[FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-21:12.divert
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 = FreeBSD-EN-21:12.divert Errata Notice The FreeBSD Project Topic: Kernel double free when transmitting on a divert socket Category: core Module: divert(4) Announced: 2021-05-26 Affects:FreeBSD 13.0 Corrected: 2021-05-10 13:36:08 UTC (stable/13, 13.0-STABLE) 2021-05-26 19:30:51 UTC (releng/13.0, 13.0-RELEASE-p1) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/>. I. Background divert(4) sockets are a facility that permit firewalls to transmit a copy of a packet to a userspace process. They may also be used by userspace programs to inject packets into the IP packet processing stack. In the FreeBSD base system, the only user of divert(4) sockets is natd(8). II. Problem Description A bug in the error handling of transmission on a divert(4) socket could result in a double free of an mbuf. III. Impact Systems making use of divert(4) may misbehave or panic in a non-deterministic manner. IV. Workaround No workaround is available. Systems not making use of divert(4) sockets are unaffected. divert(4) sockets appear in sockstat(8) output as using protocol "div". V. Solution Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date and reboot. Perform one of the following: 1) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64, i386, or (on FreeBSD 13 and later) arm64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Rebooting for an erratum update" 2) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-21:12/divert.patch # fetch https://security.FreeBSD.org/patches/EN-21:12/divert.patch.asc # gpg --verify divert.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the system. VI. Correction details This issue is corrected by the corresponding Git commit hash or Subversion revision number in the following stable and release branches: Branch/path Hash Revision - - stable/13/ eafeee082c50stable/13-n245578 releng/13.0/22b58630d6ba releng/13.0-n244737 - - Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NN with the hash: https://cgit.freebsd.org/src/commit/?id=NN> To determine the commit count in a working tree (for comparison against nNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=255104> The latest revision of this advisory is available at https://security.FreeBSD.org/advisories/FreeBSD-EN-21:12.divert.asc> -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmCu6usACgkQ05eS9J6n 5cJ/mw//SPzrCBbMJBWgwhQiJpI50BRgXWBFneThy2f5+2LWsg5gh1OJjqhqk+s9 6PAHxujsUM15zAUQhwv5g+Z6g1l9j2Zy4kPsCN/QJR1zL51zqabOdOnqmAOom6gQ nbXS2Fsh43dqCx3S+uEviC7U62kbU7CRXAhCI3wsHwRAyvzuXcUWizazp1hYllDE IZ5LqJG/t9ZrMgMd3KabCoIVHFgPANZaBpSSFPhnDZxz7mvGVN4XtX2RYOht9f2B xN05YSwmSLcB8EE1TQmjgcD6/K3hrPvkeFC0qSe9F66SJakuX19vfiWF2mrN/SO1 fIILHtCaHcs2IWVzKK4FG01t3r3o7TkAnux+R4T7aMMh8LGbYiGtYCrlzaIN45aZ bEA4aNqpZl1J1DtnthTnhNsd3R6Cq7f/hjtGNxYrSp6QLECPb4FhqVUig7m3p0s4 a3Y5m3govOnTaRppmSt7aoXGd/yQDDc4YfIbqkWa/z3IabbW+cVUH5+uexmdLy+y WJl/sNqznQPKPGDtPq39Ez1Pt6+TsOAowG4TXbNmaIk8C00KjFWnr+XcNS4GAhnd QK+B2N9TQpBTSgwVMhDnjNIptEjE75VmpW3yAlQt6FL1DlVcAgZ5dgVeGHHPI+NZ ONMpO+ifh/sRUDLH4QMviMoNi23ngkFdjo1Cq10DrIrxP4wDh6E= =yWIx -END PGP SIGNATURE- ___ freebsd-announce@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-announce To unsubscribe, send any mail to "freebsd-announce-unsubscr...@freebsd.org"
[FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-21:14.pms
