svn commit: r48011 - in head/share/security: advisories patches/EN-16:01 patches/EN-16:02 patches/EN-16:03 patches/SA-16:01 patches/SA-16:02 patches/SA-16:03 patches/SA-16:04 patches/SA-16:05 patch...
    Gleb Smirnoff 
    glebius at FreeBSD.org
       
    Thu Jan 14 09:40:55 UTC 2016
    
    
  
Author: glebius (src committer)
Date: Thu Jan 14 09:40:53 2016
New Revision: 48011
URL: https://svnweb.freebsd.org/changeset/doc/48011
Log:
  Publish todays advisories.
  
  Approved by:	so
Added:
  head/share/security/advisories/FreeBSD-EN-16:01.filemon.asc   (contents, props changed)
  head/share/security/advisories/FreeBSD-EN-16:02.pf.asc   (contents, props changed)
  head/share/security/advisories/FreeBSD-EN-16:03.yplib.asc   (contents, props changed)
  head/share/security/advisories/FreeBSD-SA-16:01.sctp.asc   (contents, props changed)
  head/share/security/advisories/FreeBSD-SA-16:02.ntp.asc   (contents, props changed)
  head/share/security/advisories/FreeBSD-SA-16:03.linux.asc   (contents, props changed)
  head/share/security/advisories/FreeBSD-SA-16:04.linux.asc   (contents, props changed)
  head/share/security/advisories/FreeBSD-SA-16:05.tcp.asc   (contents, props changed)
  head/share/security/advisories/FreeBSD-SA-16:06.bsnmpd.asc   (contents, props changed)
  head/share/security/patches/EN-16:01/
  head/share/security/patches/EN-16:01/filemon.patch   (contents, props changed)
  head/share/security/patches/EN-16:01/filemon.patch.asc   (contents, props changed)
  head/share/security/patches/EN-16:02/
  head/share/security/patches/EN-16:02/pf-10.1.patch   (contents, props changed)
  head/share/security/patches/EN-16:02/pf-10.1.patch.asc   (contents, props changed)
  head/share/security/patches/EN-16:02/pf-10.2.patch   (contents, props changed)
  head/share/security/patches/EN-16:02/pf-10.2.patch.asc   (contents, props changed)
  head/share/security/patches/EN-16:02/pf-9.patch   (contents, props changed)
  head/share/security/patches/EN-16:02/pf-9.patch.asc   (contents, props changed)
  head/share/security/patches/EN-16:03/
  head/share/security/patches/EN-16:03/yplib.patch   (contents, props changed)
  head/share/security/patches/EN-16:03/yplib.patch.asc   (contents, props changed)
  head/share/security/patches/SA-16:01/
  head/share/security/patches/SA-16:01/sctp.patch   (contents, props changed)
  head/share/security/patches/SA-16:01/sctp.patch.asc   (contents, props changed)
  head/share/security/patches/SA-16:02/
  head/share/security/patches/SA-16:02/ntp-10.patch   (contents, props changed)
  head/share/security/patches/SA-16:02/ntp-10.patch.asc   (contents, props changed)
  head/share/security/patches/SA-16:02/ntp-9.patch   (contents, props changed)
  head/share/security/patches/SA-16:02/ntp-9.patch.asc   (contents, props changed)
  head/share/security/patches/SA-16:03/
  head/share/security/patches/SA-16:03/linux.patch   (contents, props changed)
  head/share/security/patches/SA-16:03/linux.patch.asc   (contents, props changed)
  head/share/security/patches/SA-16:04/
  head/share/security/patches/SA-16:04/linux.patch   (contents, props changed)
  head/share/security/patches/SA-16:04/linux.patch.asc   (contents, props changed)
  head/share/security/patches/SA-16:05/
  head/share/security/patches/SA-16:05/tcp.patch   (contents, props changed)
  head/share/security/patches/SA-16:05/tcp.patch.asc   (contents, props changed)
  head/share/security/patches/SA-16:06/
  head/share/security/patches/SA-16:06/bsnmpd.patch   (contents, props changed)
  head/share/security/patches/SA-16:06/bsnmpd.patch.asc   (contents, props changed)
Added: head/share/security/advisories/FreeBSD-EN-16:01.filemon.asc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-EN-16:01.filemon.asc	Thu Jan 14 09:40:53 2016	(r48011)
@@ -0,0 +1,124 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-16:01.filemon                                        Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          filemon and bmake meta-mode stability issues
+
+Category:       core
+Module:         filemon
+Announced:      2016-01-14
+Credits:        Bryan Drewery
+Affects:        FreeBSD 10.2-RELEASE
+Corrected:      2015-09-09 17:15:13 UTC (stable/10, 10.2-STABLE)
+                2016-01-14 09:10:46 UTC (releng/10.2, 10.2-RELEASE-p9)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security branches,
+and the following sections, please visit
+<URL:https://security.freebsd.org/>.
