From owner-freebsd-security@freebsd.org Mon Oct 10 07:51:45 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0A437C0529C for ; Mon, 10 Oct 2016 07:51:45 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id E47C5174; Mon, 10 Oct 2016 07:51:44 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 1035) id E378416A3; Mon, 10 Oct 2016 07:51:44 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-16:27.openssl Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20161010075144.E378416A3@freefall.freebsd.org> Date: Mon, 10 Oct 2016 07:51:44 +0000 (UTC) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Oct 2016 07:51:45 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-16:27.openssl Security Advisory The FreeBSD Project Topic: Regression in OpenSSL suite Category: contrib Module: openssl Announced: 2016-10-10 Credits: OpenSSL Project Affects: All supported versions of FreeBSD. Corrected: 2016-09-26 14:30:19 UTC (stable/11, 11.0-STABLE) 2016-09-26 20:26:19 UTC (releng/11.0, 11.0-RELEASE-p1) CVE Name: CVE-2016-7052 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library. II. Problem Description The OpenSSL version included in FreeBSD 11.0-RELEASE is 1.0.2i. The version has bug fix for CVE-2016-7052, which should have included CRL sanity check, but the check was omitted. III. Impact Any attempt to use CRLs in OpenSSL 1.0.2i will crash with a null pointer exception. IV. Workaround No workaround is available. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Restart all daemons that use the library, or reboot the system. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install Restart all daemons that use the library, or reboot the system. 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-16:27/openssl.patch # fetch https://security.FreeBSD.org/patches/SA-16:27/openssl.patch.asc # gpg --verify openssl.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart all daemons that use the library, or reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/11/ r306343 releng/11.0/ r306354 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.13 (FreeBSD) iQIcBAEBCgAGBQJX+0OlAAoJEO1n7NZdz2rnEPYQAOewieypFMknEi5Q02IBVhcC Bs1sczFLXaSz+4c9lNRi+m6Q5TXbW0MM9ZhZDnoLOXZ9OZ7DsQ0OVJcmWPHCSTkT WAlZgiB5B2xtZpLUNi0XAVPyegh+YxWCKa5mq/e4gC7BL+QhtTQqIlzsNylBDcI0 2Tp5fPfO3vIJlSwPpsUA2peYlm2c75/dusE0+bvWnqickWbEmFdCAd8rzTLrsm9R w5essD2o6BzFPA9j+3X/LNaMI6ZKKa4EkaXXB42KHruDfNTV8dmYL/LLxWs6aj1f Li++71GPh3aZZCA5SCo6NYdI25kg4xORZzqUmYzT856kdmpaemLd8oVT8/ojOCTX CoNtA9yVphhYgfSGLy2BIs0u7U3H16SVjZ1oC5MjTAY6kUsEDt6x2vlKOt5452yN 3v2fHf9I8/ibgo4d4ovpGGzvrj/8EfodmDLhjYP5RcwZH4FW1jCUzXTflsYmPWMi 8+COC+K19MNIXR0M8ajs2M8z2ILc3pOUZ1sdrNhU1jEIyYCl8EDMEU0Bc13XlUKS UE92RKfxIAMh+Zyu44++8UizfOorBVKhQVd+9NthMnfXW6xlnwujjbabam8k2E5V Za4sBQ57JvL9aKrsbmB/hhVnxXE6jYqtp7tagXK+wwULO1SarpRp7HENd50ggH5l yu2DM4rkIcwzTaJEdvyT =5rNc -----END PGP SIGNATURE----- From owner-freebsd-security@freebsd.org Mon Oct 10 07:51:50 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 985A3C052F0 for ; Mon, 10 Oct 2016 07:51:50 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 89DB520C; Mon, 10 Oct 2016 07:51:50 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 1035) id 8670F1700; Mon, 10 Oct 2016 07:51:50 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-16:28.bind Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20161010075150.8670F1700@freefall.freebsd.org> Date: Mon, 10 Oct 2016 07:51:50 +0000 (UTC) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Oct 2016 07:51:50 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-16:28.bind Security Advisory The FreeBSD Project Topic: BIND remote Denial of Service vulnerability Category: contrib Module: bind Announced: 2016-10-10 Credits: ISC Affects: FreeBSD 9.x Corrected: 2016-09-28 06:11:01 UTC (stable/9, 9.3-STABLE) 2016-10-10 07:19:16 UTC (releng/9.3, 9.3-RELEASE-p48) CVE Name: CVE-2016-2776 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background BIND 9 is an implementation of the Domain Name System (DNS) protocols. The named(8) daemon is an Internet Domain Name Server. II. Problem Description Testing by ISC has uncovered a critical error condition which can occur when a nameserver is constructing a response. A defect in the rendering of messages into packets can cause named to exit with an assertion failure in buffer.c while constructing a response to a query that meets certain criteria. This assertion can be triggered even if the apparent source address is not allowed to make queries (i.e. doesn't match 'allow-query'). [CVE-2016-2776] III. Impact A remote attacker who can send queries to a server running BIND can cause the server to crash, resulting in a Denial of Service condition. IV. Workaround No workaround is available, but hosts not running named(8) are not vulnerable. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. The named service has to be restarted after the update. A reboot is recommended but not required. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install The named service has to be restarted after the update. A reboot is recommended but not required. 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 9.3] # fetch https://security.FreeBSD.org/patches/SA-16:28/bind.patch # fetch https://security.FreeBSD.org/patches/SA-16:28/bind.patch.asc # gpg --verify bind.