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 = FreeBSD-EN-21:14.pmsErrata Notice The FreeBSD Project Topic: pms(4) data corruption Category: core Module: pms Announced: 2021-05-26 Affects:FreeBSD 12.2 and later. Corrected: 2021-04-23 01:05:42 UTC (stable/13, 13.0-STABLE) 2021-05-26 19:30:23 UTC (releng/13.0, 13.0-RELEASE-p1) 2021-04-23 01:11:07 UTC (stable/12, 12.2-STABLE) 2021-05-26 20:40:15 UTC (releng/12.2, 12.2-RELEASE-p7) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/>. I. Background pms(4) is a driver for PMC-Sierra disk controllers. II. Problem Description Two problems are fixed by this update. First, the pms(4) driver did not correctly handle the new kern.maxphys value set in FreeBSD 13.0. The devices supported by the driver impose a limit on the maximum I/O size, and this limit is smaller than the new default. Second, the pms(4) driver did not correctly handle some error cases in the I/O path and would falsely report success to upper layers. III. Impact The bugs may cause data corruption. IV. Workaround No workaround is available. Systems not using pms(4) are unaffected. V. Solution Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date and reboot. Perform one of the following: 1) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64, i386, or (on FreeBSD 13 and later) arm64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Rebooting for an erratum update" 2) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 13.0] # fetch https://security.FreeBSD.org/patches/EN-21:14/pms.13.patch # fetch https://security.FreeBSD.org/patches/EN-21:14/pms.13.patch.asc # gpg --verify pms.13.patch.asc [FreeBSD 12.2] # fetch https://security.FreeBSD.org/patches/EN-21:14/pms.12.patch # fetch https://security.FreeBSD.org/patches/EN-21:14/pms.12.patch.asc # gpg --verify pms.12.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the system. VI. Correction details This issue is corrected by the corresponding Git commit hash or Subversion revision number in the following stable and release branches: Branch/path Hash Revision - - stable/13/ 6514cb18d94estable/13-n245322 releng/13.0/b62d492067ba releng/13.0-n244736 stable/12/r369655 releng/12.2/ r369861 - - For FreeBSD 13 and later: Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NN with the hash: https://cgit.freebsd.org/src/commit/?id=NN> To determine the commit count in a working tree (for comparison against nNN in the table above), run: # git rev-list --count --first-parent HEAD For FreeBSD 12 and earlier: Run the following command to see which files were modified by a particular revision, replacing NN with the revision number: # svn diff -cNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NN with the revision number: https://svnweb.freebsd.org/base?view=revision=NN> VII. References The latest revision of this advisory is available at https://security.FreeBSD.org/advisories/FreeBSD-EN-21:14.pms.asc> -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmCu6uwACgkQ05eS9J6n 5cJZWg/8DEsOaseewourLWezA+HeV2aHfsNf96qa4O7oAOUGtCm7nKi7jodIiLB1 DiX8YqskrVav36lLxgyQazSCF84xB1YsNP4EiOzjeIoZyirR8+KiG37CunGhUDPg 8mPCE1+WBzHlcDwAEexldi+b88ehEqADbZiGWAsBcXYqhwaXoF6zUkgp5WFRWKzu Kiq7Wjs7FGkAp38O4UKduybpubSyUjHCeShEGyZvevJQE4kAZKzv1+Q+spUeIBLP P99p+vidIFIpX4uq0GgjF1GLuz4ym1tRZwu4jlJ0Vhr0KjqTWwxoMZ0m+0+SwKit dqPLQ/rj1vBiCScU7rIS49wfT6vtujH9gPt4GI5mTY8++4hDkfRvS4D5we9RgIo+
[FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-21:15.virtio
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 = FreeBSD-EN-21:15.virtio Errata Notice The FreeBSD Project Topic: virtio(4) device probing fails Category: core Module: virtio Announced: 2021-05-26 Affects:FreeBSD 13.0 Corrected: 2021-04-03 06:09:50 UTC (stable/13, 13.0-STABLE) 2021-05-26 20:32:40 UTC (releng/13.0, 13.0-RELEASE-p1) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/>. I. Background VirtIO is a specification for para-virtualized I/O in a virtual machine (VM). It defines an interface for efficient I/O between the hypervisor and VM. II. Problem Description The virtio(4) driver on FreeBSD implemented support of the legacy interface, which was released before the specification was formalized, requiring certain characteristics that were different on some VMM implementations. III. Impact FreeBSD will not boot on certain VMM implementations. IV. Workaround No workaround is available. V. Solution Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date and reboot. Perform one of the following: 1) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64, i386, or (on FreeBSD 13 and later) arm64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Rebooting for an erratum update" 2) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-21:15/virtio.patch # fetch https://security.FreeBSD.org/patches/EN-21:15/virtio.patch.asc # gpg --verify virtio.