+
+I.   Background
+
+In FreeBSD 10.2, /usr/bin/make is the NetBSD bmake utility.  bmake has
+a feature called meta-mode [1], which can make use of the filemon(4) kernel
+module to perform reliable update builds and provide better build
+dependencies.
+[1]  http://www.crufty.net/sjg/blog/freebsd-meta-mode.htm
+
+II.  Problem Description
+
+Multiple stability and locking problems have been fixed in the filemon(4)
+kernel module.  Without these fixes, using meta-mode and filemon(4) on a
+FreeBSD 10.2 system may result in kernel panics.
+
+III. Impact
+
+For the jails and virtual machines used by the FreeBSD Jenkins Continuous
+Integration builders, it is desirable to use released versions FreeBSD.
+This will allow us to set up builders to test building FreeBSD-CURRENT with
+meta-mode, using a FreeBSD 10.2-RELEASE-p9 build host.
+
+IV.  Workaround
+
+No workaround is available for the filemon stability problems.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+2) To update your present system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+3) To update your present system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-16:01/filemon.patch
+# fetch https://security.FreeBSD.org/patches/EN-16:01/filemon.patch.asc
+# gpg --verify filemon.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/10                                                         r287598
+releng/10.2                                                       r293893
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+The latest revision of this Errata Notice is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-16:01.filemon.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAEBCgAGBQJWl2jlAAoJEO1n7NZdz2rnF6kQAJEgtPKwowupOd3QV2UvMJ4T
+PP/UK9tvF+Tbmow+5z9vV8ghh/oHc/AUWxhbIcnOFO7YldwrYJDXAHWF5VoTgatb
+Ycg+R10Kyg8loZZuAAaGsY+zS78BIXunKVduWealz6TV978sZ5mr7qVJjX03Bvdh
+9s3dX6PLfA0ZtqxXuhJ3oMj1Nt7UoGyNNNg23TWhQDMzpueB1EihhjzcLEk8UCjR
+OlZElMXsnI/c9zG0eaSDPqfUuQrZDasQ+kM4eWaEXxcZVHSEQtU7vJ6SjxAkeCHT
+fzRcAilzQBQJzObzpdXCxrd3OmKL52Ml44Kll2k31QQM3YDHw5g+mMJ+G6BoD5HZ
+hQktb7Y064s/SQ0S91aTCgdSBzlTOny7IjsE1W+T6WD4Dohc1aY5y5u2UDBIRIS9
+BvovQF9k0PXIqpA3DjV1cGp3oYLpmJc5NYqHuJ9hkQWSp8FntfuQ1gKpieznyg25
+mb7fsOU693Dglcodtz1uQcwwgh/0s7bEcP6o7ejzsd4bzhe9CTLgD5qp0MD8htiH
+Li+i9O5hUS8nheJt03btw/mq7CPbr66JWnpVHmPe8kL8SU7qmwBwq6d3buk5Hyr1
+tOmpuTyW+dq4iWweG411/j9M8Q03fD/DI4Ez2KS5OTizNAWb2wq8e+OZIk6TDE37
+Aam3KrksQZjG+sqL7NVp
+=INcx
+-----END PGP SIGNATURE-----
Added: head/share/security/advisories/FreeBSD-EN-16:02.pf.asc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-EN-16:02.pf.asc	Thu Jan 14 09:40:53 2016	(r48011)
@@ -0,0 +1,149 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-16:02.pf                                             Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          Invalid TCP checksums with pf(4)
+
+Category:       core
+Module:         pf
+Announced:      2016-01-14
+Credits:        Kristof Provost <kp at FreeBSD.org>
+Affects:        All supported versions of FreeBSD.
