git: 0f385ddd4d - main - Add EN-21:23 to EN-21:25 and SA-21:13 to SA-21:17.
Gordon Tetlow
gordon at FreeBSD.org
Tue Aug 24 20:40:51 UTC 2021
The branch main has been updated by gordon (src committer):
URL: https://cgit.FreeBSD.org/doc/commit/?id=0f385ddd4d39726db1e5ea8afceb6c94632dab22
commit 0f385ddd4d39726db1e5ea8afceb6c94632dab22
Author: Gordon Tetlow <gordon at FreeBSD.org>
AuthorDate: 2021-08-24 20:39:53 +0000
Commit: Gordon Tetlow <gordon at FreeBSD.org>
CommitDate: 2021-08-24 20:39:53 +0000
Add EN-21:23 to EN-21:25 and SA-21:13 to SA-21:17.
Approved by: so
---
website/data/security/advisories.toml | 20 +
website/data/security/errata.toml | 12 +
.../advisories/FreeBSD-EN-21:23.virtio_blk.asc | 125 +++++
.../advisories/FreeBSD-EN-21:24.libcrypto.asc | 141 ++++++
.../security/advisories/FreeBSD-EN-21:25.bhyve.asc | 153 ++++++
.../security/advisories/FreeBSD-SA-21:13.bhyve.asc | 167 ++++++
.../advisories/FreeBSD-SA-21:14.ggatec.asc | 154 ++++++
.../advisories/FreeBSD-SA-21:15.libfetch.asc | 158 ++++++
.../advisories/FreeBSD-SA-21:16.openssl.asc | 167 ++++++
.../advisories/FreeBSD-SA-21:17.openssl.asc | 156 ++++++
.../security/patches/EN-21:23/virtio_blk.patch | 50 ++
.../security/patches/EN-21:23/virtio_blk.patch.asc | 16 +
.../security/patches/EN-21:24/libcrypto.patch | 37 ++
.../security/patches/EN-21:24/libcrypto.patch.asc | 16 +
.../static/security/patches/EN-21:25/bhyve.patch | 11 +
.../security/patches/EN-21:25/bhyve.patch.asc | 16 +
.../security/patches/SA-21:13/bhyve.11.patch | 58 +++
.../security/patches/SA-21:13/bhyve.11.patch.asc | 16 +
.../security/patches/SA-21:13/bhyve.12.patch | 98 ++++
.../security/patches/SA-21:13/bhyve.12.patch.asc | 16 +
.../security/patches/SA-21:13/bhyve.13.patch | 117 +++++
.../security/patches/SA-21:13/bhyve.13.patch.asc | 16 +
.../static/security/patches/SA-21:14/ggatec.patch | 37 ++
.../security/patches/SA-21:14/ggatec.patch.asc | 16 +
.../security/patches/SA-21:15/libfetch.patch | 15 +
.../security/patches/SA-21:15/libfetch.patch.asc | 16 +
.../security/patches/SA-21:16/openssl.12.patch | 559 +++++++++++++++++++++
.../security/patches/SA-21:16/openssl.12.patch.asc | 16 +
.../security/patches/SA-21:16/openssl.13.patch | 559 +++++++++++++++++++++
.../security/patches/SA-21:16/openssl.13.patch.asc | 16 +
.../security/patches/SA-21:17/openssl.11.patch | 94 ++++
.../security/patches/SA-21:17/openssl.11.patch.asc | 16 +
.../security/patches/SA-21:17/openssl.12.patch | 125 +++++
.../security/patches/SA-21:17/openssl.12.patch.asc | 16 +
34 files changed, 3205 insertions(+)
diff --git a/website/data/security/advisories.toml b/website/data/security/advisories.toml
index ccb6c58848..1df4d90a44 100644
--- a/website/data/security/advisories.toml
+++ b/website/data/security/advisories.toml
@@ -1,6 +1,26 @@
# Sort advisories by year, month and day
# $FreeBSD$
+[[advisories]]
+name = "FreeBSD-SA-21:17.openssl"
+date = "2021-08-24"
+
+[[advisories]]
+name = "FreeBSD-SA-21:16.openssl"
+date = "2021-08-24"
+
+[[advisories]]
+name = "FreeBSD-SA-21:15.libfetch"
+date = "2021-08-24"
+
+[[advisories]]
+name = "FreeBSD-SA-21:14.ggatec"
+date = "2021-08-24"
+
+[[advisories]]
+name = "FreeBSD-SA-21:13.bhyve"
+date = "2021-08-24"
+
[[advisories]]
name = "FreeBSD-SA-21:12.libradius"
date = "2021-05-26"
diff --git a/website/data/security/errata.toml b/website/data/security/errata.toml
index bd86fb8b01..4cc5b7ccfa 100644
--- a/website/data/security/errata.toml
+++ b/website/data/security/errata.toml
@@ -1,6 +1,18 @@
# Sort errata notices by year, month and day
# $FreeBSD$
+[[notices]]
