svn commit: r52700 - in head/share: security/advisories security/patches/EN-18:16 security/patches/EN-18:17 security/patches/EN-18:18 security/patches/SA-18:15 xml
Gordon Tetlow
gordon at FreeBSD.org
Wed Dec 19 19:51:28 UTC 2018
Author: gordon (src,ports committer)
Date: Wed Dec 19 19:51:24 2018
New Revision: 52700
URL: https://svnweb.freebsd.org/changeset/doc/52700
Log:
Add SA-18:15 and EN-18:16 through EN-18:18.
Approved by: so
Added:
head/share/security/advisories/FreeBSD-EN-18:16.ptrace.asc (contents, props changed)
head/share/security/advisories/FreeBSD-EN-18:17.vm.asc (contents, props changed)
head/share/security/advisories/FreeBSD-EN-18:18.zfs.asc (contents, props changed)
head/share/security/advisories/FreeBSD-SA-18:15.bootpd.asc (contents, props changed)
head/share/security/patches/EN-18:16/
head/share/security/patches/EN-18:16/ptrace.patch (contents, props changed)
head/share/security/patches/EN-18:16/ptrace.patch.asc (contents, props changed)
head/share/security/patches/EN-18:17/
head/share/security/patches/EN-18:17/vm.patch (contents, props changed)
head/share/security/patches/EN-18:17/vm.patch.asc (contents, props changed)
head/share/security/patches/EN-18:18/
head/share/security/patches/EN-18:18/zfs.patch (contents, props changed)
head/share/security/patches/EN-18:18/zfs.patch.asc (contents, props changed)
head/share/security/patches/SA-18:15/
head/share/security/patches/SA-18:15/bootpd.patch (contents, props changed)
head/share/security/patches/SA-18:15/bootpd.patch.asc (contents, props changed)
Modified:
head/share/xml/advisories.xml
head/share/xml/notices.xml
Added: head/share/security/advisories/FreeBSD-EN-18:16.ptrace.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-EN-18:16.ptrace.asc Wed Dec 19 19:51:24 2018 (r52700)
@@ -0,0 +1,126 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-18:16.ptrace Errata Notice
+ The FreeBSD Project
+
+Topic: kernel panic upon ptrace attach to stopped process
+
+Category: core
+Module: kernel
+Announced: 2018-12-19
+Credits: John Baldwin, Konstantin Belousov
+Affects: FreeBSD 11.2
+Corrected: 2018-11-09 17:43:23 UTC (stable/11, 11.2-STABLE)
+ 2018-12-19 17:52:56 UTC (releng/11.2, 11.2-RELEASE-p7)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+ptrace(2) is a system call used by debuggers and related utilities
+to take control of a process and inspect its state. To use the
+interface, a debugger must first attach to a target process. Once
+attached, the ptrace interface allows the debugger to intercept events,
+such as signal delivery, involving the target process.
+
+II. Problem Description
+
+The ptrace(2) implementation in FreeBSD 11.2 contains a bug such that
+a ptrace attach operation will trigger a kernel panic if the target
+process is in a stopped state.
+
+III. Impact
+
+Users debugging a problem with, for example, gdb, may cause the system to
+crash.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date, and reboot.