+Corrected:      2015-11-11 12:36:42 UTC (stable/10, 10.2-STABLE)
+                2016-01-14 09:10:46 UTC (releng/10.2, 10.2-RELEASE-p9)
+                2016-01-14 09:11:16 UTC (releng/10.1, 10.1-RELEASE-p26)
+                2015-12-25 15:12:54 UTC (stable/9, 9.3-STABLE)
+                2016-01-14 09:11:26 UTC (releng/9.3, 9.3-RELEASE-p33)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+The pf(4) is one of several packet filters available in FreeBSD, originally
+written for OpenBSD.  In addition to filtering packets, it also has packet
+normalization capabilities.
+
+II.  Problem Description
+
+When running with certain network interfaces, capable for hardware transmit
+checksum offloading, or TCP segmentation offload, pf(4) produces packets with
+invalid TCP checksums.
+
+III. Impact
+
+The TCP packets with invalid checksums are rejected by the remote host,
+leading to large performance impacts or inability to successfully run
+a TCP connection.
+
+IV.  Workaround
+
+Disable transmit checksum offloading and TSO support on the affected
+network interface:
+
+# ifconfig ue0 -txcsum -tso
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+Reboot the system or unload and reload the pf.ko kernel module.
+
+2) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+Reboot the system or unload and reload the pf.ko kernel module.
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 10.2]
+# fetch https://security.FreeBSD.org/patches/EN-16:02/pf-10.2.patch
+# fetch https://security.FreeBSD.org/patches/EN-16:02/pf-10.2.patch.asc
+# gpg --verify pf-10.2.patch.asc
+
+[FreeBSD 10.1]
+# fetch https://security.FreeBSD.org/patches/EN-16:02/pf-10.1.patch
+# fetch https://security.FreeBSD.org/patches/EN-16:02/pf-10.1.patch.asc
+# gpg --verify pf-10.1.patch.asc
+
+[FreeBSD 9.3]
+# fetch https://security.FreeBSD.org/patches/EN-16:02/pf-9.3.patch
+# fetch https://security.FreeBSD.org/patches/EN-16:02/pf-9.3.patch.asc
+# gpg --verify pf-9.3.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system or unload and reload the pf.ko kernel module.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/9/                                                         r292732
+releng/9.3/                                                       r293896
+stable/10/                                                        r290669
+releng/10.1/                                                      r293894
+releng/10.2/                                                      r293893
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=154428>
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193579>
+<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=198868>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-16:02.pf.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAEBCgAGBQJWl2rlAAoJEO1n7NZdz2rnv0QP/RXPzKbSRsyyX3914BJv/W4V
+coLFodRd62WxPvFIOXaLbNsVSi1yqRqNS3BPNTXnldEvjZWS5HsRlY5inq7hCjOn
+NzZFIBVD3aL3eIXBUghNHTcCp3Ml5zIzcGUwJ0wW4F8j3D8Ty0YbJs+E7Ku63DIb
+3rR2Mj1Jcoxi4JNVaQ962JlRrqauQUIiFbS0bSmP/cQCUlvhm+uk8Yj1KgSYesSu
+n+lQAipH2zZWGjVj1xxvqi4cUcr6J6LEF0eTmg+UoM24vhq+QNql5aactYMOORiW
+f+80HOWm6R8F/6TI2xs7HpNfnQNuNBRTfmfViQB8GgzgV2juElcTXW4NKXALrkWy
+HxAfv6wdhDxclOXzumUXDOXC90o62Jv5gWiToJWLyETHI1vTe4UuE0egejFHSDJB
+bmFpbYeuvXJ5/3dAYHHtnjtIPE9PXG+c16eJr3XDkY4plreL/hpyDHFRd3scqWew
+EvPnkYcXZmzpCC/wZbDM5sI76YAfX7vayVqsUI0X4WRueYyIljRQGwygwfmHWiac
+HIrgLgJvXZCGXiiuSpZq5874er0/UN9czGuMVOFZoXZ45yuj99pO1rJNZryO926A
+UAOsC76m78myPrM+a4dJDrnWKgZjputCEBHXXNS8Yxt1cimrrbAb2wy0gt1CIMFm
+cuAfikAwdNj3JAvjS4oA
+=Aw1R
+-----END PGP SIGNATURE-----
Added: head/share/security/advisories/FreeBSD-EN-16:03.yplib.asc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-EN-16:03.yplib.asc	Thu Jan 14 09:40:53 2016	(r48011)
@@ -0,0 +1,139 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-16:03.ypclnt                                         Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          YP/NIS client library critical bug
+
+Category:       core
+Module:         ypclnt
+Announced:      2016-01-14
+Credits:        Ravi Pokala,
+                Lakshmi Narasimhan Sundararajan,
+                Fred Lewis,
+                Pushkar Kothavade
+Affects:        All supported versions of FreeBSD.