+name = "FreeBSD-EN-21:25.bhyve"
+date = "2021-08-24"
+
+[[notices]]
+name = "FreeBSD-EN-21:24.libcrypto"
+date = "2021-08-24"
+
+[[notices]]
+name = "FreeBSD-EN-21:23.virtio_blk"
+date = "2021-08-24"
+
[[notices]]
name = "FreeBSD-EN-21:22.linux_futex"
date = "2021-06-29"
diff --git a/website/static/security/advisories/FreeBSD-EN-21:23.virtio_blk.asc b/website/static/security/advisories/FreeBSD-EN-21:23.virtio_blk.asc
new file mode 100644
index 0000000000..11c7933a4b
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-21:23.virtio_blk.asc
@@ -0,0 +1,125 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-21:23.virtio_blk Errata Notice
+ The FreeBSD Project
+
+Topic: virtio_blk(4) fails to attach on some hypervisors
+
+Category: core
+Module: virtio_blk
+Announced: 2021-08-24
+Affects: FreeBSD 13.0
+Corrected: 2021-06-28 15:16:29 UTC (stable/13, 13.0-STABLE)
+ 2021-08-24 16:36:55 UTC (releng/13.0, 13.0-RELEASE-p4)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+VirtIO is a specification for para-virtualized I/O in a virtual machine
+(VM). It defines an interface for efficient I/O between the hypervisor
+and VM. virtio_blk(4) is a driver handling VirtIO block devices.
+
+II. Problem Description
+
+The virtio_blk(4) driver sends commands to the host to query disk
+identifiers before acknowledging to the host that the driver is ready.
+
+III. Impact
+
+Affected versions of FreeBSD will not boot under some hypervisors, or
+under the presence of modern and non-transitional VirtIO block devices.
+
+IV. Workaround
+
+No workaround is available. FreeBSD running in QEMU emulator is not
+affected by this issue.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date and reboot.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +10min "Rebooting for an erratum update"
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-21:23/virtio_blk.patch
+# fetch https://security.FreeBSD.org/patches/EN-21:23/virtio_blk.patch.asc
+# gpg --verify virtio_blk.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/13/ 6fd5a4a6f3ac stable/13-n246114
+releng/13.0/ f66e34809906 releng/13.0-n244753
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-21:23.virtio_blk.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmElV04ACgkQ05eS9J6n
+5cK9NQ//cT8k06JwzqJ1rh09OK/XM9GWxXDuI/YHV4bQ8zc15aSM+PoS2FHgpcDy
+BaoyDBp1pFgvx/QxbWdHUYam1SZac3vqbe7qfw/QKQopC8sjgdbqTxcCPmk8qh/r
+upfqaLmtlxYBxxKEPtr1DUVUzt+qqT6jWK6cCR6KjXKFGQNh0DiYGopmiwPbQzYQ
+s2nLnQqX5UwgSLNPgY95Aam1RsKiQcSgPkegmKvbhHdgYoal7EDJ8htMnSHBYkhV
+K/tQ98572xKwpywpQEXvDehaGgov7XQellvA9LchKnONfrRDu23I3Ud7WmA/APwk
+YFRQs6S2kQGjmUIOLYb+Ey+xROOSmiIePA7e1/hVOtdkhkaeUNqXbBVyQKmHBv6k
+oipHzgnDQ87wlCV9NT77TevvGc7uzJ4iI9nwvecnLDeLEL8Fuuy7QaBd3KGgbEaN
+p2C4jBWkfjppvNovR4bCIj6uhgwKuxR6m/IH9oM38I/vtIsr03/ozX6fJT5SGrk3
+XbxhXC7suolWZcKKlIQc+ReZnHOrR/4p1sHG3DcKYzP3Y9NjBUYwR+uf6WCB+v+y
+/jADR/Co88bEkKTK7Dexfz8cK9QQO8NvK6jkNkx7Q46ZagHgQaNVYKASsYeLcW13
+ns3qKL8E7lOgJtcSX+1l39iJ9nYGdERMP7BwkuFO3iSAQP5e1mM=
+=Cc2A
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-EN-21:24.libcrypto.asc b/website/static/security/advisories/FreeBSD-EN-21:24.libcrypto.asc
new file mode 100644
index 0000000000..d2ce462e26
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-21:24.libcrypto.asc
@@ -0,0 +1,141 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-21:24.libcrypto Errata Notice
+ The FreeBSD Project
+
+Topic: OpenSSL 1.1.1e API functions not exported
+
+Category: core
+Module: libcrypto
+Announced: 2021-08-24
+Affects: FreeBSD 12.2 and later.