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the system. VI. Correction details This issue is corrected by the corresponding Git commit hash or Subversion revision number in the following stable and release branches: Branch/path Hash Revision - - stable/13/ 2e107638eac2stable/13-n245094 releng/13.0/61acb3179a90 releng/13.0-n244741 - - Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NN with the hash: https://cgit.freebsd.org/src/commit/?id=NN> To determine the commit count in a working tree (for comparison against nNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References The latest revision of this advisory is available at https://security.FreeBSD.org/advisories/FreeBSD-EN-21:15.virtio.asc> -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmCu6uwACgkQ05eS9J6n 5cLlmA/5AR5G9Ifb34fJVhj4PT4rUiSj41mbdECbNKTgdPD2zBkedAI9Nc4w2xcG +/i7hhePMCe8jfIwgw6eWW3UlJWx9XAtR0r/HsPxUt+glopPNcK9xr2OSY2h/jSo EkFE3JdhTvSwapIH4VNku1PULXXMQWxI3E5Ccd4mEFz/uchq7Q83koE136M2UyXR XXk9AsxmuNrG/dlWi5MhbUuljqkXY2O160ErIrNivHiOVHIxtiX/snEX6Q4srE2Q YmdAC07p64xB+3c2ZkFrA/4Khp/XRO8wRwbNE8FhGiVUwlYL2a/BB1Ldq84UbdOl ISEPr564SfhV2bSFs7PM6iHRXdD46K0/7O42X6ZswIhwN1IN+mkTW/LkYdPMpLn2 S7lmV9ulgOBkAqHQ//+7gcOMPerNXwZ0Rcnf8SY8aOqOkgIVIXG0XocOl/nBJ9CZ Syq7vuFly9EijTYtLonNv3XtTjB9Z5UjwBJPnmNGS6JYgbJQVpjllchLkb+cv5Kt jVnC5YiuOAaNJ8XjqfjhyHXZrSkVmdYINRohn1y2tojNkn3jRMCYJMB0EvIugCqU oCKmMn8R3m87723ylm5CykXmxgkSR3rfsvwzvioEFojcC+sgB5H5tdcP0XLvqg52 DP9Rnq+j0YfNs/Ud+dcIpI4/7ANduVu+WKsd58w+H3lPmkrP9aE= =Cr4I -END PGP SIGNATURE- ___ freebsd-announce@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-announce To unsubscribe, send any mail to "freebsd-announce-unsubscr...@freebsd.org"
[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-21:11.smap
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 = FreeBSD-SA-21:11.smap Security Advisory The FreeBSD Project Topic: SMAP bypass Category: core Module: amd64 Announced: 2021-05-26 Credits:I lost my dog if you see him please contact me at @m00nbsd. Affects:FreeBSD 12.2 and later. Corrected: 2021-05-26 19:18:54 UTC (stable/13, 13.0-STABLE) 2021-05-26 19:31:50 UTC (releng/13.0, 13.0-RELEASE-p1) 2021-05-26 19:30:31 UTC (stable/12, 12.2-STABLE) 2021-05-26 20:40:20 UTC (releng/12.2, 12.2-RELEASE-p7) CVE Name: CVE-2021-29628 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/>. I. Background Supervisor Mode Access Prevention (SMAP) is a security feature implemented by contemporary Intel and AMD CPUs. When enabled, it ensures that accesses to user memory by the kernel trigger a page fault and a subsequent kernel panic. This helps mitigate the security implications of kernel bugs that permit an attacker to read from or write to user memory from the kernel. The kernel may legitimately need to copy data between userspace and the kernel. To enable this, SMAP is temporarily disabled in the subroutines which handle this copying, so only small, specially designated portions of the kernel should be executed with SMAP disabled. II. Problem Description The FreeBSD kernel enables SMAP during boot when the CPU reports that the SMAP capability is present. Subroutines such as copyin() and copyout() are responsible for disabling SMAP around the sections of code that perform user memory accesses. Such subroutines must handle page faults triggered when user memory is not mapped. The kernel's page fault handler checks the validity of the fault, and if it is indeed valid it will map a page and