+Corrected:      2015-12-21 14:32:29 UTC (stable/10, 10.2-STABLE)
+                2016-01-14 09:10:46 UTC (releng/10.2, 10.2-RELEASE-p9)
+                2016-01-14 09:11:16 UTC (releng/10.1, 10.1-RELEASE-p26)
+                2016-01-13 05:32:24 UTC (stable/9, 9.3-STABLE)
+                2016-01-14 09:11:26 UTC (releng/9.3, 9.3-RELEASE-p33)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+The YP/NIS subsystem allows network management of passwd, group, netgroup,
+hosts, services, rpc, bootparams and ethers file entries.  The ypclnt suite
+provides an interface to the YP subsystem.
+
+The standard NIS protocol limits its database entries to YPMAXRECORD (1024
+characters).
+
+II.  Problem Description
+
+There is a bug with the NIS client library, which can lead to an infinite
+loop.
+
+III. Impact
+
+A server that is deliberately configured to violate the NIS/YP protocol can
+cause a FreeBSD NIS client to be stuck forever.
+
+IV.  Workaround
+
+No workaround is available, but systems that are not configured to use
+NIS/YP are not affected.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+A reboot is recommended.
+
+2) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+A reboot is recommended.
+
+3) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-16:03/yplib.patch
+# fetch https://security.FreeBSD.org/patches/EN-16:03/yplib.patch.asc
+# gpg --verify yplib.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+A reboot is recommended.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/9/                                                         r293804
+releng/9.3/                                                       r293896
+stable/10/                                                        r292547
+releng/10.1/                                                      r293894
+releng/10.2/                                                      r293893
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://reviews.freebsd.org/D4095>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-16:03.ypclnt.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAEBCgAGBQJWl2j1AAoJEO1n7NZdz2rnRZQP/iZq/xlDFZrxwpW4S0GimmmK
+CdB9yE8rITW2XRWIaTW+fj4aqQ8cvD3IpqtgPe1wCXe69XgmICPwwBh/zNB4w0qu
+xmyihP6/2qTLatIq886StqXRkS+05U5y4VoEwFaRkBCy3IWDVXgM41DsRhOuYq3y
+Y72VNeJFSuD+qb0i0B56PpPhaVd7hyEgvuXLXxi3l/BiUMD9t4Z36W8a2IPrF1wa
+wviTB6cr614dzH+Jou+d9ffKoD6TWeZtbcf1jrw12YVBJhPx3vCqPVJGerGRUwVF
+TeD4cUyHmY1nRa4zssKJcbAbgbYGtumRZTysa50eXBVsd7MTloZk0o8Angr6uGeR
+rRo8Sop8PbwWm81Zykb4lIBOVUB4TsEfMjusKhgcJ5kmd+gK8z1ZzE/ZlOes2UJ8
+eH+LOEKjux3c9UKkz6RDWinM277J5fhZ5Zi6jO6n/LrJRKiqKud6VeHQLOElXye7
+/8KFqCaym8JpZ0P3Cywid+2EyqjlNwvsZleDs8EE/d1+60yX+Qm2j+BKAfqhSyLD
+a9TimJTsEMA47Rf3af2lx1q4bnrKJVSBGhNaNzDHe5UIge0FAt8uUwgL/yIDpBlS
+/5TtnD3F30B34482sAf4u/WW/1ipppIFEe8i6d9uwIGjG9Z5eVVom2FJbAHHdVA6
+w8xVZil5irkB2fdI1DOi
+=A4Qy
+-----END PGP SIGNATURE-----
Added: head/share/security/advisories/FreeBSD-SA-16:01.sctp.asc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-SA-16:01.sctp.asc	Thu Jan 14 09:40:53 2016	(r48011)
@@ -0,0 +1,145 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-16:01.sctp                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          SCTP ICMPv6 error message vulnerability
+
+Category:       core
+Module:         SCTP
+Announced:      2016-01-14
+Credits:        Jonathan T. Looney
+Affects:        All supported versions of FreeBSD
+Corrected:      2016-01-14 09:11:42 UTC (stable/10, 10.2-STABLE)
+                2016-01-14 09:10:46 UTC (releng/10.2, 10.2-RELEASE-p9)
+                2016-01-14 09:11:16 UTC (releng/10.1, 10.1-RELEASE-p26)
+                2016-01-14 09:11:48 UTC (stable/9, 9.3-STABLE)
+                2016-01-14 09:11:26 UTC (releng/9.3, 9.3-RELEASE-p33)
+CVE Name:       CVE-2016-1879
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+The Stream Control Transmission Protocol (SCTP) protocol provides reliable,
+flow-controlled, two-way transmission of data. 