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart the named service, or reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/9/ r306394 releng/9.3/ r306942 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.13 (FreeBSD) iQIcBAEBCgAGBQJX+0OlAAoJEO1n7NZdz2rnt/cQAJJ/P9/cNH4mB3Oq9kks1TJI thye1Bmd6BAS16UYj+S2POSkrwkTJLhg/Rtch/4O1TUJ7q86Dko/0nciF/4Qin/J LrNhX2TUUTpQygfWdzTqdk9EiHLKT46sNh1Two4Lb9gMuBulES9Fy40gj8y81ypv uys05i6DMAlY/EsmidTHFKUGGC9160XLS7wFWnlw9XglDHn2+pIDALHl77mmoXwR VKiCbGO6IybDV5bATh12eflCSb+IJRT0MMOwJAt3Nhzp//7t2tf+izazzfs43IH4 HRkiDfkkxqAMus6h0Dm4xR91oe/oSzlEedKFM3ctHfQqyIi+AP0FKixf8pS72n7o M0W5vIbkMSuTsiOTzyQUJpQ3tExvWeZjhNZj9U5trs2YNdPCRaM3pETUdF6GZmNC tnPiTZFst3ARsy/4oJg8Eeo/cyrd/sfPm4fXCbXkakL7ml/Mu+/KEyq5qw43FIXn 96/btRfHsPSpy74KRtLsqSM29eCK9puGhJIk1iBtuhuTvze/48Od7U5zWOjn8XiS o4oOyCtm3nQfB8VIzfypFAIUFFOqfHmsfP3s51J9tUXjxvORO3UWD3/R2wXLre2Y Z5+s7IUhesunZztGtaUFCqG28KCrzmSiIVXGRd/IsQCuTJ4DNiUFZofKYdI0B7fE hrSETFwDg/OYusZ5/96D =v9vM -----END PGP SIGNATURE----- From owner-freebsd-security@freebsd.org Mon Oct 10 07:51:55 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E1EFEC05331 for ; Mon, 10 Oct 2016 07:51:55 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id D63AF5E7; Mon, 10 Oct 2016 07:51:55 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 1035) id D562217AD; Mon, 10 Oct 2016 07:51:55 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-16:29.bspatch Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20161010075155.D562217AD@freefall.freebsd.org> Date: Mon, 10 Oct 2016 07:51:55 +0000 (UTC) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Oct 2016 07:51:56 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-16:29.bspatch Security Advisory The FreeBSD Project Topic: Heap overflow vulnerability in bspatch Category: core Module: bsdiff Announced: 2016-10-10 Affects: All supported versions of FreeBSD. 2016-09-22 21:05:21 UTC (stable/11, 11.0-STABLE) 2016-09-27 19:36:12 UTC (releng/11.0, 11.0-RELEASE-p1) 2016-09-22 21:16:54 UTC (stable/10, 10.3-STABLE) 2016-10-10 07:18:54 UTC (releng/10.3, 10.3-RELEASE-p10) 2016-10-10 07:18:54 UTC (releng/10.2, 10.2-RELEASE-p23) 2016-10-10 07:18:54 UTC (releng/10.1, 10.1-RELEASE-p40) 2016-09-23 01:52:06 UTC (stable/9, 9.3-STABLE) 2016-10-10 07:19:16 UTC (releng/9.3, 9.3-RELEASE-p48) For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The bspatch utility generates newfile from oldfile and patchfile where patchfile is a binary patch built by bsdiff(1). II. Problem Description The implementation of bspatch is susceptible to integer overflows with carefully crafted input, potentially allowing an attacker who can control the patch file to write at arbitrary locations in the heap. This issue was partially addressed in FreeBSD-SA-16:25.bspatch, but some possible integer overflows remained. III. Impact An attacker who can control the patch file can cause a crash or run arbitrary code under the credentials of the user who runs bspatch, in many cases, root. IV. Workaround No workaround is available. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. No reboot is needed. Perform one of the following: 1) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility. Because this vulnerability exists in bspatch, a component used by freebsd-update, a special procedure must be followed to safely update. First, truncate bspatch to a zero byte file: # :> /usr/bin/bspatch FreeBSD-update will fall back to replacing bspatch, rather than applying a binary patch. Proceed with FreeBSD-update as usual: # freebsd-update fetch # freebsd-update install No reboot is needed. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-16:29/bspatch.patch # fetch https://security.FreeBSD.org/patches/SA-16:29/bspatch.patch.asc # gpg --verify bspatch.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/9/ r306222 releng/9.3/ r306942 stable/10/ r306215 releng/10.1/ r306941 releng/10.2/ r306941 releng/10.3/ r306941 stable/11/ r306213 releng/11.0/ r306379 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.13 (FreeBSD) iQIcBAEBCgAGBQJX+0OmAAoJEO1n7NZdz2rnMHQQALyzQ6rIFLMV+qfIKr/dxUmv frrY3rE8GbHNI6UYnlB7T97SZBVG2lOGpUO7sGNzsqAol+aBEn44mX88ijCQk+mc pIHcbwACkAG6u5c6nyelHAa3ZLc8PkPbNaryjfc9Y0vZxGFKI5ETpdN1nFxUBKRA eGt4h4GW3ZxHTkc3DDogDM6kBds3DYAnQjnqvkH6QesM/cMIdnU2NMjIrYDdtcsJ Mp92PqRl8/qCZxcpfoHSl3S190Dmu9KNjEwXdk8gvtr7aTe/OG9fcIOAwIJHMi/n E3tojTrSGLl0v9yuznG8rU0Hr6VyFNRv9i5QhPEQF4ZQ0HT2/naV0v/THMB1JdeR 8rszvO8HIdYkKEYPEp4RZ+QWJX36xK0ZOA0BSF3+OW6VYMIEB+iMvK1xAlGWmyJq D6f5AQuw559o4MNZ9gh1tXl+PXjYHvwSOrHb1EZ7mDZ3zVarn8TwUjxaE2ILIhjW wS+wqbxZt1eENfKbhLHxSavIE+Bi59ab/iymmOFtFdgDDDpQhzx13MUFM17v270g 1OCXnx7HLMIr5ibndJBQbjPmZT0InMM9856Hij8UhcFjyFpytCJie7sVcDFG9nNp z3VXrSIdEIA5MwaD6MYGW8nUfBwQnD/rSh6t2Tt4qz24FPk9K9pbzpb8CDIOImiF GnLZXJQlgmJ55XOa0EgR =uRNW -----END PGP SIGNATURE----- From owner-freebsd-security@freebsd.org Mon Oct 10 07:51:58 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EAF84C05354 for ; Mon, 10 Oct 2016 07:51:58 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id DDCA76AE; Mon, 10 Oct 2016 07:51:58 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 1035) id D9F8E180C; Mon, 10 Oct 2016 07:51:58 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-16:30.portsnap Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20161010075158.D9F8E180C@freefall.freebsd.org> Date: Mon, 10 Oct 2016 07:51:58 +0000 (UTC) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Oct 2016 07:51:59 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-16:30.portsnap Security Advisory The FreeBSD Project Topic: Multiple portsnap vulnerabilities Category: core Module: portsnap Announced: 2016-10-10 Affects: All supported versions of FreeBSD. Corrected: 2016-09-28 21:33:35 UTC (stable/11, 11.0-STABLE) 2016-09-28 22:04:07 UTC (releng/11.0, 11.0-RELEASE-p1) 2016-10-05 00:33:06 UTC (stable/10, 10.3-STABLE) 2016-10-10 07:18:54 UTC (releng/10.3, 10.3-RELEASE-p10) 2016-10-10 07:18:54 UTC (releng/10.2, 10.2-RELEASE-p23) 2016-10-10 07:18:54 UTC (releng/10.1, 10.1-RELEASE-p40) 2016-10-05 01:01:10 UTC (stable/9, 9.3-STABLE) 2016-10-10 07:19:16 UTC (releng/9.3, 9.3-RELEASE-p48) For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The portsnap utility is used to fetch and update compressed snapshots of the FreeBSD ports tree. Portsnap fetches snapshots and updates over http, and then cryptographically verifies the downloaded files. II. Problem Description Flaws in portsnap's verification of downloaded tar files allows additional files to be included without causing the verification to fail. Portsnap may then use or execute these files. III. Impact An attacker who can conduct man in the middle attack on the network at the time when portsnap is run can cause portsnap to execute arbitrary commands under the credentials of the user who runs portsnap, typically root. IV. Workaround The ports tree may be obtained by methods other than portsnap, as described in the FreeBSD handbook. V. Solution portsnap has been modified to explicitly validate compressed files within the tar file by full name, rather than relying on gunzip's filename search logic. portsnap now verifies that snapshots contain only the expected files. Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. No reboot is needed. Perform one of the following: 1) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility. This advisory is released concurrently with FreeBSD-SA-16:29.bspatch which contains special instructions for using freebsd-update. Following the instructions in that advisory will safely apply updates for FreeBSD-SA-16:29.bspatch, FreeBSD-SA-16:30.portsnap, and FreeBSD-SA-16:31.libarchive. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 10.x] # fetch https://security.FreeBSD.org/patches/SA-16:30/portsnap-10.patch # fetch https://security.FreeBSD.org/patches/SA-16:30/portsnap-10.patch.asc # gpg --verify portsnap-10.patch.asc [FreeBSD 9.3] # fetch https://security.FreeBSD.org/patches/SA-16:30/portsnap-9.3.patch # fetch https://security.FreeBSD.org/patches/SA-16:30/portsnap-9.3.patch.asc # gpg --verify portsnap-9.3.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/9/ r306701 releng/9.3/ r306942 stable/10/ r306697 releng/10.1/ r306941 releng/10.2/ r306941 releng/10.3/ r306941 stable/11/ r306418 releng/11.0/ r306419 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.13 (FreeBSD) iQIcBAEBCgAGBQJX+0OqAAoJEO1n7NZdz2rns54P/3N6V4ZGWZ8jXDSw7KPRhF16 gUs2AQx+rL+o5rOVsMZ6DulVtFP+AzUvEsLIJeARdaOJar9St1cQVTZHa+8CtWr5 aCSgx5r39srcvvMuQ34z0yss7eEkHRubzkIzrjHcD6MweFg4tAIufXHgxmhNVuKp QOQCwUbWIp8MssNbd/nYr1fpNoEvhkuzEv+EsvU+gTXeYNbHDS8zN/XC1a4167Q9 flFCqVn45ZpYR+2ifeLv0s+Rj4MQdnaCUYPpt1JoY5pIr/1GbNuywam9YgUQJZ7o gbY+S9Un0aByEOmPgD2e6qb8qhQFtaJgAbhB51dsI/qpZUljQKERmV1vd78drqWB 1gss/MFe5oyxZ5IbmHLBabIcKvvtH72gSaD8Zp973TbD72usjC/ZfdkukNBlWkbm M4PFTK+VQA1y5c8R2RduVoz3ioaBtRisxqqGOi0i3AUgiWx6IeP9jkIana28dGtJ Mkm4ZiWBj12lT5B+gafpy7+bLkbYl2sEFYIt+YUlJ1GqAumyDnnmYt5rDhZwMLFo 7ywCpCwtoBc49sCV7szV4MdFw0Zmo8tT0uiWBehferN1SHygKVNGnXIj+NotRXx0 mp0j7pgK4AcML2y7pJLEUwyWUKE5tBkPKmHg+4ELhqPb0mjm+A+KHX/8vXxlPpRJ 2yVhfIubEhECQJeJKAqm =y+kG -----END PGP SIGNATURE----- From owner-freebsd-security@freebsd.org Mon Oct 10 07:52:02 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 13E04C05387 for ; Mon, 10 Oct 2016 07:52:02 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 098A4797; Mon, 10 Oct 2016 07:52:02 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 1035) id 089A61855; Mon, 10 Oct 2016 07:52:02 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-16:31.libarchive Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20161010075202.089A61855@freefall.freebsd.org> Date: Mon, 10 Oct 2016 07:52:02 +0000 (UTC) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Oct 2016 07:52:02 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-16:31.libarchive Security Advisory The FreeBSD Project Topic: Multiple libarchive vulnerabilities Category: core Module: portsnap Announced: 2016-10-05 Affects: All supported versions of FreeBSD. Corrected: 2016-09-25 22:02:27 UTC (stable/11, 11.0-STABLE) 2016-09-27 19:36:12 UTC (releng/11.0, 11.0-RELEASE-p1) 2016-09-25 22:04:02 UTC (stable/10, 10.3-STABLE) 2016-10-10 07:18:54 UTC (releng/10.3, 10.3-RELEASE-p10) 2016-10-10 07:18:54 UTC (releng/10.2, 10.2-RELEASE-p23) 2016-10-10 07:18:54 UTC (releng/10.1, 10.1-RELEASE-p40) For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The libarchive(3) library provides a flexible interface for reading and writing streaming archive files such as tar(1) and cpio(1), and has been