOkjdDd352CF43alkb5Q55t +3V8pcY49zCk+5aMJv667mphGxf4yRC/+bkVtJIqoAUpAg/VORMJmMiEt0LS3v7t5 +Oaal8rVfcPu8jPhkt8dIzcp1lrr+AfsOnEB68x2ECiYp2LCWp/ya7rG+DMD537kw +IhSKRpqMvc4rQpjGQIsewO+sexyYC/zYrUu4BYMUnLVEqQ+GPN7jV7uAjoGuvsus +uOAuN3l4T1x50VyBGA9Z2sVAHOkDAh98J8HDtdCK+IxNnTKFsFHBE/4zFLXkVYwr +vo15qZpHzdTnHhhq5GjxZU+j1Sw0TbMWYPVPsgv8HqZciPjmv5bW7nxvB60sqb1a +LYhE2cWilWxNKWQLhFt60ooGb09Auu+wDgnXLmTmpc/phOI+hCNOPedRF/0yPS7D +dE0Q1vjdoiJgcAdntve8fzlwq1KSG4mQZRrJvMverW+/YLtbEFYY/iFT+jYWRMcN +QwyjgbABQ9tzOVaPjSGJp/UB7SjDn8KFoOfeXWZrMkOYz95lXUk= +=Wsy4 +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-23:19.openssh.asc b/website/static/security/advisories/FreeBSD-SA-23:19.openssh.asc new file mode 100644 index 0000000000..0e66dbadd5 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-23:19.openssh.asc @@ -0,0 +1,152 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-23:19.openssh Security Advisory + The FreeBSD Project + +Topic: Prefix Truncation Attack in the SSH protocol + +Category: contrib +Module: openssh +Announced: 2023-12-19 +Credits: Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk +Affects: All supported versions of FreeBSD. +Corrected: 2023-12-18 16:54:31 UTC (stable/14, 14.0-STABLE) + 2023-12-19 20:19:48 UTC (releng/14.0, 14.0-RELEASE-p4) + 2023-12-18 17:10:15 UTC (stable/13, 13.2-STABLE) + 2023-12-19 20:19:57 UTC (releng/13.2, 13.2-RELEASE-p9) +CVE Name: CVE-2023-48795 + +Note: While this issue does affect 12.4-STABLE and 12.4-RELEASE, the version +of OpenSSH in 12.4 is old enough the vendor provided patch does not cleanly +apply. As 12.4 goes out of support at the end of December and in order to +quickly get fixes out for 14.0 and 13.2, the FreeBSD Security Team is issuing +this advisory now while feasibility of a 12.4 backport is investigated. Users +with 12.4 are encouraged to either implement the documented workaround or +leverage an up to date version of OpenSSH from the ports/pkg collection. + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +0. Revision History + +v1.0 2023-12-19 -- Initial release +v1.1 2023-12-20 -- Corrected work around paths + +I. Background + +OpenSSH is an implementation of the SSH protocol suite, providing an +encrypted and authenticated transport for a variety of services, including +remote shell access. + +II. Problem Description + +The SSH protocol executes an initial handshake between the server and the +client. This protocol handshake includes the possibility of several +extensions allowing different options to be selected. Validation of the +packets in the handshake is done through sequence numbers. + +III. Impact + +A man in the middle attacker can silently manipulate handshake messages to +truncate extension negotiation messages potentially leading to less secure +client authentication algorithms or deactivating keystroke timing attack +countermeasures. + +IV. Workaround + +Add the following lines to /etc/ssh/ssh_config and /etc/ssh/sshd_config: + Ciphers -chacha20-poly1305@openssh.com + MACs -*etm@openssh.com + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +or the i386 platfrom on FreeBSD 13 and earlier, can be updated via +the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-23:19/openssh.patch +# fetch https://security.FreeBSD.org/patches/SA-23:19/openssh.patch.asc +# gpg --verify openssh.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart the applicable daemons, or reboot the system. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash or Subversion +revision number in the following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ 673d1ead65c9 stable/14-n266020 +releng/14.0/ b9856d61e99d releng/14.0-n265399 +stable/13/ 3bafcb9744c9 stable/13-n256910 +releng/13.2/ 69bd68ba30c0 releng/13.2-n254651 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://terrapin-attack.com/> + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-23:19.openssh.