+
+2) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+# shutdown -r +30 "Rebooting for FreeBSD errata update"
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 11.2]
+# fetch https://security.FreeBSD.org/patches/EN-18:16/ptrace.patch
+# fetch https://security.FreeBSD.org/patches/EN-18:16/ptrace.patch.asc
+# gpg --verify ptrace.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/11/ r340290
+releng/11.2/ r342224
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-18:16.ptrace.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlwanjhfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cKOqQ//fJgy4vjyoteYlSq6DagrgleiA9DkM13OsGxqGPOyA5+H+aI4ZtD3mqcK
+u9p1eP3AA3sF5RLMvOpAMvJPYv1XMmHLm/15vGhjiLT7xK82jzH9Ic72hBnv6xm6
+lzp2L7dUKQaXwv6AUR9tF6MQXRBlC5FtI3Tf8ajUsNHCA+lMXx2pjYoG6/gWroXn
+ycotsBYRicW6n6fJ+tTv9eVEI237+l+KUzqNH26e9Q6wkWtv4UNB5/FAauN6zovF
+AJSLs9eTa7QlxsGbJwh/EYuSjw085n9jIFVeMQPN3kIvDHbk59mymSpE6W37QRj0
+c1Kq/nBI4WARrWvRf5KdZYXVJ/iKU3ndulE2gfmetbmHzCM4c7FcQaPqLM5htvfz
+sUbu3o3Vq/0/XFj1nyxjX8YIxdveRaopi8rWASyq7JfsieUZt5RPSZM9QgbmoB45
+9fLCFMdMT2kBAUknIxoxlMAOzZV9p0d41Vu6M83Km5TC5iGItpYusScPh6qmxxC9
+WQwh6MzeabGEIFcxv6mCj4IcWGdDevcCIUW/mQBzPFJTdFQwq+A6HdHsNHJSQYZy
+okY/P/CzUjupMYMLdbLjsxx7256Tm4wC2PVtvsyVZY/82IT0HGBq7pAp38R+3ANQ
+FieQ+S0F0IKZlyNnGGghbH+YYIsehqC24eoymeUFZDias7vyq1A=
+=5T6c
+-----END PGP SIGNATURE-----
Added: head/share/security/advisories/FreeBSD-EN-18:17.vm.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-EN-18:17.vm.asc Wed Dec 19 19:51:24 2018 (r52700)
@@ -0,0 +1,140 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-18:17.vm Errata Notice
+ The FreeBSD Project
+
+Topic: Kernel panic under load on Intel "Skylake" CPUs
+
+Category: core
+Module: kernel
+Announced: 2018-12-19
+Credits: Mark Johnston
+Affects: FreeBSD 11.2
+Corrected: 2018-12-02 18:08:27 UTC (stable/11, 11.2-STABLE)
+ 2018-19-19 18:00:58 UTC (releng/11.2, 11.2-RELEASE-p7)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+The physical page allocator is a component of the kernel responsible for
+tracking usage of the system's RAM by the kernel and by userland
+applications. It maintains lists of unused memory pages which may be
+returned by the allocator upon demand. It also maintains an integer
+count of the number of pages stored in these lists.
+
+II. Problem Description
+
+The kernel contains handling for an Intel erratum affecting Skylake-X
+CPUs. The erratum description states that a processor may hang when
+performing a certain synchronization operation within a particular 4MB
+region of physical memory. FreeBSD works around the erratum by using
+a blacklisting mechanism to ensure that the physical page allocator
+never returns pages in that region. However, this blacklisting
+mechanism contained a bug such that the removal of pages in the region
+was not reflected in the free page count.
+
+III. Impact
+
+The discrepancy between the free page count and the physical page
+allocator's state can trigger a NULL pointer dereference when the
+system is under heavy load, resulting in a panic.
+
+IV. Workaround
+
+Only systems using a Skylake-X or Skylake Server CPU are affected.
+
+Affected systems can work around the problem by setting the
+"hw.skz63_enable" to 0 in /boot/loader.conf, causing the handling for
+the Intel erratum to be disabled upon a reboot of the system. However,
+this raises the possibility of being affected by the erratum if software
+running on the system makes use of Intel TSX.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date and reboot the system.
+
+2) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+Reboot the system
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 11.2]
+# fetch https://security.FreeBSD.org/patches/EN-18:17/vm.patch
+# fetch https://security.FreeBSD.org/patches/EN-18:17/vm.patch.asc
+# gpg --verify vm.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/11/ r341401
+releng/11.2/ r342225
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=231296>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-18:17.vm.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlwannZfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cKsAxAAkr/ufB1aKSSib0n/e6PXE1FOnjUGgpK+LiiSG+QdW/6oMv/yto+4Qbj2
