From owner-freebsd-announce@freebsd.org Thu Aug 10 07:28:26 2017 Return-Path: Delivered-To: freebsd-announce@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2748DDC7E38 for ; Thu, 10 Aug 2017 07:28:26 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 022A173BD4; Thu, 10 Aug 2017 07:28:26 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 1035) id 518F71B5BE; Thu, 10 Aug 2017 07:28:25 +0000 (UTC) From: FreeBSD Errata Notices To: FreeBSD Errata Notices Reply-To: freebsd-stable@freebsd.org Precedence: bulk Message-Id: <20170810072825.518F71B5BE@freefall.freebsd.org> Date: Thu, 10 Aug 2017 07:28:25 +0000 (UTC) Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-17:08.pf X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.23 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Aug 2017 07:28:26 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-17:08.pf Errata Notice The FreeBSD Project Topic: pf(4) housekeeping thread causes kernel panic Category: core Module: pf Announced: 2017-08-10 Credits: Kristof Provost, Vinícius Zavam, Paul Herman Affects: FreeBSD 11.x Corrected: 2017-07-20 17:15:18 UTC (stable/11, 11.1-STABLE) 2017-08-10 06:59:07 UTC (releng/11.1, 11.1-RELEASE-p1) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background pf(4) is one of several packet filter available in FreeBSD, originally written for OpenBSD. In addition to filtering packets, it also has packet normalization capabilities. II. Problem Description A pf housekeeping thread (pf_purge_thread) could potentially use an uninitialized variable, leading to a division by zero and a kernel panic. III. Impact Affected systems panic during startup. IV. Workaround No workaround is available, but systems not loading the pf kernel module are not affected. Once a system has started successfully it will not be at risk of this problem until it is restarted. V. Solution Perform one of the following: 1) Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Afterward, reboot the system. 2) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install Afterward, reboot the system. 3) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-17:08/pf.patch # fetch https://security.FreeBSD.org/patches/EN-17:08/pf.patch.asc # gpg --verify pf.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/11/ r321296 releng/11.1/ r322342 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.21 (FreeBSD) iQIzBAEBCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAlmMBgEACgkQ7Wfs1l3P aufndRAA3TYyp6qZzZ+m9Tp5pvDVLPwizN/k/6EkazC2nz1H9vlqG5l6Ho/N+QJ1 6rDfRw/K/+ijOoy0C/3WfUFeiu38DUnsbxE4LrBb+HterEOdLU1hZmmI5hTZqsoE 8wyV4kcEpapUn1cgb0FWKBaujTYhGc/+z62p3IrPC1mN+P8B5mkzTryYfXvaxA4E 3xBW/abjRIOh3bxQ9BPqGJBX/6Y+sle5XoHDDIvkmfzZU8sYjLFGXgeuxIfsh61h iBl1q4Tq35EDCK6cOr0s+ksg3q2mTrFNQF2Be4jMX47n1M3d+VeqZpgoa7jqrVY5 Kv3nrhOaz4Wc/OdN1uxQW5Wxm2BS1/470/ghuOY4wVy59k/4n+esenzJyIeuG4vg GUBa1ZPrsf9fR3PQgr9E047dPdc8WU7UEwHZfXuXjU6ywGd95siHVY4XB9aPYYYk ZtzIHAuyOa8GANXjVvEsghSJ9nMleIGO7Tzn9zJ9W/gSxkMDy9EAP3Gaez9OVJko zGq2TwhnSMdZjmnBpCuF9uZqyeAqDtyj77RYzV8RmhmT1e6dt+EU7Wf4KU3/3Zcr mWq3wjBvbUJjDy2q9kpnGwnPmTDpXFFIXirgcxdj0QmyejVCRhM44d3UwFZQbxfj 5vL2WwnpytB2+RiNDjhpWVc1FAldM7B+M+vhwsFHcbKKT5S9ciA= =cBQm -----END PGP SIGNATURE----- From owner-freebsd-announce@freebsd.org Thu Aug 10 07:28:26 2017 Return-Path: Delivered-To: freebsd-announce@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 31F4BDC7E39 for ; Thu, 10 Aug 2017 07:28:26 