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmWCZcoACgkQbljekB8A +Gu8fKA/9EzmQuXALYWjHoXAsizzgP1jw3sjN2sNqlggiAkTiN6pEQs8VlIroeTUn +2hfktGHX9RQ85czE2VDHgP/HMA0cm84CIuF0g+m4cxzO8v1m+5bKd44jEJLjwO/P +/LOmL3PYAfp6S1nHhgprq8Hw1GEKrlySLs+MYj3FwfdcqdTMuvrFsUDef7KQ7MVy +lvj5oJQZitPQ4EGhGiHVobl6vWdU/xuroHlNtdEqExbOqOyVDH7daSfu7ipd20Y+ +2plRLjkscwlneLjdDe420cebYWxnvUamD09ppTiANaknjlCTf2Tclb6Wf8nAtxaA +VsJosQSpI730fpxDn7S9ARHYOymwUf1ptQQd5q8Zj415+eVjJ7XGd96z6hx3B3Yt +zJv7mwC22Cp9wqBMvAG9/z7kxZ5buhC25VR795SxnN/uwNqnH/OHxBV4oTEmf5Lk +ytLqIekrPJqTiGgSGPkylXtfFaV0YJnkXGWeAduaoWEKwO8zaFEkMXypc7L5J9XT +rSKMpPL2+vczKyQ534uzjGFLY5o0pI9EhQtDtxHkJ6olN3xfuBT/GkBkxe3JFxmE +2pHvMplErDpprieNhICVey/polRzk7JIA+M1x7o2IZZVnlc1vsPIeXnOOMzY4+7z +qeymU3QQf2pmIZpVL3dp26bnTB0oCRaJwEb5nuMfutIzTz4t1TY= +=hvau +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-24:01.bhyveload.asc b/website/static/security/advisories/FreeBSD-SA-24:01.bhyveload.asc new file mode 100644 index 0000000000..c61b036f16 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-24:01.bhyveload.asc @@ -0,0 +1,140 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-24:01.bhyveload Security Advisory + The FreeBSD Project + +Topic: bhyveload(8) host file access + +Category: core +Module: bhyeload +Announced: 2024-02-14 +Credits: The water cooler. (Note, this is the requested credit) +Affects: All supported versions of FreeBSD. +Corrected: 2024-01-15 22:27:59 UTC (stable/14, 14.0-STABLE) + 2024-02-14 06:05:44 UTC (releng/14.0, 14.0-RELEASE-p5) + 2024-01-15 23:11:38 UTC (stable/13, 13.2-STABLE) + 2024-02-14 06:06:00 UTC (releng/13.2, 13.2-RELEASE-p10) +CVE Name: CVE-2024-25940 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +bhyveload(8) is used to load a FreeBSD guest into a bhyve virtual machine. + +II. Problem Description + +`bhyveload -h <host-path>` may be used to grant loader access to the <host-path> +directory tree on the host. Affected versions of bhyveload(8) do not make any +attempt to restrict loader's access to <host-path>, allowing the loader to read +any file the host user has access to. + +III. Impact + +In the bhyveload(8) model, the host supplies a userboot.so to boot with, but the +loader scripts generally come from the guest image. A maliciously crafted +script could be used to exfiltrate sensitive data from the host accessible to +the user running bhyhveload(8), which is often the system root. + +IV. Workaround + +No workaround is available, but guests that do not use `bhyveload -h` are not +impacted. Common VM solutions that use bhyveload(8) do not usually use the +- -h option. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) +utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 14.0] +# fetch https://security.FreeBSD.org/patches/SA-24:01/bhyveload-14.0.patch +# fetch https://security.FreeBSD.org/patches/SA-24:01/bhyveload-14.0.patch.asc +# gpg --verify bhyveload-14.0.patch.asc + +[FreeBSD 13.2] +# fetch https://security.FreeBSD.org/patches/SA-24:01/bhyveload-13.2.patch +# fetch https://security.FreeBSD.org/patches/SA-24:01/bhyveload-13.2.patch.asc +# gpg --verify bhyveload-13.2.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. Virtual +machines that have been booted with bhyveload(8) do not need to be rebooted. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash in the +following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ 426b28fdf700 stable/14-n266333 +releng/14.0/ f5bb597829e1 releng/14.0-n265406 +stable/13/ 78345dbd7a00 stable/13-n257186 +releng/13.2/ 48598b1670ce releng/13.2-n254657 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25940> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-24:01.bhyveload.