FreeBSD Errata Notice FreeBSD-EN-15:16.pw
16 September, 2015 by errata-notices@freebsd.org | freebsd
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-15:16.pw Errata Notice The FreeBSD Project Topic: Regression in pw(8) when creating numeric users or groups Category: core Module: pw Announced: 2015-09-16 Credits: Thierry Caillet, Baptiste Daroussin Affects: 10.2-RELEASE Corrected: 2015-08-23 21:42:27 UTC (stable/10, 10.2-STABLE) 2015-09-16 20:59:41 UTC (releng/10.2, 10.2-RELEASE-p3) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.freebsd.org/>. I. Background The pw(8) utility is used to create, remove, modify, and display system users and groups. II. Problem Description The pw(8) utility will fail to create users and groups that only contain numeric values [0-9]. III. Impact An attempt to create a user or group containing only numeric values will fail. IV. Workaround No workaround is available, but systems configured to create users or groups that do not contain numeric-only names are not affected. V. Solution Perform one of the following: 1) Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your present system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 3) To update your present system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-15:26/pw.patch # fetch https://security.FreeBSD.org/patches/EN-15:26/pw.patch.asc # gpg --verify pw.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. A reboot of the running system is not necessary after installing the updated pw(8) utility. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/10/ r287084 releng/10.2/ r287872 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: <URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> VII. References <other info on vulnerability> The latest revision of this Errata Notice is available at https://security.FreeBSD.org/advisories/FreeBSD-EN-15:26.pw.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1.8 (FreeBSD) iQIcBAEBCgAGBQJV+dpkAAoJEO1n7NZdz2rndhEQAKKeeQnj+Woggr6L1x8R3uTt q7ljwpAq2v3bMRQwMg/F3DOivcFAw9fn63u/siZLnZj0oqCCns0UT8ResHL6wMlD dVYav/npB/XeJTpqF6kuLKelqrzL+/YnU2lVe7SBQQibdszrn3sZSdeyF/XQrSOg Fqpa+xAP4/ZrSQviuyLe1AM1UI4RXVGssxmHO16zQTO+fp3cPmwP/wZ/Dlk/jnwa GugIuf/Vc7lzyDCtbOifRLLmiRo3IVoR7temMHEaBsTPClVzb+OHOdiD3aVYL6Vy Mp4oFBC7txmfIjDfmZ11EX4OBnCLpx3JEOAMTya0Mvo5PMLoymhu0RoWUyNXX4s7 ThEjCaUWfEOYIDbP54ZCOrIooCvnjQFcs5MWys6tYO6iOOW96FUu4cV0ez8u+ukS Zz1b/TGEgks+/74mMgDO3z1FhGbJeRVFmQUUd+/ZboLIYhTOmop/puHLMpnSV0hY C0GSwhUtMD/E3a9AmyMoo9Wj1TySlxAmjb0kHPh0IpY0xPHmfXSJ17+LpGPeEHEj LLFRTHBiA/Qs/WJCSMy6XhztRJ2WPomqefhUtrh1mzzeJgQPX2yWRizvTboD0zAA yb4U22iuu1gkA7vEaOAW5RFGEKg3cGmHSqB/r0gZ20zazv0//l0Q8Sm0slP53kDs K+wCT8FF22Fgy0ZPw831 =m4lo -----END PGP SIGNATURE----- _______________________________________________ freebsd-announce@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-announce To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"