+Corrected: 2021-06-09 21:53:42 UTC (stable/13, 13.0-STABLE)
+ 2021-08-24 17:25:47 UTC (releng/13.0, 13.0-RELEASE-p4)
+ 2021-06-09 21:54:13 UTC (stable/12, 12.2-STABLE)
+ 2021-08-24 18:32:08 UTC (releng/12.2, 12.2-RELEASE-p10)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+libcrypto is part of the OpenSSL distribution and provides APIs to
+various low-level cryptographic services.
+
+II. Problem Description
+
+New API functions added in OpenSSL 1.1.1e and later were not publicly
+exported to applications.
+
+III. Impact
+
+Applications trying to use new API functions added in OpenSSL 1.1.1e
+or later would fail to build with a link error.
+
+IV. Workaround
+
+No workaround is available. However, the APIs added in OpenSSL 1.1.1e
+and later are obscure and not used by many applications. In particular,
+none of the affected APIs are used by applications using libssl from
+OpenSSL for Transport Layer Security (TLS).
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-21:17/libcrypto.patch
+# fetch https://security.FreeBSD.org/patches/EN-21:17/libcrypto.patch.asc
+# gpg --verify libcrypto.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/13/ f8edb3f9c725 stable/13-n245963
+releng/13.0/ 3ef67fed446a releng/13.0-n244754
+stable/12/ r369974
+releng/12.2/ r370391
+- -------------------------------------------------------------------------
+
+For FreeBSD 13 and later:
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+For FreeBSD 12 and earlier:
+
+Run the following command to see which files were modified by a particular
+revision, replacing NNNNNN with the revision number:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-21:24.libcrypto.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmElV10ACgkQ05eS9J6n
+5cLiZxAAlg4s2mnbSDWTcyyDFSiriek2RFyqT6SR0FkHAod+zYzIrZNfLGM5431N
+0Wr15eSkLqUKpbG88eE44N3aqVQSDnhmgGw5R4v+n//y4M8YywiW78inIB09Wpvl
+XvfckpBgj8hAHvh2P54nP52m5Vxo0/WUHCNXi7VQFfjWyFxwUxcUnlumC/CpEqGI
+GWNB9ZzVg9x7U7ykDd+MtRFRoURYHzZyTUlfpcJD0eS9bWi4JzYWmJElkwehSvI2
+Ey0Mf2ynslbhEmUlFrnBRMmFVg1D12aVQApfn69+AB2twYyScjZXMoz6P1vwAEmg
+wrNE1yVb27MB1MK9+t6yuRVgd/S7BFrQ7NLnl/jOa21eAHBE1Ac21BvifrYiJr3I
+D2BH859RxUXzer/MU1vGGoTdZkujubaDsVWJqobFcnHC+flnfkzTLNiJxT65eI7n
+fqwz1UoeHdeDs6hpkGH5uecsae3GOZSNW307eEvJKeQg6JbzaREKh4cth+0fCA32
+xzxVD4BiMgjdCkRe0mESQUSrW3jsHqNm0L721iY71TqF4/FRylkvHIseIljEW1cp
+zmt37+buvEtHuYHsmhNRvdJLJVPRnA6Lhn+VQ0IKObZW5WVxo3dbqSITPg/SuzLu
+CWjUVXb3uUFc1xM3CtSQL+6k3cy6EYIw713rbrq+hApnCEf2/UE=
+=T9UL
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-EN-21:25.bhyve.asc b/website/static/security/advisories/FreeBSD-EN-21:25.bhyve.asc
new file mode 100644
index 0000000000..558de1b971
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-21:25.bhyve.asc
@@ -0,0 +1,153 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-21:25.bhyve Errata Notice
+ The FreeBSD Project
+
+Topic: Fix NVMe iovec construction for large IOs
+
+Category: core
+Module: bhyve
+Announced: 2021-08-24
+Affects: FreeBSD 12.2 and later.