the basis for the FreeBSD implementation of the tar(1) and cpio(1) utilities since FreeBSD 5.3. II. Problem Description Flaws in libarchive's handling of symlinks and hard links allow overwriting files outside the extraction directory, or permission changes to a directory outside the extraction directory. III. Impact An attacker who can control freebsd-update's or portsnap's input to tar can change file content or permisssions on files outside of the update tool's working sandbox. IV. Workaround No workaround is available. V. Solution Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. No reboot is needed. Perform one of the following: 1) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility. This advisory is released concurrently with FreeBSD-SA-16:29.bspatch which contains special instructions for using freebsd-update. Following the instructions in that advisory will safely apply updates for FreeBSD-SA-16:29.bspatch, FreeBSD-SA-16:30.portsnap, and FreeBSD-SA-16:31.libarchive. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-16:31/libarchive.patch # fetch https://security.FreeBSD.org/patches/SA-16:31/libarchive.patch.asc # gpg --verify libarchive.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/10/ r306322 releng/10.1/ r306941 releng/10.2/ r306941 releng/10.3/ r306941 stable/11/ r306321 releng/11.0/ r306379 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.13 (FreeBSD) iQIcBAEBCgAGBQJX+0OrAAoJEO1n7NZdz2rnkaAP/i5Njok8Lg3ogwRGVo/HVQfA AzRz2oQ5oAuwZhmpkQ3CzHArRsaTGuKK5C1SNJpmEDuq5XM2u5Td2ph/R5ry0fwF 7B58Ci+o7ngRWtJ/N8dYk3cXfg0sjPZKDO1otIyfh8HF3UAq5uB3/w/8UFOpqcxQ guMKahd/r9PnfrD8GtS+t/2V+KHInNH0J4YD/+hoqcdZPzMKtlE5D5OjqOov9rVn myQwAuN+w2buPj2gXSuubq5wTNFOvj8u06mVpRj+0X0VoybdN5cohuqSx7s4vlw+ /qV7gT2993aijXp43dGGSUeuGl1ZbrKp233vntkIYrsjJzaw56YMHL3ushopGGhj OfC/ilXmsUjrlHgCrWpMiTuN7cdWDXrpMnaf4c99yMxdYUuRtbbnVthdOpZB8iOt 7xeVnvHiYTYbQu+4xy4SPOWqPLOnrbwVqIocXU1QjWJice5A3EU/mSAd2IpX04a2 prdlaGxBNZlziLgzsZoiER+5u0S3owbx7y2SVhMEslHyrRQ92X7SZjfu4NrvlX5k Dw6xjpHD51pshj4GXTPuznbCyd8246u1fRnH3fnlNLhz5/XhrYbG+OVQ9WDbnX2C 6SzS/oOcjA9qcq1+Ghmz6G7S2MuWZ0XcKfzV0ygX2RZEhU1p0rZfsF/2cGrKIGY1 JguXI1tZdrjfSZisAI+l =vqSJ -----END PGP SIGNATURE----- From owner-freebsd-security@freebsd.org Mon Oct 10 09:47:01 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B786CC060C5 for ; Mon, 10 Oct 2016 09:47:01 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7B1E7E; Mon, 10 Oct 2016 09:47:00 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (localhost [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 39821284A0; Mon, 10 Oct 2016 11:46:51 +0200 (CEST) Received: from illbsd.quip.test (ip-86-49-16-209.net.upcbroadband.cz [86.49.16.209]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 4311928454; Mon, 10 Oct 2016 11:46:50 +0200 (CEST) Subject: Re: FreeBSD Security Advisory FreeBSD-SA-16:27.openssl To: freebsd-security@freebsd.org, FreeBSD Security Advisories References: <20161010075144.E378416A3@freefall.freebsd.org> From: Miroslav Lachman <000.fbsd@quip.cz> Message-ID: <57FB6389.9080602@quip.cz> Date: Mon, 10 Oct 2016 11:46:49 +0200 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:42.0) Gecko/20100101 Firefox/42.0 SeaMonkey/2.39 MIME-Version: 1.0 In-Reply-To: <20161010075144.E378416A3@freefall.freebsd.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Oct 2016 09:47:01 -0000 FreeBSD Security Advisories wrote on 2016/10/10 09:51: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > ============================================================================= > FreeBSD-SA-16:27.openssl Security Advisory > The FreeBSD Project > > Topic: Regression in OpenSSL suite > > Category: contrib > Module: openssl > Announced: 2016-10-10 > Credits: OpenSSL Project > Affects: All supported versions of FreeBSD. > Corrected: 2016-09-26 14:30:19 UTC (stable/11, 11.0-STABLE) > 2016-09-26 20:26:19 UTC (releng/11.0, 11.0-RELEASE-p1) > CVE Name: CVE-2016-7052 I think it should be Affects: FreeBSD 11.x Or should be other versions listed in "Corrected"? But older FreeBSD versions does not have OpenSSL 1.0.2 in base. Miroslav Lachman From owner-freebsd-security@freebsd.org Mon Oct 10 09:32:50 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6BCE0C0BDFB for ; Mon, 10 Oct 2016 09:32:50 +0000 (UTC) (envelope-from ah0703@gmail.com) Received: from mail-qk0-x243.google.com (mail-qk0-x243.google.com [IPv6:2607:f8b0:400d:c09::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 259F5CBB for ; Mon, 10 Oct 2016 09:32:50 +0000 (UTC) (envelope-from ah0703@gmail.com) Received: by mail-qk0-x243.google.com with SMTP id n189so6315737qke.1 for ; Mon, 10 Oct 2016 02:32:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=nGxDMhQ9DRHf0xYZCtPU3y7ke9FtyR44zrAnJE+Gujk=; b=bBqa4bEUzAgwSfaw6EcUiMYtFUw2yC3BCfr5JQ1npbXHXTinCp5DfoLQbEPs8aTo77 7SZ1ktAgHHDQzgWTYYadAksw6zxEk5h1hJRMyI7GAL2BAES3eJSvRw5U9BdYr4yvADDi JwySVnVgG90M41LerFV6iKp8CRWn2qZQQ6Wv8PgKMdMPUNjv2aNgpQCMO+DAZDx7ZouI i6luEH+3he4awoZHcdkfI88apJCxuRADZNuODKYgLmWEZX9buG97cspLONCw+XjUuzmA brAzVV40w08YqQ3dUj78zpV213y9geWAesqwbg6J+o5Hcs6z26h6sTsLlh60xj+KN5oK pHMQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=nGxDMhQ9DRHf0xYZCtPU3y7ke9FtyR44zrAnJE+Gujk=; b=R4lEKjg9jrDhPuBOBrV+K3s0gTztm+QxVwsOqbpkHiwo9gJ9sB+O/oOtO6jHWXaWr6 