resume copying. If the fault is invalid, the fault handler returns control to a trampoline which aborts the operation and causes an error to be returned. In this second scenario, a bug in the implementation of SMAP support meant that SMAP would remain disabled until the thread returns to user mode. III. Impact This bug may be used to bypass the protections provided by SMAP for the duration of a system call. It could thus be combined with other kernel bugs to craft an exploit. IV. Workaround No workaround is available. On hardware that does not implement SMAP, the bug is inconsequential as the mitigation does not exist in the first place. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date and reboot. Perform one of the following: 1) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64, i386, or (on FreeBSD 13 and later) arm64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Rebooting for a security update" 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-21:11/smap.patch # fetch https://security.FreeBSD.org/patches/SA-21:11/smap.patch.asc # gpg --verify smap.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the system. VI. Correction details This issue is corrected by the corresponding Git commit hash or Subversion revision number in the following stable and release branches: Branch/path Hash Revision - - stable/13/ 876ffe28796cstable/13-n245764 releng/13.0/f32130a1955e releng/13.0-n244739 stable/12/r369857 releng/12.2/ r369863 - - For FreeBSD 13 and later: Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NN with the hash: https://cgit.freebsd.org/src/commit/?id=NN> To determine the commit count in a working tree (for comparison against nNN in the table above), run: #
[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-21:12.libradius
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 = FreeBSD-SA-21:12.libradius Security Advisory The FreeBSD Project Topic: Missing message validation in libradius(3) Category: core Module: libradius Announced: 2021-05-26 Credits:leommxj and Swings from Chaitin Security Research Lab Affects:All supported versions of FreeBSD. Corrected: 2021-05-26 19:45:31 UTC (stable/13, 13.0-STABLE) 2021-05-26 20:36:29 UTC (releng/13.0, 13.0-RELEASE-p1) 2021-05-26 20:39:35 UTC (stable/12, 12.2-STABLE) 2021-05-26 20:40:23 UTC (releng/12.2, 12.2-RELEASE-p7) 2021-05-26 20:41:31 UTC (stable/11, 11.4-STABLE) 2021-05-26 20:41:58 UTC (releng/11.4, 11.4-RELEASE-p10) CVE Name: CVE-2021-29629 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/>. I. Background libradius(3) is a client and server library implementing the Remote Authentication Dial In User Service (RADIUS) protocol. It is used by pam_radius(8) and mpd5 (available in the ports tree as net/mpd5). II. Problem Description libradius did not perform sufficient validation of received messages. rad_get_attr(3) did not verify that the attribute length is valid before subtracting the length of the Type and Length fields. As a result, it could return success while also providing a bogus length of SIZE_T_MAX - 2 for the Value field. When processing attributes to find an optional authenticator, is_valid_response() failed to verify that each attribute length is non-zero and could thus enter an infinite loop. III. Impact A server may use libradius(3) to process messages from RADIUS clients. In this case, a malicious client could trigger a denial-of-service in the server. A client using libradius(3) to process messages from a server is susceptible to the same problem. The impact of the rad_get_attr(3) bug depends on how the returned length is validated and used by the consumer. It is possible that libradius(3) applications will crash or enter an infinite loop when calling rad_get_attr(3) on untrusted RADIUS messages. IV. Workaround No workaround is available. Systems not making use of libradius(3) are unaffected. