Author: gordon
Date: Wed Apr 4 05:33:56 2018
New Revision: 331984
URL: https://svnweb.freebsd.org/changeset/base/331984
Log:
Fix vt console memory disclosure. [SA-18:04.vt]
Bump newvers.sh and UPDATING for today's patches.
Submitted by: emaste
Reported by: Dr Silvio Cesare of InfoSect
Approved by: so
Security: CVE-2018-6917
Security: FreeBSD-SA-18:04.vt
Sponsored by: The FreeBSD Foundation
Modified:
releng/10.3/UPDATING
releng/10.3/sys/conf/newvers.sh
releng/10.3/sys/dev/vt/vt_font.c
releng/10.4/UPDATING
releng/10.4/sys/conf/newvers.sh
releng/10.4/sys/dev/vt/vt_font.c
releng/11.1/UPDATING
releng/11.1/sys/conf/newvers.sh
releng/11.1/sys/dev/vt/vt_font.c
Modified: releng/10.3/UPDATING
==============================================================================
--- releng/10.3/UPDATING Wed Apr 4 05:26:33 2018 (r331983)
+++ releng/10.3/UPDATING Wed Apr 4 05:33:56 2018 (r331984)
@@ -16,6 +16,19 @@ from older versions of FreeBSD, try WITHOUT_CLANG to b
stable/10, and then rebuild without this option. The bootstrap process from
older version of current is a bit fragile.
+20180404 p29 FreeBSD-SA-18:04.vt
+ FreeBSD-SA-18:05.ipsec
+ FreeBSD-EN-18:03.tzdata
+ FreeBSD-EN-18:04.mem
+
+ Fix vt console memory disclosure. [SA-18:04.vt]
+
+ Fix ipsec crash or denial of service. [SA-18:05.ipsec]
+
+ Update timezone database information. [EN-18:03.tzdata]
+
+ Fix multiple small kernel memory disclosures. [EN-18:04.mem]
+
20180308 p28 FreeBSD-SA-18:01.ipsec [revised]
Fix ipsec validation and use-after-free.
Modified: releng/10.3/sys/conf/newvers.sh
==============================================================================
--- releng/10.3/sys/conf/newvers.sh Wed Apr 4 05:26:33 2018
(r331983)
+++ releng/10.3/sys/conf/newvers.sh Wed Apr 4 05:33:56 2018
(r331984)
@@ -32,7 +32,7 @@
TYPE="FreeBSD"
REVISION="10.3"
-BRANCH="RELEASE-p28"
+BRANCH="RELEASE-p29"
if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
BRANCH=${BRANCH_OVERRIDE}
fi
Modified: releng/10.3/sys/dev/vt/vt_font.c
==============================================================================
--- releng/10.3/sys/dev/vt/vt_font.c Wed Apr 4 05:26:33 2018
(r331983)
+++ releng/10.3/sys/dev/vt/vt_font.c Wed Apr 4 05:33:56 2018
(r331984)
@@ -42,6 +42,7 @@ static MALLOC_DEFINE(M_VTFONT, "vtfont", "vt font");
/* Some limits to prevent abnormal fonts from being loaded. */
#define VTFONT_MAXMAPPINGS 65536
+#define VTFONT_MAXGLYPHS 131072
#define VTFONT_MAXGLYPHSIZE 2097152
#define VTFONT_MAXDIMENSION 128
@@ -171,7 +172,8 @@ vtfont_load(vfnt_t *f, struct vt_font **ret)
/* Make sure the dimensions are valid. */
if (f->width < 1 || f->height < 1)
return (EINVAL);
- if (f->width > VTFONT_MAXDIMENSION || f->height > VTFONT_MAXDIMENSION)
+ if (f->width > VTFONT_MAXDIMENSION || f->height > VTFONT_MAXDIMENSION ||
+ f->glyph_count > VTFONT_MAXGLYPHS)
return (E2BIG);
/* Not too many mappings. */
Modified: releng/10.4/UPDATING
==============================================================================
--- releng/10.4/UPDATING Wed Apr 4 05:26:33 2018 (r331983)
+++ releng/10.4/UPDATING Wed Apr 4 05:33:56 2018 (r331984)
@@ -16,6 +16,19 @@ from older versions of FreeBSD, try WITHOUT_CLANG to b
stable/10, and then rebuild without this option. The bootstrap process from
older version of current is a bit fragile.
+20180404 p8 FreeBSD-SA-18:04.vt
+ FreeBSD-SA-18:05.ipsec
+ FreeBSD-EN-18:03.tzdata
+ FreeBSD-EN-18:04.mem
+
+ Fix vt console memory disclosure. [SA-18:04.vt]
+
+ Fix ipsec crash or denial of service. [SA-18:05.ipsec]
+
+ Update timezone database information. [EN-18:03.tzdata]
+
+ Fix multiple small kernel memory disclosures. [EN-18:04.mem]
+
20180307 p7 FreeBSD-SA-18:01.ipsec [revised]
Fix ipsec validation and use-after-free.