0kcPLYTt//JdOjcUwr6ikZ1W3Ht7Q3VIBvoPySXNsotuTBe/haM5I8ehdqJg5CftBhVW AGV5y/2n1wXglITMvxNxpJh//z3Kb20XLlN4WiUWetLMbs0WA60923EVQW3Xx5oMGkG5 ArNaQdtWpal7indFTLq3y0kLwXJqSyAoI3zr6JkUVjmvuf6EL0a+0vbbNE9pvnE+1Udv YyBBal1E+wn0iR0CKB9QyNAMf42smILVuUo3TnntkHb/JI0A+S7+BL7EW06xRUXwgKlX f1Jg== X-Gm-Message-State: AA6/9RnKi2QfYjmFTqlaOLrCrtLMZcapgbddDie3RleZrkCOLEAbz42L4YxBYczLZWSiz0myQ8cKrSRlmqNexQ== X-Received: by 10.194.44.226 with SMTP id h2mr2558955wjm.113.1476091969113; Mon, 10 Oct 2016 02:32:49 -0700 (PDT) MIME-Version: 1.0 Received: by 10.80.152.165 with HTTP; Mon, 10 Oct 2016 02:32:08 -0700 (PDT) In-Reply-To: <20161010075202.04F781853@freefall.freebsd.org> References: <20161010075202.04F781853@freefall.freebsd.org> From: Alexander Hamann Date: Mon, 10 Oct 2016 11:32:08 +0200 Message-ID: Subject: Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-16:31.libarchive To: freebsd-security@freebsd.org X-Mailman-Approved-At: Mon, 10 Oct 2016 11:25:18 +0000 Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Oct 2016 09:32:50 -0000 Hi Security Team, The links to libarchive.patch and libarchive.patch.asc are broken. Looking at https://www.freebsd.org/security/patches/SA-16:31/ suggests that they should be versioned. Thanks, Alexander On Mon, Oct 10, 2016 at 9:52 AM, FreeBSD Security Advisories < security-advisories@freebsd.org> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > ============================================================ > ================= > FreeBSD-SA-16:31.libarchive Security > Advisory > The FreeBSD > Project > > Topic: Multiple libarchive vulnerabilities > > Category: core > Module: portsnap > Announced: 2016-10-05 > Affects: All supported versions of FreeBSD. > Corrected: 2016-09-25 22:02:27 UTC (stable/11, 11.0-STABLE) > 2016-09-27 19:36:12 UTC (releng/11.0, 11.0-RELEASE-p1) > 2016-09-25 22:04:02 UTC (stable/10, 10.3-STABLE) > 2016-10-10 07:18:54 UTC (releng/10.3, 10.3-RELEASE-p10) > 2016-10-10 07:18:54 UTC (releng/10.2, 10.2-RELEASE-p23) > 2016-10-10 07:18:54 UTC (releng/10.1, 10.1-RELEASE-p40) > > For general information regarding FreeBSD Security Advisories, > including descriptions of the fields above, security branches, and the > following sections, please visit . > > I. Background > > The libarchive(3) library provides a flexible interface for reading and > writing streaming archive files such as tar(1) and cpio(1), and has been > the > basis for the FreeBSD implementation of the tar(1) and cpio(1) utilities > since FreeBSD 5.3. > > II. Problem Description > > Flaws in libarchive's handling of symlinks and hard links allow overwriting > files outside the extraction directory, or permission changes to a > directory > outside the extraction directory. > > III. Impact > > An attacker who can control freebsd-update's or portsnap's input to tar can > change file content or permisssions on files outside of the update tool's > working sandbox. > > IV. Workaround > > No workaround is available. > > V. Solution > > Upgrade your vulnerable system to a supported FreeBSD stable or > release / security branch (releng) dated after the correction date. > > No reboot is needed. > > Perform one of the following: > > 1) To update your vulnerable system via a binary patch: > > Systems running a RELEASE version of FreeBSD on the i386 or amd64 > platforms can be updated via the freebsd-update(8) utility. > > This advisory is released concurrently with FreeBSD-SA-16:29.bspatch > which contains special instructions for using freebsd-update. Following > the instructions in that advisory will safely apply updates for > FreeBSD-SA-16:29.bspatch, FreeBSD-SA-16:30.portsnap, and > FreeBSD-SA-16:31.libarchive. > > 2) To update your vulnerable system via a source code patch: > > The following patches have been verified to apply to the applicable > FreeBSD release branches. > > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. > > # fetch https://security.FreeBSD.org/patches/SA-16:31/libarchive.patch > # fetch https://security.FreeBSD.org/patches/SA-16:31/libarchive.patch.asc > # gpg --verify libarchive.patch.asc > > b) Apply the patch. Execute the following commands as root: > > # cd /usr/src > # patch < /path/to/patch > > c) Recompile the operating system using buildworld and installworld as > described in . > > VI. Correction details > > The following list contains the correction revision numbers for each > affected branch. > > Branch/path Revision > - ------------------------------------------------------------ > ------------- > stable/10/ r306322 > releng/10.1/ r306941 > releng/10.2/ r306941 > releng/10.3/ r306941 > stable/11/ r306321 > releng/11.0/ r306379 > - ------------------------------------------------------------ > ------------- > > To see which files were modified by a particular revision, run the > following command, replacing NNNNNN with the revision number, on a > machine with Subversion installed: > > # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base > > Or visit the following URL, replacing NNNNNN with the revision number: > > > > VII. References > > > > > The latest revision of this advisory is available at > 1.libarchive.asc> > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.1.13 (FreeBSD) > > iQIcBAEBCgAGBQJX+0OrAAoJEO1n7NZdz2rnkaAP/i5Njok8Lg3ogwRGVo/HVQfA > AzRz2oQ5oAuwZhmpkQ3CzHArRsaTGuKK5C1SNJpmEDuq5XM2u5Td2ph/R5ry0fwF > 7B58Ci+o7ngRWtJ/N8dYk3cXfg0sjPZKDO1otIyfh8HF3UAq5uB3/w/8UFOpqcxQ > guMKahd/r9PnfrD8GtS+t/2V+KHInNH0J4YD/+hoqcdZPzMKtlE5D5OjqOov9rVn > myQwAuN+w2buPj2gXSuubq5wTNFOvj8u06mVpRj+0X0VoybdN5cohuqSx7s4vlw+ > /qV7gT2993aijXp43dGGSUeuGl1ZbrKp233vntkIYrsjJzaw56YMHL3ushopGGhj > OfC/ilXmsUjrlHgCrWpMiTuN7cdWDXrpMnaf4c99yMxdYUuRtbbnVthdOpZB8iOt > 7xeVnvHiYTYbQu+4xy4SPOWqPLOnrbwVqIocXU1QjWJice5A3EU/mSAd2IpX04a2 > prdlaGxBNZlziLgzsZoiER+5u0S3owbx7y2SVhMEslHyrRQ92X7SZjfu4NrvlX5k > Dw6xjpHD51pshj4GXTPuznbCyd8246u1fRnH3fnlNLhz5/XhrYbG+OVQ9WDbnX2C > 6SzS/oOcjA9qcq1+Ghmz6G7S2MuWZ0XcKfzV0ygX2RZEhU1p0rZfsF/2cGrKIGY1 > JguXI1tZdrjfSZisAI+l > =vqSJ > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-announce@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-announce > To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org > " > From owner-freebsd-security@freebsd.org Mon Oct 10 20:45:05 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BF9B6C0C25D for ; Mon, 10 Oct 2016 20:45:05 +0000 (UTC) (envelope-from yz@yz.kiev.ua) Received: from nb.yz.kiev.ua (nb.yz.kiev.ua [92.63.99.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 76E84F0E for ; Mon, 10 Oct 2016 20:45:05 +0000 (UTC) (envelope-from yz@yz.kiev.ua) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=yz.kiev.ua; s=dkim; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID: Subject:To:From:Date:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=zhsGrTA70RM5wv5fN6MiumAiexHhKgfa3e6glAUy2sE=; b=HNSpISXQ6dnw4Fn+i+fS0AQrCp 4J75/HzxpgzbLvmIvrVWbIl2+WhwVyNtDjUtpQNcXgrsc4ESVfDAPr8/AWu8Ql6p3FXSTAXyHcrQB 1TD8Iu9XSDbGW7WRhzKYL3GgVNKrmVxG1Hn2nM8yGJ9CcuJ80tkx0qir1+FHXUqKBmUc=; Received: from yz by nb.yz.kiev.ua with local (Exim 4.87 (FreeBSD)) (envelope-from ) id 1bthRQ-0000Kt-Ul for freebsd-security@freebsd.org; Mon, 10 Oct 2016 23:44:56 +0300 Date: Mon, 10 Oct 2016 23:44:56 +0300 From: "George L. Yermulnik" To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-16:31.libarchive Message-ID: <20161010204456.GA57293@yz.kiev.ua> References: <20161010075202.0C4281857@freefall.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20161010075202.0C4281857@freefall.freebsd.org> Organization: Earth, Europe, Ukraine, Kiev X-Yz-Mark: yz@nb 20161010 23:44:17 User-Agent: Mutt/1.7.0 (2016-08-17) X-Mailman-Approved-At: Mon, 10 Oct 2016 21:21:41 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Oct 2016 20:45:05 -0000 Hello! On Mon, 10 Oct 2016 at 07:52:02 (+0000), FreeBSD Security Advisories wrote: > 2) To update your vulnerable system via a source code patch: > The following patches have been verified to apply to the applicable > FreeBSD release branches. > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. > # fetch https://security.FreeBSD.org/patches/SA-16:31/libarchive.patch > # fetch https://security.FreeBSD.org/patches/SA-16:31/libarchive.patch.asc > # gpg --verify libarchive.patch.asc #> fetch https://security.FreeBSD.org/patches/SA-16:31/libarchive.patch fetch: https://security.FreeBSD.org/patches/SA-16:31/libarchive.patch: Not Found -- George L. Yermulnik [YZ-RIPE] From owner-freebsd-security@freebsd.org Mon Oct 10 21:23:49 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D70E2C0CD37 for ; Mon, 10 Oct 2016 21:23:49 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from cell.glebi.us (glebi.us [96.95.210.25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "cell.glebi.us", Issuer "cell.glebi.us" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id C133AF1A for ; Mon, 10 Oct 2016 21:23:49 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from cell.glebi.us (localhost [127.0.0.1]) by cell.glebi.us (8.15.2/8.15.2) with ESMTPS id u9ALNg05058690 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 10 Oct 2016 14:23:43 -0700 (PDT) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.glebi.us (8.15.2/8.15.2/Submit) id u9ALNgdV058689; Mon, 10 Oct 2016 14:23:42 -0700 (PDT) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.glebi.us: glebius set sender to glebius@FreeBSD.org using -f Date: Mon, 10 Oct 2016 14:23:42 -0700 From: Gleb Smirnoff To: "George L. Yermulnik" Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-16:31.libarchive Message-ID: <20161010212342.GF23123@FreeBSD.org> References: <20161010075202.0C4281857@freefall.freebsd.org> <20161010204456.GA57293@yz.kiev.ua> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20161010204456.GA57293@yz.kiev.ua> User-Agent: Mutt/1.6.1 (2016-04-27) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Oct 2016 21:23:49 -0000 George, On Mon, Oct 10, 2016 at 11:44:56PM +0300, George L. Yermulnik wrote: G> > 2) To update your vulnerable system via a source code patch: G> G> > The following patches have been verified to apply to the applicable G> > FreeBSD release branches. G> G> > a) Download the relevant patch from the location below, and verify the G> > detached PGP signature using your PGP utility. G> G> > # fetch https://security.FreeBSD.org/patches/SA-16:31/libarchive.patch G> > # fetch https://security.FreeBSD.org/patches/SA-16:31/libarchive.patch.asc G> > # gpg --verify libarchive.patch.asc G> G> #> fetch https://security.FreeBSD.org/patches/SA-16:31/libarchive.patch G> fetch: https://security.FreeBSD.org/patches/SA-16:31/libarchive.patch: Not Found Should be either of this: https://security.FreeBSD.org/patches/SA-16:31/libarchive-10.1.patch https://security.FreeBSD.org/patches/SA-16:31/libarchive-10.2.patch https://security.FreeBSD.org/patches/SA-16:31/libarchive-10.3.patch -- Totus tuus, Glebius. From owner-freebsd-security@freebsd.org Mon Oct 10 21:37:48 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8935DC0C03A for ; Mon, 10 Oct 2016 21:37:48 +0000 (UTC) (envelope-from yz@yz.kiev.ua) Received: from nb.yz.kiev.ua (nb.yz.kiev.ua [92.63.99.