If you need to replace a pattern with an incrementing number in VI, you can use the line() function.
:%s/PATTERN/\=OFFSET+line(".") . "MORE TEXT"/g
Change out PATTERN with what you are searching for.
Change out OFFSET with a number to add or subtract as necessary from the line number to get the correct numerical value.
Change out MORE TEXT with anything else you want to append. But remember that because you are in code eval mode, you need to append text using the period operator and quotes.
Saturday, June 30, 2012
Friday, June 29, 2012
[USN-1493-1] Linux kernel vulnerabilities
========================================================================
Ubuntu Security Notice USN-1493-1
June 29, 2012
linux vulnerabilities
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 8.04 LTS
Summary:
Several security issues were fixed in the kernel.
Ubuntu Security Notice USN-1493-1
June 29, 2012
linux vulnerabilities
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 8.04 LTS
Summary:
Several security issues were fixed in the kernel.
[USN-1492-1] Linux kernel vulnerabilities
========================================================================
Ubuntu Security Notice USN-1492-1
June 29, 2012
linux vulnerabilities
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in the kernel.
Ubuntu Security Notice USN-1492-1
June 29, 2012
linux vulnerabilities
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in the kernel.
[USN-1491-1] Linux kernel (EC2) vulnerabilities
========================================================================
Ubuntu Security Notice USN-1491-1
June 29, 2012
linux-ec2 vulnerabilities
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux-ec2: Linux kernel for EC2
Ubuntu Security Notice USN-1491-1
June 29, 2012
linux-ec2 vulnerabilities
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux-ec2: Linux kernel for EC2
[USN-1490-1] Linux kernel (Natty backport) vulnerabilities
========================================================================
Ubuntu Security Notice USN-1490-1
June 29, 2012
linux-lts-backport-natty vulnerabilities
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux-lts-backport-natty: Linux kernel backport from Natty
Ubuntu Security Notice USN-1490-1
June 29, 2012
linux-lts-backport-natty vulnerabilities
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux-lts-backport-natty: Linux kernel backport from Natty
[USN-1489-1] Linux kernel (Oneiric backport) vulnerability
========================================================================
Ubuntu Security Notice USN-1489-1
June 29, 2012
linux-lts-backport-oneiric vulnerability
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
Summary:
The system could be made to crash if it received specially crafted network
traffic.
Software Description:
- linux-lts-backport-oneiric: Linux kernel backport from Oneiric
Ubuntu Security Notice USN-1489-1
June 29, 2012
linux-lts-backport-oneiric vulnerability
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
Summary:
The system could be made to crash if it received specially crafted network
traffic.
Software Description:
- linux-lts-backport-oneiric: Linux kernel backport from Oneiric
[USN-1488-1] Linux kernel vulnerabilities
========================================================================
Ubuntu Security Notice USN-1488-1
June 29, 2012
linux vulnerabilities
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux: Linux kernel
Ubuntu Security Notice USN-1488-1
June 29, 2012
linux vulnerabilities
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04
Summary:
Several security issues were fixed in the kernel.
Software Description:
- linux: Linux kernel
[USN-1487-1] Linux kernel vulnerability
========================================================================
Ubuntu Security Notice USN-1487-1
June 29, 2012
linux vulnerability
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
Summary:
The system could be made to crash if it received specially crafted network
traffic.
Software Description:
- linux: Linux kernel
Details:
A flaw was discovered in the Linux kernel's NFSv4 (Network file system)
handling of ACLs (access control lists). A remote NFS server (attacker)
could cause a denial of service (OOPS).
Ubuntu Security Notice USN-1487-1
June 29, 2012
linux vulnerability
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
Summary:
The system could be made to crash if it received specially crafted network
traffic.
Software Description:
- linux: Linux kernel
Details:
A flaw was discovered in the Linux kernel's NFSv4 (Network file system)
handling of ACLs (access control lists). A remote NFS server (attacker)
could cause a denial of service (OOPS).
[USN-1486-1] Linux kernel vulnerability
========================================================================
Ubuntu Security Notice USN-1486-1
June 29, 2012
linux vulnerability
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
The system could be made to crash if it received specially crafted network
traffic.
Software Description:
- linux: Linux kernel
Details:
A flaw was discovered in the Linux kernel's NFSv4 (Network file system)
handling of ACLs (access control lists). A remote NFS server (attacker)
could cause a denial of service (OOPS).
Ubuntu Security Notice USN-1486-1
June 29, 2012
linux vulnerability
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
Summary:
The system could be made to crash if it received specially crafted network
traffic.
Software Description:
- linux: Linux kernel
Details:
A flaw was discovered in the Linux kernel's NFSv4 (Network file system)
handling of ACLs (access control lists). A remote NFS server (attacker)
could cause a denial of service (OOPS).
Fedora 17 for IBM System z 64bit official release
There was a little inconsistency between the Fedora and Everything
repositories requiring a last minute respin, but the Fedora 17 GA
release for the IBM System z is finally here. This time again a bit
closer the primary when we count the number of available packages.
repositories requiring a last minute respin, but the Fedora 17 GA
release for the IBM System z is finally here. This time again a bit
closer the primary when we count the number of available packages.
The links to the actual release are here:
http://secondary.fedoraproject.org/pub/fedora-secondary/releases/17/Fedora/s390x/
http://secondary.fedoraproject.org/pub/fedora-secondary/releases/17/Everything/s390x/os/
and obviously on all sites that mirror the secondary arch content and we
still have few :-)
The first directory contains the normal installation trees as well as
one DVD ISO with the complete release.
Everything as usual contains, well, everything. :)
Additional information about known issues, the current progress and
state for future release, where and how the team can be reached and just
anything else IBM System z on Fedora related can be found here:
http://fedoraproject.org/wiki/Architectures/s390x/17
For architecture specific release notes, please read it as there are
again changes in the installation process. It's a wiki so don't hesitate
to add your knowledge there.
More information about Fedora on IBM System z can be found at
http://fedoraproject.org/wiki/Architectures/s390x
Thanks go out to everyone involved in making this happen!
Your Fedora/s390x Maintainers
--
Dan Horák, RHCE
Senior Software Engineer, BaseOS
Red Hat Czech s.r.o., Purkyňova 99, 612 45 Brno
--
announce mailing list
announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/announce
Thursday, June 28, 2012
[USN-1485-1] AccountsService vulnerability
==========================================================================
Ubuntu Security Notice USN-1485-1
June 28, 2012
accountsservice vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
Summary:
AccountsService could be made to read arbitrary files as the administrator.
Software Description:
- accountsservice: query and manipulate user account information
Details:
Florian Weimer discovered that AccountsService incorrectly handled
privileges when copying certain files to the system cache directory. A
local attacker could exploit this issue to read arbitrary files, bypassing
intended permissions.
Ubuntu Security Notice USN-1485-1
June 28, 2012
accountsservice vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
Summary:
AccountsService could be made to read arbitrary files as the administrator.
Software Description:
- accountsservice: query and manipulate user account information
Details:
Florian Weimer discovered that AccountsService incorrectly handled
privileges when copying certain files to the system cache directory. A
local attacker could exploit this issue to read arbitrary files, bypassing
intended permissions.
[USN-1484-1] PyCrypto vulnerability
=======================================================================
Ubuntu Security Notice USN-1484-1
June 28, 2012
python-crypto vulnerability
=======================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
Summary:
PyCrypto improperly created ElGamal encryption keys.
Software Description:
- python-crypto: cryptographic algorithms and protocols for Python
Details:
It was discovered that PyCrypto produced inappropriate prime numbers when
generating ElGamal keys. An attacker could use this flaw to facilitate
brute-forcing of ElGamal encryption keys.
Ubuntu Security Notice USN-1484-1
June 28, 2012
python-crypto vulnerability
=======================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
Summary:
PyCrypto improperly created ElGamal encryption keys.
Software Description:
- python-crypto: cryptographic algorithms and protocols for Python
Details:
It was discovered that PyCrypto produced inappropriate prime numbers when
generating ElGamal keys. An attacker could use this flaw to facilitate
brute-forcing of ElGamal encryption keys.
Wednesday, June 27, 2012
[USN-1483-2] network-manager-applet vulnerability
==========================================================================
Ubuntu Security Notice USN-1483-2
June 27, 2012
network-manager-applet vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
Summary:
network-manager-applet could create insecure AdHoc wireless networks.
Software Description:
- network-manager-applet: GNOME frontend for NetworkManager
Details:
USN-1483-1 fixed a vulnerability in NetworkManager by disabling the
creation of WPA-secured AdHoc wireless connections. This update provides
the corresponding change for network-manager-applet.
Ubuntu Security Notice USN-1483-2
June 27, 2012
network-manager-applet vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
Summary:
network-manager-applet could create insecure AdHoc wireless networks.
Software Description:
- network-manager-applet: GNOME frontend for NetworkManager
Details:
USN-1483-1 fixed a vulnerability in NetworkManager by disabling the
creation of WPA-secured AdHoc wireless connections. This update provides
the corresponding change for network-manager-applet.
[USN-1483-1] NetworkManager vulnerability
==========================================================================
Ubuntu Security Notice USN-1483-1
June 27, 2012
network-manager vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
Summary:
NetworkManager could create insecure AdHoc wireless networks.
Software Description:
- network-manager: Network connection manager
Details:
It was discovered that certain wireless drivers incorrectly handled the
creation of WPA-secured AdHoc connections. This could result in AdHoc
wireless connections being created without any security at all. This update
removes WPA as a security choice for AdHoc connections in NetworkManager.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.10:
network-manager 0.9.1.90-0ubuntu5.2
Ubuntu 11.04:
network-manager 0.8.4~git.20110319t175609.d14809b-0ubuntu3.1
Ubuntu 10.04 LTS:
network-manager 0.8-0ubuntu3.3
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1483-1
CVE-2012-2736
Package Information:
https://launchpad.net/ubuntu/+source/network-manager/0.9.1.90-0ubuntu5.2
https://launchpad.net/ubuntu/+source/network-manager/0.8.4~git.20110319t175609.d14809b-0ubuntu3.1
https://launchpad.net/ubuntu/+source/network-manager/0.8-0ubuntu3.3
Ubuntu Security Notice USN-1483-1
June 27, 2012
network-manager vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
Summary:
NetworkManager could create insecure AdHoc wireless networks.