+
+The Internet Control Message Protocol for IPv6 (ICMPv6) provides a way for
+hosts on the Internet to exchange control information.  Among other uses,
+a host or router can use ICMPv6 to inform a host when there is an error
+delivering a packet sent by that host. 
+
+II.  Problem Description
+
+A lack of proper input checks in the ICMPv6 processing in the SCTP stack
+can lead to either a failed kernel assertion or to a NULL pointer
+dereference.  In either case, a kernel panic will follow.
+
+III. Impact
+
+A remote, unauthenticated attacker can reliably trigger a kernel panic
+in a vulnerable system running IPv6.  Any kernel compiled with both IPv6
+and SCTP support is vulnerable.  There is no requirement to have an SCTP
+socket open.
+
+IPv4 ICMP processing is not impacted by this vulnerability.
+
+IV.  Workaround
+
+No workaround is available, but systems using a kernel compiled without
+SCTP support or IPv6 support are not vulnerable.
+
+In addition, some stateful firewalls may block ICMPv6 messages that are
+not responding to a legitimate connection.  (However, this may not
+completely block the problem, as an ICMPv6 message could still be sent
+in response to a legitimate SCTP connection.)
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+Rebooting to the new kernel is required.
+
+2) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+Rebooting to the new kernel is required.
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-16:01/sctp.patch
+# fetch https://security.FreeBSD.org/patches/SA-16:01/sctp.patch.asc
+# gpg --verify sctp.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/9/                                                         r293898
+releng/9.3/                                                       r293896
+stable/10/                                                        r293897
+releng/10.1/                                                      r293894
+releng/10.2/                                                      r293893
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1879>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:01.sctp.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAEBCgAGBQJWl2j1AAoJEO1n7NZdz2rnIfoQAOZTLX3VovQPGj9wr7PspLQi
+Tazu6vRnjzdOdjpeWwSgYlq6DJGjT71c/BRyCWCoijr2uyBWRlANqzMO64thuTzx
+gc6juRlChLDF4sNVWbNDMRwuHTfCpgDH2/4hQeR/9CmiQxHJyqL0gXc889D206i9
+KzgmYrSALEVK0E2kDBeRMsadtqPIEzCw4LygWd4qrtYNPjAfBR/a9U4rg7ZN0ICZ
+RCPnkAF6qI09B931QfHaI4C9wdBF8DJ6nKN/2aU9ATdOJJb7oUkpaHht8kmbdZS+
+Tn12nEXkQvNxuAKT7Fb87M14s7LUR12V5wgDeMd2UtOfkeSpGEDFACdhYW3IpKan
+gD+2IlzLRhoQTJ7lQWMRTKh3OiDDR2kLwvbEU7BGecDSG6fVkgumn6NlHYybdH7L
+axpDOxPz8ITfcdRipIXLOQEC308ckdmaEwqi4ikgBGwEkSgIwj1flGStswvcMrim
+vT0xof2dv1y6RW5xYnJF7Mtn/rEcqrql/BeBp/kxJZ2Qt3hkppQnjWD6kvrEj00s
+CajzxdBTM7J3buDzu++RL2GL9p5Cwo1kDmUJdWimIbSecL62J9+PwFCDYp/dOy25
+GAPGnf7gk8YhwM8pHwLtcX0b9UundkXLWnLBN7R12fL7Ch2CmPbgPcoFc5CSbcIx
+TBRU+4TGcNGxigXyzIHT
+=G0DD
+-----END PGP SIGNATURE-----
Added: head/share/security/advisories/FreeBSD-SA-16:02.ntp.asc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-SA-16:02.ntp.asc	Thu Jan 14 09:40:53 2016	(r48011)
@@ -0,0 +1,155 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-16:02.ntp                                        Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          ntp panic threshold bypass vulnerability
+
+Category:       contrib
+Module:         ntp
+Announced:      2016-01-14
+Credits:        Network Time Foundation
+Affects:        All supported versions of FreeBSD.
