Date: Thu, 8 Mar 2018 06:17:31 +0000 (UTC) From: Gordon Tetlow <gordon@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r51472 - in head/share/security: advisories patches/SA-18:01 Message-ID: <201803080617.w286HVFa025291@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: gordon (src,ports committer) Date: Thu Mar 8 06:17:31 2018 New Revision: 51472 URL: https://svnweb.freebsd.org/changeset/doc/51472 Log: Update SA-18:01 with revision and a new patch. Added: head/share/security/patches/SA-18:01/ipsec-10.rev1.patch (contents, props changed) head/share/security/patches/SA-18:01/ipsec-10.rev1.patch.asc (contents, props changed) Modified: head/share/security/advisories/FreeBSD-SA-18:01.ipsec.asc Modified: head/share/security/advisories/FreeBSD-SA-18:01.ipsec.asc ============================================================================== --- head/share/security/advisories/FreeBSD-SA-18:01.ipsec.asc Thu Mar 8 04:29:30 2018 (r51471) +++ head/share/security/advisories/FreeBSD-SA-18:01.ipsec.asc Thu Mar 8 06:17:31 2018 (r51472) @@ -2,7 +2,7 @@ Hash: SHA512 ============================================================================= -FreeBSD-SA-18:01.ipsec Security Advisory +FreeBSD-SA-18:01.ipsec [REVISED] Security Advisory The FreeBSD Project Topic: ipsec validation and use-after-free @@ -15,8 +15,8 @@ Affects: All supported versions of FreeBSD. Corrected: 2018-02-24 13:04:02 UTC (stable/11, 11.1-STABLE) 2018-03-07 05:53:35 UTC (releng/11.1, 11.1-RELEASE-p7) 2018-03-07 16:55:15 UTC (stable/10, 10.4-STABLE) - 2018-03-07 17:16:41 UTC (releng/10.4, 10.4-RELEASE-p6) - 2018-03-07 17:16:41 UTC (releng/10.3, 10.3-RELEASE-p27) + 2018-03-07 17:16:41 UTC (releng/10.4, 10.4-RELEASE-p7) + 2018-03-07 17:16:41 UTC (releng/10.3, 10.3-RELEASE-p28) CVE Name: CVE-2018-6916 For general information regarding FreeBSD Security Advisories, @@ -26,7 +26,7 @@ following sections, please visit <URL:https://security 0. Revision History v1.0 2018-03-07 Initial release. -v1.1 2018-03-07 Correct patch for 10.x releases. +v1.1 2018-03-08 Correct patch for 10.x releases. I. Background @@ -77,14 +77,25 @@ And reboot the system The following patches have been verified to apply to the applicable FreeBSD release branches. +[*** v1.1 NOTE ***] If your 10.x sources were already patched using the +initially published advisory patches, you need to apply the +ipsec-10.rev1.patch. If you had not yet patched your 10.x sources, you need +only apply the ipsec-10.patch file. 11.1 sources were correct in the initial +release and do not need to be updated. + a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. -[FreeBSD 10.x] +[FreeBSD 10.x system not patched with the original SA-18:01 patch] # fetch https://security.FreeBSD.org/patches/SA-18:01/ipsec-10.patch # fetch https://security.FreeBSD.org/patches/SA-18:01/ipsec-10.patch.asc # gpg --verify ipsec-10.patch.asc +[FreeBSD 10.x that had been patched with the original SA-18:01 patch] +# fetch https://security.FreeBSD.org/patches/SA-18:01/ipsec-10.rev1.patch +# fetch https://security.FreeBSD.org/patches/SA-18:01/ipsec-10.rev1.patch.asc +# gpg --verify ipsec-10.rev1.patch.asc + [FreeBSD 11.1] # fetch https://security.FreeBSD.org/patches/SA-18:01/ipsec-11.patch # fetch https://security.FreeBSD.org/patches/SA-18:01/ipsec-11.patch.asc @@ -131,19 +142,19 @@ The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-18:01.ipsec.asc>; -----BEGIN PGP