+3Ht3TPyuoTqwQmHHiSzpnnnRHGDrdffiRYQsziFR89c8iyw7Qni8BYlK2YLYYw9i
+TVyT6sxkorpTPZpGQZNaRBwZoWCLaxBvfKC0wVcli9gByOfb5T5J4puUNT4EXIpb
+eaimCWG24vsIkWlHeC/8ulHsjEEDBatyfWWl95i8JVMqBDdHZypryJkO0jBo5Uig
+PIighKIqDiEwwvjtHfGh4iAn3mFINDbMDdjXyMWYqDbgvX3J6cCv6qaY7p2eizQN
+taN1rbC+7MJIFEkTFASvbJq7KOc/PcXOLU4O3964HZbbowdQNwAxQAuMGN6GNLmJ
+ydHE7Atei1Py8q3gg9uMpX0TVikzfOL6iBmdzEkg2mgXIeyISLn5BTuE/k9hkVwi
+6Boeec1qshtx04gF0xzsp/KPropad4nV09/E4cuo5jHuaq3WgpnDVzVhGEmFZpY7
+Z5B8vHqSc7Ng0xZoQYIcYbGCVBaWNF4WCf/1DZhU44mXkob+CRkv+kROFkfn8lY3
+2Jzjp7LWqPv9CFxIJ7q4BnDTyhxkQksm646tII1JNMcjY0hzFjQDUrVmDRb8ak/E
+LsJNDKicqGdCdrHeA8jZm7RxwAmdkhyF/uumPYxJg64Y9DU23SM=
+=QgI2
+-----END PGP SIGNATURE-----
Added: head/share/security/advisories/FreeBSD-EN-18:18.zfs.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-EN-18:18.zfs.asc Wed Dec 19 19:51:24 2018 (r52700)
@@ -0,0 +1,131 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-18:18.zfs Errata Notice
+ The FreeBSD Project
+
+Topic: ZFS vnode reclaim deadlock
+
+Category: core
+Module: kernel
+Announced: 2018-12-19
+Credits: Allan Jude
+Affects: FreeBSD 11.2
+Corrected: 2018-12-11 19:34:25 UTC (stable/11, 11.2-STABLE)
+ 2018-12-19 18:05:50 UTC (releng/11.2, 11.2-RELEASE-p7)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+ZFS is one of several filesystems available on FreeBSD. ZFS supports
+many advanced features, including checksumming, transparent compression,
+and snapshots.
+
+ZFS saves synchronous writes to the ZFS Intent Log (ZIL), which may be a
+separate log device (SLOG), so they can be replayed in the event of a
+power failure or system crash. This ensures that the contents of write()
+calls that succeeded will still be available after the system
+unexpectedly reboots.
+
+II. Problem Description
+
+There is a possible deadlock between zil_commit() and zfs_zget() during
+the vnode reclaim process. If zfs_zget() is not able to take the vnode
+exclusive lock, it will retry indefinately, blocking forward progress.
+
+III. Impact
+
+Processes may hang on the waitchan "zilog->zl_writer_lock".
+
+IV. Workaround
+
+Increasing the maximum number of vnodes (kern.maxvnodes) may decrease
+the frequency of this deadlock. Systems not using ZFS are not affected.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+2) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 11.2]
+# fetch https://security.FreeBSD.org/patches/EN-18:18/zfs.patch
+# fetch https://security.FreeBSD.org/patches/EN-18:18/zfs.patch.asc
+# gpg --verify zfs.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/11/ r341828
+releng/11.2/ r342226
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229614>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-18:18.zfs.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlwan2pfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cLKthAAq0CXErX6YRoMafBIhnMBgE+07l0FuIS0iHewgcf47jpTdmYp5BKk4n5Z
+VUM9vo3zETHXmjedV3drTbJEQWG3H30R8P964YEPoUQjQ4D/AG+hlRKTerGkJx/w
+CMMpSZEnRR5JDLrGaB2NfBKUu0s9sPWFMGbgOWYDxxiUUS5NwSYHPlaIu6MB4SXv
+AyTwLLlCXf7sH+oQrosu4Pw4emQzEGP41I0N0Nt8Z+kvJdzQd32xGP1M/OsW29LL
+SOZfXhERhwVx/2AYmOorkyVuHh1Q8OXbYckxfAXdKgRMm6rOEk3ZdPEH+lVTTw4l
+RmFmz5AwU5icDAeILGNjiEPzeF3w8KT1x39CnSB5oofbnDEXcGsL92lHtQY3kkbK
+PbUoJmjiGMwGr63HxU+CoR3meG8LJIHK1Bn/D3tSUs1GAZQHYbH6Vv/O2cidWxeD
+/hIxffhSbuaN9lMy4gV8wQdxSRz/Am3AsYNVlS9EvCCvwB4lYZOf0GeEhgLFX56h
+4w0XGBKy6FE/SHrNALWsyCJCnP1gN3njx/jwL8Dp3Vyqmft06w0KHw/xb5InYk4r
+VPn+j1DkfWV97Gi8l+T8B7ir9W3KRDOlJUwInzeKRPojebdxlorM6BFtFsf90dXs
+2xD1j/6m7RDqm+rGYPk6CdFJh95M5Roz0WJ1uCs89mpEHofW1kE=
+=Gqpb
+-----END PGP SIGNATURE-----
Added: head/share/security/advisories/FreeBSD-SA-18:15.bootpd.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-SA-18:15.bootpd.asc Wed Dec 19 19:51:24 2018 (r52700)
@@ -0,0 +1,132 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-18:15.bootpd Security Advisory
+ The FreeBSD Project
+
+Topic: bootpd buffer overflow
+
+Category: core
+Module: bootpd
+Announced: 2018-12-19
+Credits: Reno Robert
+Affects: All supported versions of FreeBSD.
