From owner-freebsd-announce@FreeBSD.ORG Sun Jun 27 15:24:36 2004 Return-Path: Delivered-To: freebsd-announce@mx1.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3967A16A4CE for ; Sun, 27 Jun 2004 15:24:36 +0000 (GMT) Received: from bobbi.cse.buffalo.edu (bobbi.cse.Buffalo.EDU [128.205.32.23]) by mx1.FreeBSD.org (Postfix) with ESMTP id 980F143D2F for ; Sun, 27 Jun 2004 15:24:35 +0000 (GMT) (envelope-from kensmith@FreeBSD.org) Received: from bobbi.cse.buffalo.edu (localhost.cs.Buffalo.EDU [127.0.0.1]) i5RFOZHu052885 for ; Sun, 27 Jun 2004 11:24:35 -0400 (EDT) Received: (from kensmith@localhost) by bobbi.cse.buffalo.edu (8.12.11/8.12.11/Submit) id i5RFOZnj052884 for freebsd-announce@freebsd.org; Sun, 27 Jun 2004 11:24:35 -0400 (EDT) (envelope-from kensmith) Date: Sun, 27 Jun 2004 11:24:35 -0400 From: Ken Smith To: freebsd-announce@FreeBSD.org Message-ID: <20040627152434.GA52869@bobbi.cse.buffalo.edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="SLDf9lqlvOQaIe6s" Content-Disposition: inline User-Agent: Mutt/1.4.2.1i Subject: [FreeBSD-Announce] Errata Branches X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Project Announcements [moderated] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Jun 2004 15:24:36 -0000 --SLDf9lqlvOQaIe6s Content-Type: text/plain; charset=us-ascii Content-Disposition: inline The recent release of FreeBSD-4.10 mentioned that it will be the first "Errata Branch". This announcement is to clarify what the Errata Branches will be. For releases prior to FreeBSD-4.10 the "Release Branch" in the CVS Repository was turned over to the Security Team shortly after the release was made, at which point it was called a "Security Branch". Users could use cvs(1) or cvsup(1) to update their source code using the Security Branch Tag (e.g. RELENG_4_9 for FreeBSD-4.9) to have the major security issues patched between releases. The Security Branch Tags would not include the normal development work done by the FreeBSD Developers between releases so following the Security Branch Tags is recommended for users interested in stability. Updates to the Security Branches were handled by the Security Team, and were accompanied by a Security Advisory. Errata Branches will take the place of Security Branches. They will expand the scope of patches that will be applied to the Branch Tags to include things like strictly local Denial of Service bugs as well as major bugs that are likely to impact a significant number of users. Examples of what might now be included are bugs effecting kernel resource usage, major device driver bugs, etc. Before now users who wanted to pick up the latest set of bug fixes needed to update to the active development branch (RELENG_4). That may be acceptable to some users but with it being an active development branch that may not be the best choice for users interested in stability. Users should continue to use the same Branch Tag naming scheme as before, so for example the Errata Branch for FreeBSD-4.10 will be named RELENG_4_10. As with the security patches the version number for the system (available in the 'uname -a' output) will be updated as part of the patch to provide users with an easy way to identify what patch level a machine is at. As far as the patching of the Errata Branch is concerned there will be no distinction made between the patches applied to handle security issues versus patches applied to fix errata issues. Patches will be considered to be cumulative. The easiest approach to applying the fixes will continue to be using cvs(1) or cvsup(1) to update your source tree. Announcements for Security Advisories will continue to be sent to a wide variety of mailing lists, but the Errata Notices will only be sent to the FreeBSD-announce mailing list and posted on the FreeBSD Web site (http://www.FreeBSD.org). -ken --SLDf9lqlvOQaIe6s Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFA3uaw/G14VSmup/YRAnfUAJsE+xeRT4Pf3T5TlrxGGGz7Av0jNgCghjSE zMg1ZOF5hcyF6d35sNFD/rU= =5/J4 -----END PGP SIGNATURE----- --SLDf9lqlvOQaIe6s-- From owner-freebsd-announce@FreeBSD.ORG Sun Jun 27 15:41:22 2004 Return-Path: Delivered-To: freebsd-announce@mx1.