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E393973BD2; Thu, 10 Aug 2017 07:28:25 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 1035) id 400E91B5BC; Thu, 10 Aug 2017 07:28:25 +0000 (UTC) From: FreeBSD Errata Notices To: FreeBSD Errata Notices Reply-To: freebsd-stable@freebsd.org Precedence: bulk Message-Id: <20170810072825.400E91B5BC@freefall.freebsd.org> Date: Thu, 10 Aug 2017 07:28:25 +0000 (UTC) Subject: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-17:07.vnet X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.23 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Aug 2017 07:28:26 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-17:07.vnet Errata Notice The FreeBSD Project Topic: VNET kernel panic with asynchronous I/O Category: core Module: kernel Announced: 2017-08-10 Credits: Kristof Provost Affects: FreeBSD 11.0 and later. Corrected: 2017-07-28 18:09:41 UTC (stable/11, 11.1-STABLE) 2017-08-10 06:59:07 UTC (releng/11.1, 11.1-RELEASE-p1) 2017-08-10 06:59:26 UTC (releng/11.0, 11.0-RELEASE-p12) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background POSIX asynchronous I/O permits applications to request asynchronous completion of I/O requests. VNET permits systems to be configured with multiple instances of the in-kernel network stack. II. Problem Description The implementation of POSIX asynchronous I/O for sockets completes I/O requests in a pool of dedicated worker threads. The VNET feature requires threads to explicitly select an active instance of the network stack before performing network operations. The function used to complete asynchronous I/O requests was not setting a network stack instance before completing I/O requests. III. Impact Using POSIX asynchronous I/O with sockets in a VNET-enabled kernel will panic. IV. Workaround No workaround is available, but systems that do not enable VNET via a custom kernel are not affected. V. Solution Perform one of the following: 1) Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Afterward, reboot the system. 2) To update your system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install Recompile any custom kernel configs using VNET. Afterward, reboot the system. 3) To update your system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-17:07/vnet.patch # fetch https://security.FreeBSD.org/patches/EN-17:07/vnet.patch.asc # gpg --verify vnet.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/11/ r321657 releng/11.0/ r322343 releng/11.1/ r322342 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.21 (FreeBSD) iQIzBAEBCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAlmMBgEACgkQ7Wfs1l3P audTDg//WDiH3PoHyr5YmcG4tUwgPFgodV8zUDrURGoLI2DIUwX/RPdsOhHFRIJG K7ueneJWZDN2IGzNjzrzXAyz30emOhp2AjHwRivqsl0JJ3YWt2IWMge0+FI3RIzp 56+/gmCuTCsCOUxHxuuvN7v14d7WBVLUfouKV09E6wNWcbwiy1i+hjEEFbjbBIcR XRJJ+iePreq4XWJAyBTRYme24NWk4MUdYZjdprfkGURDycKvlmVqTnafR7RIP9zw 2duCA5iOen50qShxtNm9z5OSlH1ORCh7DIhFmrdiNGQnNNDbAWU1pglSEWUCYtyn 8WrWLKKqfbfYhVveEWalnN4iLAuvgrlq6bTxQ8zecwtj/VYZd1zXABUpZpDOqUB5 yrNY7A/5opwkBgkv33zG/Ll141UdgCEkWWZm+eFIuX21UIdJmScKoTtGUyC/jldw yS724uwVfpxRqHf84Th4iYOk1gegpA0vEnhO5Eh8ZSfONXhydQxNQM3D1wI7MkA2 rKH+UBucOnczPmSFT/GgO9B3iyXQl8nQR/Ff6VdmBEu56vW1sb0a1HYMOWZUfJxK +SyZ4mMAtyrceHV1I1Z5Lqk3g8rKnS6l6/QzRCIanXZPMx2oohsSFik06taIYE62 CbuUO6RcXZdTEk6nBFGhuFVew6xjvHXgEIpZ6g3tjrZ/Qqspt/0= =XzXx -----END PGP SIGNATURE----- From owner-freebsd-announce@freebsd.org Thu Aug 10 07:28:26 2017 Return-Path: Delivered-To: freebsd-announce@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C80E1DC7E3E for ; Thu, 10 Aug 2017 07:28:26 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id ABD6173BDB; Thu, 10 Aug 2017 07:28:26 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 1035) id 6FFFF1B5C2; Thu, 10 Aug 2017 07:28:25 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20170810072825.6FFFF1B5C2@freefall.freebsd.org> Date: Thu, 10 Aug 2017 07:28:25 +0000 (UTC) Subject: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-17:06.openssh X-BeenThere: freebsd-announce@freebsd.org X-Mailman-Version: 2.1.23 List-Id: "Project Announcements \[moderated\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Aug 2017 07:28:26 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-17:06.openssh Security Advisory The FreeBSD Project Topic: OpenSSH Denial of Service vulnerability Category: contrib Module: OpenSSH Announced: 2017-08-10 Affects: All supported versions of FreeBSD. Corrected: 2017-08-10 06:36:37 UTC (stable/11, 11.1-STABLE) 2017-08-10 06:59:07 UTC (releng/11.1, 11.1-RELEASE-p1) 2017-08-10 06:59:26 UTC (releng/11.0, 11.0-RELEASE-p12) 2017-08-10 06:36:37 UTC (stable/10, 10.3-STABLE) 2017-08-10 06:59:43 UTC (releng/10.3, 10.3-RELEASE-p21) CVE Name: CVE-2016-6515 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background OpenSSH is an implementation of the SSH protocol suite, providing an encrypted and authenticated transport for a variety of services, including remote shell access. OpenSSH supports a built-in password authentication method, which is enabled with PasswordAuthentication. This option is disabled by default on FreeBSD. II. Problem Description There is no limit on the password length. III. Impact A remote attacker may be able to cause an affected SSH server to use excessive amount of CPU by sending very long passwords, when PasswordAuthentication is enabled by the system administrator. IV. Workaround Disable PasswordAuthentication in /etc/ssh/sshd_config and restart sshd. This is the default FreeBSD configuration. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Restart SSH service. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install Restart SSH service. 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-17:06/openssh.patch # fetch https://security.FreeBSD.org/patches/SA-17:06/openssh.patch.asc # gpg --verify openssh.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart the SSH daemon, or reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/10/ r322341 releng/10.3/ r322344 stable/11/ r322341 releng/11.0/ r322343 releng/11.1/ r322342 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.21 (FreeBSD) iQIzBAEBCgAdFiEEHPf/b631yp++G4yy7Wfs1l3PaucFAlmMBgIACgkQ7Wfs1l3P aucJdxAA08okYfV547zvlAnX0t2lzVY7k0EDpXJChmmOjTwcvWODXMCyfTzP0EQb E7QjGushlfGU8tgCrbcFf46r2NgDRlqf5/+QK/fIohcQNwfKwJV0J5oeICzTwwOY rAjgeg03T785nSiF/WyX3NsdWv/uVvJqalAqfohj4O1YUEkZPezDUdcys+ESvqAW ujEQId1sD3wlHcwZweFmN60hzHuqR2o6+/3G8aT9ZZG3v46nM6moZiUyF5vh1hEl 16y86kyAIrTb0cCpsUL3M6ajQ15y/EQEzQBCqMedGdWlJzOFZyxgsCikcCw+07pr u0NCrzq37E+8hQGFQk5ZoZxQb/8xaReQACi+RZeJAevWX0vOni6dCSWPMy6WqXOf D8CzEcZiT+fYB4/zev/xPxlF5onEw4gbTkgbu1KLvBD9AgSKu7MdPoxkpyOwolMs nAC084kl+yYJuxHAr7W58VdGPFDOHsvG6YYWQ4nwKjJqKGi24eOGQkOPUtBuJRYA Q8ISdE0VXiMmND0vhLNDh0Gjbupz3nBNoawGAGy9OsNqRhQ6ioYIte67Ku+ev7nz ydS8P72ExWuYQHsyVIoJviAAFnSPA2H15/tCES5Di8SkeLik7tQrI3SHOH0qd328 dl0l2VGnnWYsAgGa68Xksn/DZd07cdpp5q1GitqvMPeDBb8/Iaw= =FxJQ -----END PGP SIGNATURE-----