+Corrected: 2018-12-19 18:17:59 UTC (stable/12, 12.0-STABLE)
+ 2018-12-19 18:21:07 UTC (releng/12.0, 12.0-RELEASE-p1)
+ 2018-12-19 18:19:15 UTC (stable/11, 11.2-STABLE)
+ 2018-12-19 18:22:25 UTC (releng/11.2, 11.2-RELEASE-p7)
+CVE Name: CVE-2018-17161
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+The bootpd utility implements an Internet Bootstrap Protocol (BOOTP)
+server as defined in RFC951, RFC1532, and RFC1533.
+
+II. Problem Description
+
+Due to insufficient validation of network-provided data it may be possible
+for a malicious attacker to craft a bootp packet which could cause a stack
+buffer overflow.
+
+III. Impact
+
+It is possible that the buffer overflow could lead to a Denial of Service
+or remote code execution.
+
+IV. Workaround
+
+Firewall rules may be used to limit reception of bootp packets to only
+trusted networks or hosts. Note that the bootp protocol is typically
+limited to a common layer 2 broadcast domain, although the bootpgw gateway
+can forward bootp requests and responses between subnets.
+
+V. Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+Restart bootpd if it is running in standalone mode.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-18:15/bootpd.patch
+# fetch https://security.FreeBSD.org/patches/SA-18:15/bootpd.patch.asc
+# gpg --verify bootpd.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart the applicable daemons, or reboot the system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/12/ r342228
+releng/12.0/ r342230
+stable/11/ r348229
+releng/11.2/ r342231
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17161>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-18:15.bootpd.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlwane5fFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cKfzg/+PhmA1AKfXFSkeJJPvdF/7hjKpWaCdVAyUZsuWH5L1Tmb4Lc/pLjw22Ba
+Xh/sAKik6pa/nVTZCBgAqoCqmV8CdhScwvRZdVSP5CQ9vnM+6fFcybP0aCZOmiJC
+NGAE8nIBdazqWJfNM9HUSIbdqEOtMlVcyE0Ni/TxzcAFdzFowfDnyRm1wqI4zhM7
+YL7pU0kTYJfydjK540rHB1tNBaYHSJ/6ckK3tkjwjVgMsQwNSizKrPsqycoMlMmD
+TqQMfDwU8W/jFLsr7OZE66eQBysSiuzYAv3IsipL+50SYgS0aoo3LwKrCcYGN6c/
+S/0SOfNHDgd/7wregI5adKqWJceaqZCVedSVLm6ZaG1Vt3alIjczX9D7wIjuXPlD
+AkSKa0HnmSwDC8yWLJYMxuny7vy3uBAUnPiwIT3RrsDC0b28/uwNPbeSbG0Wrf9F
+21PDMfeCPc2Vr/TVj9uSIo20pNtVhy+tGbx1Ilsgi3POa3n7pTOuFWHMzQVe3rZA
+DLYEbliPxpq9NFJ/2UZQg25weOD5ygwaYZnbsXAMY47D4kteeQOjzomgiacVhE56
+oT8z804nGgGdCe4LpiHihDVzCbBvvuEPw9Edffzm7EWykpy7qn/aJQehfPfcfbeA
+dvQ5khiLr0rMUeg9HU6oHu8+Lp4X+wQc3lCF2rXe+oqRierywec=
+=jlRR
+-----END PGP SIGNATURE-----
Added: head/share/security/patches/EN-18:16/ptrace.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/EN-18:16/ptrace.patch Wed Dec 19 19:51:24 2018 (r52700)
@@ -0,0 +1,152 @@
+--- sys/kern/sys_process.c.orig
++++ sys/kern/sys_process.c
+@@ -869,7 +869,7 @@
+ }
+
+ /* not currently stopped */
+- if ((p->p_flag & (P_STOPPED_SIG | P_STOPPED_TRACE)) == 0 ||
++ if ((p->p_flag & P_STOPPED_TRACE) == 0 ||
+ p->p_suspcount != p->p_numthreads ||
+ (p->p_flag & P_WAITED) == 0) {
+ error = EBUSY;
+@@ -876,12 +876,6 @@
+ goto fail;
+ }
+
+- if ((p->p_flag & P_STOPPED_TRACE) == 0) {
+- static int count = 0;
+- if (count++ == 0)
+- printf("P_STOPPED_TRACE not set.\n");
+- }
+-
+ /* OK */
+ break;
+ }
+@@ -926,11 +920,28 @@
+ if (p->p_pptr != td->td_proc) {
+ proc_reparent(p, td->td_proc);
+ }
+- data = SIGSTOP;
+ CTR2(KTR_PTRACE, "PT_ATTACH: pid %d, oppid %d", p->p_pid,
+ p->p_oppid);
+- goto sendsig; /* in PT_CONTINUE below */
+
++ sx_xunlock(&proctree_lock);
++ proctree_locked = 0;
++ MPASS(p->p_xthread == NULL);
++ MPASS((p->p_flag & P_STOPPED_TRACE) == 0);
++
++ /*
++ * If already stopped due to a stop signal, clear the
++ * existing stop before triggering a traced SIGSTOP.