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmXMYRAACgkQbljekB8A +Gu8KwRAAxCnMsCQbp/CZ1O2GYxDTCOt1M5CZaFBD8r3b4xSN1gFB79z3aHAmSX0a +kTGpp5QSbxx1UtA9eZoZTa/wpmMAo1AZ7ry0OK1VuRFtF2D+IM64l07m91HW5ncU +YCsbeQ6wuXHeVlZ/t7eu/X03YltYIuMu/wIzpsPYtMvTB+ZI50nm0pUGaQnH9ZA2 +jMGhLcWQSaHi46pMJ1o2iXWbaFZh4S6fHhNXSEFxaWuQf/o//whSgeqtFnhozfZ4 +vbx0pyF3HrkjPRLwc9QDRNcFnG0F9DCOmiGlAAZD4/XRNOd5PgSvmHxDPrc1UkJO +K8CcU7vIgloKdETS43HhlDhT34/adV1dMpwCLpr9JZ3FmfTtIor1q8w9l0nLohln +VeLUbhaMZAXYqQp5wcDso26n9moD8l/izJZZ0gWu8xsooKmE2DY0t7ASXdcvnSq8 +VKlpZP0DHcdZdeePiCF6XovAvv3fAq5hvIdCccBIJHbFIWEL2Psq9hYqFISb+mFb +gAoX5gyo4S+lWgn33aUCzjYuR0MhelJPRFIndjr5+Dn0AgQniNre7uRt4k97jvT1 +Q9h+f4uyNFafuD5YMqfRhsk8EN93bEc3Bkq47KCYDSTJujd99pYFPE1SzvNAPmNY +CYxqYjkfjklarfellifxvqdKrOWoeOkK4a3Ckd5+4Y8BaaTzWCY= +=LOMD +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-24:02.tty.asc b/website/static/security/advisories/FreeBSD-SA-24:02.tty.asc new file mode 100644 index 0000000000..efcec789e0 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-24:02.tty.asc @@ -0,0 +1,137 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-24:02.tty Security Advisory + The FreeBSD Project + +Topic: jail(2) information leak + +Category: core +Module: jail +Announced: 2024-02-14 +Credits: Pawel Jakub Dawidek +Affects: All supported versions of FreeBSD. +Corrected: 2024-02-12 16:25:54 UTC (stable/14, 14.0-STABLE) + 2024-02-14 06:05:46 UTC (releng/14.0, 14.0-RELEASE-p5) + 2024-02-12 16:27:37 UTC (stable/13, 13.3-STABLE) + 2024-02-14 06:06:01 UTC (releng/13.2, 13.2-RELEASE-p10) +CVE Name: CVE-2024-25941 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +The jail(2) system call allows a system administrator to lock a process +and all of its descendants inside an environment with a very limited +ability to affect the system outside that environment, even for +processes with superuser privileges. It is an extension of, but +far more powerful than, the traditional UNIX chroot(2) system call. + +tty(4) is a general terminal device. + +II. Problem Description + +The jail(2) system call has not limited a visiblity of allocated TTYs +(the kern.ttys sysctl). This gives rise to an information leak about +processes outside the current jail. + +III. Impact + +Attacker can get information about TTYs allocated on the host or in other +jails. Effectively, the information printed by "pstat -t" may be leaked. + +IV. Workaround + +No workaround is available. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date +and reboot. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) +utility: + +# freebsd-update fetch +# freebsd-update install +# shutdown -r +10min "Rebooting for a security update" + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/SA-24:02/tty.patch +# fetch https://security.FreeBSD.org/patches/SA-24:02/tty.patch.asc +# gpg --verify tty.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the +system. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash in the +following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ 215bb03edc54 stable/14-n266676 +releng/14.0/ 4d354159d150 releng/14.0-n265407 +stable/13/ 9bff7ec98354 stable/13-n257418 +releng/13.2/ 17257e6e9a23 releng/13.2-n254658 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25941> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-24:02.tty.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmXMY8YACgkQbljekB8A +Gu8vuQ//VNUQjTgpzQhgctLldORwlkshwsHjGgGYdnQqidPk7gznBEHsngKUgZdx +ocXJ/IkDrzUJ3djm+5qa/3c1sCFrKXV77vtOsVU53SSgbCJdtGi40uE4TXFtPzjQ +otdGqQtgzxspx9Z2oJkBqugmfdcMXiE4+FQBTuvkCS0xAoMBcP1iVoXBQCPyWe8b +xGZ/ZDznso+75//Eaj1Szgsh4lZi5M11vDeFKpH4pO3f2O0f/ge1Wtju8EaE0zJQ +cLPCcJTRPXMUnpYt97dCeHgeNoXfjtDSf2XJGl86z1QZ4OBx2VNcpalF6YZtUxAx +LJh5hwXXbLgknSHVctqCecaMz+D7xSX2/pxkjbFflBeZznIJJkmQjStUSUE5Ldad +O8lfcDe5ZmhVWD9o05ccqr8pa2EBkeSL5hDLyatVA3T7UxRlZpfaPnnvvglen1kI +WJo3ciUMp/iSuFp6Dpy/zg5S7DYc5MM3ifWDW5Sd5X2jvuTDAhz98U0gTtKD8BuB +RyGkL46bHculeQO7c4Q/Cd//4h/VOmGpj54ag8sJS6AZ515j1OVmxeFwmNClR2VK +SHbEP8B/vRI8ek1Ja1CY8RghFJ/v9qkntapfpmP7NLDqgKe1htqDz4KHR12NUQjE +hUHAkOJ8bFS+lJG0lrci2gfmmAUQTh5csw0GA4QEUH0nHLRqW/Y= +=dMqk +-----END PGP SIGNATURE----- diff --git a/website/static/security/advisories/FreeBSD-SA-24:03.unbound.asc b/website/static/security/advisories/FreeBSD-SA-24:03.unbound.asc