Só uma dúvida. Se eu baixar a versão do FreeBSD 7.1 essa correção já seria corrigida ? ou terei que implementar todas as correções que foram descobertas apos o lançamento da 7.1 ?
2009/3/23 Welkson Renny de Medeiros <welk...@focusautomacao.com.br>: > Acredito que a grande maioria deve receber essas notificações... mas segue... > > Welkson > > > Today's Topics: > > 1. FreeBSD Security Advisory FreeBSD-SA-09:06.ktimer > (FreeBSD Security Advisories) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Mon, 23 Mar 2009 00:09:12 GMT > From: FreeBSD Security Advisories <security-advisor...@freebsd.org> > Subject: FreeBSD Security Advisory FreeBSD-SA-09:06.ktimer > To: FreeBSD Security Advisories <security-advisor...@freebsd.org> > Message-ID: <200903230009.n2n09cet065...@freefall.freebsd.org> > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > ============================================================================= > FreeBSD-SA-09:06.ktimer Security Advisory > The FreeBSD Project > > Topic: Local privilege escalation > > Category: core > Module: kern > Announced: 2009-03-23 > Affects: FreeBSD 7.x > Corrected: 2009-03-23 00:00:50 UTC (RELENG_7, 7.2-PRERELEASE) > 2009-03-23 00:00:50 UTC (RELENG_7_1, 7.1-RELEASE-p4) > 2009-03-23 00:00:50 UTC (RELENG_7_0, 7.0-RELEASE-p11) > CVE Name: CVE-2009-1041 > > For general information regarding FreeBSD Security Advisories, > including descriptions of the fields above, security branches, and the > following sections, please visit <URL:http://security.FreeBSD.org/>. > > I. Background > > In FreeBSD 7.0, support was introduced for per-process timers as defined > in the POSIX realtime extensions. This allows a process to have a limited > number of timers running at once, with various actions taken when each > timer reaches zero. > > II. Problem Description > > An integer which specifies which timer a process wishes to operate upon is > not properly bounds-checked. > > III. Impact > > An unprivileged process can overwrite an arbitrary location in kernel > memory. This could be used to change the user ID of the process (in order > to "become root"), to escape from a jail, or to bypass security mechanisms > in other ways. > > IV. Workaround > > No workaround is available, but systems without untrusted local users are > not vulnerable. > > V. Solution > > Perform one of the following: > > 1) Upgrade your vulnerable system to 7-STABLE, or to the RELENG_7_1 > or RELENG_7_0 security branch dated after the correction date. > > 2) To patch your present system: > > The following patch has been verified to apply to FreeBSD 7.0 and 7.1 > systems. > > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. > > # fetch http://security.FreeBSD.org/patches/SA-09:06/ktimer.patch > # fetch http://security.FreeBSD.org/patches/SA-09:06/ktimer.patch.asc > > b) Apply the patch. > > # cd /usr/src > # patch < /path/to/patch > > c) Recompile your kernel as described in > <URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the > system. > > VI. Correction details > > The following list contains the revision numbers of each file that was > corrected in FreeBSD. > > CVS: > > Branch Revision > Path > - ------------------------------------------------------------------------- > RELENG_7 > src/sys/kern/kern_time.c 1.142.2.3 > RELENG_7_1 > src/UPDATING 1.507.2.13.2.7 > src/sys/conf/newvers.sh 1.72.2.9.2.8 > src/sys/kern/kern_time.c 1.142.2.2.2.2 > RELENG_7_0 > src/UPDATING 1.507.2.3.2.15 > src/sys/conf/newvers.sh 1.72.2.5.2.15 > src/sys/kern/kern_time.c 1.142.4.1 > - ------------------------------------------------------------------------- > > Subversion: > > Branch/path Revision > - ------------------------------------------------------------------------- > stable/7/ r190301 > releng/7.1/ r190301 > releng/7.0/ r190301 > - ------------------------------------------------------------------------- > > VII. References > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1041 > > The latest revision of this advisory is available at > http://security.FreeBSD.org/advisories/FreeBSD-SA-06:09.ktimer.asc > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (FreeBSD) > > iEYEARECAAYFAknG0hQACgkQFdaIBMps37JA4gCfaznvIWKB/AU0cv6ojZUhheD4 > MuYAnAp3wuz3E7gIX6VK7PeUVnPp/41o > =MPIX > -----END PGP SIGNATURE----- > > > ------------------------------ > > _______________________________________________ > freebsd-security-notificati...@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security-notifications > To unsubscribe, send any mail to > "freebsd-security-notifications-unsubscr...@freebsd.org" > > End of freebsd-security-notifications Digest, Vol 93, Issue 1 > ************************************************************* > > > > -- > Welkson Renny de Medeiros > Focus Automação Comercial > Desenvolvimento / Gerência de Redes > welk...@focusautomacao.com.br > > > > Powered by .... > > (__) > \\\'',) > \/ \ ^ > .\._/_) > > www.FreeBSD.org > > > ------------------------- > Histórico: http://www.fug.com.br/historico/html/freebsd/ > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd > ------------------------- Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