+Corrected: 2021-07-09 14:24:14 UTC (stable/13, 13.0-STABLE)
+ 2021-08-24 17:25:47 UTC (releng/13.0, 13.0-RELEASE-p4)
+ 2021-07-09 14:25:45 UTC (stable/12, 12.2-STABLE)
+ 2021-08-24 18:32:11 UTC (releng/12.2, 12.2-RELEASE-p10)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+bhyve(8) is a hypervisor that supports running a variety of guest
+operating systems in virtual machines. Newer UEFI code in Red Hat
+Enterprise Linux (RHEL) 8.4 and later (as well as applicable variants)
+will not boot in newly installed guests.
+
+II. Problem Description
+
+By default, NVMe data transfer operations use a scatter-gather list in
+which all entries point to a fixed-size memory region. For example, if
+the memory page size is 4KB, a 2MB IO requires 512 entries. Lists
+themselves are also fixed in size (default is 512 entries).
+
+Because the list size is fixed, the last entry is special. If the IO
+requires more than 512 entries, the last entry in the list contains the
+address of the next list of entries. But if the IO requires exactly 512
+entries, the last entry points to data.
+
+The NVMe emulation missed this logic and unconditionally treated the
+last entry as a pointer to the next list.
+
+III. Impact
+
+When a RHEL 8.4 and later (or variants) are installed as guests within
+bhyve(8) on emulated NVMe storage, the system will not boot due to a
+newer UEFI driver that is included with these distributions.
+
+IV. Workaround
+
+Installation of a RHEL 8.3 guest and performing an in-place upgrade.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-21:25/bhyve.patch
+# fetch https://security.FreeBSD.org/patches/EN-21:25/bhyve.patch.asc
+# gpg --verify bhyve.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/13/ a7761d19dacd stable/13-n246220
+releng/13.0/ 4f590ee3ed7e releng/13.0-n244755
+stable/12/ r370107
+releng/12.2/ r370392
+- -------------------------------------------------------------------------
+
+For FreeBSD 13 and later:
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+For FreeBSD 12 and earlier:
+
+Run the following command to see which files were modified by a particular
+revision, replacing NNNNNN with the revision number:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=256422>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-21:25.bhyve.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmElV10ACgkQ05eS9J6n
+5cJQ6A//ad84xTf/SfMMEqlFaQbNtuh4egvTgWRIt8JkkzpTyO+VRMhJ9pJIW0LP
+G23xBQYOkUjjb8WvZpQ0iP4PsMHaKzzwiVO2qUZ10IgIJbxjyIbSo/LJxFSUl50K
+zwuxtM2LKIc6VDasMsg5B3FkCojlZEckN4HykzK1HHV9PvwCOGMQXdFDklmdKdwx
+kGr4tk5r3yG3sgfY98+TdT34Y1jioWzT6LFscXfEWhQQXFa02m+AKPFsXOl+eSVt
+O3mgaazyTT4LWiT9ZEj9dN6yJ3aseG4bpq/FIO4bXBOU35ttdsMxtn87muDvXRE3
+rYHALHYhsgpNlP1Pa0FD0/syZ8VVV+L5hQ9+n7oPlHOmMVxoDIC/TireyCNtHM0C
+yEPWu3rWRBsK0YTuP57ezSRnnaAXqInSmLX1IkmzBSwAoySEED8ONlypPB4qh19M
+oUcOE661JAWA84ZP02gZsjjRaZOihv0BVmC0RXkCSe3VGAMuxCKYSLcupwFn34pA
+gEe+IL6WpR2fCiR3ncLjvhZrGlBfGDEfGmTRD5ceVMLaZKly8D9IpCuXK62Gi1DA
+pjAHJ9T6BmWW5Cxx5eJJESuhRldREf6KAVifB8K/DtWtp2BquILWj9pd4vuUYhz9
+eYva+/shAJE5PGKva9k0Erk++bE3Cephnjh9SgnWlZnoeSLcJ3k=
+=1wKt
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-21:13.bhyve.asc b/website/static/security/advisories/FreeBSD-SA-21:13.bhyve.asc
new file mode 100644
index 0000000000..5f0cefc4fc
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-21:13.bhyve.asc
@@ -0,0 +1,167 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-21:13.bhyve Security Advisory
+ The FreeBSD Project
+
+Topic: Missing error handling in bhyve(8) device models
+
+Category: core
+Module: bhyve
+Announced: 2021-08-24
+Credits: Agustin Gianni (GitHub Security Lab)
+Affects: All supported versions of FreeBSD.