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Perform one of the following: 1) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64, i386, or (on FreeBSD 13 and later) arm64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 13.0, 12.2] # fetch https://security.FreeBSD.org/patches/SA-21:12/libradius.patch # fetch https://security.FreeBSD.org/patches/SA-21:12/libradius.patch.asc # gpg --verify libradius.patch.asc [FreeBSD 11.4] # fetch https://security.FreeBSD.org/patches/SA-21:12/libradius.11.patch # fetch https://security.FreeBSD.org/patches/SA-21:12/libradius.11.patch.asc # gpg --verify libradius.11.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in https://www.FreeBSD.org/handbook/makeworld.html>. Restart all daemons that use the library, or reboot the system. VI. Correction details This issue is corrected by the corresponding Git commit hash or Subversion revision number in the following stable and release branches: Branch/path Hash Revision - - stable/13/ bec0d2c9c841stable/13-n245765 releng/13.0/7d900abe6269 releng/13.0-n244743 stable/12/r369859 releng/12.2/ r369864 stable/11/r369866 releng/11.4/ r369867 - - For FreeBSD 13 and later: Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NN with the hash:
[FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-21:11.aesni
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 = FreeBSD-EN-21:11.aesni Errata Notice The FreeBSD Project Topic: Race condition in aesni(4) encrypt-then-auth operations Category: core Module: aesni Announced: 2021-05-26 Affects:FreeBSD 12.2 Corrected: 2021-04-27 19:16:35 UTC (stable/12, 12.2-STABLE) 2021-05-26 20:40:11 UTC (releng/12.2, 12.2-RELEASE-p7) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/>. I. Background The aesni(4) driver provides implementations of various cryptographic operations using specialized CPU instructions available on contemporary Intel and AMD CPUs. This provides improved throughput relative to pure software implementations of the same operations. II. Problem Description aesni(4) implements SHA-1 and SHA-2 and can compute HMACs using these functions. One step of the HMAC computation involves the computation of a derived key. This step was implemented such that if multiple threads were concurrently computing an HMAC using the same crypto(9) session, the kernel's copy of the session key could be corrupted. III. Impact This bug could cause aesni(4) to return incorrect digests of input data, or incorrect report a digest verification failure. Since the bug is only triggered when multiple threads are sharing a crypto(9) session, some consumers are unaffected. For example, geli(8) will not trigger the bug. It is possible to trigger the bug with IPSec or KGSSAPI, or via crypto(4) if the underlying application is multithreaded and shares sessions among multiple threads. IV. Workaround The aesni(4) kernel module may be unloaded to work around the problem. Note that this may incur a substantial hit to performance. Workloads not making use of HMAC-based authentication using aesni(4) are unaffected. For example, aesni(4) implements AES-GCM, and that implementation is not susceptible to this problem. V. Solution Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date and reboot. Perform one of the following: 1) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64, i386, or (on FreeBSD 13 and later) arm64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Rebooting for an erratum update" 2) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-21:11/aesni.patch # fetch https://security.FreeBSD.org/patches/EN-21:11/aesni.patch.asc # gpg --verify aesni.