SIGNATURE----- -iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlqgIMpfFIAAAAAALgAo +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlqg1K9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n -5cIRsA//b3GwfCJwKRdmxvEeTMxSrlppHr3x+quY9HhJEy1Sp4G4aPv4T5J0wjwX -vYdRuCtYSbdewGrOtq77Lwf0QKmvay6rvY/FB5Mm5EXqzdSzKLoEWqv9n0ShRbA4 -4M61TaqrK6TB/zE+CRm9LS1Vmx7sfOh7ebhWvt1oKoobC/9p/1W/622ZJ6CsE7vc -GWg0zJzbCpw3MfhCF8dTr7mjheL7EiXBQaSNDIa4FqSScPshk87VmUM7rd8NYUuX -ADDTOyQ/9ycwPecHl1/IlFRsIOGXl7mvXy8SibRUsSFNZB53x+915hLRhH+YuQH8 -aoWVT+mTwOsJPs36Nd+PwV3iJ5jcLaIXFlx65JHu+rep7BXDpDM6N7BHoeDl3s+y -8qwFUwb6wVEMj93kM8X+VdVx1nyFr/MTFsbj6CaIryXm+X/QtE4TCzDoWn+P+cpo -Ic7q/NDA4abU1KEOQYAS8TTrJl+VTtAVl2gv/D3+TGOXWebXkoAsKvRbXC7eesWa -b1GD5my7sSPmMsSsiNxNus9EtWOE0QMu6Asa/fDhhsg+jUSdsn8Iduia62UFeCXz -NBq87Gobw1WM+N7aDKDbt9+hXBZu3YTPL31IDhCj5ezOWQ77qpDV7c0CiQsRqLjG -nwgNe41g2bhjIFpIoyA/e4aXdOuYHsUKYFCmmzCO1ZGO3NkB0VQ= -=Yb3u +5cJCDQ/+OpTS1PrKiwuRsJ5i0RWnS8C9d/dIn9C83JJtuxhGb+CEY5bYSVKufsW/ +ilkUK3fiOWWwDHYecZW15qvt1E2E6Hm608b+K37bqL+FKobNj78B+KQr4erb0183 +/Kqo0TKDtsUzr20sNFWgeQWgHP/EqyWyJuB2zfOSb1vGUViiuxJfMxajzfE2tKqh +IDG/QpMvRolJFKSWdQnF08NIYLXfffZ4Sz9+VDCdfeLEQKi+LT6DJnlGDz/rR5iB +TwyMg3AbobpGuuV0puOZTul2GiHaPwh/fJR8JoG13+kK5VznvrOXopLAl2CVAjtj +mNuHeQHwaSQanSXgKtYxZG4/w1JDMSr60FKgG7FizhJ+9WAbjPySbb+wV5qJD4oY +a8F2urt3Tj1c1l4juOctVW+NVSS96idpf9NsmsmticTujgBu+2k63+cSIchiNj1B +ZcPw5PLgiC/r0P6FITrwXa7zJLNHdFrPvNihKTlEHJAgGno7FJJpdagxmcfGnpb2 +74VlbQF7Tq+9NQJU23y9Vj3YL0XERB/b45oRHkBEoVJKgK9/4U4mzFufn4PfANUt +0hcgMlxTOVKt0S405dh4I6ok51iq6XDol18QoYbXJHqMuEq7Lo80fKuq8gpKmCJ0 +h3NBYJKPUsngfJUisXS7VrQx3zTB8Yyp1BykpCDKET8LVJGmV7c= +=RMG/ -----END PGP SIGNATURE----- Added: head/share/security/patches/SA-18:01/ipsec-10.rev1.patch ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-18:01/ipsec-10.rev1.patch Thu Mar 8 06:17:31 2018 (r51472) @@ -0,0 +1,17 @@ +--- sys/netipsec/xform_ah.c.orig ++++ sys/netipsec/xform_ah.c +@@ -619,11 +619,11 @@ + DPRINTF(("%s: bad mbuf length %u (expecting %lu)" + " for packet in SA %s/%08lx\n", __func__, + m->m_pkthdr.len, (u_long) (skip + authsize + rplen), +- ipsec_address(&sav->sah->saidx.dst, buf, sizeof(buf)), ++ ipsec_address(&sav->sah->saidx.dst), + (u_long) ntohl(sav->spi))); + AHSTAT_INC(ahs_badauthl); +- error = EACCES; +- goto bad; ++ m_freem(m); ++ return EACCES; + } + AHSTAT_ADD(ahs_ibytes, m->m_pkthdr.len - skip - hl); + Added: head/share/security/patches/SA-18:01/ipsec-10.rev1.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-18:01/ipsec-10.rev1.patch.asc Thu Mar 8 06:17:31 2018 (r51472) @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlqgutVfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cI6Yg//dYhm+VAIs8cB/n3asDDqTdNY1TfSse5U8YXDXN0fvZGBfa5Fg+hrqQFk +CkFuwJrnsiBQ2d0HEBTG5jrQGjPCfGszKlCQoLzoCF+nv2nEqQZISBgdjTkRRhFB +LfDbSPhlgHqQVHpNjp03hSJlz/57svLVIdmbZYKqITRMhuE9yR1RK5x51br88Jse +ImcmZpojG1p/5ECiLunf/fEwh1riN2kWwZWStQCqEX0XF9aV55unCkM4OQdiUEyJ +WUXlS0XljkG2BwopAVMUkYx8G5N/Mj6VRogkohitEpdToQXJ+EdwzE5bOqkEZMwx +k9gwUNwpGqZeuThGa1ZeqJ3Izf1iF+6DNEOhxSYNfVgGY7Kjf5AtS+lSUdxMjTmZ +/hpgIW86QvSBjV7H7b0NZGXZQ2fItzPfVnVQ9agBpEzYG4IJiuGPXRfgmFKg33qp +q+ip+PgkO1rwJSMg4PVUa5t8VR2ITTbgamLDK9NHylBPHwbUR9CeYgiBOjRljs4b +j/QJi6TOQ/5vyUccW8ilGSGr0UQ3yrOZhkW298mn8o9FS6aoj8dbr9DXKLitSbkj +iQssnB2xe6K2F6XYILK+Zi154zvGaXdzUFXZE8DE7XScDugM2QHqRNe7FlTc8IjJ +fk9HdL55a+vzpFgu54TIz/tO/Rvz3rIGMVQ/WGF1wNIz36285Vs= +=O3Zi +-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201803080617.w286HVFa025291>