+Corrected: 2021-08-24 18:29:48 UTC (stable/13, 13.0-STABLE)
+ 2021-08-24 17:33:35 UTC (releng/13.0, 13.0-RELEASE-p4)
+ 2021-08-24 18:33:04 UTC (stable/12, 12.2-STABLE)
+ 2021-08-24 18:32:13 UTC (releng/12.2, 12.2-RELEASE-p10)
+ 2021-08-24 18:33:02 UTC (stable/11, 11.4-STABLE)
+ 2021-08-24 18:31:27 UTC (releng/11.4, 11.4-RELEASE-p13)
+CVE Name: CVE-2021-29631
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+bhyve(8) is a hypervisor that supports running a variety of guest
+operating systems in virtual machines. It implements a number of device
+models using the VirtIO interface to exchange data between the guest and
+the host.
+
+II. Problem Description
+
+Certain VirtIO-based device models failed to handle errors when fetching
+I/O descriptors. Such errors could be triggered by a malicious guest.
+As a result, the device model code could be tricked into operating on
+uninitialized I/O vectors, leading to memory corruption.
+
+III. Impact
+
+A malicious guest may be able to crash the bhyve process. It may be
+possible to exploit the memory corruption bugs to achieve arbitrary code
+execution in the bhyve process.
+
+IV. Workaround
+
+No workaround is available. Virtual machines are unaffected unless they
+use one or more of the following device models:
+
+* virtio-console
+* virtio-rnd
+* virtio-scsi (available starting in FreeBSD 12.0)
+* virtio-9p (available starting in FreeBSD 13.0)
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 13.0]
+# fetch https://security.FreeBSD.org/patches/SA-21:13/bhyve.13.patch
+# fetch https://security.FreeBSD.org/patches/SA-21:13/bhyve.13.patch.asc
+# gpg --verify bhyve.13.patch.asc
+
+[FreeBSD 12.2]
+# fetch https://security.FreeBSD.org/patches/SA-21:13/bhyve.12.patch
+# fetch https://security.FreeBSD.org/patches/SA-21:13/bhyve.12.patch.asc
+# gpg --verify bhyve.12.patch.asc
+
+[FreeBSD 11.4]
+# fetch https://security.FreeBSD.org/patches/SA-21:13/bhyve.11.patch
+# fetch https://security.FreeBSD.org/patches/SA-21:13/bhyve.11.patch.asc
+# gpg --verify bhyve.11.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/13/ 20f96f215562 stable/13-n246941
+releng/13.0/ ec08bc89d4b3 releng/13.0-n244756
+stable/12/ r370400
+releng/12.2/ r370393
+stable/11/ r370399
+releng/11.4/ r370386
+- -------------------------------------------------------------------------
+
+For FreeBSD 13 and later:
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+For FreeBSD 12 and earlier:
+
+Run the following command to see which files were modified by a particular
+revision, replacing NNNNNN with the revision number:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29631>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-21:13.bhyve.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmElV10ACgkQ05eS9J6n
+5cLrsw//SuInBQjVhNXa1OkC7FcBve+vQCmgThGAxJVrFpRdHxg/q3Vfyza3/V1w