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the system. VI. Correction details This issue is corrected by the corresponding Git commit hash or Subversion revision number in the following stable and release branches: Branch/path Hash Revision - - stable/12/r369665 releng/12.2/ r369860 - - Run the following command to see which files were modified by a particular revision, replacing NN with the revision number: # svn diff -cNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NN with the revision number: https://svnweb.freebsd.org/base?view=revision=NN> VII. References https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251462> The latest revision of this advisory is available at https://security.FreeBSD.org/advisories/FreeBSD-EN-21:11.aesni.asc> -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmCu6t4ACgkQ05eS9J6n 5cJdUBAAor2SfwygnujBNtepn8miqhACwa2P/8HZo1G68JTrHzRp8U8l/iLhTIwn FF/aylaIg3uiFkb5V68yi9YKo4a8kIK0U/J805n8WUFFTS5OiwLkI3mLKC3vHMUD d2gvBaAjPeBNjlNanFp8WpdNsCXvJq9CBXECQnwsnNJ1zpSSsTwm/T48pIeRpk/T sYpyaLgEjsXl0tx0VkW2wwk7tNSQx0K7BouzqrwbQku18GW9ybETfQh5NE+Mz2+S T1e3A4y2VNWXpDqCgHwl7+X7NX3FH2wGI56G3Xv781zJY5jq+UjxoXyLGVY56y3P KvCgqnPavLZgER3ui/bqro3DR3uN6P3hb/Jg/3ChrNVuf9U0hElblWzQ3KQ/y2J8
[FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-21:13.mpt
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 = FreeBSD-EN-21:13.mptErrata Notice The FreeBSD Project Topic: mpt(4) I/O errors with a large maxphys value Category: core Module: mpt Announced: 2021-05-26 Affects:FreeBSD 13.0 Corrected: 2021-04-24 00:43:14 UTC (stable/13, 13.0-STABLE) 2021-05-26 19:29:54 UTC (releng/13.0, 13.0-RELEASE-p1) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/>. I. Background mpt(4) is a driver for LSI disk controllers. II. Problem Description The mpt(4) driver did not correctly handle I/O requests larger than or equal to 2MB and would incorrectly report errors. The I/O request size is limited by the value of the kern.maxphys tunable and the default value is below this threshold. III. Impact With kern.maxphys set to 2MB or larger, I/O to mpt(4) devices will not work correctly. IV. Workaround To work around the problem, ensure that the kern.maxphys value is kept at its default value. V. Solution Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date and reboot. Perform one of the following: 1) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64, i386, or (on FreeBSD 13 and later) arm64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # shutdown -r +10min "Rebooting for an erratum update" 2) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-21:13/mpt.patch # fetch https://security.FreeBSD.org/patches/EN-21:13/mpt.patch.asc # gpg --verify mpt.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the system. VI. Correction details This issue is corrected by the corresponding Git commit hash or Subversion revision number in the following stable and release branches: Branch/path Hash Revision - - stable/13/ f0077b4c1dcfstable/13-n245384 releng/13.0/a8a91efa74e0 releng/13.0-n244734 - - Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NN with the hash: https://cgit.freebsd.org/src/commit/?id=NN> To determine the commit count in a working tree (for comparison against nNN in the table above), run: # git rev-list --count --first-parent HEAD VII. References The latest revision of this advisory is available at https://security.FreeBSD.org/advisories/FreeBSD-EN-21:13.mpt.asc> -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmCu6uwACgkQ05eS9J6n 5cJB6A//bXZXr5CaQJeZYCt88W4EXHaf9vZSLE0p3umoNE2V7bXFsfKPN+mQJKmB KFOHD8PZstnG0MX4D30t8gzxeLaadO3XhzifE8bRCa49Xiibdg0eL/XqQWylyVkm Qpyi4QIqmfPijNVFFf9FFv+1I+ERhF66isqzcWravucZZn+nV26eKaPBSPzRv7pz qbDxW3JHXNZOo6qJJiN71mPwlOleiY4ZcIsR1iz0uf2Uo7qu69YyecPkDnj0lbxT 2CrH2JV7sLXRkAHn9gujk50nu4iyUkWFsgo7dQZ34yEFXqicQMMAkiFpVadJvFgz FXcLVBbKCuuI0yr5vV6/jms36FQVBtWlZGJx/BKg5jGhj8deSireP4BsyttfWdQA 6zLGtyKghFAmG9o9XCzOtast9LUd0ggK3RIe4GzxImWe2mWAnQPEp7QQD0sqmYzW XDzF5rwHzdYDTtnp+fQ9rLKhKsunMwk3tCslnb3sO4Ai2bXm+wjV4t6nresmAZDT fJlKU8XyIhzHy33rUe1JGhv+iuNbORA7dS07XYrB70T80HOFMNo1vOy4NE2A41TJ plPXCjIdOZBkZsmy16uYLMnljRzYgBLejr/4QnSbKxEtUGJiog8osnGnFC6wCzgy XyscM8G2tL6jvmAVuKDLDiiBRZtc7ZEGHGjTpABLccPOmbcq4fk= =Ch28 -END PGP SIGNATURE- ___ freebsd-announce@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-announce To unsubscribe, send any mail to "freebsd-announce-unsubscr...@freebsd.org"
[FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-21:16.bc
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 = FreeBSD-EN-21:16.bc Errata Notice The FreeBSD Project Topic: dc update Category: contrib Module: bc Announced: 2021-05-26 Affects:FreeBSD 13.0 FreeBSD 12.2 (only when built with option WITH_GH_BC) Corrected: 2021-04-06 08:44:52 UTC (stable/13, 13.0-STABLE) 2021-05-26 20:32:40 UTC (releng/13.0, 13.0-RELEASE-p1) 2021-04-06 08:44:52 UTC (stable/12, 12.2-STABLE) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit https://security.FreeBSD.org/>. I. Background The program dc provides a simple stack-based programming language that uses a reverse Polish notation. Although it is a fully functional language, it has been used primarily as a computational engine by the program bc, which implements a more traditional language based on infix notation of operands. In FreeBSD 13.0 and in custom builds of FreeBSD 12.2-STABLE (with the non-default option WITH_GH_BC) the traditional implementations of bc and dc have been replaced by a single program under both names that provides better POSIX conformance of the bc language, compatibility with GNU bc extensions, and significantly improved performance of big number calculations. II. Problem Description The "P" command of the dc language outputs the top-of-stack value and should consume it, but in this version leaves it on the stack. This problem only affects direct dc command scripts that use "P" and rely on its effect on the stack (i.e., do not terminate after this command and have references to stack elements that are hidden by the value that has not been removed). III. Impact Since dc has been used very little as a general purpose programming language, only a very small number of dc scripts exist, and most of them are used to describe the language for educational purposes only. This issue has existed in this implementation of dc for at least 3 years without having been noticed. If a dc script relies on the correct semantics of a "P" instruction, it will not execute subsequent instructions correctly, which may result in incorrect output or in an infinite loop. IV. Workaround The math/gh-bc port and the gh-bc package have been updated to correct the issue and are fully compatible with this version in all other aspects. They can be installed in addition to the base system versions of bc and dc but may require a change of scripts that use dc to invoke the version installed below LOCALBASE. V. Solution Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Perform one of the following: 1) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the amd64, i386, or (on FreeBSD 13 and later) arm64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 2) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-21:16/bc.patch # fetch https://security.FreeBSD.org/patches/EN-21:16/bc.patch.asc # gpg --verify bc.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in https://www.FreeBSD.org/handbook/makeworld.html>. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Hash Revision - - stable/13/ 0ca6ce5e976astable/13-n245186 releng/13.0/312510880e2e releng/13.0-n244742 stable/12/r369589 - - For FreeBSD 13 and later: Run the following command to see which files were modified by a particular commit: # git show --stat Or visit the following URL, replacing NN with the hash: https://cgit.freebsd.org/src/commit/?id=NN> To determine the commit count in a working tree (for comparison against nNN in the table above), run: # git rev-list --count --first-parent HEAD For FreeBSD 12 and earlier: Run the following command to see which files were modified by a particular revision, replacing