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 466D16B8; Mon, 10 Oct 2016 21:37:47 +0000 (UTC) (envelope-from yz@yz.kiev.ua) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=yz.kiev.ua; s=dkim; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID: Subject:Cc:To:From:Date:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=tbRwGwXyQeiBjAGuKjkun8T6O3GSZXayfaMRXpb52fA=; b=oSGkVqyTsYB4kt67kj/RyOfXo9 H6N2DwKdoEA9MQcFhhyIgw/hz5Dwrdo+N+lEuIXWwSiVYLi3r5FPOtH1ulmxqNfapya3TNgNE4xGG G/bcoM6JPzGVny81PnDNjMBSYPkFLKCteQN4DLjEiptjci5AmTWAV9Qna2KrS5A94/sY=; Received: from yz by nb.yz.kiev.ua with local (Exim 4.87 (FreeBSD)) (envelope-from ) id 1btiGW-000Dqg-23; Tue, 11 Oct 2016 00:37:44 +0300 Date: Tue, 11 Oct 2016 00:37:44 +0300 From: "George L. Yermulnik" To: Gleb Smirnoff Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-16:31.libarchive Message-ID: <20161010213743.GE57293@yz.kiev.ua> References: <20161010075202.0C4281857@freefall.freebsd.org> <20161010204456.GA57293@yz.kiev.ua> <20161010212342.GF23123@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20161010212342.GF23123@FreeBSD.org> Organization: Earth, Europe, Ukraine, Kiev X-Yz-Mark: yz@nb 20161011 00:33:03 User-Agent: Mutt/1.7.0 (2016-08-17) X-Mailman-Approved-At: Mon, 10 Oct 2016 21:50:39 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Oct 2016 21:37:48 -0000 Hello! On Mon, 10 Oct 2016 at 14:23:42 (-0700), Gleb Smirnoff wrote: > G> > a) Download the relevant patch from the location below, and verify the > G> > detached PGP signature using your PGP utility. > G> > G> > # fetch https://security.FreeBSD.org/patches/SA-16:31/libarchive.patch > G> > # fetch https://security.FreeBSD.org/patches/SA-16:31/libarchive.patch.asc > G> > # gpg --verify libarchive.patch.asc > G> > G> #> fetch https://security.FreeBSD.org/patches/SA-16:31/libarchive.patch > G> fetch: https://security.FreeBSD.org/patches/SA-16:31/libarchive.patch: Not Found > Should be either of this: > https://security.FreeBSD.org/patches/SA-16:31/libarchive-10.1.patch > https://security.FreeBSD.org/patches/SA-16:31/libarchive-10.2.patch > https://security.FreeBSD.org/patches/SA-16:31/libarchive-10.3.patch Thanx. I found that already, but Security Advisory is incorrect and that's the point. Anyway libarchive-10.3.patch generated on my 10.3 box a bunch of rejections, so I had to checkout contrib/libarchive/libarchive/ and lib/libarchive/tests/ from repository to be able to rebuild world. -- George L. Yermulnik [YZ-RIPE] From owner-freebsd-security@freebsd.org Mon Oct 10 21:46:30 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CE6F3C0C406 for ; Mon, 10 Oct 2016 21:46:30 +0000 (UTC) (envelope-from yz@yz.kiev.ua) Received: from nb.yz.kiev.ua (nb.yz.kiev.ua [92.63.99.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 8BE22AFB; Mon, 10 Oct 2016 21:46:30 +0000 (UTC) (envelope-from yz@yz.kiev.ua) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=yz.kiev.ua; s=dkim; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID: Subject:Cc:To:From:Date:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=OoWGMiasAntJurCQuTmfw6baYMZMHkojvrdI7YHDfug=; b=SNSeo4oJD626SE/3Siv4UyJ62Q xmblQ9N8S1nH/oq211Dn9ZTaFCYjlr0gQET12tkQXN6ftWXM+c/KA0a7JVzoZX6xzbqNHvuNL7UfO K2QETfe1aI+m1s6Y8uB/HXHbX/tGZVA9ytZ/2OAc3kP2dQtESVECSQqFfvSnAVncAESI=; Received: from yz by nb.yz.kiev.ua with local (Exim 4.87 (FreeBSD)) (envelope-from ) id 1btiOv-000Ei4-Ta; Tue, 11 Oct 2016 00:46:25 +0300 Date: Tue, 11 Oct 2016 00:46:25 +0300 From: "George L. Yermulnik" To: Gleb Smirnoff Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-16:31.libarchive Message-ID: <20161010214625.GF57293@yz.kiev.ua> References: <20161010075202.0C4281857@freefall.freebsd.org> <20161010204456.GA57293@yz.kiev.ua> <20161010212342.GF23123@FreeBSD.org> <20161010213743.GE57293@yz.kiev.ua> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20161010213743.GE57293@yz.kiev.ua> Organization: Earth, Europe, Ukraine, Kiev X-Yz-Mark: yz@nb 20161011 00:44:16 User-Agent: Mutt/1.7.0 (2016-08-17) X-Mailman-Approved-At: Mon, 10 Oct 2016 22:05:42 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Oct 2016 21:46:30 -0000 Hello! On Tue, 11 Oct 2016 at 00:37:43 (+0300), George L. Yermulnik wrote: > > https://security.FreeBSD.org/patches/SA-16:31/libarchive-10.1.patch > > https://security.FreeBSD.org/patches/SA-16:31/libarchive-10.2.patch > > https://security.FreeBSD.org/patches/SA-16:31/libarchive-10.3.patch > Thanx. I found that already, but Security Advisory is incorrect and that's the point. > Anyway libarchive-10.3.patch generated on my 10.3 box a bunch of rejections, > so I had to checkout contrib/libarchive/libarchive/ and lib/libarchive/tests/ from repository > to be able to rebuild world. Though I'm not able: [--- cut ---] --- archive_read_disk_posix.So --- cc -fpic -DPIC -DHAVE_ICONV=1 -DHAVE_ICONV_H=1 -DICONV_CONST= -O2 -pipe -DHAVE_BZLIB_H=1 -DHAVE_L IBLZMA=1 -DHAVE_LZMA_H=1 -DPLATFORM_CONFIG_H=\"/usr/src/lib/libarchive/config_freebsd.h\" -I/usr/obj /usr/src/lib/libarchive -DWITH_OPENSSL -std=gnu99 -Qunused-arguments -fstack-protector -Wsystem-hea ders -Werror -Wall -Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch -Wshadow -Wunused-parameter -Wch ar-subscripts -Winline -Wnested-externs -Wredundant-decls -Wold-style-definition -Wmissing-variable- declarations -Wno-pointer-sign -Wno-empty-body -Wno-string-plus-int -Wno-unused-const-variable -c / usr/src/lib/libarchive/../../contrib/libarchive/libarchive/archive_read_disk_posix.c -o archive_read _disk_posix.So /usr/src/lib/libarchive/../../contrib/libarchive/libarchive/archive_read_disk_posix.c:1577:37: error : incompatible pointer types passing 'struct vfsconf *' to parameter of type 'struct xvfsconf *' [-W error,-Wincompatible-pointer-types] r = getvfsbyname(sfs.f_fstypename, &vfc); ^~~~ /usr/obj/usr/src/tmp/usr/include/sys/mount.h:947:49: note: passing argument to parameter here int getvfsbyname(const char *, struct xvfsconf *); ^ 1 error generated. *** [archive_read_disk_posix.So] Error code 1 [--- cut ---] FreeBSD 10.3-STABLE i386 -- George L. Yermulnik [YZ-RIPE] From owner-freebsd-security@freebsd.org Mon Oct 10 23:30:07 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7A02AC07BA7 for ; Mon, 10 Oct 2016 23:30:07 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from cell.glebi.us (glebi.us [96.95.210.25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "cell.glebi.us", Issuer "cell.glebi.us" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 57832E38 for ; Mon, 10 Oct 2016 23:30:06 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from cell.glebi.us (localhost [127.0.0.1]) by cell.glebi.us (8.15.2/8.15.2) with ESMTPS id u9ANU5PQ059352 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 10 Oct 2016 16:30:05 -0700 (PDT) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.glebi.us (8.15.2/8.15.2/Submit) id u9ANU5iK059351; Mon, 10 Oct 2016 16:30:05 -0700 (PDT) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.glebi.us: glebius set sender to glebius@FreeBSD.org using -f Date: Mon, 10 Oct 2016 16:30:04 -0700 From: Gleb Smirnoff To: "George L. Yermulnik" Cc: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-16:31.libarchive Message-ID: <20161010233004.GG23123@FreeBSD.org> References: <20161010075202.0C4281857@freefall.freebsd.org> <20161010204456.GA57293@yz.kiev.ua> <20161010212342.GF23123@FreeBSD.org> <20161010213743.GE57293@yz.kiev.ua> <20161010214625.GF57293@yz.kiev.ua> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20161010214625.GF57293@yz.kiev.ua> User-Agent: Mutt/1.6.1 (2016-04-27) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Oct 2016 23:30:07 -0000 On Tue, Oct 11, 2016 at 12:46:25AM +0300, George L. Yermulnik wrote: G> Hello! G> G> On Tue, 11 Oct 2016 at 00:37:43 (+0300), George L. Yermulnik wrote: G> G> > > https://security.FreeBSD.org/patches/SA-16:31/libarchive-10.1.patch G> > > https://security.FreeBSD.org/patches/SA-16:31/libarchive-10.2.patch G> > > https://security.FreeBSD.org/patches/SA-16:31/libarchive-10.3.patch G> G> > Thanx. I found that already, but Security Advisory is incorrect and that's the point. G> > Anyway libarchive-10.3.patch generated on my 10.3 box a bunch of rejections, G> > so I had to checkout contrib/libarchive/libarchive/ and lib/libarchive/tests/ from repository G> > to be able to rebuild world. G> G> Though I'm not able: G> [--- cut ---] G> --- archive_read_disk_posix.So --- G> cc -fpic -DPIC -DHAVE_ICONV=1 -DHAVE_ICONV_H=1 -DICONV_CONST= -O2 -pipe -DHAVE_BZLIB_H=1 -DHAVE_L G> IBLZMA=1 -DHAVE_LZMA_H=1 -DPLATFORM_CONFIG_H=\"/usr/src/lib/libarchive/config_freebsd.h\" -I/usr/obj G> /usr/src/lib/libarchive -DWITH_OPENSSL -std=gnu99 -Qunused-arguments -fstack-protector -Wsystem-hea G> ders -Werror -Wall -Wno-format-y2k -W -Wno-unused-parameter -Wstrict-prototypes -Wmissing-prototypes G> -Wpointer-arith -Wreturn-type -Wcast-qual -Wwrite-strings -Wswitch -Wshadow -Wunused-parameter -Wch G> ar-subscripts -Winline -Wnested-externs -Wredundant-decls -Wold-style-definition -Wmissing-variable- G> declarations -Wno-pointer-sign -Wno-empty-body -Wno-string-plus-int -Wno-unused-const-variable -c / G> usr/src/lib/libarchive/../../contrib/libarchive/libarchive/archive_read_disk_posix.c -o archive_read G> _disk_posix.So G> /usr/src/lib/libarchive/../../contrib/libarchive/libarchive/archive_read_disk_posix.c:1577:37: error G> : incompatible pointer types passing 'struct vfsconf *' to parameter of type 'struct xvfsconf *' [-W G> error,-Wincompatible-pointer-types] G> r = getvfsbyname(sfs.f_fstypename, &vfc); G> ^~~~ G> /usr/obj/usr/src/tmp/usr/include/sys/mount.h:947:49: note: passing argument to parameter here G> int getvfsbyname(const char *, struct xvfsconf *); G> ^ G> 1 error generated. G> *** [archive_read_disk_posix.So] Error code 1 G> [--- cut ---] G> G> FreeBSD 10.3-STABLE i386 If it is a 10.3-STABLE system, you should just 'svn up' and rebuild, because patch is already included into the stable/10 branch. The patches are for those who run releases. -- Totus tuus, Glebius.