++ */
++ if ((p->p_flag & P_STOPPED_SIG) != 0) {
++ PROC_SLOCK(p);
++ p->p_flag &= ~(P_STOPPED_SIG | P_WAITED);
++ thread_unsuspend(p);
++ PROC_SUNLOCK(p);
++ }
++
++ kern_psignal(p, SIGSTOP);
++ break;
++
+ case PT_CLEARSTEP:
+ CTR2(KTR_PTRACE, "PT_CLEARSTEP: tid %d (pid %d)", td2->td_tid,
+ p->p_pid);
+@@ -1117,8 +1128,10 @@
+ sigqueue_delete(&td3->td_sigqueue,
+ SIGSTOP);
+ }
+- td3->td_dbgflags &= ~(TDB_XSIG | TDB_FSTP);
++ td3->td_dbgflags &= ~(TDB_XSIG | TDB_FSTP |
++ TDB_SUSPEND);
+ }
++
+ if ((p->p_flag2 & P2_PTRACE_FSTP) != 0) {
+ sigqueue_delete(&p->p_sigqueue, SIGSTOP);
+ p->p_flag2 &= ~P2_PTRACE_FSTP;
+@@ -1129,54 +1142,45 @@
+ break;
+ }
+
++ sx_xunlock(&proctree_lock);
++ proctree_locked = 0;
++
+ sendsig:
+- /*
++ MPASS(proctree_locked == 0);
++
++ /*
+ * Clear the pending event for the thread that just
+ * reported its event (p_xthread). This may not be
+ * the thread passed to PT_CONTINUE, PT_STEP, etc. if
+ * the debugger is resuming a different thread.
++ *
++ * Deliver any pending signal via the reporting thread.
+ */
+- td2 = p->p_xthread;
+- if (proctree_locked) {
+- sx_xunlock(&proctree_lock);
+- proctree_locked = 0;
+- }
++ MPASS(p->p_xthread != NULL);
++ p->p_xthread->td_dbgflags &= ~TDB_XSIG;
++ p->p_xthread->td_xsig = data;
++ p->p_xthread = NULL;
+ p->p_xsig = data;
+- p->p_xthread = NULL;
+- if ((p->p_flag & (P_STOPPED_SIG | P_STOPPED_TRACE)) != 0) {
+- /* deliver or queue signal */
+- td2->td_dbgflags &= ~TDB_XSIG;
+- td2->td_xsig = data;
+
+- /*
+- * P_WKILLED is insurance that a PT_KILL/SIGKILL always
+- * works immediately, even if another thread is
+- * unsuspended first and attempts to handle a different
+- * signal or if the POSIX.1b style signal queue cannot
+- * accommodate any new signals.
+- */
+- if (data == SIGKILL)
+- p->p_flag |= P_WKILLED;
++ /*
++ * P_WKILLED is insurance that a PT_KILL/SIGKILL
++ * always works immediately, even if another thread is
++ * unsuspended first and attempts to handle a
++ * different signal or if the POSIX.1b style signal
++ * queue cannot accommodate any new signals.
++ */
++ if (data == SIGKILL)
++ p->p_flag |= P_WKILLED;
+
+- if (req == PT_DETACH) {
+- FOREACH_THREAD_IN_PROC(p, td3)
+- td3->td_dbgflags &= ~TDB_SUSPEND;
+- }
+- /*
+- * unsuspend all threads, to not let a thread run,
+- * you should use PT_SUSPEND to suspend it before
+- * continuing process.