Software Description:
- network-manager: Network connection manager
Details:
It was discovered that certain wireless drivers incorrectly handled the
creation of WPA-secured AdHoc connections. This could result in AdHoc
wireless connections being created without any security at all. This update
removes WPA as a security choice for AdHoc connections in NetworkManager.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.10:
network-manager 0.9.1.90-0ubuntu5.2
Ubuntu 11.04:
network-manager 0.8.4~git.20110319t175609.d14809b-0ubuntu3.1
Ubuntu 10.04 LTS:
network-manager 0.8-0ubuntu3.3
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1483-1
CVE-2012-2736
Package Information:
https://launchpad.net/ubuntu/+source/network-manager/0.9.1.90-0ubuntu5.2
https://launchpad.net/ubuntu/+source/network-manager/0.8.4~git.20110319t175609.d14809b-0ubuntu3.1
https://launchpad.net/ubuntu/+source/network-manager/0.8-0ubuntu3.3
Tuesday, June 26, 2012
[USN-1463-6] Thunderbird vulnerabilities
========================================================================
Ubuntu Security Notice USN-1463-6
June 27, 2012
thunderbird vulnerabilities
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04
Summary:
Several security issues were fixed in Thunderbird.
Software Description:
- thunderbird: Mozilla Open Source mail and newsgroup client
Details:
USN-1463-1 fixed vulnerabilities in Firefox. This update provides the
corresponding fixes for Thunderbird.
Original advisory details:
Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew
McCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered memory
safety issues affecting Firefox. If the user were tricked into opening a
specially crafted page, an attacker could possibly exploit these to cause a
denial of service via application crash, or potentially execute code with
the privileges of the user invoking Firefox. (CVE-2012-1937, CVE-2012-1938)
It was discovered that Mozilla's WebGL implementation exposed a bug in
certain NVIDIA graphics drivers. The impact of this issue has not been
disclosed at this time. (CVE-2011-3101)
Adam Barth discovered that certain inline event handlers were not being
blocked properly by the Content Security Policy's (CSP) inline-script
blocking feature. Web applications relying on this feature of CSP to
protect against cross-site scripting (XSS) were not fully protected. With
cross-site scripting vulnerabilities, if a user were tricked into viewing a
specially crafted page, a remote attacker could exploit this to modify the
contents, or steal confidential data, within the same domain.
(CVE-2012-1944)
Paul Stone discovered that a viewed HTML page hosted on a Windows or Samba
share could load Windows shortcut files (.lnk) in the same share. These
shortcut files could then link to arbitrary locations on the local file
system of the individual loading the HTML page. An attacker could
potentially use this vulnerability to show the contents of these linked
files or directories in an iframe, resulting in information disclosure.
(CVE-2012-1945)
Arthur Gerkis discovered a use-after-free vulnerability while
replacing/inserting a node in a document. If the user were tricked into
opening a specially crafted page, an attacker could possibly exploit this
to cause a denial of service via application crash, or potentially execute
code with the privileges of the user invoking Firefox. (CVE-2012-1946)
Kaspar Brand discovered a vulnerability in how the Network Security
Services (NSS) ASN.1 decoder handles zero length items. If the user were
tricked into opening a specially crafted page, an attacker could possibly
exploit this to cause a denial of service via application crash.
(CVE-2012-0441)
Abhishek Arya discovered two buffer overflow and one use-after-free
vulnerabilities. If the user were tricked into opening a specially crafted
page, an attacker could possibly exploit these to cause a denial of service
via application crash, or potentially execute code with the privileges of
the user invoking Firefox. (CVE-2012-1940, CVE-2012-1941, CVE-2012-1947)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.04:
thunderbird 13.0.1+build1-0ubuntu0.11.04.1
After a standard system update you need to restart Thunderbird to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1463-6
http://www.ubuntu.com/usn/usn-1463-1
https://launchpad.net/bugs/1007556
Package Information:
https://launchpad.net/ubuntu/+source/thunderbird/13.0.1+build1-0ubuntu0.11.04.1
Ubuntu Security Notice USN-1463-6
June 27, 2012
thunderbird vulnerabilities
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04
Summary:
Several security issues were fixed in Thunderbird.
Software Description:
- thunderbird: Mozilla Open Source mail and newsgroup client
Details:
USN-1463-1 fixed vulnerabilities in Firefox. This update provides the
corresponding fixes for Thunderbird.
Original advisory details:
Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew
McCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered memory
safety issues affecting Firefox. If the user were tricked into opening a
specially crafted page, an attacker could possibly exploit these to cause a
denial of service via application crash, or potentially execute code with
the privileges of the user invoking Firefox. (CVE-2012-1937, CVE-2012-1938)
It was discovered that Mozilla's WebGL implementation exposed a bug in
certain NVIDIA graphics drivers. The impact of this issue has not been
disclosed at this time. (CVE-2011-3101)
Adam Barth discovered that certain inline event handlers were not being
blocked properly by the Content Security Policy's (CSP) inline-script
blocking feature. Web applications relying on this feature of CSP to
protect against cross-site scripting (XSS) were not fully protected. With
cross-site scripting vulnerabilities, if a user were tricked into viewing a
specially crafted page, a remote attacker could exploit this to modify the
contents, or steal confidential data, within the same domain.
(CVE-2012-1944)
Paul Stone discovered that a viewed HTML page hosted on a Windows or Samba
share could load Windows shortcut files (.lnk) in the same share. These
shortcut files could then link to arbitrary locations on the local file
system of the individual loading the HTML page. An attacker could
potentially use this vulnerability to show the contents of these linked
files or directories in an iframe, resulting in information disclosure.
(CVE-2012-1945)
Arthur Gerkis discovered a use-after-free vulnerability while
replacing/inserting a node in a document. If the user were tricked into
opening a specially crafted page, an attacker could possibly exploit this
to cause a denial of service via application crash, or potentially execute
code with the privileges of the user invoking Firefox. (CVE-2012-1946)
Kaspar Brand discovered a vulnerability in how the Network Security
Services (NSS) ASN.1 decoder handles zero length items. If the user were
tricked into opening a specially crafted page, an attacker could possibly
exploit this to cause a denial of service via application crash.
(CVE-2012-0441)
Abhishek Arya discovered two buffer overflow and one use-after-free
vulnerabilities. If the user were tricked into opening a specially crafted
page, an attacker could possibly exploit these to cause a denial of service
via application crash, or potentially execute code with the privileges of
the user invoking Firefox. (CVE-2012-1940, CVE-2012-1941, CVE-2012-1947)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.04:
thunderbird 13.0.1+build1-0ubuntu0.11.04.1
After a standard system update you need to restart Thunderbird to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1463-6
http://www.ubuntu.com/usn/usn-1463-1
https://launchpad.net/bugs/1007556
Package Information:
https://launchpad.net/ubuntu/+source/thunderbird/13.0.1+build1-0ubuntu0.11.04.1
[USN-1463-5] Unity 2D update
========================================================================
Ubuntu Security Notice USN-1463-5
June 27, 2012
unity-2d update
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 11.04
Summary:
Popup menus were not working in Thunderbird under Unity 2D when started
from the launcher.
Software Description:
- unity-2d: Unity interface for non-accelerated graphics cards
Details:
USN-1463-2 fixed a bug in Unity 2D exposed by a recent Firefox update. It
was discovered that the issue was only partially fixed on Ubuntu 11.04.
When Thunderbird was started from the launcher, Thunderbird was still
unable to obtain pointer grabs under certain conditions. This update fixes
the problem.
Original advisory details:
USN-1463-1 fixed vulnerabilities in Firefox. The Firefox update exposed a
bug in Unity 2D which resulted in Firefox being unable to obtain pointer
grabs in order to open popup menus. This update fixes the problem.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 11.04:
unity-2d-launcher 3.8.4.1-0ubuntu1.2
After a standard system update you need to restart your Unity 2D session to
make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1463-5
http://www.ubuntu.com/usn/usn-1463-1
http://www.ubuntu.com/usn/usn-1463-2, https://launchpad.net/bugs/1016386
Package Information:
https://launchpad.net/ubuntu/+source/unity-2d/3.8.4.1-0ubuntu1.2
Saturday, June 23, 2012
Fedora Board appointment
I am very delighted to announce that John Rose (aka inode0) will be
joining the Fedora Board in the final appointed slot for this cycle
(seat A4). Many of you know John from his work in the Ambassadors team
and his excellent election wrangling for many election cycles, as well
as being a familiar face in FUDCon planning, and his care for
transparency in finances (and transparency in general!). I believe
he'll be a fine addition to the Board, and I look forward to his
contributions and participation.
As John comes on, I'd also like to thank Guillermo Gomez for his work
done over the past year as the Board member who has been in this seat.
You will be missed! :)
A friendly reminder, also, that the Board is always happy to have
community input; please feel welcome to join the Board's mailing list at
https://lists.fedoraproject.org/mailman/listinfo/Advisory-board to ask
questions or participate in discussion.
Welcome, John! :)
-Robyn
_______________________________________________
joining the Fedora Board in the final appointed slot for this cycle
(seat A4). Many of you know John from his work in the Ambassadors team
and his excellent election wrangling for many election cycles, as well
as being a familiar face in FUDCon planning, and his care for
transparency in finances (and transparency in general!). I believe
he'll be a fine addition to the Board, and I look forward to his
contributions and participation.
As John comes on, I'd also like to thank Guillermo Gomez for his work
done over the past year as the Board member who has been in this seat.
