[FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-16:19.sendmsg

Alan Somers asomers at freebsd.org
Tue May 17 22:59:30 UTC 2016


I think you put the wrong revision numbers in here.  Revision 300093 is the
kbd fix for stable/9.  300092 is the right revision for the sendmsg fix in
stable/10.

On Tue, May 17, 2016 at 4:40 PM, FreeBSD Security Advisories <
security-advisories at freebsd.org> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
>
> =============================================================================
> FreeBSD-SA-16:19.sendmsg                                    Security
> Advisory
>                                                           The FreeBSD
> Project
>
> Topic:          Incorrect argument handling in sendmsg(2)
>
> Category:       core
> Module:         kernel
> Announced:      2016-05-17
> Credits:        CTurt and the HardenedBSD team
> Affects:        FreeBSD 10.x
> Corrected:      2016-05-17 22:30:43 UTC (stable/10, 10.3-STABLE)
>                 2016-05-17 22:28:27 UTC (releng/10.3, 10.3-RELEASE-p3)
>                 2016-05-17 22:28:20 UTC (releng/10.2, 10.2-RELEASE-p17)
>                 2016-05-17 22:28:11 UTC (releng/10.1, 10.1-RELEASE-p34)
> CVE Name:       CVE-2016-1887
>
> For general information regarding FreeBSD Security Advisories,
> including descriptions of the fields above, security branches, and the
> following sections, please visit <URL:https://security.FreeBSD.org/>.
>
> I.   Background
>
> The sendmsg(2) system call allows to send data to a socket.  The data
> may be accompanied by optional ancillary data.
>
> II.  Problem Description
>
> Incorrect argument handling in the socket code allows malicious local
> user to overwrite large portion of the kernel memory.
>
> III. Impact
>
> Malicious local user may crash kernel or execute arbitrary code in the
> kernel,
> potentially gaining superuser privileges.
>
> IV.  Workaround
>
> No workaround is available.
>
> V.   Solution
>
> Perform one of the following:
>
> 1) Upgrade your vulnerable system to a supported FreeBSD stable or
> release / security branch (releng) dated after the correction date.
>
> Reboot is required.
>
> 2) To update your vulnerable system via a binary patch:
>
> Systems running a RELEASE version of FreeBSD on the i386 or amd64
> platforms can be updated via the freebsd-update(8) utility:
>
> # freebsd-update fetch
> # freebsd-update install
>
> Reboot is required.
>
> 3) To update your vulnerable system via a source code patch:
>
> The following patches have been verified to apply to the applicable
> FreeBSD release branches.
>
> a) Download the relevant patch from the location below, and verify the
> detached PGP signature using your PGP utility.
>
> # fetch https://security.FreeBSD.org/patches/SA-16:19/sendmsg.patch
> # fetch https://security.FreeBSD.org/patches/SA-16:19/sendmsg.patch.asc
> # gpg --verify sendmsg.patch.asc
>
> b) Apply the patch.  Execute the following commands as root:
>
> # cd /usr/src
> # patch < /path/to/patch
>
> c) Recompile your kernel as described in
> <URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
> system.
>
> VI.  Correction details
>
> The following list contains the correction revision numbers for each
> affected branch.
>
> Branch/path                                                      Revision
> - -------------------------------------------------------------------------
> stable/10/                                                        r300093
> releng/10.1/                                                      r300085
> releng/10.2/                                                      r300086
> releng/10.3/                                                      r300087
> - -------------------------------------------------------------------------
>
> To see which files were modified by a particular revision, run the
> following command, replacing NNNNNN with the revision number, on a
> machine with Subversion installed:
>
> # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
>
> Or visit the following URL, replacing NNNNNN with the revision number:
>
> <URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
>
> VII. References
>
> <URL:http://cturt.github.io/sendmsg.html>
> <URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1887>
>
> The latest revision of this advisory is available at
> <URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:19.sendmsg.asc>
> -----BEGIN PGP SIGNATURE-----
>
> iQIcBAEBCgAGBQJXO50VAAoJEO1n7NZdz2rnWOAP/RyUks4Xf30YVGra+bHUjOsw
> gFQEJ7HNNJHkkaJ5l0LpVh87YQxr7VXnlddskDRcL6MDf7IjW5bkpw+875iEFz93
> VykCN+1l84D0WlXAi9YZwg1GWoQs3SBfNpT1dtr9GuqJYAAeBfvMydJI1jHbJzJJ
> 7inDzgvhfPOaq8wQBfjXbUN0GgYiz6dJc3xir4+4JRw0C9sgzh1pI14o1oREJbZ0
> glmHRCpuijndqluabl7rF19mSSDyF0AV7RqDCZIt7AkYHWvR1yLl4o0LGGBYCLXx
> iArz2ayzbAqBVw1JktVHzGx0HuVpobxb/yOpDuYBcaxtSL6riuSYrkzHp0Dca+JT
> 0/qENdMnXDN98ZMBcvVR66uWUuTVEF3/T2LXCi6G+RllrcoavvLqrcjghqT5k84P
> jmAjO3Q3rIeAinjArfyexHo/f/A5CHGJylsY0FZd41A35xWaYg/dd0cT+8qsoigD
> 65Ix+/6AOIjocqqQToFXiHKBCN5unwrn/UT5heU0K3ZqESGmxUrx+6yJ3mjDjtLh
> C7zWcNaJu1whcT7e4eKx9vMlAFFt6OrSnr1V09KnqPiHPtIu95PZhGlrizlZVELQ
> 8fKHoycOkT5F+00CWzcQuZK+l9p5iT5aWGkhunwvR7EKzqvgEFbDDpaJ5QzKTNTl
> lJXypb8SMlol4YY8Spdo
> =wuhi
> -----END PGP SIGNATURE-----
> _______________________________________________
> freebsd-announce at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-announce
> To unsubscribe, send any mail to "freebsd-announce-unsubscribe at freebsd.org
> "
>


More information about the freebsd-security mailing list