FreeBSD Bugzilla – Attachment 246547 Details for
Bug 275215
tracking bug for 14.0 errata
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
275009 EN text
iutf8_en.txt (text/plain), 4.08 KB, created by
Christos Margiolis
on 2023-11-24 18:31:38 UTC
(
hide
)
Description:
275009 EN text
Filename:
MIME Type:
Creator:
Christos Margiolis
Created:
2023-11-24 18:31:38 UTC
Size:
4.08 KB
patch
obsolete
>============================================================================= >FreeBSD-EN-23:XX.iutf8 Errata Notice > The FreeBSD Project > >Topic: tty(4) IUTF8 causes a kernel panic > >Category: core >Module: kern >Announced: 2023-11-24 >Affects: FreeBSD 14.0-RELEASE >Corrected: 2023-11-20 16:54:54 UTC (stable/14, 14.0-STABLE) > 2023-XX-XX XX:XX:XX UTC (releng/14.0, 14.0-RELEASE-pXX) > 2023-11-20 16:57:49 UTC (stable/13, 13.2-STABLE) > >For general information regarding FreeBSD Errata Notices and Security >Advisories, including descriptions of the fields above, security >branches, and the following sections, please visit ><URL:https://security.FreeBSD.org/>. > >I. Background > >The IUTF8 flag was added to the tty(4) driver in order to add proper >backspacing handling for UTF-8 characters. Without this flag, tty(4) treats all >characters as single-byte-wide characters, and so, in the case of a UTF-8 >character larger than two bytes, tty(4) deletes only one byte during a >backspace event, instead of all bytes, which results in the tty buffer >containing garbage. > >II. Problem Description > >Bug 275009 reported a kernel panic occuring after a call to ttyinq_unputchar(), >which deletes a character from the input buffer, with IUTF8 enabled. The >underlying issue was that the new IUTF8-related code did not check whether the >buffer was empty, causing the ttyinq_unputchar() call to panic. > >The bug can be consistently reproduced by running the "write2.sh" write(2) >fuzzing script from the stress2 suite. > >III. Impact > >An unprivileged user can panic the kernel if they reproduce this bug. > >IV. Workaround > >No workaround is available. > >V. Solution > >Upgrade your system to a supported FreeBSD stable or release / security branch >(releng) dated after the correction date, and reboot. > >Perform one of the following: > >1) To update your system via a binary patch: > >Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, >or the i386 platfrom on FreeBSD 13 and earlier, can be updated via >the freebsd-update(8) utility: > ># freebsd-update fetch ># freebsd-update install ># shutdown -r +10min "Rebooting for a security update" > >2) To update your system via a source code patch: > >The following patches have been verified to apply to the applicable >FreeBSD release branches. > >a) Download the relevant patch from the location below, and verify the >detached PGP signature using your PGP utility. > ># fetch https://security.FreeBSD.org/patches/EN-23:XX/iutf8.patch ># fetch https://security.FreeBSD.org/patches/EN-23:XX/iutf8.patch.asc ># gpg --verify iutf8.patch.asc > >b) Apply the patch. Execute the following commands as root: > ># cd /usr/src ># patch < /path/to/patch > >c) Recompile your kernel as described in ><URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the >system. > >VI. Correction details > >This issue is corrected as of the corresponding Git commit hash or Subversion >revision number in the following stable and release branches: > >Branch/path Hash Revision >------------------------------------------------------------------------- >stable/14/ ae8387cc818a stable/14-n265760 >releng/14.0/ XXXXXXXXXXXX releng/14.0-nXXXXXX >stable/13/ 8647fe60b8c3 stable/13-n256709 >------------------------------------------------------------------------- > >Run the following command to see which files were modified by a >particular commit: > ># git show --stat <commit hash> > >Or visit the following URL, replacing NNNNNN with the hash: > ><URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> > >To determine the commit count in a working tree (for comparison against >nNNNNNN in the table above), run: > ># git rev-list --count --first-parent HEAD > >VII. References > ><URL:https://reviews.freebsd.org/D42564> ><URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=275009> > >The latest revision of this advisory is available at ><URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-23:XX.iutf8.asc>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=246547">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 275215
: 246547 |
246560