+Corrected:      2016-01-11 01:09:50 UTC (stable/10, 10.2-STABLE)
+                2016-01-14 09:10:46 UTC (releng/10.2, 10.2-RELEASE-p9)
+                2016-01-14 09:11:16 UTC (releng/10.1, 10.1-RELEASE-p26)
+                2016-01-11 01:48:16 UTC (stable/9, 9.3-STABLE)
+                2016-01-14 09:11:26 UTC (releng/9.3, 9.3-RELEASE-p33)
+CVE Name:       CVE-2015-5300
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+The ntpd(8) daemon is an implementation of the Network Time Protocol (NTP)
+used to synchronize the time of a computer system to a reference time
+source.
+
+II.  Problem Description
+
+The ntpd(8) daemon has a safety feature to prevent excessive stepping of
+the clock called the "panic threshold".  If ever ntpd(8) determines the
+system clock is incorrect by more than this threshold, the daemon exits.
+There is an implementation error within the ntpd(8) implementation of this
+feature, which allows the system time be adjusted in certain circumstances.
+
+III. Impact
+
+When ntpd(8) is started with the '-g' option specified, the system time will
+be corrected regardless of if the time offset exceeds the panic threshold (by
+default, 1000 seconds).  The FreeBSD rc(8) subsystem allows specifying the
+'-g' option by either including '-g' in the ntpd_flags list or by enabling
+ntpd_sync_on_start in the system rc.conf(5) file.
+
+If at the moment ntpd(8) is restarted, an attacker can immediately respond to
+enough requests from enough sources trusted by the target, which is difficult
+and not common, there is a window of opportunity where the attacker can cause
+ntpd(8) to set the time to an arbitrary value.
+
+IV.  Workaround
+
+No workaround is available, but systems not running ntpd(8), or running
+ntpd(8) but do not use ntpd_sync_on_start="YES" or specify the '-g' option in
+ntpd_flags are not affected.  Neither of these are set by default.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+The ntpd service has to be restarted after the update.  A reboot is
+recommended but not required.
+
+2) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+The ntpd service has to be restarted after the update.  A reboot is
+recommended but not required.
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 10.1 and 10.2]
+# fetch https://security.FreeBSD.org/patches/SA-16:02/ntp-10.patch
+# fetch https://security.FreeBSD.org/patches/SA-16:02/ntp-10.patch.asc
+# gpg --verify ntp-10.patch.asc
+
+[FreeBSD 9.3]
+# fetch https://security.FreeBSD.org/patches/SA-16:02/ntp-9.patch
+# fetch https://security.FreeBSD.org/patches/SA-16:02/ntp-9.patch.asc
+# gpg --verify ntp-9.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart the applicable daemons, or reboot the system.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/9/                                                         r293652
+releng/9.3/                                                       r293896
+stable/10/                                                        r293650
+releng/10.1/                                                      r293894
+releng/10.2/                                                      r293893
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://www.cs.bu.edu/~goldbe/NTPattack.html>
