svn commit: r53316 - head/share/security/advisories
Gordon Tetlow
gordon at FreeBSD.org
Thu Aug 22 00:56:21 UTC 2019
Author: gordon (src committer)
Date: Thu Aug 22 00:56:21 2019
New Revision: 53316
URL: https://svnweb.freebsd.org/changeset/doc/53316
Log:
Add a workaround for the midi issue.
Reviewed by: so
Modified:
head/share/security/advisories/FreeBSD-SA-19:23.midi.asc
Modified: head/share/security/advisories/FreeBSD-SA-19:23.midi.asc
==============================================================================
--- head/share/security/advisories/FreeBSD-SA-19:23.midi.asc Wed Aug 21 05:05:23 2019 (r53315)
+++ head/share/security/advisories/FreeBSD-SA-19:23.midi.asc Thu Aug 22 00:56:21 2019 (r53316)
@@ -23,6 +23,11 @@ For general information regarding FreeBSD Security Adv
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:https://security.FreeBSD.org/>.
+0. Revision history
+
+v1.0 2019-08-20 Initial release.
+v1.1 2019-08-21 Updated workaround.
+
I. Background
/dev/midistat is a device file which can be read to obtain a
@@ -47,9 +52,14 @@ fault in kernel mode, leading to a panic.
IV. Workaround
-No workaround is available. Custom kernels without "device sound"
-are not vulnerable.
+Restrict permissions on /dev/midistat by adding an entry to
+/etc/devfs.conf and restarting the service:
+# echo "perm midistat 0600" >> /etc/devfs.conf
+# service devfs restart
+
+Custom kernels without "device sound" are not vulnerable.
+
V. Solution
Upgrade your vulnerable system to a supported FreeBSD stable or
@@ -120,19 +130,19 @@ The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-19:23.midi.asc>
-----BEGIN PGP SIGNATURE-----
-iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl1cPgVfFIAAAAAALgAo
+iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAl1d58xfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD
MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n
-5cItmQ/9HL5BIP/QUvfcBbhZmZAXa7O7V9Em4auumaUWEPnUaAR0vNKZqMvFXNeN
-v51/HOwCZte2fCgs8rxSH9ncQR+cUk/3nXO7PZ7pNPNfvuJoPlCV1rIuRrdwm14+
-+pZIJpY65gmmXyh5Qa5cw41MEWuDcKluUg38zEROwBpX4h0J/ZuMSARn/s1jj/kJ
-hy2yzgPTz8gAzkNd8OtQm1CHdFnKWabuAHBlltj9qIA3OvJL+TpIFmzU5jA7wO1n
-w9GCcz73+IA1RZXu8vPsW9AEc/1LlUrNcyLmJ+bZjW9b7mY9dq+ackvULTzFV21u
-5xW2FEX3EBr3kFSbWyIS9zuTX4InftoAr97CBxNMYa25/0En4Ri2rB3oH49BgqTb
-sr6p5hO3ZB6gOfJIm3WeYIc9dXsqQcWC/Y8hp7zO/Ef29jBHaa76ZX3uGgKGgyoo
-UcoEjIx4ZpiqQxUEigKdlpEQdUtCIOSZ1NjSYDRFuCURDI07o1Oi8/HSdb9tNRe4
-IxfmT7G+oBGbhjZ/bziC/tZX/whXzBdo6eNIBC8XW8hrTDIXVCyqls3igiSqxoFA
-WMpQN2gEZ6Yug0zpRCn4fj+dvBobpAle7F/gwZdFeWU/wtDiLQHnBOxPaobR56Qy
-fIoVVGufmnjbSReSGh1WtFhDt+uJ8zal/EqGWi3IBIFpxjhAuP0=
-=I8mB
+5cJ3pw//fbHMCysvmMh+2RZ47d4i9d61cdYEq51VUwT2Cp2pGz+mWAoac89c4k2v
+coo+nuvsXfgNGjr6SHGjLw0kCjeJPdPBDstHLnrzqbmuUFeS8rbRS9AGySy8cW7Z
+qYh8OuBPqczWRM2STtyIA1nuxrKBxpEKsWdCO41lTue/D6+1rPjFkRtzK5G/yNcJ
+2gQjy8DKwX2RdUmjrWXoQbGheCKUz+euhkUOFHjiJYAdLAK4Bq+Dn/Nq36c6Dej0
+wzYkeDwL+c/XxVPk1iucMJfDd+xrOi6HY4BLh4EFkJBKmQa6ciqa1B37ibARMtVb
+QbGcjgoUQ1wJLxJEpD0JN5/Rbxg3KOq+8wH5if2pqW8Q9Ir89GNpbq2DjNVpBq28
+1XEE0CpIJUsqZkSobkMlmwQkz4fYNm5PGkIxpVGAUUlhEpnPlHsIWX5ADhyUwS8y
+qGkYWDrB7t5kn+66pwef6HOQdSA+76MdHzsb9NF+5ByvcgSqgEJqVpFs31+hAfTQ
+fH+UefOm7E65GEARG8M2NUUQnMDY/GlXOaeVgbUu60FPbr3M3QlTuAZcBZZTwd+f
+aDtQt4J2P33qfkJWoH4Lt5qNzcGkucFQliKZ0SI4W0IfpaqWlRTaUcaC6MZClgdN
+hh/cTP3WruHVsgQKPPO1F1soFCP96cDI1LVeHiYYTLBX0n5JarQ=
+=AI8Q
-----END PGP SIGNATURE-----
More information about the svn-doc-all
mailing list