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0F68316A4CE for ; Sun, 27 Jun 2004 15:41:22 +0000 (GMT) Received: from bobbi.cse.buffalo.edu (bobbi.cse.Buffalo.EDU [128.205.32.23]) by mx1.FreeBSD.org (Postfix) with ESMTP id 721D443D46 for ; Sun, 27 Jun 2004 15:41:21 +0000 (GMT) (envelope-from kensmith@FreeBSD.org) Received: from bobbi.cse.buffalo.edu (localhost.cs.Buffalo.EDU [127.0.0.1]) i5RFfL41052940 for ; Sun, 27 Jun 2004 11:41:21 -0400 (EDT) Received: (from kensmith@localhost) by bobbi.cse.buffalo.edu (8.12.11/8.12.11/Submit) id i5RFfLFX052939 for freebsd-announce@freebsd.org; Sun, 27 Jun 2004 11:41:21 -0400 (EDT) (envelope-from kensmith) Date: Sun, 27 Jun 2004 11:41:21 -0400 From: Ken Smith To: freebsd-announce@FreeBSD.org Message-ID: <20040627154120.GA52916@bobbi.cse.buffalo.edu> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="82I3+IH0IqGh5yIs" Content-Disposition: inline User-Agent: Mutt/1.4.2.1i Subject: [FreeBSD-Announce] Errata Notice: FreeBSD-EN-04:01.twe - twe(4) driver update X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Project Announcements [moderated] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Jun 2004 15:41:22 -0000 --82I3+IH0IqGh5yIs Content-Type: text/plain; charset=us-ascii Content-Disposition: inline FreeBSD-EN-04:01.twe Errata Notice The FreeBSD Project Topic: twe(4) driver may hang on heavily loaded systems Category: core Module: twe(4) device driver Announced: 2004-06-28 Credits: Vinod Kashyap Paul Saab Affects: FreeBSD 4.10-RELEASE Corrected: 2004-06-26 02:22:24 UTC (4.10-RELEASE-p1) I. Background The twe(4) driver handles the 3ware series of RAID controllers. II. Problem Description On 6xxx series controllers the driver may try to repeatedly submit the same request if the cmd queue gets full, which may happen under extremely high I/O rates. III. Impact Once the driver entered the state it was repeatedly submitting the same request all normal disk I/O through the controller stops. The computer would require a hard reset, any pending I/O buffered in memory would be lost. IV. Solution Do one of the following: 1) Upgrade your vulnerable system to the RELENG_4_10 errata branch dated after the correction date using cvsup(1) or cvs(1). This is the preferred method. 2) To patch your present system: a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/ERRATA/patches/EN-04:01/twe.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/ERRATA/patches/EN-04:01/twe.patch.asc b) Execute the following commands as root: # cd /usr/src # patch -p0 < /path/to/patch Then follow the normal procedures for rebuilding/reinstalling the kernel. Note that this method will only work with no errors if your system was installed from scratch using the FreeBSD-4.10 Release CDs or FTP install. If that is not the case you may see errors while patching the UPDATING file. Those errors would be harmless. Any other errors while running patch(1) should be investigated before proceeding with the rebuild/reinstall. V. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - -------------------------------------------------------------------------- RELENG_4_10 src/sys/dev/twe/twe.c 1.1.2.8.2.2 src/sys/dev/twe/twe_freebsd.c 1.2.2.8.2.1 src/sys/dev/twe/twevar.h 1.1.2.6.2.2 src/sys/conf/newvers.sh 1.44.2.34.2.3 src/UPDATING 1.73.2.90.2.2 - -------------------------------------------------------------------------- --82I3+IH0IqGh5yIs Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFA3uqf/G14VSmup/YRAsmTAJ97pDbu74kwkXWW/l9R5b3bBrYDGQCeLG0V re8uapdX+wS9riw/RLBE8gw= =/4nl -----END PGP SIGNATURE----- --82I3+IH0IqGh5yIs-- From owner-freebsd-announce@FreeBSD.ORG Thu Jul 1 08:04:45 2004 Return-Path: Delivered-To: freebsd-announce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 12D4116A4CE; Thu, 1 Jul 2004 08:04:45 +0000 (GMT) Received: from smtp.des.no (flood.des.no [217.116.83.31]) by mx1.FreeBSD.org (Postfix) with ESMTP id 62EEE43D2D; Thu, 1 Jul 2004 08:04:44 +0000 (GMT) (envelope-from security-advisories@freebsd.org) Received: by smtp.des.no (Pony Express, from userid 666) id E91335319; Thu, 1 Jul 2004 10:04:24 +0200 (CEST) Received: from dwp.des.no (des.no [80.203.228.37]) by smtp.des.no (Pony Express) with ESMTP id 7329E5310; Thu, 1 Jul 2004 10:03:44 +0200 (CEST) Received: by dwp.des.no (Postfix, from userid 2602) id 12CD6B886; Thu, 1 Jul 2004 10:03:44 +0200 (CEST) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Precedence: bulk Message-Id: <20040701080344.12CD6B886@dwp.des.no> Date: Thu, 1 Jul 2004 10:03:44 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on flood.des.no X-Spam-Level: s X-Spam-Status: No, hits=1.8 required=5.0 tests=ADDR_FREE autolearn=no version=2.63 Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-04:13.linux