You will be missed! :)
A friendly reminder, also, that the Board is always happy to have
community input; please feel welcome to join the Board's mailing list at
https://lists.fedoraproject.org/mailman/listinfo/Advisory-board to ask
questions or participate in discussion.
Welcome, John! :)
-Robyn
_______________________________________________
Friday, June 22, 2012
poppler soname bump in rawhide
Hi,
I plan to rebase poppler in rawhide to poppler-0.20.1 at the end of next
week.
There are several API changes (new functions + 1 move of a private
function to public section) and 1 soname bump (libpoppler.so.25 to
libpoppler.so.26).
Regards
Marek
________________________________
[USN-1463-4] Thunderbird vulnerabilities
Ubuntu Security Notice USN-1463-4
June 22, 2012
thunderbird vulnerabilities
========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 10.04 LTS
Summary:
Several security issues were fixed in Thunderbird.
Software Description:
- thunderbird: Mozilla Open Source mail and newsgroup client
Details:
USN-1463-1 fixed vulnerabilities in Firefox. This update provides the
corresponding fixes for Thunderbird.
Original advisory details:
Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew
McCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered memory
safety issues affecting Firefox. If the user were tricked into opening a
specially crafted page, an attacker could possibly exploit these to cause a
denial of service via application crash, or potentially execute code with
the privileges of the user invoking Firefox. (CVE-2012-1937, CVE-2012-1938)
It was discovered that Mozilla's WebGL implementation exposed a bug in
certain NVIDIA graphics drivers. The impact of this issue has not been
disclosed at this time. (CVE-2011-3101)
Adam Barth discovered that certain inline event handlers were not being
blocked properly by the Content Security Policy's (CSP) inline-script
blocking feature. Web applications relying on this feature of CSP to
protect against cross-site scripting (XSS) were not fully protected. With
cross-site scripting vulnerabilities, if a user were tricked into viewing a
specially crafted page, a remote attacker could exploit this to modify the
contents, or steal confidential data, within the same domain.
(CVE-2012-1944)
Paul Stone discovered that a viewed HTML page hosted on a Windows or Samba
share could load Windows shortcut files (.lnk) in the same share. These
shortcut files could then link to arbitrary locations on the local file
system of the individual loading the HTML page. An attacker could
potentially use this vulnerability to show the contents of these linked
files or directories in an iframe, resulting in information disclosure.
(CVE-2012-1945)
Arthur Gerkis discovered a use-after-free vulnerability while
replacing/inserting a node in a document. If the user were tricked into
opening a specially crafted page, an attacker could possibly exploit this
to cause a denial of service via application crash, or potentially execute
code with the privileges of the user invoking Firefox. (CVE-2012-1946)
Kaspar Brand discovered a vulnerability in how the Network Security
Services (NSS) ASN.1 decoder handles zero length items. If the user were
tricked into opening a specially crafted page, an attacker could possibly
exploit this to cause a denial of service via application crash.
(CVE-2012-0441)
Abhishek Arya discovered two buffer overflow and one use-after-free
vulnerabilities. If the user were tricked into opening a specially crafted
page, an attacker could possibly exploit these to cause a denial of service
via application crash, or potentially execute code with the privileges of
the user invoking Firefox. (CVE-2012-1940, CVE-2012-1941, CVE-2012-1947)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
thunderbird 13.0.1+build1-0ubuntu0.12.04.1
Ubuntu 11.10:
thunderbird 13.0.1+build1-0ubuntu0.11.10.1
Ubuntu 10.04 LTS:
thunderbird 13.0.1+build1-0ubuntu0.10.04.1
After a standard system update you need to restart Thunderbird to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1463-4
http://www.ubuntu.com/usn/usn-1463-1
CVE-2011-3101, CVE-2012-0441, CVE-2012-1937, CVE-2012-1938,
CVE-2012-1940, CVE-2012-1941, CVE-2012-1944, CVE-2012-1945,
CVE-2012-1946, CVE-2012-1947, https://launchpad.net/bugs/1007556
Package Information:
https://launchpad.net/ubuntu/+source/thunderbird/13.0.1+build1-0ubuntu0.12.04.1
https://launchpad.net/ubuntu/+source/thunderbird/13.0.1+build1-0ubuntu0.11.10.1
https://launchpad.net/ubuntu/+source/thunderbird/13.0.1+build1-0ubuntu0.10.04.1
Wednesday, June 20, 2012
[USN-1463-3] Firefox regressions
==========================================================================
Ubuntu Security Notice USN-1463-3
June 20, 2012
firefox regressions
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
Summary:
USN-1463-1 introduced regressions in Firefox.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
USN-1463-1 fixed vulnerabilities in Firefox. The new package caused a
regression in the rendering of Hebrew text and the ability of the Hotmail
inbox to auto-update. This update fixes the problem.
Original advisory details:
Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew
McCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered memory
safety issues affecting Firefox. If the user were tricked into opening a
specially crafted page, an attacker could possibly exploit these to cause a
denial of service via application crash, or potentially execute code with
the privileges of the user invoking Firefox. (CVE-2012-1937, CVE-2012-1938)
It was discovered that Mozilla's WebGL implementation exposed a bug in
certain NVIDIA graphics drivers. The impact of this issue has not been
disclosed at this time. (CVE-2011-3101)
Adam Barth discovered that certain inline event handlers were not being
blocked properly by the Content Security Policy's (CSP) inline-script
blocking feature. Web applications relying on this feature of CSP to
protect against cross-site scripting (XSS) were not fully protected. With
cross-site scripting vulnerabilities, if a user were tricked into viewing a
specially crafted page, a remote attacker could exploit this to modify the
contents, or steal confidential data, within the same domain.
(CVE-2012-1944)
Paul Stone discovered that a viewed HTML page hosted on a Windows or Samba
share could load Windows shortcut files (.lnk) in the same share. These
shortcut files could then link to arbitrary locations on the local file
system of the individual loading the HTML page. An attacker could
potentially use this vulnerability to show the contents of these linked
files or directories in an iframe, resulting in information disclosure.
(CVE-2012-1945)
Arthur Gerkis discovered a use-after-free vulnerability while
replacing/inserting a node in a document. If the user were tricked into
opening a specially crafted page, an attacker could possibly exploit this
to cause a denial of service via application crash, or potentially execute
code with the privileges of the user invoking Firefox. (CVE-2012-1946)
Kaspar Brand discovered a vulnerability in how the Network Security
Services (NSS) ASN.1 decoder handles zero length items. If the user were
tricked into opening a specially crafted page, an attacker could possibly
exploit this to cause a denial of service via application crash.
(CVE-2012-0441)
Abhishek Arya discovered two buffer overflow and one use-after-free
vulnerabilities. If the user were tricked into opening a specially crafted
page, an attacker could possibly exploit these to cause a denial of service
via application crash, or potentially execute code with the privileges of
the user invoking Firefox. (CVE-2012-1940, CVE-2012-1941, CVE-2012-1947)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
firefox 13.0.1+build1-0ubuntu0.12.04.1
Ubuntu 11.10:
firefox 13.0.1+build1-0ubuntu0.11.10.1
Ubuntu 11.04:
firefox 13.0.1+build1-0ubuntu0.11.04.1
Ubuntu 10.04 LTS:
firefox 13.0.1+build1-0ubuntu0.10.04.1
After a standard system update you need to restart Firefox to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1463-3
http://www.ubuntu.com/usn/usn-1463-1
https://launchpad.net/bugs/1013425
Package Information:
https://launchpad.net/ubuntu/+source/firefox/13.0.1+build1-0ubuntu0.12.04.1
https://launchpad.net/ubuntu/+source/firefox/13.0.1+build1-0ubuntu0.11.10.1
https://launchpad.net/ubuntu/+source/firefox/13.0.1+build1-0ubuntu0.11.04.1
https://launchpad.net/ubuntu/+source/firefox/13.0.1+build1-0ubuntu0.10.04.1
Ubuntu Security Notice USN-1463-3
June 20, 2012
firefox regressions
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.04 LTS
Summary:
USN-1463-1 introduced regressions in Firefox.
Software Description:
- firefox: Mozilla Open Source web browser
Details:
USN-1463-1 fixed vulnerabilities in Firefox. The new package caused a
regression in the rendering of Hebrew text and the ability of the Hotmail
inbox to auto-update. This update fixes the problem.
Original advisory details:
Jesse Ruderman, Igor Bukanov, Bill McCloskey, Christian Holler, Andrew
McCreight, Olli Pettay, Boris Zbarsky, and Brian Bondy discovered memory
safety issues affecting Firefox. If the user were tricked into opening a
specially crafted page, an attacker could possibly exploit these to cause a
denial of service via application crash, or potentially execute code with
the privileges of the user invoking Firefox. (CVE-2012-1937, CVE-2012-1938)
It was discovered that Mozilla's WebGL implementation exposed a bug in
certain NVIDIA graphics drivers. The impact of this issue has not been
disclosed at this time. (CVE-2011-3101)
Adam Barth discovered that certain inline event handlers were not being
blocked properly by the Content Security Policy's (CSP) inline-script
blocking feature. Web applications relying on this feature of CSP to
protect against cross-site scripting (XSS) were not fully protected. With
cross-site scripting vulnerabilities, if a user were tricked into viewing a
specially crafted page, a remote attacker could exploit this to modify the
contents, or steal confidential data, within the same domain.
(CVE-2012-1944)
Paul Stone discovered that a viewed HTML page hosted on a Windows or Samba
share could load Windows shortcut files (.lnk) in the same share. These
shortcut files could then link to arbitrary locations on the local file
system of the individual loading the HTML page. An attacker could
potentially use this vulnerability to show the contents of these linked
files or directories in an iframe, resulting in information disclosure.
