git: 512f2bb33b - main - Update SA-22:15.ping for credit, impact, and a spelling mistake.

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Gordon Tetlow <gordon_at_FreeBSD.org>
Date: Thu, 15 Dec 2022 05:52:03 UTC
The branch main has been updated by gordon (src committer):

URL: https://cgit.FreeBSD.org/doc/commit/?id=512f2bb33b8b5b3e071cc45cda5374d3a1775b20

commit 512f2bb33b8b5b3e071cc45cda5374d3a1775b20
Author:     Gordon Tetlow <gordon@FreeBSD.org>
AuthorDate: 2022-12-15 05:50:59 +0000
Commit:     Gordon Tetlow <gordon@FreeBSD.org>
CommitDate: 2022-12-15 05:51:47 +0000

    Update SA-22:15.ping for credit, impact, and a spelling mistake.
    
    Approved by:    so
---
 .../security/advisories/FreeBSD-SA-22:15.ping.asc  | 38 ++++++++++++----------
 1 file changed, 21 insertions(+), 17 deletions(-)

diff --git a/website/static/security/advisories/FreeBSD-SA-22:15.ping.asc b/website/static/security/advisories/FreeBSD-SA-22:15.ping.asc
index 53807fc550..5c4224ec06 100644
--- a/website/static/security/advisories/FreeBSD-SA-22:15.ping.asc
+++ b/website/static/security/advisories/FreeBSD-SA-22:15.ping.asc
@@ -10,7 +10,7 @@ Topic:          Stack overflow in ping(8)
 Category:       core
 Module:         ping
 Announced:      2022-11-29
-Credits:        Tom Jones
+Credits:        NetApp, Inc.
 Affects:        All supported versions of FreeBSD.
 Corrected:      2022-11-29 22:56:33 UTC (stable/13, 13.1-STABLE)
                 2022-11-29 23:00:43 UTC (releng/13.1, 13.1-RELEASE-p5)
@@ -23,6 +23,11 @@ For general information regarding FreeBSD Security Advisories,
 including descriptions of the fields above, security branches, and the
 following sections, please visit <URL:https://security.FreeBSD.org/>.
 
+0.   Revision History
+
+v1.0  2022-11-29 -- Initial release
+v1.1  2022-12-14 -- Corrected Credits and updated Impact section.
+
 I.   Background
 
 ping(8) is a program that can be used to test reachability of a remote
@@ -49,11 +54,10 @@ pr_pack() overflows the destination buffer by up to 40 bytes.
 III. Impact
 
 The memory safety bugs described above can be triggered by a remote
-host, causing the ping program to crash.  It may be possible for a
-malicious host to trigger remote code execution in ping.
+host, causing the ping program to crash.
 
 The ping process runs in a capability mode sandbox on all affected
-versions of FreeBSD and is thus very constrainted in how it can interact
+versions of FreeBSD and is thus very constrained in how it can interact
 with the rest of the system at the point where the bug can occur.
 
 IV.  Workaround
@@ -145,17 +149,17 @@ The latest revision of this advisory is available at
 <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-22:15.ping.asc>
 -----BEGIN PGP SIGNATURE-----
 
-iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmOGlvgACgkQ05eS9J6n
-5cIQGw//ZiF50YbtOc7oYgVcJTGlBEAbKWV6OteTDpXWb/OlwkznGxwzrG0DPvWN
-wHyItOPSAmdxqC4xZUsZh9HNxlim80r5TR1y4BE22Lsg2vL5Ir0h3tcqOKKpHYLS
-KzNgishF1+J56JeU3TpTjOe5QbXK3EZiw092lH8uSXTp3PqcHxBfFuW9Cjc1Rq/u
-ewjHWI7zNCMOpGh3w/v14ZxGl3aFusL1jmrcyi5kZub2Pr0N3bUKgS3/3wXfWF6o
-hcFhl1ChmAwpT/1313LNE7SHPl4HCC5XK4r3w+wniLjOJUhnioOBjay29QLt5O53
-0rYaINNvo7ooBSpcPO9ixta+7dqah+uuW3vnFewuahqNCaAGLhMDSPqyZW7KfYgU
-F7TIDoBRHPHASFb3FOiAAcCNMCvmGl7vFyVoWe0xJ1ion2jqO83R8XOGgnHsPL/l
-cTYTPdECPMIDMvmfIH9UAbNCzKEYdNjWsXUjFJKkxCBtwUcBRsn1TEu24zU2j9mS
-hRlY1DAYVy8raYUnQp/f6Llroim5DKyUYpJpeB3j//Fk6KACRnZKsqsSIj9U3OYf
-KD6zfJ35RrolPHePMPmy6vGPDYFocDo+YQSm1eauwfSeDGnsjBmIdzxahkgEav4Z
-5agsPd2naEntMiJkGGgeuYCifEvkCttJbuTn2s+7VkuTap0uTuA=
-=rown
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmOatTwACgkQ05eS9J6n
+5cJuig/8DQ3kQmQN8R7W+tFrtYmA/tIQYs+t5Eenx2Qc3XynQOuk7KQTHv0mFWLJ
+zEPy5fB8iwcZnR5ZDL2H5J3vJ2tBdukFMU/nGqIWeJEzIJa0G2/KriZFxz5QnJFQ
+bJ/4IVWNPyW0G4jredOVtjOo1J3FuftNJ/cpcbcYM0/f+7WfmVxAwN7ngtV0DtMT
+G+s883BsVXNNHOShqulGelIa1fAgTjP9N9cZyFwgW8sGmDtqswoUOcpLnSxkPrK9
+N06gNKPePhN47LUr02JVIQe+ERO5ss8bXQrSO1GNWt4tPynWYXfmiqDBmIjAdhIK
+/gEbEnR/roD5qX86hr5sFqPe90hurrXRT0gNo6mrWVKVUTHsTjvr+DBWy8WlEhzM
+e8SmJzK06rD1T9bjRnobzF3dD46VccdMYVdakFeAfwNa2bplmABWcGBAdCrwgOyU
+qs+cv9DdAfyHVmniKZrsZWTC9KBsi+8hSqhsF5uR+J5hAynBt9rsCXig9lQaFojW
+uzOaLsIwtrvjn977S/Smkq9vAMh0k4QuQgwZqZAZZTGpYHqEtDIho7sJfTO+vuPP
+t4N23FnrMyK8sCiwweYI4hNHqPVwRGD/nvRadZYOgSLTLN5rZAi+JhJWXc7J5unE
+ssgWSH/7mcxHbOT7aW6Rs40zCWkMcrgrp33fEBgXWwuStGOQ6jY=
+=ADME
 -----END PGP SIGNATURE-----