aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorXin LI <delphij@FreeBSD.org>2013-07-26 22:40:23 +0000
committerXin LI <delphij@FreeBSD.org>2013-07-26 22:40:23 +0000
commit092516cf26376a8e1d0fb2fa3662443fb7c9f300 (patch)
tree47dbc83115281c6af322611f53a7c76d9a2af6af
parent26815336a33a7e3e8663e3bce9e2291742ce709e (diff)
downloadsrc-092516cf26376a8e1d0fb2fa3662443fb7c9f300.tar.gz
src-092516cf26376a8e1d0fb2fa3662443fb7c9f300.zip
Fix Denial of Service vulnerability in named(8). [13:07]
Fix a bug that allows remote client bypass the normal access checks when when -network or -host restrictions are used at the same time with -mapall. [13:08] Security: CVE-2013-4854 Security: FreeBSD-SA-13:07.bind Security: CVE-2013-4851 Security: FreeBSD-SA-13:08.nfsserver Approved by: so
Notes
Notes: svn path=/releng/9.1/; revision=253693
-rw-r--r--UPDATING7
-rw-r--r--contrib/bind9/lib/dns/rdata/generic/keydata_65533.c2
-rw-r--r--sys/conf/newvers.sh2
-rw-r--r--sys/kern/vfs_export.c2
4 files changed, 10 insertions, 3 deletions
diff --git a/UPDATING b/UPDATING
index 7c45e16b510b..b7bdd2340039 100644
--- a/UPDATING
+++ b/UPDATING
@@ -9,6 +9,13 @@ handbook.
Items affecting the ports and packages system can be found in
/usr/ports/UPDATING. Please read that file before running portupgrade.
+20130726: p5 FreeBSD-SA-13:07.bind FreeBSD-SA-13:08.nfsserver
+ Fix Denial of Service vulnerability in named(8). [13:07]
+
+ Fix a bug that allows remote client bypass the normal
+ access checks when when -network or -host restrictions are
+ used at the same time with -mapall. [13:08]
+
20130618: p4 FreeBSD-SA-13:06.mmap
Fix a bug that allowed a tracing process (e.g. gdb) to write
to a memory-mapped file in the traced process's address space
diff --git a/contrib/bind9/lib/dns/rdata/generic/keydata_65533.c b/contrib/bind9/lib/dns/rdata/generic/keydata_65533.c
index 2592c30f6a08..317e1a87246a 100644
--- a/contrib/bind9/lib/dns/rdata/generic/keydata_65533.c
+++ b/contrib/bind9/lib/dns/rdata/generic/keydata_65533.c
@@ -176,7 +176,7 @@ fromwire_keydata(ARGS_FROMWIRE) {
UNUSED(options);
isc_buffer_activeregion(source, &sr);
- if (sr.length < 4)
+ if (sr.length < 16)
return (ISC_R_UNEXPECTEDEND);
isc_buffer_forward(source, sr.length);
diff --git a/sys/conf/newvers.sh b/sys/conf/newvers.sh
index fa1f09988117..350524ae48af 100644
--- a/sys/conf/newvers.sh
+++ b/sys/conf/newvers.sh
@@ -32,7 +32,7 @@
TYPE="FreeBSD"
REVISION="9.1"
-BRANCH="RELEASE-p4"
+BRANCH="RELEASE-p5"
if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
BRANCH=${BRANCH_OVERRIDE}
fi
diff --git a/sys/kern/vfs_export.c b/sys/kern/vfs_export.c
index 4185211ec693..114c23ed5d00 100644
--- a/sys/kern/vfs_export.c
+++ b/sys/kern/vfs_export.c
@@ -208,7 +208,7 @@ vfs_hang_addrlist(struct mount *mp, struct netexport *nep,
np->netc_anon = crget();
np->netc_anon->cr_uid = argp->ex_anon.cr_uid;
crsetgroups(np->netc_anon, argp->ex_anon.cr_ngroups,
- np->netc_anon->cr_groups);
+ argp->ex_anon.cr_groups);
np->netc_anon->cr_prison = &prison0;
prison_hold(np->netc_anon->cr_prison);
np->netc_numsecflavors = argp->ex_numsecflavors;