(CVE-2012-1945)
Arthur Gerkis discovered a use-after-free vulnerability while
replacing/inserting a node in a document. If the user were tricked into
opening a specially crafted page, an attacker could possibly exploit this
to cause a denial of service via application crash, or potentially execute
code with the privileges of the user invoking Firefox. (CVE-2012-1946)
Kaspar Brand discovered a vulnerability in how the Network Security
Services (NSS) ASN.1 decoder handles zero length items. If the user were
tricked into opening a specially crafted page, an attacker could possibly
exploit this to cause a denial of service via application crash.
(CVE-2012-0441)
Abhishek Arya discovered two buffer overflow and one use-after-free
vulnerabilities. If the user were tricked into opening a specially crafted
page, an attacker could possibly exploit these to cause a denial of service
via application crash, or potentially execute code with the privileges of
the user invoking Firefox. (CVE-2012-1940, CVE-2012-1941, CVE-2012-1947)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 LTS:
firefox 13.0.1+build1-0ubuntu0.12.04.1
Ubuntu 11.10:
firefox 13.0.1+build1-0ubuntu0.11.10.1
Ubuntu 11.04:
firefox 13.0.1+build1-0ubuntu0.11.04.1
Ubuntu 10.04 LTS:
firefox 13.0.1+build1-0ubuntu0.10.04.1
After a standard system update you need to restart Firefox to make
all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-1463-3
http://www.ubuntu.com/usn/usn-1463-1
https://launchpad.net/bugs/1013425
Package Information:
https://launchpad.net/ubuntu/+source/firefox/13.0.1+build1-0ubuntu0.12.04.1
https://launchpad.net/ubuntu/+source/firefox/13.0.1+build1-0ubuntu0.11.10.1
https://launchpad.net/ubuntu/+source/firefox/13.0.1+build1-0ubuntu0.11.04.1
https://launchpad.net/ubuntu/+source/firefox/13.0.1+build1-0ubuntu0.10.04.1
Tuesday, June 19, 2012
Fedora Board runoff election results
Hello!
The runoff election for the remaining Fedora Board seat has concluded.
There was one remaining seat available. A total of 182 votes were cast,
meaning a candidate could accumulate up to 364 votes (182 * 2). The
results are shown below.
# votes | name
-----------------------------------------------------------------------
214 | Nick Bebout (FAS: nb, IRC: nb)
188 | Robert 'Bob' Jensen (FAS: bjensen, IRC: EvilBob)
Therefore, Nick Bebout will take the remaining Board seat, replacing Jon
Stanley. (Many thanks to Jon for his dedication and time spent with the
Board!)
And with that - I thank everyone for their participation in this
interesting runoff election. News about the remaining appointed Board
seat will be forthcoming in the next few days.
- Robyn
--
announce mailing list
announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/announce
[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-12:04.sysret [REVISED]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-12:04.sysret Security Advisory
The FreeBSD Project
Topic: Privilege escalation when returning from kernel
Category: core
Module: sys_amd64
Announced: 2012-06-12
Credits: Rafal Wojtczuk, John Baldwin
Affects: All supported versions of FreeBSD
Corrected: 2012-06-12 12:10:10 UTC (RELENG_7, 7.4-STABLE)
2012-06-12 12:10:10 UTC (RELENG_7_4, 7.4-RELEASE-p9)
2012-06-12 12:10:10 UTC (RELENG_8, 8.3-STABLE)
2012-06-12 12:10:10 UTC (RELENG_8_3, 8.3-RELEASE-p3)
2012-06-12 12:10:10 UTC (RELENG_8_2, 8.2-RELEASE-p9)
2012-06-18 21:00:54 UTC (RELENG_8_1, 8.1-RELEASE-p12)
2012-06-12 12:10:10 UTC (RELENG_9, 9.0-STABLE)
2012-06-12 12:10:10 UTC (RELENG_9_0, 9.0-RELEASE-p3)
CVE Name: CVE-2012-0217
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.
0. Revision History
v1.0 2012-06-12 Initial release.
v1.1 2012-06-19 Corrected patch FreeBSD 8.1.
I. Background
The FreeBSD operating system implements a rings model of security, where
privileged operations are done in the kernel, and most applications
request access to these operations by making a system call, which puts
the CPU into the required privilege level and passes control to the
kernel.
II. Problem Description
FreeBSD/amd64 runs on CPUs from different vendors. Due to varying
behaviour of CPUs in 64 bit mode a sanity check of the kernel may be
insufficient when returning from a system call.
III. Impact
Successful exploitation of the problem can lead to local kernel privilege
escalation, kernel data corruption and/or crash.
To exploit this vulnerability, an attacker must be able to run code with user
privileges on the target system.
IV. Workaround
No workaround is available.
However FreeBSD/amd64 running on AMD CPUs is not vulnerable to this
particular problem.
Systems with 64 bit capable CPUs, but running the 32 bit FreeBSD/i386
kernel are not vulnerable, nor are systems running on different
processor architectures.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to 7-STABLE, 8-STABLE, or 9-STABLE,
or to the RELENG_7_4, RELENG_8_3, RELENG_8_2, RELENG_8_1, or RELENG_9_0
security branch dated after the correction date.
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to FreeBSD 7.4,
8.3, 8.2, 8.1 and 9.0 systems.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[7.4, 8.3, 8.2, 9.0]
# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret.patch
# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret.patch.asc
[8.1]
# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret-81.patch
# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret-81.patch.asc
[8.1 if original sysret.patch has been applied]
# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret-81-correction.patch
# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret-81-correction.patch.asc
b) Apply the patch.
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
3) To update your vulnerable system via a binary patch:
Systems running 7.4-RELEASE, 8.3-RELEASE, 8.2-RELEASE, 8.1-RELEASE,
or 9.0-RELEASE on the i386 or amd64 platforms can be updated via the
freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
CVS:
Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_7
src/sys/amd64/amd64/trap.c 1.319.2.14
RELENG_7_4
src/UPDATING 1.507.2.36.2.11
src/sys/conf/newvers.sh 1.72.2.18.2.14
src/sys/amd64/amd64/trap.c 1.319.2.12.2.2
RELENG_8
src/sys/amd64/amd64/trap.c 1.332.2.24
RELENG_8_3
src/UPDATING 1.632.2.26.2.5
src/sys/conf/newvers.sh 1.83.2.15.2.7
src/sys/amd64/amd64/trap.c 1.332.2.21.2.2
RELENG_8_2
src/UPDATING 1.632.2.19.2.11
src/sys/conf/newvers.sh 1.83.2.12.2.14
src/sys/amd64/amd64/trap.c 1.332.2.14.2.2
RELENG_8_1
src/UPDATING 1.632.2.14.2.15
src/sys/conf/newvers.sh 1.83.2.10.2.16
src/sys/amd64/amd64/trap.c 1.332.2.10.2.3
RELENG_9
src/sys/amd64/amd64/trap.c 1.357.2.9
RELENG_9_0
src/UPDATING 1.702.2.4.2.5
src/sys/conf/newvers.sh 1.95.2.4.2.7
src/sys/amd64/amd64/trap.c 1.357.2.2.2.3
- -------------------------------------------------------------------------
Subversion:
Branch/path Revision
- -------------------------------------------------------------------------
stable/7/ r236953
releng/7.4/ r236953
stable/8/ r236953
releng/8.3/ r236953
releng/8.2/ r236953
releng/8.1/ r237242
stable/9/ r236953
releng/9.0/ r236953
- -------------------------------------------------------------------------
VII. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0217
The latest revision of this advisory is available at
http://security.FreeBSD.org/advisories/FreeBSD-SA-12:04.sysret.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9
iEYEARECAAYFAk/gjHQACgkQFdaIBMps37KutQCgkcp+lqFuJ3/fQKUemn80suW5
u/wAn2VLxY5LoUPNsN2eUHYB4GMz0AHl
=tQOk
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
Hash: SHA1
=============================================================================
FreeBSD-SA-12:04.sysret Security Advisory
The FreeBSD Project
Topic: Privilege escalation when returning from kernel
Category: core
Module: sys_amd64
Announced: 2012-06-12
Credits: Rafal Wojtczuk, John Baldwin
Affects: All supported versions of FreeBSD
Corrected: 2012-06-12 12:10:10 UTC (RELENG_7, 7.4-STABLE)
2012-06-12 12:10:10 UTC (RELENG_7_4, 7.4-RELEASE-p9)
2012-06-12 12:10:10 UTC (RELENG_8, 8.3-STABLE)
2012-06-12 12:10:10 UTC (RELENG_8_3, 8.3-RELEASE-p3)
2012-06-12 12:10:10 UTC (RELENG_8_2, 8.2-RELEASE-p9)
2012-06-18 21:00:54 UTC (RELENG_8_1, 8.1-RELEASE-p12)
2012-06-12 12:10:10 UTC (RELENG_9, 9.0-STABLE)
2012-06-12 12:10:10 UTC (RELENG_9_0, 9.0-RELEASE-p3)
CVE Name: CVE-2012-0217
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.
0. Revision History
v1.0 2012-06-12 Initial release.
v1.1 2012-06-19 Corrected patch FreeBSD 8.1.
I. Background
The FreeBSD operating system implements a rings model of security, where
privileged operations are done in the kernel, and most applications
request access to these operations by making a system call, which puts
the CPU into the required privilege level and passes control to the
kernel.
II. Problem Description
FreeBSD/amd64 runs on CPUs from different vendors. Due to varying
behaviour of CPUs in 64 bit mode a sanity check of the kernel may be
insufficient when returning from a system call.
III. Impact
Successful exploitation of the problem can lead to local kernel privilege
escalation, kernel data corruption and/or crash.
To exploit this vulnerability, an attacker must be able to run code with user
privileges on the target system.
IV. Workaround
No workaround is available.
However FreeBSD/amd64 running on AMD CPUs is not vulnerable to this
particular problem.