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5300>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:02.ntp.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAEBCgAGBQJWl2j2AAoJEO1n7NZdz2rnyg4QAJ/x3xs+pNGXxTT63hbBqLcB
+NTSljW5+hFpL94Nr+rHrelvcT3HkvdWUC+7BvMksoUYCZv0vClp5W7tsfuojDPr0
+GechK1BpLwxeLnRexulWEuvDQpbr6BN9ABdfSl4h3AaUwGYbBVLMY8aT5JpTiE3I
+UZg/5iPXVGFPcfdFhzaPgCpZxQtGI3QV7m5jx+Pf8r0ifuTNi8bAbwHCRzmOV8rA
+1LM4fvlCPd6TiP3UANWM7PFGbX8UArgzXlb8jSwkxEVC02oZitol4UhcLgacwVrO
+0/0q71pyn8W3NBQ1QPUaUg1M81sE501NCTCP3rEg+o6g7oxiq+GpgB0FKwCJxrTk
+n3EL7tyhbvVcsglPLRkIXkGz3o5XdelFJ66+qS+mZAiPozkzEFUIdxd8rHKsA1e4
+ZIFARDvDgi8iTArbJnPsQH0CgK8+/2RV2ILFW00Zcu7batvSWJtAUNNFqTSN34tk
+JJzHWYwKfGwRIMyEABsy9wLez9K2tRIG0fX75p82dVbRcRZwwSfPmFdfDPuMRRmc
+dsNF3133TA92uxwZ177cZk537g+Q0/0I6bts8us3GlCdY2HBuIc+HvRJQyEEqGEv
+v1GfEdnwGLp4rmPI8uY+JQ87now7KYhAK1SVil9AXm3tLrIqJsHYayA9nI8mjxfY
+Mh1utEeP+TMuievDMQNo
+=il8c
+-----END PGP SIGNATURE-----
Added: head/share/security/advisories/FreeBSD-SA-16:03.linux.asc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-SA-16:03.linux.asc	Thu Jan 14 09:40:53 2016	(r48011)
@@ -0,0 +1,133 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-16:03.linux                                      Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Linux compatibility layer incorrect futex handling
+
+Category:       core
+Module:         kernel
+Announced:      2016-01-14
+Credits:        Mateusz Guzik
+Affects:        All supported versions of FreeBSD.
+Corrected:      2016-01-14 09:11:42 UTC (stable/10, 10.2-STABLE)
+                2016-01-14 09:10:46 UTC (releng/10.2, 10.2-RELEASE-p9)
+                2016-01-14 09:11:16 UTC (releng/10.1, 10.1-RELEASE-p26)
+                2016-01-14 09:11:48 UTC (stable/9, 9.3-STABLE)
+                2016-01-14 09:11:26 UTC (releng/9.3, 9.3-RELEASE-p33)
+CVE Name:       CVE-2016-1880
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+FreeBSD is binary-compatible with the Linux operating system through a
+loadable kernel module/optional kernel component.  The support is
+provided on amd64 and i386 machines.
+
+II.  Problem Description
+
+A programming error in the handling of Linux futex robust lists may result
+in incorrect memory locations being accessed.
+
+III. Impact
+
+It is possible for a local attacker to read portions of kernel memory, which
+may result in a privilege escalation. 
+
+IV.  Workaround
+
+No workaround is available, but systems not using the Linux binary
+compatibility layer are not vulnerable.
+
+The following command can be used to test if the Linux binary
+compatibility layer is loaded:
+
+# kldstat -m linuxelf
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+Reboot the system or unload and reload the linux.ko kernel module.
+
+2) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:   
+
+# freebsd-update fetch
+# freebsd-update install
+
+Reboot the system or unload and reload the linux.ko kernel module.
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable  
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-16:03/linux.patch
+# fetch http://security.FreeBSD.org/patches/SA-16:03/linux.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/amd64/linux32
+# make sysent
+# cd /usr/src/i386/linux
+# make sysent
+
+c) Recompile your kernel and modules as described in
+<URL:http://www.FreeBSD.org/handbook/kernelconfig.html>.
