FreeBSD Errata Notice FreeBSD-EN-15:20.vm
4 November, 2015 by errata-notices@freebsd.org | freebsd
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-EN-15:20.vm Errata Notice The FreeBSD Project Topic: Applications exiting due to segmentation violation on a correct memory address Category: core Module: kernel Announced: 2015-11-04 Credits: Konstantin Belousov Affects: All supported versions of FreeBSD. Corrected: 2015-09-15 04:20:39 UTC (stable/10, 10.2-STABLE) 2015-11-04 11:27:13 UTC (releng/10.2, 10.2-RELEASE-p7) 2015-11-04 11:27:21 UTC (releng/10.1, 10.1-RELEASE-p24) 2015-10-30 13:05:39 UTC (stable/9, 9.3-STABLE) 2015-11-04 11:27:30 UTC (releng/9.3, 9.3-RELEASE-p30) For general information regarding FreeBSD Errata Notices and Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit <URL:https://security.FreeBSD.org/>. I. Background The FreeBSD virtual memory system provides processes with virtual address space. Features of virtual address space include copy-on-write pages and page wiring. II. Problem Description A race condition exists in the virtual memory implementation. When an application writes to a valid address in its address space, and the corresponding map entry is marked as copy-on-write, and right now undergoes wiring process, and the corresponding page does not yet have a page table entry installed, the application receives a segmentation violation signal. A usual case for this scenario to happen is a write into a never written map entry in a child process right after fork(2) system call. III. Impact Under certain conditions, a correctly behaving application could be terminated. IV. Workaround No workaround is available. V. Solution Perform one of the following: 1) Upgrade your system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date and reboot the system. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install # reboot 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/EN-15:20/vm.patch # fetch https://security.FreeBSD.org/patches/EN-15:20/vm.patch.asc # gpg --verify vm.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch Recompile your kernel as described in <URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/9/ r290194 releng/9.3/ r290363 stable/10/ r287846 releng/10.1/ r290362 releng/10.2/ r290361 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: <URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN> VII. References <URL:https://svnweb.freebsd.org/base?view=revision&revision=r287591> <URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id 4048> The latest revision of this advisory is available at <URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-15:20.vm.asc> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJWOe8FAAoJEO1n7NZdz2rnqBcP/2XPJ87Fr1b7I1i0R8ClJj5G Kk+pGD+OkZF9h7ix0b1NrSBjB2quCFUy+u8ImPXMkSZM0Id7hAIX0VourkqcoHSL CrsYTUXyqq4KU3E7xvoU4Q54cnDAd3hHIm9Gsduv1UNY02YBI/mRYqiMVnXKHGk/ SLlmMtFCmLkXHJP5/Ynx1xILWC9c2xYLqfvlLbkTTbmtZn8gAQqgh1kfuEkzEvt4 sgXx8kewUnv9Z2Oo+Xcqqrh5UfeppDEc7x8Y7a4tiSkW034xMETzC0xjrbq+4lE1 2MU/j65ZN5Sq5EjrmHdnr5q0R7/V4CHjRcLAvw2UaVpNlfMNmVpe5uye/slUDRw0 gCcztomi1heU78octR71kD0irhRVa+bcftsuanDRF8hs0czJL5BhPYyIaEb7e4s5 tGQyyflncD4EONbI/rmfsQhLEaTTg240NtkZbQFY1f5FqoyFiKXX99Hwm1jHZsRR OYGOAo3YZPx6biRdaIOPg0OTjqNw/mZgY3uQ/vCjWGAcgSzynDMkMJEOmyf+RBgZ F4qWOxmmFMr9+X1+1c7/ApwjampmfCV/Z7UvJTaFkVuKPiFA4ubrJ3TmDLsQMzza k9zumzxZAo+tsYD8ArbpPYlERe6JoF3axm/97JcFrn5iUcnaMM8vmawQo8xsrunx GyLfwUPpXSI25C1iNJDx =HTKc -----END PGP SIGNATURE----- _______________________________________________ freebsd-announce@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-announce To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org"