Systems with 64 bit capable CPUs, but running the 32 bit FreeBSD/i386
kernel are not vulnerable, nor are systems running on different
processor architectures.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to 7-STABLE, 8-STABLE, or 9-STABLE,
or to the RELENG_7_4, RELENG_8_3, RELENG_8_2, RELENG_8_1, or RELENG_9_0
security branch dated after the correction date.
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to FreeBSD 7.4,
8.3, 8.2, 8.1 and 9.0 systems.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[7.4, 8.3, 8.2, 9.0]
# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret.patch
# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret.patch.asc
[8.1]
# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret-81.patch
# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret-81.patch.asc
[8.1 if original sysret.patch has been applied]
# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret-81-correction.patch
# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret-81-correction.patch.asc
b) Apply the patch.
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
3) To update your vulnerable system via a binary patch:
Systems running 7.4-RELEASE, 8.3-RELEASE, 8.2-RELEASE, 8.1-RELEASE,
or 9.0-RELEASE on the i386 or amd64 platforms can be updated via the
freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
CVS:
Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_7
src/sys/amd64/amd64/trap.c 1.319.2.14
RELENG_7_4
src/UPDATING 1.507.2.36.2.11
src/sys/conf/newvers.sh 1.72.2.18.2.14
src/sys/amd64/amd64/trap.c 1.319.2.12.2.2
RELENG_8
src/sys/amd64/amd64/trap.c 1.332.2.24
RELENG_8_3
src/UPDATING 1.632.2.26.2.5
src/sys/conf/newvers.sh 1.83.2.15.2.7
src/sys/amd64/amd64/trap.c 1.332.2.21.2.2
RELENG_8_2
src/UPDATING 1.632.2.19.2.11
src/sys/conf/newvers.sh 1.83.2.12.2.14
src/sys/amd64/amd64/trap.c 1.332.2.14.2.2
RELENG_8_1
src/UPDATING 1.632.2.14.2.15
src/sys/conf/newvers.sh 1.83.2.10.2.16
src/sys/amd64/amd64/trap.c 1.332.2.10.2.3
RELENG_9
src/sys/amd64/amd64/trap.c 1.357.2.9
RELENG_9_0
src/UPDATING 1.702.2.4.2.5
src/sys/conf/newvers.sh 1.95.2.4.2.7
src/sys/amd64/amd64/trap.c 1.357.2.2.2.3
- -------------------------------------------------------------------------
Subversion:
Branch/path Revision
- -------------------------------------------------------------------------
stable/7/ r236953
releng/7.4/ r236953
stable/8/ r236953
releng/8.3/ r236953
releng/8.2/ r236953
releng/8.1/ r237242
stable/9/ r236953
releng/9.0/ r236953
- -------------------------------------------------------------------------
VII. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0217
The latest revision of this advisory is available at
http://security.FreeBSD.org/advisories/FreeBSD-SA-12:04.sysret.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9
iEYEARECAAYFAk/gjHQACgkQFdaIBMps37KutQCgkcp+lqFuJ3/fQKUemn80suW5
u/wAn2VLxY5LoUPNsN2eUHYB4GMz0AHl
=tQOk
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
Monday, June 18, 2012
[FreeBSD-Announce] Foundation Announces Capsicum Project!
Dear FreeBSD Community,
The FreeBSD Foundation is pleased to announce that Pawel Jakub
Dawidek has been awarded a grant to develop a comprehensive
userspace framework for writing Capsicum-based applications,
building on the kernel features originally developed by the University
of Cambridge and Google Research.
This framework will include a Capsicum runtime linker and component
library providing sandboxed versions of key higher-level system libraries.
Components will both be sandboxed, improving resistance to vulnerabilities,
and also easily available for delegation to sandboxed applications, such
as the Chromium web browser. The prototype libcapsicum developed by
Cambridge will be analyzed and updated based on lessons learned in
implementing Capsicumised software packages, such as hastd and auditdistd.
Funding for this project will be provided by the FreeBSD Foundation matched
100% by the Google Open Source Program Office, in support of open source
technology transition of Capsicum.
"A continuing challenge in security is to find solutions that not only
fix the problems but also can be applied to existing technologies:
attractive though the notion is, we are not going to persuade the
world to rewrite everything! This is why we at Google are pleased and
excited to support the continuing development of Capsicum, which
radically improves the security of UNIX based systems whilst allowing
a continuous migration path from today's mechanisms to tomorrow's,"
said Ben Laurie, Google Senior Staff Software Engineer.
"I'm very excited to be able to work on Capsicum. Some of my software is
already
using Capsicum, so I'm fully aware of the great potential of this
framework.
This technology is so much superior than the current attempts to provide
sandboxing using tools like chroot(2) or unprivileged user credentials.
No matter how corny it sounds, I strongly believe Capsicum can make the
Internet a safer place." said Pawel.
This project will conclude in August, 2012
The FreeBSD Foundation
_______________________________________________
freebsd-announce@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
The FreeBSD Foundation is pleased to announce that Pawel Jakub
Dawidek has been awarded a grant to develop a comprehensive
userspace framework for writing Capsicum-based applications,
building on the kernel features originally developed by the University
of Cambridge and Google Research.
This framework will include a Capsicum runtime linker and component
library providing sandboxed versions of key higher-level system libraries.
Components will both be sandboxed, improving resistance to vulnerabilities,
and also easily available for delegation to sandboxed applications, such
as the Chromium web browser. The prototype libcapsicum developed by
Cambridge will be analyzed and updated based on lessons learned in
implementing Capsicumised software packages, such as hastd and auditdistd.
Funding for this project will be provided by the FreeBSD Foundation matched
100% by the Google Open Source Program Office, in support of open source
technology transition of Capsicum.
"A continuing challenge in security is to find solutions that not only
fix the problems but also can be applied to existing technologies:
attractive though the notion is, we are not going to persuade the
world to rewrite everything! This is why we at Google are pleased and
excited to support the continuing development of Capsicum, which
radically improves the security of UNIX based systems whilst allowing
a continuous migration path from today's mechanisms to tomorrow's,"
said Ben Laurie, Google Senior Staff Software Engineer.
"I'm very excited to be able to work on Capsicum. Some of my software is
already
using Capsicum, so I'm fully aware of the great potential of this
framework.
This technology is so much superior than the current attempts to provide
sandboxing using tools like chroot(2) or unprivileged user credentials.
No matter how corny it sounds, I strongly believe Capsicum can make the
Internet a safer place." said Pawel.
This project will conclude in August, 2012
The FreeBSD Foundation
_______________________________________________
freebsd-announce@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
Tuesday, June 12, 2012
[FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-12:02.ipv6refcount
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-EN-12:02.ipv6refcount Errata Notice
The FreeBSD Project
Topic: Reference count errors in IPv6 code
Category: core
Modules: sys_netinet sys_netinet6
Announced: 2012-06-12
Credits: Scott Long, Rui Paulo, Maksim Yevmenkin
Affects: FreeBSD 8.0 and later
Corrected: 2012-06-09 22:44:49 UTC (RELENG_8, 8.3-STABLE)
2012-06-12 12:10:10 UTC (RELENG_8_3, 8.3-RELEASE-p3)
2012-06-12 12:10:10 UTC (RELENG_8_2, 8.2-RELEASE-p9)
2012-06-12 12:10:10 UTC (RELENG_8_1, 8.1-RELEASE-p11)
2012-06-09 22:44:24 UTC (RELENG_9, 9.0-STABLE)
2012-06-12 12:10:10 UTC (RELENG_9_0, 9.0-RELEASE-p3)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:http://security.freebsd.org/>.
I. Background
The FreeBSD network stack implements Internet Protocol version 6 (IPv6),
the successor to IPv4. IPv6 is now seeing widespread deployment.
Reference counts are a programming technology used by the FreeBSD kernel
to maintain stability of objects while in use.
II. Problem Description
The FreeBSD IPv4 and IPv6 kernel implementations employ reference counts to
protect IP addresses configured on network interfaces. Due to multiple
bugs, IPv6 address references may be improperly acquired or released; IPv4
is unaffected.
III. Impact
Under high IPv6 network load, reference counts may improperly hit zero
due to overflow or underflow, causing an IPv6 address, which is still in
use, to be freed. This will lead to a kernel panic on next access.
IV. Workaround
No workaround is available, but systems not using any IPv6 communication
are not affected.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to 8-STABLE, or 9-STABLE, or to the
RELENG_8_3, RELENG_8_2, RELENG_8_1, or RELENG_9_0 security branch dated
after the correction date.
2) To patch your present system:
The following patches have been verified to apply to FreeBSD 8.3, 8.2,
8.1, and 9.0 systems.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 8.1-RELEASE, 8.2-RELEASE, and 9.0-RELEASE]
# fetch http://security.FreeBSD.org/patches/EN-12:02/ipv6refcount.patch
# fetch http://security.FreeBSD.org/patches/EN-12:02/ipv6refcount.patch.asc
[FreeBSD 8.3-RELEASE]
# fetch http://security.FreeBSD.org/patches/EN-12:02/ipv6refcount-83.patch
# fetch http://security.FreeBSD.org/patches/EN-12:02/ipv6refcount-83.patch.asc
b) Apply the patch.
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
system.
