svn commit: r253693 - in releng/9.1: . contrib/bind9/lib/dns/rdata/generic sys/conf sys/kern

Fri, 26 Jul 2013 15:41:21 -0700 

Author: delphij
Date: Fri Jul 26 22:40:23 2013
New Revision: 253693
URL: http://svnweb.freebsd.org/changeset/base/253693

Log:
  Fix Denial of Service vulnerability in named(8). [13:07]
  
  Fix a bug that allows remote client bypass the normal
  access checks when when -network or -host restrictions
  are used at the same time with -mapall. [13:08]
  
  Security:     CVE-2013-4854
  Security:     FreeBSD-SA-13:07.bind
  Security:     CVE-2013-4851
  Security:     FreeBSD-SA-13:08.nfsserver
  Approved by:  so

Modified:
  releng/9.1/UPDATING
  releng/9.1/contrib/bind9/lib/dns/rdata/generic/keydata_65533.c
  releng/9.1/sys/conf/newvers.sh
  releng/9.1/sys/kern/vfs_export.c

Modified: releng/9.1/UPDATING
==============================================================================
--- releng/9.1/UPDATING Fri Jul 26 22:40:17 2013        (r253692)
+++ releng/9.1/UPDATING Fri Jul 26 22:40:23 2013        (r253693)
@@ -9,6 +9,13 @@ handbook.
 Items affecting the ports and packages system can be found in
 /usr/ports/UPDATING.  Please read that file before running portupgrade.
 
+20130726:      p5      FreeBSD-SA-13:07.bind FreeBSD-SA-13:08.nfsserver
+       Fix Denial of Service vulnerability in named(8). [13:07]
+
+       Fix a bug that allows remote client bypass the normal
+       access checks when when -network or -host restrictions are
+       used at the same time with -mapall. [13:08]
+
 20130618:      p4      FreeBSD-SA-13:06.mmap
         Fix a bug that allowed a tracing process (e.g. gdb) to write
         to a memory-mapped file in the traced process's address space

Modified: releng/9.1/contrib/bind9/lib/dns/rdata/generic/keydata_65533.c
==============================================================================
--- releng/9.1/contrib/bind9/lib/dns/rdata/generic/keydata_65533.c      Fri Jul 
26 22:40:17 2013        (r253692)
+++ releng/9.1/contrib/bind9/lib/dns/rdata/generic/keydata_65533.c      Fri Jul 
26 22:40:23 2013        (r253693)
@@ -176,7 +176,7 @@ fromwire_keydata(ARGS_FROMWIRE) {
        UNUSED(options);
 
        isc_buffer_activeregion(source, &sr);
-       if (sr.length < 4)
+       if (sr.length < 16)
                return (ISC_R_UNEXPECTEDEND);
 
        isc_buffer_forward(source, sr.length);

Modified: releng/9.1/sys/conf/newvers.sh
==============================================================================
--- releng/9.1/sys/conf/newvers.sh      Fri Jul 26 22:40:17 2013        
(r253692)
+++ releng/9.1/sys/conf/newvers.sh      Fri Jul 26 22:40:23 2013        
(r253693)
@@ -32,7 +32,7 @@
 
 TYPE="FreeBSD"
 REVISION="9.1"
-BRANCH="RELEASE-p4"
+BRANCH="RELEASE-p5"
 if [ "X${BRANCH_OVERRIDE}" != "X" ]; then
        BRANCH=${BRANCH_OVERRIDE}
 fi

Modified: releng/9.1/sys/kern/vfs_export.c
==============================================================================
--- releng/9.1/sys/kern/vfs_export.c    Fri Jul 26 22:40:17 2013        
(r253692)
+++ releng/9.1/sys/kern/vfs_export.c    Fri Jul 26 22:40:23 2013        
(r253693)
@@ -208,7 +208,7 @@ vfs_hang_addrlist(struct mount *mp, stru
        np->netc_anon = crget();
        np->netc_anon->cr_uid = argp->ex_anon.cr_uid;
        crsetgroups(np->netc_anon, argp->ex_anon.cr_ngroups,
-           np->netc_anon->cr_groups);
+           argp->ex_anon.cr_groups);
        np->netc_anon->cr_prison = &prison0;
        prison_hold(np->netc_anon->cr_prison);
        np->netc_numsecflavors = argp->ex_numsecflavors;
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to