new file mode 100644 index 0000000000..6873ea8d0d --- /dev/null +++ b/website/static/security/advisories/FreeBSD-SA-24:03.unbound.asc @@ -0,0 +1,147 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-24:03.unbound Security Advisory + The FreeBSD Project + +Topic: Multiple vulnerabilities in unbound + +Category: contrib +Module: unbound +Announced: 2024-03-28 +Affects: FreeBSD 13.2 and FreeBSD 14.0 +Corrected: 2024-02-17 13:45:44 UTC (stable/14, 14.0-STABLE) + 2024-03-28 05:06:26 UTC (releng/14.0, 14.0-RELEASE-p6) + 2024-02-17 13:45:44 UTC (stable/13, 13.2-STABLE) + 2024-03-28 05:07:55 UTC (releng/13.2, 13.2-RELEASE-p11) +CVE Name: CVE-2023-50387, CVE-2023-50868 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +Unbound is a validating, recursive, and caching DNS resolver. + +II. Problem Description + +The KeyTrap vulnerability (CVE-2023-50387) works by using a combination of Keys +(also colliding Keys), Signatures and number of RRSETs on a malicious zone. +Answers from that zone can force a DNSSEC validator down a very CPU intensive +and time costly validation path. + +The NSEC3 vulnerability (CVE-2023-50868) uses specially crafted responses on a +malicious zone with multiple NSEC3 RRSETs to force a DNSSEC validator down a +very CPU intensive and time costly NSEC3 hash calculation path. + + +III. Impact + +Both issues can force Unbound to spend an enormous time (comparative to regular +traffic) validating a single specially crafted DNSSEC response while everything +else is on hold for that thread. A trivially orchestrated attack could render +all threads busy with such responses leading to denial of service. + +IV. Workaround + +No workaround is available. Systems not running Unbound are not affected. + +V. Solution + +Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +Perform one of the following: + +1) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) +utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 14.0] +# fetch https://security.FreeBSD.org/patches/SA-24:03/unbound-14.patch +# fetch https://security.FreeBSD.org/patches/SA-24:03/unbound-14.patch.asc +# gpg --verify unbound-14.patch.asc + +[FreeBSD 13.2] +# fetch https://security.FreeBSD.org/patches/SA-24:03/unbound-13.patch +# fetch https://security.FreeBSD.org/patches/SA-24:03/unbound-13.patch.asc +# gpg --verify unbound-13.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch -p0 < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart the applicable daemons, or reboot the system. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash in the +following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/14/ e2b44c401cc2 stable/14-n266696 +releng/14.0/ c189b94f8a22 releng/14.0-n265416 +stable/13/ abe4ced2b9de stable/13-n257436 +releng/13.2/ d9d90e5e42f6 releng/13.2-n254664 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://www.nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/> + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50387> + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50868> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-24:03.unbound.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmYFGa4ACgkQbljekB8A +Gu8Oxw/9HrzGZVx0FsUb8dhvf6Hlcfy3B0RNjxcnvvBm+P/V0+WSEaFTod9YaonO +GN331SXI1blvqfCpOz2TLiOvHjWDPCcb8bb9YqQXRId4axnpxCCzIY0HkxgXFNDu +XgXwM4JYapmWis/pOxifRXnB087lwbkfVx/0iOTeA0XUFoRRIbooiL/6H76hOmq7 +XR5moI8xYyAX5Xh+5/6yZgd+A+0n/KfQnOEpA7Ex9MWC17co+RGOP1JUZYIFHhAc +W/vNuL23UWqR1TjMgVWTHEvVBTrUPEiDfp2Z1LiQexH9IaQ4cePu7qrWlzAo7rr6 +6Cf3DybH9IxALQQSSKq1JWNqQFOWvpXCy5JKBua+Z7kcFHR5tmAgolqGLGJ629Ko +GNwsSUTZ8SzwupJ93boMaD4jF2t+zOXvBvceYywZEEvd2gq2zkfMV6WJwtUUOvdm +z7Z7AejUFONrQyYps4rcKCthnQOLHtzcPUQom68KpUACsdOr1hkA0VOCf5HRrEe6 +DpwM9PX1T3eiHSq1eZj2MMkz+Cw/DJK+wegkULRxg2ZOmWKA2U8df+Qj1RYpX4QT +JrPSHh4EqovfrB5H0uUgfLWBgAzGBLEeFKAMA+omlEaELyNzvG/4xv8eJVtjTG+D +EEQCXVTJmws/ZFDC2vJhVR6vdAwMuPz8YkBtcQkqnNcF+zzbcEk= +=PELN +-----END PGP SIGNATURE----- |