Modified: releng/10.4/sys/conf/newvers.sh
==============================================================================
--- releng/10.4/sys/conf/newvers.sh Wed Apr 4 05:26:33 2018
(r331983)
+++ releng/10.4/sys/conf/newvers.sh Wed Apr 4 05:33:56 2018
(r331984)
@@ -32,7 +32,7 @@
TYPE="FreeBSD"
REVISION="10.4"
-BRANCH="RELEASE-p7"
+BRANCH="RELEASE-p8"
if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
BRANCH=${BRANCH_OVERRIDE}
fi
Modified: releng/10.4/sys/dev/vt/vt_font.c
==============================================================================
--- releng/10.4/sys/dev/vt/vt_font.c Wed Apr 4 05:26:33 2018
(r331983)
+++ releng/10.4/sys/dev/vt/vt_font.c Wed Apr 4 05:33:56 2018
(r331984)
@@ -42,6 +42,7 @@ static MALLOC_DEFINE(M_VTFONT, "vtfont", "vt font");
/* Some limits to prevent abnormal fonts from being loaded. */
#define VTFONT_MAXMAPPINGS 65536
+#define VTFONT_MAXGLYPHS 131072
#define VTFONT_MAXGLYPHSIZE 2097152
#define VTFONT_MAXDIMENSION 128
@@ -171,7 +172,8 @@ vtfont_load(vfnt_t *f, struct vt_font **ret)
/* Make sure the dimensions are valid. */
if (f->width < 1 || f->height < 1)
return (EINVAL);
- if (f->width > VTFONT_MAXDIMENSION || f->height > VTFONT_MAXDIMENSION)
+ if (f->width > VTFONT_MAXDIMENSION || f->height > VTFONT_MAXDIMENSION ||
+ f->glyph_count > VTFONT_MAXGLYPHS)
return (E2BIG);
/* Not too many mappings. */
Modified: releng/11.1/UPDATING
==============================================================================
--- releng/11.1/UPDATING Wed Apr 4 05:26:33 2018 (r331983)
+++ releng/11.1/UPDATING Wed Apr 4 05:33:56 2018 (r331984)
@@ -16,6 +16,19 @@ from older versions of FreeBSD, try WITHOUT_CLANG and
the tip of head, and then rebuild without this option. The bootstrap process
from older version of current across the gcc/clang cutover is a bit fragile.
+20180404 p9 FreeBSD-SA-18:04.vt
+ FreeBSD-SA-18:05.ipsec
+ FreeBSD-EN-18:03.tzdata
+ FreeBSD-EN-18:04.mem
+
+ Fix vt console memory disclosure. [SA-18:04.vt]
+
+ Fix ipsec crash or denial of service. [SA-18:05.ipsec]
+
+ Update timezone database information. [EN-18:03.tzdata]
+
+ Fix multiple small kernel memory disclosures. [EN-18:04.mem]
+
20180314 p8 FreeBSD-SA-18:03.speculative_execution
Add mitigations for two classes of speculative execution vulnerabilities
Modified: releng/11.1/sys/conf/newvers.sh
==============================================================================
--- releng/11.1/sys/conf/newvers.sh Wed Apr 4 05:26:33 2018
(r331983)
+++ releng/11.1/sys/conf/newvers.sh Wed Apr 4 05:33:56 2018
(r331984)
@@ -44,7 +44,7 @@
TYPE="FreeBSD"
REVISION="11.1"
-BRANCH="RELEASE-p8"
+BRANCH="RELEASE-p9"
if [ -n "${BRANCH_OVERRIDE}" ]; then
BRANCH=${BRANCH_OVERRIDE}
fi
Modified: releng/11.1/sys/dev/vt/vt_font.c
==============================================================================
--- releng/11.1/sys/dev/vt/vt_font.c Wed Apr 4 05:26:33 2018
(r331983)
+++ releng/11.1/sys/dev/vt/vt_font.c Wed Apr 4 05:33:56 2018
(r331984)
@@ -42,6 +42,7 @@ static MALLOC_DEFINE(M_VTFONT, "vtfont", "vt font");
/* Some limits to prevent abnormal fonts from being loaded. */
#define VTFONT_MAXMAPPINGS 65536
+#define VTFONT_MAXGLYPHS 131072
#define VTFONT_MAXGLYPHSIZE 2097152
#define VTFONT_MAXDIMENSION 128
@@ -171,7 +172,8 @@ vtfont_load(vfnt_t *f, struct vt_font **ret)
/* Make sure the dimensions are valid. */
if (f->width < 1 || f->height < 1)
return (EINVAL);
- if (f->width > VTFONT_MAXDIMENSION || f->height > VTFONT_MAXDIMENSION)
+ if (f->width > VTFONT_MAXDIMENSION || f->height > VTFONT_MAXDIMENSION ||
+ f->glyph_count > VTFONT_MAXGLYPHS)
return (E2BIG);
/* Not too many mappings. */
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
