svn commit: r41357 - in projects/sysctl/share: security/advisories security/patches/SA-13:03 security/patches/SA-13:04 xml
Glen Barber
gjb at FreeBSD.org
Wed Apr 3 00:07:29 UTC 2013
Author: gjb
Date: Wed Apr 3 00:07:28 2013
New Revision: 41357
URL: http://svnweb.freebsd.org/changeset/doc/41357
Log:
MFH:
- Merged /head/share:r41328-41355
Approved by: doceng (implicit)
Added:
projects/sysctl/share/security/advisories/FreeBSD-SA-13:03.openssl.asc
- copied unchanged from r41355, head/share/security/advisories/FreeBSD-SA-13:03.openssl.asc
projects/sysctl/share/security/advisories/FreeBSD-SA-13:04.bind.asc
- copied unchanged from r41355, head/share/security/advisories/FreeBSD-SA-13:04.bind.asc
projects/sysctl/share/security/patches/SA-13:03/
- copied from r41355, head/share/security/patches/SA-13:03/
projects/sysctl/share/security/patches/SA-13:04/
- copied from r41355, head/share/security/patches/SA-13:04/
Modified:
projects/sysctl/share/xml/advisories.xml
Directory Properties:
projects/sysctl/share/ (props changed)
Copied: projects/sysctl/share/security/advisories/FreeBSD-SA-13:03.openssl.asc (from r41355, head/share/security/advisories/FreeBSD-SA-13:03.openssl.asc)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ projects/sysctl/share/security/advisories/FreeBSD-SA-13:03.openssl.asc Wed Apr 3 00:07:28 2013 (r41357, copy of r41355, head/share/security/advisories/FreeBSD-SA-13:03.openssl.asc)
@@ -0,0 +1,126 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-13:03.openssl Security Advisory
+ The FreeBSD Project
+
+Topic: OpenSSL multiple vulnerabilities
+
+Category: contrib
+Module: openssl
+Announced: 2013-04-02
+Affects: All supported versions of FreeBSD.
+Corrected: 2013-03-08 17:28:40 UTC (stable/8, 8.3-STABLE)
+ 2013-04-02 17:34:42 UTC (releng/8.3, 8.3-RELEASE-p7)
+ 2013-03-14 17:48:07 UTC (stable/9, 9.1-STABLE)
+ 2013-04-02 17:34:42 UTC (releng/9.0, 9.0-RELEASE-p7)
+ 2013-04-02 17:34:42 UTC (releng/9.1, 9.1-RELEASE-p2)
+CVE Name: CVE-2013-0166, CVE-2013-0169
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I. Background
+
+FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is
+a collaborative effort to develop a robust, commercial-grade, full-featured
+Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
+and Transport Layer Security (TLS v1) protocols as well as a full-strength
+general purpose cryptography library.
+
+II. Problem Description
+
+A flaw in the OpenSSL handling of OCSP response verification could be exploited
+to cause a denial of service attack. [CVE-2013-0166]
+
+OpenSSL has a weakness in the handling of CBC ciphersuites in SSL, TLS and
+DTLS. The weakness could reveal plaintext in a timing attack. [CVE-2013-0169]
+
+III. Impact
+
+The Denial of Service could be caused in the OpenSSL server application by
+using an invalid key. [CVE-2013-0166]
+
+A remote attacker could recover sensitive information by conducting
+an attack via statistical analysis of timing data with crafted packets.
+[CVE-2013-0169]
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated dated after the correction
+date.
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 8.3 and 9.0]
+# fetch http://security.FreeBSD.org/patches/SA-13:03/openssl.patch
+# fetch http://security.FreeBSD.org/patches/SA-13:03/openssl.patch.asc
+# gpg --verify openssl.patch.asc
+
+[FreeBSD 9.1]
+# fetch http://security.FreeBSD.org/patches/SA-13:03/openssl-9.1.patch
+# fetch http://security.FreeBSD.org/patches/SA-13:03/openssl-9.1.patch.asc
+# gpg --verify openssl-9.1.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+Recompile the operating system using buildworld and installworld as
+described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart the all deamons using the library, or reboot your the system.