+
+Reboot the system or unload and reload the linux.ko kernel module.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Subversion:
+
+Branch/path                                                      Revision
+- ---------------------------------------------------------------------------
+stable/9/                                                         r293898
+releng/9.3/                                                       r293896
+stable/10/                                                        r293897
+releng/10.1/                                                      r293894
+releng/10.2/                                                      r293893
+- ---------------------------------------------------------------------------
+
+VII. References
+
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1880>
+
+The latest revision of this advisory is available at
+<URL:http://security.FreeBSD.org/advisories/FreeBSD-SA-16:03.linux.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAEBCgAGBQJWl2j2AAoJEO1n7NZdz2rngkcQAJ8yxlxYd+qZPf+pbP+0Kj6w
++Sy8BrSUrYLMFynrs4vRPTJobLnVGpwkp6I6ZCDL/yoI/7Xkl3ld7HWfH7MAJ6WP
+x0j5/bC+AlWGpKfL6wqeddxjHgmaAlDznN1MyO+3byVfP1Y8VVppbzqPNw9AW17Q
+kNqNAMsVuk3OMpoE7CYEsaH6rzHzbMGAPuR+KN5J55Mth6dNkIYSIFJ0sCae5cnv
+P6SoMKjn7ffcHymmX/Yj7K0FTOrJOePR0eLbTITivJT1uZ3bYbbYyK1bYslE6bwF
+EQ3Ij+LhZdM5D7GBOpILBZ9ojvVMq8PiW9yY3zo7DRrwWajBy8pe/3ow0u7igoOK
+/0XUFmRT0Q0iCxlGhXPxEGcc40g6oE6oVz1m3Ewgqc2+iZm+w6N/w88dRqiBHNgL
+AiCqleI10eRNgP1uq7XT/5PEslmQLxSCrDPFDOgmSZc3uY7H5LBb6O9fb7YTpn6J
+bfL7yyJFei/lAlY1s2b+4/DW9PE1OwxNw/R85mSUpbP5my5wwZR+s3mGTLI2JAlk
+74Nw/OR9HLLHoEO5JlagfEclKp7O+JzhHYkAcBm7yRMRr1LV+7JZQEaTCeWTkm6L
+YvL8Ca1PAL6qNLZbxQ26Gjka7KCrFhhNfR22c3Lz4pLtkg9YmDRb4sy6i+q3ellG
+0mLi0OqTu2gn+25xhidf
+=OQft
+-----END PGP SIGNATURE-----
Added: head/share/security/advisories/FreeBSD-SA-16:04.linux.asc
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/share/security/advisories/FreeBSD-SA-16:04.linux.asc	Thu Jan 14 09:40:53 2016	(r48011)
@@ -0,0 +1,145 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-16:04.linux                                      Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Linux compatibility layer setgroups(2) system call
+                vulnerability
+
+Category:       core
+Module:         kernel
+Announced:      2016-01-14
+Credits:        Dmitry Chagin
+Affects:        All supported versions of FreeBSD
+Corrected:      2016-01-14 09:11:42 UTC (stable/10, 10.2-STABLE)
+                2016-01-14 09:10:46 UTC (releng/10.2, 10.2-RELEASE-p9)
+                2016-01-14 09:11:16 UTC (releng/10.1, 10.1-RELEASE-p26)
+                2016-01-14 09:11:48 UTC (stable/9, 9.3-STABLE)
+                2016-01-14 09:11:26 UTC (releng/9.3, 9.3-RELEASE-p33)
+CVE Name:       CVE-2016-1881
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+FreeBSD is binary-compatible with the Linux operating system through a
+loadable kernel module/optional kernel component.  The support is
+provided on amd64 and i386 machines.
+
+II.  Problem Description
+
+A programming error in the Linux compatibility layer setgroups(2) system
+call can lead to an unexpected results, such as overwriting random kernel
+memory contents.
+
+III. Impact
+
+It is possible for a local attacker to overwrite portions of kernel
+memory, which may result in a privilege escalation or cause a system
+panic.
+
+IV.  Workaround
+
+No workaround is available, but systems not using the Linux binary
+compatibility layer are not vulnerable.
+
+The following command can be used to test if the Linux binary
+compatibility layer is loaded:
+
+# kldstat -m linuxelf
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+Reboot the system or unload and reload the linux.ko kernel module.
+
+2) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+Reboot the system or unload and reload the linux.ko kernel module.
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-16:04/linux.patch
+# fetch https://security.FreeBSD.org/patches/SA-16:04/linux.patch.asc
+# gpg --verify linux.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/amd64/linux32
+# make sysent
+# cd /usr/src/i386/linux
+# make sysent
+
+c) Recompile your kernel as described in
+<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>.
+
+Reboot the system or unload and reload the linux.ko kernel module.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/9/                                                         r293898
+releng/9.3/                                                       r293896
+stable/10/                                                        r293897
+releng/10.1/                                                      r293894
+releng/10.2/                                                      r293893
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1881>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:04.linux.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIcBAEBCgAGBQJWl2j3AAoJEO1n7NZdz2rnstMP/jddSJehSXe9rlL2qhYfRrQY
+XZSuoOtolvcl2xSQCZYprXN95/i890VOdJ9x4+iYJA2IQO55a8MjS1DcJjjonV7J
+zJa7Apnu1jaK1jDx+RL6C3eVDff0ss1B7NvZTXmjHn+nIsIRxd6vzxDp2NujTnWS
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
    
    
More information about the svn-doc-head
mailing list