+FGUiPPhAsF3wYwK9UqMS5a3dOI3WbaUvH8dDeLd3BLj4AfFE3uTOFC0xzmdBQcm0
+2mFbTRkL0Wqb6FpDiswdu1s9jp1JggIa+SGuajl4XaoIyM/tek3PFuEOeE2v2N7E
+djKciPwFnsRneFQIOTHVqa0mut5AilNI9WwKZgv3qzqQNnAasBpbiZKG/BhA2mZm
+GLm0NtI40BdnIW3mfGYqK3r/tXUi/tcMSHzV2NDOGToB5wHj6Ah1lQ8pUEVnLo0d
+TeDrioK/z53wqLhHUSsxdifST6JX0CQ2kf7qb256mE3o9brRyD2s6AM2Bld3r/ov
+wzPTIzIGmtaxezCJhZpEPfaul/B2mCTjWkGrxOMROAzeocrIY4pJ5cGmH8XYfGA+
+WQOwe+OKHb33qak3mrgGxECv72R/h2PUH5PV14HEj+PW5S03qIHm3iisvGWo6+3C
+efqZ9tsiWbPvbF3CFuECOgjUIu5YDf6K83H5/Lnaw9SnANuTj8t8I1yg/RmByWlx
+9ucposBVht9h9TcFKNm+REfNCaYwQ3FukfGn/s3ih/iHNcGn1rGjh1t+vN4DNnLl
+Ew3GTlSzJqzeO3QvstdrRDvvBNFGDZV6yyZBu3ogPaZc4WAHnHQ=
+=suTg
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-21:14.ggatec.asc b/website/static/security/advisories/FreeBSD-SA-21:14.ggatec.asc
new file mode 100644
index 0000000000..578a09c26a
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-21:14.ggatec.asc
@@ -0,0 +1,154 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-21:14.ggatec Security Advisory
+ The FreeBSD Project
+
+Topic: Remote code execution in ggatec(8)
+
+Category: core
+Module: ggatec
+Announced: 2021-08-24
+Credits: Johannes Totz
+Affects: All supported versions of FreeBSD.
+Corrected: 2021-08-24 17:50:50 UTC (stable/13, 13.0-STABLE)
+ 2021-08-24 17:37:45 UTC (releng/13.0, 13.0-RELEASE-p4)
+ 2021-08-24 18:30:13 UTC (stable/12, 12.2-STABLE)
+ 2021-08-24 18:32:15 UTC (releng/12.2, 12.2-RELEASE-p10)
+ 2021-08-24 18:29:35 UTC (stable/11, 11.4-STABLE)
+ 2021-08-24 18:31:29 UTC (releng/11.4, 11.4-RELEASE-p13)
+CVE Name: CVE-2021-29630
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+GEOM Gate is a GEOM module that reflects I/O requests into user mode where
+the ggatec(8) daemon fowards those requests to ggated(8), possibly over the
+network to another machine.
+
+II. Problem Description
+
+The ggatec(8) daemon does not validate the size of a response before writing
+it to a fixed-sized buffer. This allows to overwrite the stack of ggatec(8).
+
+III. Impact
+
+A malicious ggated(8) or an attacker in a priviledged network position can
+overwrite the stack with crafted content and potentially execute arbitrary
+code.
+
+IV. Workaround
+
+No workaround is available but systems not using ggatec(8) are not affected.
+Neither ggatec(8) nor ggated(8) are enabled by default and need explicit
+configuration by the super-user.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+Restart any ggatec(8) instances. Existing ggate devices can be kept alive
+and restarted with `ggatec rescue`.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-21:14/ggatec.patch
+# fetch https://security.FreeBSD.org/patches/SA-21:14/ggatec.patch.asc
+# gpg --verify ggatec.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart the applicable daemons, or reboot the system.