+- */
+- PROC_SLOCK(p);
+- p->p_flag &= ~(P_STOPPED_TRACE|P_STOPPED_SIG|P_WAITED);
+- thread_unsuspend(p);
+- PROC_SUNLOCK(p);
+- if (req == PT_ATTACH)
+- kern_psignal(p, data);
+- } else {
+- if (data)
+- kern_psignal(p, data);
+- }
++ /*
++ * Unsuspend all threads. To leave a thread
++ * suspended, use PT_SUSPEND to suspend it before
++ * continuing the process.
++ */
++ PROC_SLOCK(p);
++ p->p_flag &= ~(P_STOPPED_TRACE | P_STOPPED_SIG | P_WAITED);
++ thread_unsuspend(p);
++ PROC_SUNLOCK(p);
+ break;
+
+ case PT_WRITE_I:
Added: head/share/security/patches/EN-18:16/ptrace.patch.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/EN-18:16/ptrace.patch.asc Wed Dec 19 19:51:24 2018 (r52700)
@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlwankRfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cLE8Q/+JVnRMXEnZZ7d5ZDYHmLcdiWmx8WoSFVqR7uMZMUcxinhvPMtVGdKqRw2
+upRV2WU8oZQ5LzGbXGPc/1fOqVjrObmiTdegRKWmFqXpoGb5cZ5Pp+NzC45BdhcD
+BhQHujb/uAuviJNOz5anoOlP4lC/nATBtUjc1jfBhJJT9OTYhAXShB74mbwmK1yW
+RaLx4P38psoCAHxhl7waBLpfN+HLJUNFcLRAkQ4347+pElaLOzOY+wW+TwDv2ONq
+3J7+reDtROpT87/R2rPa5xk0v+/uaRISe1T3SKxb+6W/860SjvT3QCjrP2s2rESb
+7uvd9yqLESd87BVvrI9znI7Egr5wmpy3GUrLSOPXk8ogAbdPU8TS844aXqxqmH+G
+xOesYYSPpihHBex1zMtR7O66xXGBR0vljCjsQtRuu3sATnogDy3PAGFCUjgIbP2L
+wo4DHo7ImwNcLuKHxWbvTLmUFl/UucWN00cFVy5CEGMXVUbZvLjZoJrZT2Q9C6b5
+3+LtucyXt9gGR/p/QaphHSBrPpOx4F4vuxKmpB0hqRt/MhIV012ehHH+3ydGE4Zm
+4y7FHii6bNpadIY236E2u0iMG5KVCy9J4SrBWX57D2fO3bXYPoLfq5Zg/HNvK56t
+f8CRhERopkuJpoq9evT/Q/m74G9KznDHpixCTKycJ4klrzEAixY=
+=bI0z
+-----END PGP SIGNATURE-----
Added: head/share/security/patches/EN-18:17/vm.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/EN-18:17/vm.patch Wed Dec 19 19:51:24 2018 (r52700)
@@ -0,0 +1,14 @@
+--- sys/vm/vm_page.c.orig
++++ sys/vm/vm_page.c
+@@ -304,8 +304,10 @@
+
+ mtx_lock(&vm_page_queue_free_mtx);
+ ret = vm_phys_unfree_page(m);
++ if (ret != 0)
++ vm_phys_freecnt_adj(m, -1);
+ mtx_unlock(&vm_page_queue_free_mtx);
+- if (ret) {
++ if (ret != 0) {
+ TAILQ_INSERT_TAIL(&blacklist_head, m, listq);
+ if (verbose)
+ printf("Skipping page with pa 0x%jx\n", (uintmax_t)pa);
Added: head/share/security/patches/EN-18:17/vm.patch.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/EN-18:17/vm.patch.asc Wed Dec 19 19:51:24 2018 (r52700)
@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlwann1fFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cIZdQ//ckpouBTa4BbaZmcle7mpC0oW4qCXfdA6VoMsUK+eBTbvXgMzKH0lwlro
+Q3dwJKNM6k2TEX6Nz20Du13cK/cyz7IUTPN+fssaNucuE3bQ0DjABhRWpio/SyCt
+S8CkqxnjNzH7qrhMLtxWyWyvu/vPxvZHwp1ys/Z9DqrySzAf/aSOyfyc5o1G46PS
+rWUhhiwtmrO10/RLSdjdm1FQvrBW3raj9Lnw4oINHvggwvU/8sIk34MQqqbJH8Oo