3) To update your vulnerable system via a binary patch:
Systems running 8.3-RELEASE, 8.2-RELEASE, 8.1-RELEASE, or 9.0-RELEASE on
the i386 or amd64 platforms can be updated via the freebsd-update(8)
utility:
# freebsd-update fetch
# freebsd-update install
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
CVS:
Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_8
sys/netinet/tcp_input.c 1.411.2.22
sys/netinet6/in6.c 1.121.2.28
sys/netinet6/ip6_input.c 1.132.2.9
RELENG_8_3
src/UPDATING 1.632.2.26.2.5
src/sys/conf/newvers.sh 1.83.2.15.2.7
sys/netinet/tcp_input.c 1.411.2.19.2.2
sys/netinet6/in6.c 1.121.2.23.2.2
sys/netinet6/ip6_input.c 1.132.2.6.4.2
RELENG_8_2
src/UPDATING 1.632.2.19.2.11
src/sys/conf/newvers.sh 1.83.2.12.2.14
sys/netinet/tcp_input.c 1.411.2.9.2.2
sys/netinet6/in6.c 1.121.2.12.2.2
sys/netinet6/ip6_input.c 1.132.2.6.2.2
RELENG_8_1
src/UPDATING 1.632.2.14.2.14
src/sys/conf/newvers.sh 1.83.2.10.2.15
sys/netinet/tcp_input.c 1.411.2.6.2.2
sys/netinet6/in6.c 1.121.2.11.2.2
sys/netinet6/ip6_input.c 1.132.2.4.2.2
RELENG_9
sys/netinet/tcp_input.c 1.437.2.7
sys/netinet6/in6.c 1.139.2.16
sys/netinet6/ip6_input.c 1.147.2.4
RELENG_9_0
src/UPDATING 1.702.2.4.2.5
src/sys/conf/newvers.sh 1.95.2.4.2.7
sys/netinet/tcp_input.c 1.437.2.2.2.2
sys/netinet6/in6.c 1.139.2.4.2.2
sys/netinet6/ip6_input.c 1.147.2.1.2.2
- -------------------------------------------------------------------------
Subversion:
Branch/path Revision
- -------------------------------------------------------------------------
stable/8/ r236827
releng/8.3/ r236953
releng/8.2/ r236953
releng/8.1/ r236953
stable/9/ r236826
releng/9.0/ r236953
- -------------------------------------------------------------------------
VII. References
The latest revision of this Errata Notice is available at
http://security.FreeBSD.org/advisories/FreeBSD-EN-12:02.ipv6refcount.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (FreeBSD)
iEYEARECAAYFAk/XQFQACgkQFdaIBMps37LBygCeLi30YsLogAWsemBcX/WdtOqi
35UAoIVvwvGi+fOs/fGm2PoAixAWqhSH
=2X+g
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
Hash: SHA1
=============================================================================
FreeBSD-EN-12:02.ipv6refcount Errata Notice
The FreeBSD Project
Topic: Reference count errors in IPv6 code
Category: core
Modules: sys_netinet sys_netinet6
Announced: 2012-06-12
Credits: Scott Long, Rui Paulo, Maksim Yevmenkin
Affects: FreeBSD 8.0 and later
Corrected: 2012-06-09 22:44:49 UTC (RELENG_8, 8.3-STABLE)
2012-06-12 12:10:10 UTC (RELENG_8_3, 8.3-RELEASE-p3)
2012-06-12 12:10:10 UTC (RELENG_8_2, 8.2-RELEASE-p9)
2012-06-12 12:10:10 UTC (RELENG_8_1, 8.1-RELEASE-p11)
2012-06-09 22:44:24 UTC (RELENG_9, 9.0-STABLE)
2012-06-12 12:10:10 UTC (RELENG_9_0, 9.0-RELEASE-p3)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:http://security.freebsd.org/>.
I. Background
The FreeBSD network stack implements Internet Protocol version 6 (IPv6),
the successor to IPv4. IPv6 is now seeing widespread deployment.
Reference counts are a programming technology used by the FreeBSD kernel
to maintain stability of objects while in use.
II. Problem Description
The FreeBSD IPv4 and IPv6 kernel implementations employ reference counts to
protect IP addresses configured on network interfaces. Due to multiple
bugs, IPv6 address references may be improperly acquired or released; IPv4
is unaffected.
III. Impact
Under high IPv6 network load, reference counts may improperly hit zero
due to overflow or underflow, causing an IPv6 address, which is still in
use, to be freed. This will lead to a kernel panic on next access.
IV. Workaround
No workaround is available, but systems not using any IPv6 communication
are not affected.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to 8-STABLE, or 9-STABLE, or to the
RELENG_8_3, RELENG_8_2, RELENG_8_1, or RELENG_9_0 security branch dated
after the correction date.
2) To patch your present system:
The following patches have been verified to apply to FreeBSD 8.3, 8.2,
8.1, and 9.0 systems.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 8.1-RELEASE, 8.2-RELEASE, and 9.0-RELEASE]
# fetch http://security.FreeBSD.org/patches/EN-12:02/ipv6refcount.patch
# fetch http://security.FreeBSD.org/patches/EN-12:02/ipv6refcount.patch.asc
[FreeBSD 8.3-RELEASE]
# fetch http://security.FreeBSD.org/patches/EN-12:02/ipv6refcount-83.patch
# fetch http://security.FreeBSD.org/patches/EN-12:02/ipv6refcount-83.patch.asc
b) Apply the patch.
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
system.
3) To update your vulnerable system via a binary patch:
Systems running 8.3-RELEASE, 8.2-RELEASE, 8.1-RELEASE, or 9.0-RELEASE on
the i386 or amd64 platforms can be updated via the freebsd-update(8)
utility:
# freebsd-update fetch
# freebsd-update install
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
CVS:
Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_8
sys/netinet/tcp_input.c 1.411.2.22
sys/netinet6/in6.c 1.121.2.28
sys/netinet6/ip6_input.c 1.132.2.9
RELENG_8_3
src/UPDATING 1.632.2.26.2.5
src/sys/conf/newvers.sh 1.83.2.15.2.7
sys/netinet/tcp_input.c 1.411.2.19.2.2
sys/netinet6/in6.c 1.121.2.23.2.2
sys/netinet6/ip6_input.c 1.132.2.6.4.2
RELENG_8_2
src/UPDATING 1.632.2.19.2.11
src/sys/conf/newvers.sh 1.83.2.12.2.14
sys/netinet/tcp_input.c 1.411.2.9.2.2
sys/netinet6/in6.c 1.121.2.12.2.2
sys/netinet6/ip6_input.c 1.132.2.6.2.2
RELENG_8_1
src/UPDATING 1.632.2.14.2.14
src/sys/conf/newvers.sh 1.83.2.10.2.15
sys/netinet/tcp_input.c 1.411.2.6.2.2
sys/netinet6/in6.c 1.121.2.11.2.2
sys/netinet6/ip6_input.c 1.132.2.4.2.2
RELENG_9
sys/netinet/tcp_input.c 1.437.2.7
sys/netinet6/in6.c 1.139.2.16
sys/netinet6/ip6_input.c 1.147.2.4
RELENG_9_0
src/UPDATING 1.702.2.4.2.5
src/sys/conf/newvers.sh 1.95.2.4.2.7
sys/netinet/tcp_input.c 1.437.2.2.2.2
sys/netinet6/in6.c 1.139.2.4.2.2
sys/netinet6/ip6_input.c 1.147.2.1.2.2
- -------------------------------------------------------------------------
Subversion:
Branch/path Revision
- -------------------------------------------------------------------------
stable/8/ r236827
releng/8.3/ r236953
releng/8.2/ r236953
releng/8.1/ r236953
stable/9/ r236826
releng/9.0/ r236953
- -------------------------------------------------------------------------
VII. References
The latest revision of this Errata Notice is available at
http://security.FreeBSD.org/advisories/FreeBSD-EN-12:02.ipv6refcount.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (FreeBSD)
iEYEARECAAYFAk/XQFQACgkQFdaIBMps37LBygCeLi30YsLogAWsemBcX/WdtOqi
35UAoIVvwvGi+fOs/fGm2PoAixAWqhSH
=2X+g
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-12:04.sysret
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-12:04.sysret Security Advisory
The FreeBSD Project
Topic: Privilege escalation when returning from kernel
Category: core
Module: sys_amd64
Announced: 2012-06-12
Credits: Rafal Wojtczuk, John Baldwin
Affects: All supported versions of FreeBSD
Corrected: 2012-06-12 12:10:10 UTC (RELENG_7, 7.4-STABLE)
2012-06-12 12:10:10 UTC (RELENG_7_4, 7.4-RELEASE-p9)
2012-06-12 12:10:10 UTC (RELENG_8, 8.3-STABLE)
2012-06-12 12:10:10 UTC (RELENG_8_3, 8.3-RELEASE-p3)
2012-06-12 12:10:10 UTC (RELENG_8_2, 8.2-RELEASE-p9)
2012-06-12 12:10:10 UTC (RELENG_8_1, 8.1-RELEASE-p11)
2012-06-12 12:10:10 UTC (RELENG_9, 9.0-STABLE)
2012-06-12 12:10:10 UTC (RELENG_9_0, 9.0-RELEASE-p3)
CVE Name: CVE-2012-0217
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.
I. Background
The FreeBSD operating system implements a rings model of security, where
privileged operations are done in the kernel, and most applications
request access to these operations by making a system call, which puts
the CPU into the required privilege level and passes control to the
kernel.
II. Problem Description
FreeBSD/amd64 runs on CPUs from different vendors. Due to varying
behaviour of CPUs in 64 bit mode a sanity check of the kernel may be
insufficient when returning from a system call.
III. Impact
Successful exploitation of the problem can lead to local kernel privilege
escalation, kernel data corruption and/or crash.
To exploit this vulnerability, an attacker must be able to run code with user
privileges on the target system.
IV. Workaround
No workaround is available.
However FreeBSD/amd64 running on AMD CPUs is not vulnerable to this
particular problem.
Systems with 64 bit capable CPUs, but running the 32 bit FreeBSD/i386
kernel are not vulnerable, nor are systems running on different
processor architectures.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to 7-STABLE, 8-STABLE, or 9-STABLE,
or to the RELENG_7_4, RELENG_8_3, RELENG_8_2, RELENG_8_1, or RELENG_9_0
security branch dated after the correction date.
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to FreeBSD 7.4,
8.3, 8.2, 8.1 and 9.0 systems.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret.patch
# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret.patch.asc
b) Apply the patch.
