freebsd/update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=============================================================================
FreeBSD-SA-09:17.freebsd-update Security Advisory
The FreeBSD Project
Topic: Inappropriate directory permissions in freebsd-update(8)
Category: core
An attacker who can cause maliciously chosen inputs to be decompressed can
cause the decompressor to crash. It is suspected that such an attacker
can cause arbitrary code to be executed, but this is not known for certain.
Note that some utilities, including the tar archiver and the bspatch
binary patching utility (used in portsnap and freebsd-update) decompress
bzip2-compressed data internally; system administrators should assume that
their systems will at some point decompress bzip2-compressed data even if
they never explicitly invoke the bunzip2 utility.
IV. Workaround
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://security.FreeBSD.org/>.
NOTE: Due to this issue being accidentally disclosed early, updated
binaries are yet not available via freebsd-update at the time this
advisory is being published. Email will be sent to the freebsd-security
mailing list when the binaries are available via freebsd-update.
I. Background
3) To update your vulnerable system via a binary patch:
Systems running 6.4-RELEASE, 7.1-RELEASE, 7.2-RELEASE, 7.3-RELEASE or
8.0-RELEASE on the i386 or amd64 platforms can be updated via the
freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
VI. Correction details
system.
3) To update your vulnerable system via a binary patch:
Systems running 7.1-RELEASE, 7.3-RELEASE, or 8.0-RELEASE on the i386 or
amd64 platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
Now reboot the system.
<URL:http://www.FreeBSD.org/handbook/makeworld.html>
3) To update your vulnerable system via a binary patch:
Systems running 7.4-RELEASE, 7.3-RELEASE, 8.2-RELEASE, or 8.1-RELEASE on
the i386 or amd64 platforms can be updated via the freebsd-update(8)
utility:
# freebsd-update fetch
# freebsd-update install
# make obj && make depend && make && make install
3) To update your vulnerable system via a binary patch:
Systems running 7.3-RELEASE, 7.4-RELEASE, 8.1-RELEASE or 8.2-RELEASE on
the i386 or amd64 platforms can be updated via the freebsd-update(8)
utility:
# freebsd-update fetch
# freebsd-update install
3) To update your vulnerable system via a binary patch:
Systems running 7.4-RELEASE, 8.3-RELEASE, 8.2-RELEASE, 8.1-RELEASE or
9.0-RELEASE on the i386 or amd64 platforms can be updated via the
freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
VI. Correction details
# make obj && make depend && make && make install
3) To update your vulnerable system via a binary patch:
Systems running 8.0-RELEASE on the i386 or amd64 platforms can be
updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
VI. Correction details
system.
3) To update your vulnerable system via a binary patch:
Systems running 7.4-RELEASE, 7.3-RELEASE, 8.2-RELEASE, or 8.1-RELEASE on
the i386 or amd64 platforms can be updated via the freebsd-update(8)
utility:
# freebsd-update fetch
# freebsd-update install
# make obj && make depend && make && make install
3) To update your vulnerable system via a binary patch:
Systems running 7.4-RELEASE, 7.3-RELEASE, 8.2-RELEASE, or 8.1-RELEASE on
the i386 or amd64 platforms can be updated via the freebsd-update(8)
utility:
# freebsd-update fetch
# freebsd-update install
# make obj && make depend && make && make install
3) To update your vulnerable system via a binary patch:
Systems running 7.4-RELEASE, 7.3-RELEASE, 8.2-RELEASE, or 8.1-RELEASE on
the i386 or amd64 platforms can be updated via the freebsd-update(8)
utility:
# freebsd-update fetch
# freebsd-update install
system.
3) To update your vulnerable system via a binary patch:
Systems running 7.1-RELEASE on the i386 or amd64 platforms can be updated
via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
VI. Correction details
system.
3) To update your vulnerable system via a binary patch:
Systems running 7.4-RELEASE, 7.3-RELEASE, 8.2-RELEASE, or 8.1-RELEASE on
the i386 or amd64 platforms can be updated via the freebsd-update(8)
utility:
# freebsd-update fetch
# freebsd-update install
<URL:http://www.FreeBSD.org/handbook/makeworld.html>
3) To update your vulnerable system via a binary patch:
Systems running 7.4-RELEASE, 7.3-RELEASE, 8.2-RELEASE, or 8.1-RELEASE on
the i386 or amd64 platforms can be updated via the freebsd-update(8)
utility:
# freebsd-update fetch
# freebsd-update install
system.
3) To update your vulnerable system via a binary patch:
Systems running 7.4-RELEASE, 7.3-RELEASE, 8.2-RELEASE, or 8.1-RELEASE on
the i386 or amd64 platforms can be updated via the freebsd-update(8)
utility:
# freebsd-update fetch
# freebsd-update install
3) To update your vulnerable system via a binary patch:
Systems running 7.1-RELEASE, 7.3-RELEASE, 8.0-RELEASE or 8.1-RELEASE
on the i386 or amd64 platforms can be updated via the
freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
VI. Correction details
system.
3) To update your vulnerable system via a binary patch:
Systems running 7.2-RELEASE, 7.3-RELEASE, or 8.0-RELEASE on the i386 or
amd64 platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
VI. Correction details
# /etc/rc.d/named restart
3) To update your vulnerable system via a binary patch:
Systems running 7.3-RELEASE, 7.4-RELEASE, 8.1-RELEASE, or 8.2-RELEASE
on the i386 or amd64 platforms can be updated via the freebsd-update(8)
utility:
# freebsd-update fetch
# freebsd-update install
# make obj && make depend && make && make install
3) To update your vulnerable system via a binary patch:
Systems running 7.4-RELEASE, 7.3-RELEASE, 8.2-RELEASE, or 8.1-RELEASE on
the i386 or amd64 platforms can be updated via the freebsd-update(8)
utility:
# freebsd-update fetch
# freebsd-update install
|