+8yYZ/vRoEw+h5Ok//QN+CC/9cmTM8WyDA4Mgxy8CkbrjZjZAVuSsnlHfK8hYxfaV
+j+3GvRkwoYDeBYHlWkc0mO8+F5wg2SeyBMUDjJNa3z7QL4+gcT329A6Z3+/pJqiH
+yBehEiDHjfbMm0HNItCVYtgYH5JLto1W/ckIf/Aqo/Q4JyrIMdDPviCWEURzyPAp
+rgQxAQujUw1KOQANbT0ElD3kR93ILELU21wQHVTGH9IEt6pHVZ/MDNDN5B0Try51
+t7UdJ4J5Azb9C9i+oM0gDV0QhOxFCk1GInOCDAoAfO9ELiWoBG7F568EwPCSLH/Q
+CfF6M7aT7/2B2XWADj5TgW95JXe8Q7h/9jlKkSCT5jfrSUp97HcW/g1m0oSKEEnp
+nzN8sLdQeDlyPWnSCVZUAj2KhlNMQR362FyiBRkmWuA3Jo6b7sY=
+=f2RG
+-----END PGP SIGNATURE-----
Added: head/share/security/patches/EN-18:18/zfs.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/EN-18:18/zfs.patch Wed Dec 19 19:51:24 2018 (r52700)
@@ -0,0 +1,44 @@
+--- sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_znode.c.orig
++++ sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_znode.c
+@@ -1155,15 +1155,27 @@
+ */
+ ASSERT3P(zp, !=, NULL);
+ ASSERT3U(zp->z_id, ==, obj_num);
+- *zpp = zp;
+- vp = ZTOV(zp);
+-
+- /* Don't let the vnode disappear after ZFS_OBJ_HOLD_EXIT. */
+- VN_HOLD(vp);
++ if (zp->z_unlinked) {
++ err = SET_ERROR(ENOENT);
++ } else {
++ vp = ZTOV(zp);
++ /*
++ * Don't let the vnode disappear after
++ * ZFS_OBJ_HOLD_EXIT.
++ */
++ VN_HOLD(vp);
++ *zpp = zp;
++ err = 0;
++ }
+
+ sa_buf_rele(db, NULL);
+ ZFS_OBJ_HOLD_EXIT(zfsvfs, obj_num);
+
++ if (err) {
++ getnewvnode_drop_reserve();
++ return (err);
++ }
++
+ locked = VOP_ISLOCKED(vp);
+ VI_LOCK(vp);
+ if ((vp->v_iflag & VI_DOOMED) != 0 &&
+@@ -1196,7 +1208,7 @@
+ }
+ VI_UNLOCK(vp);
+ getnewvnode_drop_reserve();
+- return (0);
++ return (err);
+ }
+
+ /*
Added: head/share/security/patches/EN-18:18/zfs.patch.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/EN-18:18/zfs.patch.asc Wed Dec 19 19:51:24 2018 (r52700)
@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlwanpBfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cJMxA/9HdSKhs93mVCHCDsPMLhbE80hJtnU6qD2T7LnRPgfEviKj20ZQ4lYZ/Vg
+5p28UFH3ubQ5Y0tRqJxhJGdFUwcNsBMa5VsUIrhD+xiVSr8dGVy0VcgFf3LoxE/b
+Dm+3xM+vHYHyTIx3AKpS1ZQBHY6NbQa4zUhFG/BLvMrGx94tzWzCbgHkx3/qa4rT
+uO++Z4tQb5ekFTjPrVNp37cvcZ0qli6TNBAZ/8HNsGKGYgUllZ22M/e7WQqmbqPC
+yP6ILHqiMtMB5YADBQNE2/VtRVqzYtDA4Mj2QD6j2A4qUO5Cf4gxAR22qS0wpBv7
+/QEHMX9v2VR+oZtGGVK5lTypxmw4Rr4S6+MWEkN7C0dCqT67ut38QSnShpaQLajo
+SaoqnVIPbq56Ep7Qxom3zgaPph9zfS9n6dKPuAR2YC/gpUpskoo0ecboBepfMWzW
+YtxDZC1Cj8D+b1CGkG849iEZVENK8JFQBH4/amX+PQZn5RVJPRCsGuqqjp98rDRl
+vLlI1oLmrC5isAO1/rre42AW0HXSD/1HQ2a0IG49/QbNKM1FqwnL5VPnCoEbYvmh
+AJa/y3xc6ejeatJ++pRJNfTed1Mh/kBaSlAGSEAinXtDkwqIh/oW3nbOLuvYhj/W
+ij6dhFzcKaV+LwH08CNOVYkeLIP+YH8Vngc8xK70BxVexsv3vKs=
+=YWPI
+-----END PGP SIGNATURE-----