+
+3) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+VI. Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/8/ r248057
+releng/8.3/ r249029
+stable/9/ r248272
+releng/9.0/ r249029
+releng/9.1/ r249029
+- -------------------------------------------------------------------------
+
+VII. References
+
+CVE Name:
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0166
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-13:03.openssl.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.19 (FreeBSD)
+
+iEYEARECAAYFAlFbGXYACgkQFdaIBMps37ISqACcCovc+NpuH57guiROqIbTfw3P
+4RMAn22ppeZnRVfje8up3cyOx/D8CCmI
+=rQqV
+-----END PGP SIGNATURE-----
Copied: projects/sysctl/share/security/advisories/FreeBSD-SA-13:04.bind.asc (from r41355, head/share/security/advisories/FreeBSD-SA-13:04.bind.asc)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ projects/sysctl/share/security/advisories/FreeBSD-SA-13:04.bind.asc Wed Apr 3 00:07:28 2013 (r41357, copy of r41355, head/share/security/advisories/FreeBSD-SA-13:04.bind.asc)
@@ -0,0 +1,112 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-13:04.bind Security Advisory
+ The FreeBSD Project
+
+Topic: BIND remote denial of service
+
+Category: contrib
+Module: bind
+Announced: 2013-04-02
+Credits: Matthew Horsfall of Dyn, Inc.
+Affects: FreeBSD 8.4-BETA1 and FreeBSD 9.x
+Corrected: 2013-03-28 05:35:46 UTC (stable/8, 8.4-BETA1)
+ 2013-03-28 05:39:45 UTC (stable/9, 9.1-STABLE)
+ 2013-04-02 17:34:42 UTC (releng/9.0, 9.0-RELEASE-p7)
+ 2013-04-02 17:34:42 UTC (releng/9.1, 9.1-RELEASE-p2)
+CVE Name: CVE-2013-2266
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I. Background
+
+BIND 9 is an implementation of the Domain Name System (DNS) protocols.
+The named(8) daemon is an Internet Domain Name Server. The libdns
+library is a library of DNS protocol support functions.
+
+II. Problem Description
+
+A flaw in a library used by BIND allows an attacker to deliberately
+cause excessive memory consumption by the named(8) process. This
+affects both recursive and authoritative servers.
+
+III. Impact
+
+A remote attacker can cause the named(8) daemon to consume all available
+memory and crash, resulting in a denial of service. Applications linked
+with the libdns library, for instance dig(1), may also be affected.
+
+IV. Workaround
+
+No workaround is available, but systems not running named(8) service
+and not using base system DNS utilities are not affected.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-13:04/bind.patch
+# fetch http://security.FreeBSD.org/patches/SA-13:04/bind.patch.asc
+# gpg --verify bind.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+Recompile the operating system using buildworld and installworld as
+described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart the named daemon, or reboot the system.
+
+3) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+VI. Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/8/ r248807
+stable/9/ r248808
+releng/9.0/ r249029
+releng/9.1/ r249029
+- -------------------------------------------------------------------------
+
+VII. References
+
+https://kb.isc.org/article/AA-00871
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-13:04.bind.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.19 (FreeBSD)
+
+iEYEARECAAYFAlFbGYYACgkQFdaIBMps37J4eACeNzJtWElzKJZCqXdzhrHEB+pu
+1eoAn0oD7xcjoPOnB7H3xZbIeHldgGcI
+=BX1M
+-----END PGP SIGNATURE-----
Modified: projects/sysctl/share/xml/advisories.xml
==============================================================================
--- projects/sysctl/share/xml/advisories.xml Wed Apr 3 00:07:03 2013 (r41356)
+++ projects/sysctl/share/xml/advisories.xml Wed Apr 3 00:07:28 2013 (r41357)
@@ -8,6 +8,22 @@
<name>2013</name>
<month>
+ <name>4</name>
+
+ <day>
+ <name>2</name>
+
+ <advisory>
+ <name>FreeBSD-SA-13:04.bind</name>
+ </advisory>
+
+ <advisory>
+ <name>FreeBSD-SA-13:03.openssl</name>
+ </advisory>
+ </day>
+ </month>
+
+ <month>
<name>2</name>
<day>
More information about the svn-doc-projects
mailing list