X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: security-advisories@freebsd.org List-Id: Project Announcements [moderated] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Jul 2004 08:04:45 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-04:13.linux Security Advisory The FreeBSD Project Topic: Linux binary compatibility mode input validation error Category: core Module: kernel Announced: 2004-06-30 Credits: Tim Robbins Affects: All 4.x and 5.x releases Corrected: 2004-06-30 17:31:44 UTC (RELENG_4) 2004-06-30 17:34:38 UTC (RELENG_5_2, 5.2.1-RELEASE-p9) 2004-06-30 17:33:59 UTC (RELENG_4_10, 4.10-RELEASE-p2) 2004-06-30 17:33:24 UTC (RELENG_4_9, 4.9-RELEASE-p11) 2004-06-30 17:32:24 UTC (RELENG_4_8, 4.8-RELEASE-p24) CVE Name: CAN-2004-0602 FreeBSD only: YES For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background FreeBSD is binary-compatible with the Linux operating system through a loadable kernel module/optional kernel component. II. Problem Description A programming error in the handling of some Linux system calls may result in memory locations being accessed without proper validation. III. Impact It may be possible for a local attacker to read and/or overwrite portions of kernel memory, resulting in disclosure of sensitive information or potential privilege escalation. A local attacker can cause a system panic. IV. Workaround The only known workaround is to disable the linux binary compatibility layer and prevent it from being (re)loaded. Note that step (a) must be performed before step (b). a) To prevent the linux compatibility layer being (re)loaded, remove the /boot/kernel/linux.ko file (on FreeBSD 5.x) or the /modules/linux.ko file (on FreeBSD 4.x), and add or change the following line in /etc/rc.conf: linux_enable="NO" # Linux binary compatibility loaded at startup (or NO). Add or change the following lines in /boot/loader.conf: linux_load="NO" # Linux emulation linprocfs_load="NO" In addition, remove any linprocfs file system listed in /etc/fstab. b) To disable the linux binary compatibility layer, first determine if it is loaded: # kldstat -v | grep linuxelf If no output is produced, the linux compatibility layer is not loaded; stop here. If the linux compatibility layer is loaded, determine if it is compiled into the kernel or loaded as a module: # kldstat | grep linux.ko If no output is produced, the linux compatibility layer is compiled into the kernel. Remove the line options COMPAT_LINUX from your kernel configuration file and recompile the kernel as described in and reboot the system. If output is produced, then the linux compatibility layer is loaded as a kernel module. If the module is not currently being used (by a process running under linux emulation, for example) then it may be possible to unload it: # kldunload linux # kldstat | grep linux.ko If this does not successfully unload the module, reboot the system. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to 4-STABLE; or to the RELENG_5_2, RELENG_4_10, RELENG_4_9, or RELENG_4_8 security branch dated after the correction date. 2) To patch your present system: The following patches have been verified to apply to FreeBSD 4.8, 4.9, 4.10 and 5.2 systems. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 5.2] # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:13/linux5.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:13/linux5.patch.asc [FreeBSD 4.8, 4.9, 4.10] # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:13/linux4.patch # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:13/linux4.patch.asc b) Apply the patch. # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Branch Revision Path - ------------------------------------------------------------------------- RELENG_4 src/sys/compat/linux/linux_ioctl.c 1.55.2.13 RELENG_5_2 src/UPDATING 1.282.2.17 src/sys/compat/linux/linux_ioctl.c 1.112.2.1 src/sys/conf/newvers.sh 1.56.2.16 RELENG_4_10 src/UPDATING 1.73.2.90.2.3 src/sys/compat/linux/linux_ioctl.c 1.55.2.12.4.1 src/sys/conf/newvers.sh 1.44.2.34.2.4 RELENG_4_9 src/UPDATING 1.73.2.89.2.12 src/sys/compat/linux/linux_ioctl.c 1.55.2.12.2.1 src/sys/conf/newvers.sh 1.44.2.32.2.12 RELENG_4_8 src/UPDATING 1.73.2.80.2.27 src/sys/compat/linux/linux_ioctl.c 1.55.2.10.6.1 src/sys/conf/newvers.sh 1.44.2.29.2.25 - ------------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFA48FqFdaIBMps37IRArpeAKCP1G1bFmYiD0v3Qdg8pq5zkV7JywCcDUHn dz5yJTOovQSmIaLVD/Ei8Xw= =SVrJ -----END PGP SIGNATURE-----