Added: head/share/security/patches/SA-18:15/bootpd.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/SA-18:15/bootpd.patch Wed Dec 19 19:51:24 2018 (r52700)
@@ -0,0 +1,13 @@
+--- libexec/bootpd/bootpd.c.orig
++++ libexec/bootpd/bootpd.c
+@@ -636,6 +636,10 @@
+ char *homedir, *bootfile;
+ int n;
+
++ if (bp->bp_htype >= hwinfocnt) {
++ report(LOG_NOTICE, "bad hw addr type %u", bp->bp_htype);
++ return;
++ }
+ bp->bp_file[sizeof(bp->bp_file)-1] = '\0';
+
+ /* XXX - SLIP init: Set bp_ciaddr = recv_addr here? */
Added: head/share/security/patches/SA-18:15/bootpd.patch.asc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/share/security/patches/SA-18:15/bootpd.patch.asc Wed Dec 19 19:51:24 2018 (r52700)
@@ -0,0 +1,18 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlwangJfFIAAAAAALgAo
+aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
+MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
+5cI1CQ//Xz4zLGczdRBddOo9DFvICnZc+OaJ4RZaPg9SIR4YZSNya1tjXNQIRX7M
+ZwF2J3OIQajWnyG39FaNjdpku0Ga3oYJygkOGJpYpbqMPXzOpTd3uqfbW/jtTDGl
+7e74Nkn/EAkjxws7+wodfw11aMpQWPrEWAC/HUeP69g7LQPEI9R8S+IsPJoE1e0i
+Nqd8kZFzigT0/qUF5qpqFu5bqXtT6quaUePxLomvYHDKM+z8Iv/wK+CzrJ0EWDyW
+yo8fhnoq2Mkzh1IJtH8UgFmgr70SRLaXinh1Zl0hUeKhkBorJwyZyCF4QJXZLdee
+NLM1eVFpNuYqQYtvo9+e42FZurIZmVKhbQRXCw87xSbXFUR3Rw0raph2p07jlhOE
+pmtJ1ByXYRXQkPG4lz8r0sLMvMMQyiX4wRfK/Hhu3sqEHPDzI78L1fpAOnG1j10t
+bsfRF7VprbxntEBJiF0mB1E7Bouxl99xlcFw+W/O+ayjixvL2qRVANuQP+1EKLLu
+vnaw+72uIZhXm8XrA3IXuXUB3A3D+KnvXoR5LaX0eUITjx+r1oH5+oGMzFTWHtSY
+TCgs8sqL/K3D2yw2JL0NBhn74j+xF0nMCuZdif5F0gFYckuVhVCC8aS1iXbDK4XT
+ImIrgLhbCRc+HFqdM2qWStUnpn3u7RvLkAblRqErWxEOMBp0Shw=
+=idvx
+-----END PGP SIGNATURE-----
Modified: head/share/xml/advisories.xml
==============================================================================
--- head/share/xml/advisories.xml Wed Dec 19 17:15:53 2018 (r52699)
+++ head/share/xml/advisories.xml Wed Dec 19 19:51:24 2018 (r52700)
@@ -11,6 +11,15 @@
<name>12</name>
<day>
+ <name>19</name>
+
+ <advisory>
+ <name>FreeBSD-SA-18:15.bootpd</name>
+ </advisory>
+
+ </day>
+
+ <day>
<name>04</name>
<advisory>
Modified: head/share/xml/notices.xml
==============================================================================
--- head/share/xml/notices.xml Wed Dec 19 17:15:53 2018 (r52699)
+++ head/share/xml/notices.xml Wed Dec 19 19:51:24 2018 (r52700)
@@ -8,6 +8,27 @@
<name>2018</name>
<month>
+ <name>12</name>
+
+ <day>
+ <name>19</name>
+
+ <notice>
+ <name>FreeBSD-EN-18:18.zfs</name>
+ </notice>
+
+ <notice>
+ <name>FreeBSD-EN-18:17.vm</name>
+ </notice>
+
+ <notice>
+ <name>FreeBSD-EN-18:16.ptrace</name>
+ </notice>
+
+ </day>
+ </month>
+
+ <month>
<name>11</name>
<day>
More information about the svn-doc-all
mailing list