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/13/ 0729ba2f49c9 stable/13-n246938
+releng/13.0/ c8a2cc4ba845 releng/13.0-n244757
+stable/12/ r370383
+releng/12.2/ r370394
+stable/11/ r370381
+releng/11.4/ r370387
+- -------------------------------------------------------------------------
+
+For FreeBSD 13 and later:
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+For FreeBSD 12 and earlier:
+
+Run the following command to see which files were modified by a particular
+revision, replacing NNNNNN with the revision number:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29630>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-21:14.ggatec.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmElV14ACgkQ05eS9J6n
+5cKyqBAAi7eHUJ5Ud4dNJac8zbaj5uIlYF1XUPBfm5XlevfW1b1vgrfrs0QM3Sw5
+9efTVTESFUC+T9wVMYO3s9POEwiu3x0A/eRsH2tq9oaZPQKdpAhkEEQ/uqnNRKfm
+qHZ8YuSJGT+EWEFp1ib5O4Y78TvjL7ST0+IG/O5vBMKqgsxy29o6tOAy3q9+RVqj
+hNQNo7KbXBXEns/I7HN4JssQSjeWOmK65Ty5YAp1VsNGbD/7rSqsCp4P/CatvRQ7
+0kzVMb/hkaDn1G7jYOXbAPk+XrUr9cFriChjLuAAyZRBfWcNlPmoxRgNoDVDY44x
+elnBAEmSPD9adwy2hoHeusiiUnN7Vrz6DJeox7BSnbQx1lbU+j6qev0EBaMAmEUJ
+POxn9wjfth3hdfRSx5p2jSVaD/086BBpMQ9KXojVONgqE7hFF402+ooCnorA2XTh
+s08cIy38TEyHoW/rqr3SoXwyvkM3vAjQBmYzocDqocfufQ7UCH+SDFSsORuof+4N
+9T2j/UvGqmrQvnMhAsRfbdFImvwUut+ZLJzNqTEjYWlZv58QEKocU0OOvrd2Wb5i
+ok2CRIhCy08UnDItFSYI28TaMv8ZiCoWLx7H0+20mQeLaPF45dQWXz1o4FrFHVjx
+EdMZpmh9tFU8j5bm0J5l8CpoiTZsqZ41gTrFyEdSnOnS1uvT8jQ=
+=6Z2C
+-----END PGP SIGNATURE-----
diff --git a/website/static/security/advisories/FreeBSD-SA-21:15.libfetch.asc b/website/static/security/advisories/FreeBSD-SA-21:15.libfetch.asc
new file mode 100644
index 0000000000..8ab5289d51
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-SA-21:15.libfetch.asc
@@ -0,0 +1,158 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-21:15.libfetch Security Advisory
+ The FreeBSD Project
+
+Topic: libfetch out of bounds read
+
+Category: core
+Module: libfetch
+Announced: 2021-08-24
+Credits: Samanta Navarro
+Affects: All supported versions of FreeBSD.
+Corrected: 2021-08-24 17:59:43 UTC (stable/13, 13.0-STABLE)
+ 2021-08-24 18:00:47 UTC (releng/13.0, 13.0-RELEASE-p4)
+ 2021-08-24 18:30:16 UTC (stable/12, 12.2-STABLE)
+ 2021-08-24 18:32:17 UTC (releng/12.2, 12.2-RELEASE-p10)
+ 2021-08-24 18:29:40 UTC (stable/11, 11.4-STABLE)
+ 2021-08-24 18:31:31 UTC (releng/11.4, 11.4-RELEASE-p13)
+CVE Name: CVE-2021-36159
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+libfetch(3) is a multi-protocol file transfer library included with FreeBSD
+and used by the fetch(1) command-line tool, pkg(8) package manager, and
+others.
+
+II. Problem Description
+
+The passive mode in FTP communication allows an out of boundary read while
+libfetch uses strtol to parse the relevant numbers into address bytes. It
+does not check if the line ends prematurely. If it does, the for-loop
+condition checks for *p == '\0' one byte too late because p++ was already
+performed.
+
+III. Impact
+
+The connection buffer size can be controlled by a malicious FTP server
+because the size is increased until a newline is encountered (or no more
+characters are read). This also allows to move the buffer into more
+interesting areas within the address space, potentially parsing relevant
+numbers for the attacker. Since these bytes become available to the server
+in form of a new TCP connection to a constructed port number or even part of
+the IPv6 address this is a potential information leak.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-21:15/libfetch.patch
+# fetch https://security.FreeBSD.org/patches/SA-21:15/libfetch.patch.asc
+# gpg --verify libfetch.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/13/ a75324d674f5 stable/13-n246939
+releng/13.0/ 060510ba8bfb releng/13.0-n244758
+stable/12/ r370384
+releng/12.2/ r370395
+stable/11/ r370382
+releng/11.4/ r370388
+- -------------------------------------------------------------------------
+
+For FreeBSD 13 and later:
+
*** 2482 LINES SKIPPED ***
More information about the dev-commits-doc-all
mailing list