Re: FreeBSD Errata Notice FreeBSD-EN-23:21.tty

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Alan Somers <asomers_at_freebsd.org>
Date: Mon, 15 Jul 2024 20:33:01 UTC
What exactly does the "Announced: 2023-11-24" date refer to?  It isn't
the date that the patch got applied to the main or stable branch, nor
the date that the email alert was sent out, nor the date that anything
changed in Bugzilla.

On Tue, Dec 5, 2023 at 3:23 PM FreeBSD Errata Notices
<errata-notices@freebsd.org> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> =============================================================================
> FreeBSD-EN-23:21.tty                                            Errata Notice
>                                                           The FreeBSD Project
>
> Topic:          tty(4) IUTF8 causes a kernel panic
>
> Category:       core
> Module:         tty
> Announced:      2023-11-24
> Affects:        FreeBSD 14.0
> Corrected:      2023-11-20 16:54:54 UTC (stable/14, 14.0-STABLE)
>                 2023-12-05 18:27:38 UTC (releng/14.0, 14.0-RELEASE-p2)
>                 2023-11-20 16:57:49 UTC (stable/13, 13.2-STABLE)
>
> For general information regarding FreeBSD Errata Notices and Security
> Advisories, including descriptions of the fields above, security
> branches, and the following sections, please visit
> <URL:https://security.FreeBSD.org/>.
>
> Note: This issue does not affect 13.2-RELEASE, as the bug was introduced into
> the stable/13 branch after the 13.2 release.
>
> I.   Background
>
> The IUTF8 flag was added to the tty(4) subsystem in order to add proper
> backspace handling for UTF-8 characters.  Without this flag, tty(4) treats
> all characters as single-byte-wide characters and so, in the case of a UTF-8
> character two bytes in size or larger, tty(4) deletes only one byte during a
> backspace event, instead of all bytes, which results in the tty buffer
> containing garbage.
>
> II.  Problem Description
>
> The implementation of backspace handling failed to check whether the TTY
> buffer was empty, in which case the kernel could panic.
>
> III. Impact
>
> An unprivileged user may be able to trigger a kernel panic.
>
> IV.  Workaround
>
> No workaround is available.
>
> V.   Solution
>
> Upgrade your system to a supported FreeBSD stable or release / security branch
> (releng) dated after the correction date, and reboot.
>
> Perform one of the following:
>
> 1) To update your system via a binary patch:
>
> Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms,
> or the i386 platfrom on FreeBSD 13 and earlier, can be updated via
> the freebsd-update(8) utility:
>
> # freebsd-update fetch
> # freebsd-update install
> # shutdown -r +10min "Rebooting for a security update"
>
> 2) To update your system via a source code patch:
>
> The following patches have been verified to apply to the applicable
> FreeBSD release branches.
>
> a) Download the relevant patch from the location below, and verify the
> detached PGP signature using your PGP utility.
>
> # fetch https://security.FreeBSD.org/patches/EN-23:21/tty.patch
> # fetch https://security.FreeBSD.org/patches/EN-23:21/tty.patch.asc
> # gpg --verify tty.patch.asc
>
> b) Apply the patch.  Execute the following commands as root:
>
> # cd /usr/src
> # patch < /path/to/patch
>
> c) Recompile your kernel as described in
> <URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
> system.
>
> VI.  Correction details
>
> This issue is corrected as of the corresponding Git commit hash or Subversion
> revision number in the following stable and release branches:
>
> Branch/path                             Hash                     Revision
> - -------------------------------------------------------------------------
> stable/14/                              ae8387cc818a    stable/14-n265760
> releng/14.0/                            31f6cfca851f  releng/14.0-n265392
> stable/13/                              8647fe60b8c3    stable/13-n256709
> - -------------------------------------------------------------------------
>
> Run the following command to see which files were modified by a
> particular commit:
>
> # git show --stat <commit hash>
>
> Or visit the following URL, replacing NNNNNN with the hash:
>
> <URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
>
> To determine the commit count in a working tree (for comparison against
> nNNNNNN in the table above), run:
>
> # git rev-list --count --first-parent HEAD
>
> VII. References
>
> <URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275009>
>
> The latest revision of this advisory is available at
> <URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-23:21.tty.asc>
> -----BEGIN PGP SIGNATURE-----
>
> iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmVvmWcACgkQbljekB8A
> Gu+WfxAA4+u5wXTSy1UcpO17JzFuo0JjhQUcOEh3uWRCPdgpokEkv7xnjJQz8W3u
> 0c1GtigtKLOvJx6gF4ilFQhVbxtFNj5a73ODPqcy0K0x7YPw/5Rbrl+jk7389NXT
> A5H7kT7bscF6x9D7YfAkA2/JSgSS3opx6KJhOP8x8DvNuNpl/v2ja1LAcIVjytu6
> YYBz/GaODjX4iOw8dYzQetmbeEOiKZX660Eq5Sm2UySRz/BpJpT3y1Ncl84dWC+H
> otBihg1iezD5Ju4TIbGz6/N2oSf6mEQ2jx+ahNPGHj/A4fUeBajZWJZrge4Birii
> c45EIcPUzyt8Q4Xjcn4qCKJ3MHGCR65/39oK5DbOXD62t3l/vbLSbHToYjeJWyTN
> Fl/hOtVSrF7Om0qhlrNOfS2jXIcTQDBQJ/vgjC+m+FTDtnyiSSAZfYXQz4Ckkqfw
> KMPc3N9YI7aoifyTQxj508WN1dma7eRwyupLabwfOij03vmN/4tAI89v6EEefhpM
> wTUPTgebQWgHJjjUi7Mo8EXSzWxtPbdt2UX8XtVw3EpjQOqqc0vv+VJxkCAdMdDO
> fE8614WWcHppswXi7dlWgKUcMEEdtZ48+QjM1h+fA8DeNk6FSLBJXLUQnll1QPEW
> VDj9oKnoXquQyuxWB8MwbiUfrLlAhAXhfC8nG+Ci75sts0E4jQE=
> =wp8X
> -----END PGP SIGNATURE-----
>