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
3) To update your vulnerable system via a binary patch:
Systems running 7.4-RELEASE, 8.3-RELEASE, 8.2-RELEASE, 8.1-RELEASE,
or 9.0-RELEASE on the i386 or amd64 platforms can be updated via the
freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
CVS:
Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_7
src/sys/amd64/amd64/trap.c 1.319.2.14
RELENG_7_4
src/UPDATING 1.507.2.36.2.11
src/sys/conf/newvers.sh 1.72.2.18.2.14
src/sys/amd64/amd64/trap.c 1.319.2.12.2.2
RELENG_8
src/sys/amd64/amd64/trap.c 1.332.2.24
RELENG_8_3
src/UPDATING 1.632.2.26.2.5
src/sys/conf/newvers.sh 1.83.2.15.2.7
src/sys/amd64/amd64/trap.c 1.332.2.21.2.2
RELENG_8_2
src/UPDATING 1.632.2.19.2.11
src/sys/conf/newvers.sh 1.83.2.12.2.14
src/sys/amd64/amd64/trap.c 1.332.2.14.2.2
RELENG_8_1
src/UPDATING 1.632.2.14.2.14
src/sys/conf/newvers.sh 1.83.2.10.2.15
src/sys/amd64/amd64/trap.c 1.332.2.10.2.2
RELENG_9
src/sys/amd64/amd64/trap.c 1.357.2.9
RELENG_9_0
src/UPDATING 1.702.2.4.2.5
src/sys/conf/newvers.sh 1.95.2.4.2.7
src/sys/amd64/amd64/trap.c 1.357.2.2.2.3
- -------------------------------------------------------------------------
Subversion:
Branch/path Revision
- -------------------------------------------------------------------------
stable/7/ r236953
releng/7.4/ r236953
stable/8/ r236953
releng/8.3/ r236953
releng/8.2/ r236953
releng/8.1/ r236953
stable/9/ r236953
releng/9.0/ r236953
- -------------------------------------------------------------------------
VII. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0217
The latest revision of this advisory is available at
http://security.FreeBSD.org/advisories/FreeBSD-SA-12:04.sysret.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (FreeBSD)
iEYEARECAAYFAk/XQGgACgkQFdaIBMps37KCsACdEvLcb0JhWKmVlvq5SuKzuW1Q
fhsAnRVLFoGa2WGnRpfQrLYCjL9gs8Rd
=RvZd
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
Hash: SHA1
=============================================================================
FreeBSD-SA-12:04.sysret Security Advisory
The FreeBSD Project
Topic: Privilege escalation when returning from kernel
Category: core
Module: sys_amd64
Announced: 2012-06-12
Credits: Rafal Wojtczuk, John Baldwin
Affects: All supported versions of FreeBSD
Corrected: 2012-06-12 12:10:10 UTC (RELENG_7, 7.4-STABLE)
2012-06-12 12:10:10 UTC (RELENG_7_4, 7.4-RELEASE-p9)
2012-06-12 12:10:10 UTC (RELENG_8, 8.3-STABLE)
2012-06-12 12:10:10 UTC (RELENG_8_3, 8.3-RELEASE-p3)
2012-06-12 12:10:10 UTC (RELENG_8_2, 8.2-RELEASE-p9)
2012-06-12 12:10:10 UTC (RELENG_8_1, 8.1-RELEASE-p11)
2012-06-12 12:10:10 UTC (RELENG_9, 9.0-STABLE)
2012-06-12 12:10:10 UTC (RELENG_9_0, 9.0-RELEASE-p3)
CVE Name: CVE-2012-0217
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.
I. Background
The FreeBSD operating system implements a rings model of security, where
privileged operations are done in the kernel, and most applications
request access to these operations by making a system call, which puts
the CPU into the required privilege level and passes control to the
kernel.
II. Problem Description
FreeBSD/amd64 runs on CPUs from different vendors. Due to varying
behaviour of CPUs in 64 bit mode a sanity check of the kernel may be
insufficient when returning from a system call.
III. Impact
Successful exploitation of the problem can lead to local kernel privilege
escalation, kernel data corruption and/or crash.
To exploit this vulnerability, an attacker must be able to run code with user
privileges on the target system.
IV. Workaround
No workaround is available.
However FreeBSD/amd64 running on AMD CPUs is not vulnerable to this
particular problem.
Systems with 64 bit capable CPUs, but running the 32 bit FreeBSD/i386
kernel are not vulnerable, nor are systems running on different
processor architectures.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to 7-STABLE, 8-STABLE, or 9-STABLE,
or to the RELENG_7_4, RELENG_8_3, RELENG_8_2, RELENG_8_1, or RELENG_9_0
security branch dated after the correction date.
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to FreeBSD 7.4,
8.3, 8.2, 8.1 and 9.0 systems.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret.patch
# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret.patch.asc
b) Apply the patch.
# cd /usr/src
# patch < /path/to/patch
c) Recompile your kernel as described in
<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.
3) To update your vulnerable system via a binary patch:
Systems running 7.4-RELEASE, 8.3-RELEASE, 8.2-RELEASE, 8.1-RELEASE,
or 9.0-RELEASE on the i386 or amd64 platforms can be updated via the
freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
CVS:
Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_7
src/sys/amd64/amd64/trap.c 1.319.2.14
RELENG_7_4
src/UPDATING 1.507.2.36.2.11
src/sys/conf/newvers.sh 1.72.2.18.2.14
src/sys/amd64/amd64/trap.c 1.319.2.12.2.2
RELENG_8
src/sys/amd64/amd64/trap.c 1.332.2.24
RELENG_8_3
src/UPDATING 1.632.2.26.2.5
src/sys/conf/newvers.sh 1.83.2.15.2.7
src/sys/amd64/amd64/trap.c 1.332.2.21.2.2
RELENG_8_2
src/UPDATING 1.632.2.19.2.11
src/sys/conf/newvers.sh 1.83.2.12.2.14
src/sys/amd64/amd64/trap.c 1.332.2.14.2.2
RELENG_8_1
src/UPDATING 1.632.2.14.2.14
src/sys/conf/newvers.sh 1.83.2.10.2.15
src/sys/amd64/amd64/trap.c 1.332.2.10.2.2
RELENG_9
src/sys/amd64/amd64/trap.c 1.357.2.9
RELENG_9_0
src/UPDATING 1.702.2.4.2.5
src/sys/conf/newvers.sh 1.95.2.4.2.7
src/sys/amd64/amd64/trap.c 1.357.2.2.2.3
- -------------------------------------------------------------------------
Subversion:
Branch/path Revision
- -------------------------------------------------------------------------
stable/7/ r236953
releng/7.4/ r236953
stable/8/ r236953
releng/8.3/ r236953
releng/8.2/ r236953
releng/8.1/ r236953
stable/9/ r236953
releng/9.0/ r236953
- -------------------------------------------------------------------------
VII. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0217
The latest revision of this advisory is available at
http://security.FreeBSD.org/advisories/FreeBSD-SA-12:04.sysret.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (FreeBSD)
iEYEARECAAYFAk/XQGgACgkQFdaIBMps37KCsACdEvLcb0JhWKmVlvq5SuKzuW1Q
fhsAnRVLFoGa2WGnRpfQrLYCjL9gs8Rd
=RvZd
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-12:03.bind
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-12:03.bind Security Advisory
The FreeBSD Project
Topic: Incorrect handling of zero-length RDATA fields in named(8)
Category: contrib
Module: bind
Announced: 2012-06-12
Credits: Dan Luther, Jeffrey A. Spain
Affects: All supported versions of FreeBSD
Corrected: 2012-06-12 12:10:10 UTC (RELENG_7, 7.4-STABLE)
2012-06-12 12:10:10 UTC (RELENG_7_4, 7.4-RELEASE-p9)
2012-06-04 22:21:55 UTC (RELENG_8, 8.3-STABLE)
2012-06-12 12:10:10 UTC (RELENG_8_3, 8.3-RELEASE-p3)
2012-06-12 12:10:10 UTC (RELENG_8_2, 8.2-RELEASE-p9)
2012-06-12 12:10:10 UTC (RELENG_8_1, 8.1-RELEASE-p11)
2012-06-04 22:14:33 UTC (RELENG_9, 9.0-STABLE)
2012-06-12 12:10:10 UTC (RELENG_9_0, 9.0-RELEASE-p3)
CVE Name: CVE-2012-1667
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.
I. Background
BIND 9 is an implementation of the Domain Name System (DNS) protocols.
The named(8) daemon is an Internet Domain Name Server.
II. Problem Description
The named(8) server does not properly handle DNS resource records where
the RDATA field is zero length, which may cause various issues for the
servers handling them.
III. Impact
Resolving servers may crash or disclose some portion of memory to the
client. Authoritative servers may crash on restart after transferring a
zone containing records with zero-length RDATA fields. These would
result in a denial of service, or leak of sensitive information.
IV. Workaround
No workaround is available, but systems not running the BIND name
server are not affected.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to 7-STABLE, 8-STABLE, or 9-STABLE,
or to the RELENG_7_4, RELENG_8_3, RELENG_8_2, RELENG_8_1, or RELENG_9_0
security branch dated after the correction date.
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to FreeBSD 7.4,
8.3, 8.2, 8.1 and 9.0 systems.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 7.4-RELEASE, 8.3-RELEASE, 8.2-RELEASE, and 8.1-RELEASE]
# fetch http://security.FreeBSD.org/patches/SA-12:03/bind.patch
# fetch http://security.FreeBSD.org/patches/SA-12:03/bind.patch.asc
[FreeBSD 9.0-RELEASE]
# fetch http://security.FreeBSD.org/patches/SA-12:03/bind-90.patch
# fetch http://security.FreeBSD.org/patches/SA-12:03/bind-90.patch.asc
b) Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
# cd /usr/src/lib/bind/
# make obj && make depend && make && make install
# cd /usr/src/usr.sbin/named
# make obj && make depend && make && make install
3) To update your vulnerable system via a binary patch:
Systems running 7.4-RELEASE, 8.3-RELEASE, 8.2-RELEASE, 8.1-RELEASE,
or 9.0-RELEASE on the i386 or amd64 platforms can be updated via the
freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
4) Install and run BIND from the Ports Collection after the correction
date. The following versions and newer versions of BIND installed from
the Ports Collection are not affected by this vulnerability:
bind96-9.6.3.1.ESV.R7.1
bind97-9.7.6.1
bind98-9.8.3.1
bind99-9.9.1.1
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
CVS:
Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_7
src/contrib/bind9/lib/dns/rdata.c 1.1.1.5.2.4
src/contrib/bind9/lib/dns/rdataslab.c 1.1.1.2.2.5
RELENG_7_4
src/UPDATING 1.507.2.36.2.11
src/sys/conf/newvers.sh 1.72.2.18.2.14
src/contrib/bind9/lib/dns/rdata.c 1.1.1.5.2.1.2.1
src/contrib/bind9/lib/dns/rdataslab.c 1.1.1.2.2.3.2.1
RELENG_8
src/contrib/bind9/lib/dns/rdata.c 1.2.2.4
src/contrib/bind9/lib/dns/rdataslab.c 1.2.2.5
RELENG_8_3
src/UPDATING 1.632.2.26.2.5
src/sys/conf/newvers.sh 1.83.2.15.2.7
src/contrib/bind9/lib/dns/rdata.c 1.2.2.2.2.1
src/contrib/bind9/lib/dns/rdataslab.c 1.2.2.3.2.1
RELENG_8_2
src/UPDATING 1.632.2.19.2.11
src/sys/conf/newvers.sh 1.83.2.12.2.14
src/contrib/bind9/lib/dns/rdata.c 1.2.8.1
src/contrib/bind9/lib/dns/rdataslab.c 1.2.2.2.2.1
RELENG_8_1
src/UPDATING 1.632.2.14.2.14
src/sys/conf/newvers.sh 1.83.2.10.2.15
src/contrib/bind9/lib/dns/rdata.c 1.2.6.1
src/contrib/bind9/lib/dns/rdataslab.c 1.2.2.1.2.1
RELENG_9
src/contrib/bind9/lib/dns/rdata.c 1.5.2.2
src/contrib/bind9/lib/dns/rdataslab.c 1.7.2.2
RELENG_9_0
src/UPDATING 1.702.2.4.2.5
src/sys/conf/newvers.sh 1.95.2.4.2.7
src/contrib/bind9/lib/dns/rdata.c 1.5.4.1
src/contrib/bind9/lib/dns/rdataslab.c 1.7.4.1
- -------------------------------------------------------------------------
Subversion:
Branch/path Revision
- -------------------------------------------------------------------------
stable/7/ r236953
releng/7.4/ r236953
stable/8/ r236590
releng/8.3/ r236953
releng/8.2/ r236953
releng/8.1/ r236953
stable/9/ r236587
releng/9.0/ r236953
- -------------------------------------------------------------------------
VII. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1667
http://www.isc.org/software/bind/advisories/cve-2012-1667
The latest revision of this advisory is available at
http://security.FreeBSD.org/advisories/FreeBSD-SA-12:03.bind.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (FreeBSD)
iEYEARECAAYFAk/XQGEACgkQFdaIBMps37LU+gCfcP1MdQy8s5gjNWJfW+BiP6oI
CWkAnRZzIRxAKWgD2spPAuBu04S9ZQkA
=aI2g
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
Hash: SHA1
=============================================================================
FreeBSD-SA-12:03.bind Security Advisory
The FreeBSD Project
Topic: Incorrect handling of zero-length RDATA fields in named(8)
Category: contrib
Module: bind
Announced: 2012-06-12
Credits: Dan Luther, Jeffrey A. Spain
Affects: All supported versions of FreeBSD
Corrected: 2012-06-12 12:10:10 UTC (RELENG_7, 7.4-STABLE)
2012-06-12 12:10:10 UTC (RELENG_7_4, 7.4-RELEASE-p9)
2012-06-04 22:21:55 UTC (RELENG_8, 8.3-STABLE)
2012-06-12 12:10:10 UTC (RELENG_8_3, 8.3-RELEASE-p3)
2012-06-12 12:10:10 UTC (RELENG_8_2, 8.2-RELEASE-p9)
2012-06-12 12:10:10 UTC (RELENG_8_1, 8.1-RELEASE-p11)
2012-06-04 22:14:33 UTC (RELENG_9, 9.0-STABLE)
2012-06-12 12:10:10 UTC (RELENG_9_0, 9.0-RELEASE-p3)
CVE Name: CVE-2012-1667
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.
I. Background
BIND 9 is an implementation of the Domain Name System (DNS) protocols.
The named(8) daemon is an Internet Domain Name Server.
II. Problem Description
The named(8) server does not properly handle DNS resource records where
the RDATA field is zero length, which may cause various issues for the
servers handling them.
III. Impact
Resolving servers may crash or disclose some portion of memory to the
client. Authoritative servers may crash on restart after transferring a
zone containing records with zero-length RDATA fields. These would
result in a denial of service, or leak of sensitive information.
IV. Workaround
No workaround is available, but systems not running the BIND name
server are not affected.
V. Solution
Perform one of the following:
1) Upgrade your vulnerable system to 7-STABLE, 8-STABLE, or 9-STABLE,
or to the RELENG_7_4, RELENG_8_3, RELENG_8_2, RELENG_8_1, or RELENG_9_0
security branch dated after the correction date.
2) To update your vulnerable system via a source code patch:
The following patches have been verified to apply to FreeBSD 7.4,
8.3, 8.2, 8.1 and 9.0 systems.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
[FreeBSD 7.4-RELEASE, 8.3-RELEASE, 8.2-RELEASE, and 8.1-RELEASE]
# fetch http://security.FreeBSD.org/patches/SA-12:03/bind.patch
# fetch http://security.FreeBSD.org/patches/SA-12:03/bind.patch.asc
[FreeBSD 9.0-RELEASE]
# fetch http://security.FreeBSD.org/patches/SA-12:03/bind-90.patch
# fetch http://security.FreeBSD.org/patches/SA-12:03/bind-90.patch.asc
b) Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
# cd /usr/src/lib/bind/
# make obj && make depend && make && make install
# cd /usr/src/usr.sbin/named
# make obj && make depend && make && make install
3) To update your vulnerable system via a binary patch:
Systems running 7.4-RELEASE, 8.3-RELEASE, 8.2-RELEASE, 8.1-RELEASE,
or 9.0-RELEASE on the i386 or amd64 platforms can be updated via the
freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
4) Install and run BIND from the Ports Collection after the correction
date. The following versions and newer versions of BIND installed from
the Ports Collection are not affected by this vulnerability:
bind96-9.6.3.1.ESV.R7.1
bind97-9.7.6.1
bind98-9.8.3.1
bind99-9.9.1.1
VI. Correction details
The following list contains the revision numbers of each file that was
corrected in FreeBSD.
CVS:
Branch Revision
Path
- -------------------------------------------------------------------------
RELENG_7
src/contrib/bind9/lib/dns/rdata.c 1.1.1.5.2.4
src/contrib/bind9/lib/dns/rdataslab.c 1.1.1.2.2.5
RELENG_7_4
src/UPDATING 1.507.2.36.2.11
src/sys/conf/newvers.sh 1.72.2.18.2.14
src/contrib/bind9/lib/dns/rdata.c 1.1.1.5.2.1.2.1
src/contrib/bind9/lib/dns/rdataslab.c 1.1.1.2.2.3.2.1
RELENG_8
src/contrib/bind9/lib/dns/rdata.c 1.2.2.4
src/contrib/bind9/lib/dns/rdataslab.c 1.2.2.5
RELENG_8_3
src/UPDATING 1.632.2.26.2.5
src/sys/conf/newvers.sh 1.83.2.15.2.7
src/contrib/bind9/lib/dns/rdata.c 1.2.2.2.2.1
src/contrib/bind9/lib/dns/rdataslab.c 1.2.2.3.2.1
RELENG_8_2
src/UPDATING 1.632.2.19.2.11
src/sys/conf/newvers.sh 1.83.2.12.2.14
src/contrib/bind9/lib/dns/rdata.c 1.2.8.1
src/contrib/bind9/lib/dns/rdataslab.c 1.2.2.2.2.1
RELENG_8_1
src/UPDATING 1.632.2.14.2.14
src/sys/conf/newvers.sh 1.83.2.10.2.15
src/contrib/bind9/lib/dns/rdata.c 1.2.6.1
src/contrib/bind9/lib/dns/rdataslab.c 1.2.2.1.2.1
RELENG_9
src/contrib/bind9/lib/dns/rdata.c 1.5.2.2
src/contrib/bind9/lib/dns/rdataslab.c 1.7.2.2
RELENG_9_0
src/UPDATING 1.702.2.4.2.5
src/sys/conf/newvers.sh 1.95.2.4.2.7
src/contrib/bind9/lib/dns/rdata.c 1.5.4.1
src/contrib/bind9/lib/dns/rdataslab.c 1.7.4.1
- -------------------------------------------------------------------------
Subversion:
Branch/path Revision
- -------------------------------------------------------------------------
stable/7/ r236953
releng/7.4/ r236953
stable/8/ r236590
releng/8.3/ r236953
releng/8.2/ r236953
releng/8.1/ r236953
stable/9/ r236587
releng/9.0/ r236953
- -------------------------------------------------------------------------
VII. References
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1667
http://www.isc.org/software/bind/advisories/cve-2012-1667
The latest revision of this advisory is available at
http://security.FreeBSD.org/advisories/FreeBSD-SA-12:03.bind.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (FreeBSD)
iEYEARECAAYFAk/XQGEACgkQFdaIBMps37LU+gCfcP1MdQy8s5gjNWJfW+BiP6oI
CWkAnRZzIRxAKWgD2spPAuBu04S9ZQkA
=aI2g
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-announce@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-announce
To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"
Subscribe to:
Posts (Atom)