diff options
Diffstat (limited to 'website/static/security/advisories/FreeBSD-EN-25:18.freebsd-update.asc')
| -rw-r--r-- | website/static/security/advisories/FreeBSD-EN-25:18.freebsd-update.asc | 140 |
1 files changed, 140 insertions, 0 deletions
diff --git a/website/static/security/advisories/FreeBSD-EN-25:18.freebsd-update.asc b/website/static/security/advisories/FreeBSD-EN-25:18.freebsd-update.asc new file mode 100644 index 0000000000..879a139248 --- /dev/null +++ b/website/static/security/advisories/FreeBSD-EN-25:18.freebsd-update.asc @@ -0,0 +1,140 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-25:18.freebsd-update Errata Notice + The FreeBSD Project + +Topic: freebsd-update(8) installs libraries in incorrect order + +Category: core +Module: freebsd-update +Announced: 2025-09-30 +Credits: Graham Perrin +Affects: All supported versions of FreeBSD. +Corrected: 2025-09-25 19:26:37 UTC (stable/15, 15.0-ALPHA4) + 2025-09-25 19:27:06 UTC (stable/14, 14.3-STABLE) + 2025-09-30 15:37:15 UTC (releng/14.3, 14.3-RELEASE-p4) + 2025-09-30 15:37:24 UTC (releng/14.2, 14.2-RELEASE-p7) + 2025-09-25 19:27:34 UTC (stable/13, 13.5-STABLE) + 2025-09-30 15:37:34 UTC (releng/13.5, 13.5-RELEASE-p5) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +The freebsd-update(8) utility is used to fetch, install, and rollback +binary updates to the FreeBSD base system. In addition to security and +errata updates within a release (its original purpose), freebsd-update(8) +can be used to upgrade to a newer FreeBSD release. + +II. Problem Description + +When installing updates, freebsd-update(8) did not enforce ordering between +the C standard library ("libc") and the system library ("libsys") which was +introduced in FreeBSD 15.0. + +III. Impact + +When using freebsd-update(8) to upgrade a system from FreeBSD 13.x or 14.x to +FreeBSD 15.0, freebsd-update(8) would install a new libc which depends on +libsys before the libsys library existed. This resulted in the rest of the +update failing to install and a mostly-unusable system, with only statically +linked binaries (e.g. in /rescue) functioning. + +IV. Workaround + +No workaround is available, but this misbehaviour only applies to using +freebsd-update(8) to upgrade to FreeBSD 15.0; applying security and errata +updates (including this one) within a release branch is unaffected. + +V. Solution + +Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +Perform one of the following: + +1) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the amd64 or arm64 platforms, +or the i386 platform on FreeBSD 13, can be updated via the freebsd-update(8) +utility: + +# freebsd-update fetch +# freebsd-update install + +2) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-25:18/freebsd-update.patch +# fetch https://security.FreeBSD.org/patches/EN-25:18/freebsd-update.patch.asc +# gpg --verify freebsd-update.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +VI. Correction details + +This issue is corrected as of the corresponding Git commit hash in the +following stable and release branches: + +Branch/path Hash Revision +- ------------------------------------------------------------------------- +stable/15/ 8134e7f4b406 stable/15-n280326 +stable/14/ e26928669f39 stable/14-n272484 +releng/14.3/ 978e04ff5bcf releng/14.3-n271445 +releng/14.2/ 3447fea3523b releng/14.2-n269536 +stable/13/ 87eb52f1b061 stable/13-n259445 +releng/13.5/ ab91dd76ff72 releng/13.5-n259177 +- ------------------------------------------------------------------------- + +Run the following command to see which files were modified by a +particular commit: + +# git show --stat <commit hash> + +Or visit the following URL, replacing NNNNNN with the hash: + +<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN> + +To determine the commit count in a working tree (for comparison against +nNNNNNN in the table above), run: + +# git rev-list --count --first-parent HEAD + +VII. References + +<URL:https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289769> + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-25:18.freebsd-update.asc> +-----BEGIN PGP SIGNATURE----- + +iQIzBAEBCgAdFiEEthUnfoEIffdcgYM7bljekB8AGu8FAmjb+x0ACgkQbljekB8A +Gu8DQhAAt4nGFTHJcC4dVceeanMY4+p8zUqtrjGP1wO+dgnBbPJuHteMlaK8bi0N +A1f+XRCcbHN7OUZz0k+WgNsFOC583Zg29l+Oe6DvgRzyjUhp7q70/vgEUYbTn2eM +CeXL0GNP9h/UYcqmpot4bO0VvXf9g6qG6qBqYN31eSuDBWcRLLAOzQwbWTLxZYgB +vYDPTqMSOTygGJEiSwGDkywE45N0JvT/GA9kNiu9uh5xL0dQLgwi07BB3+bQ3rNx +hB5sK5EJSa0FcRmpSxXvtQJK5l9eIYkAcFUo0K4/UaSknIFqSOr7j4zS3MOE1PPa +7u+ZJY3SMYg9/YRlRpLs7FGe8t+Oz/1IFgjJ1bJVHZCA55kGaB9toh+wunGsSUHc ++DzPGC0PYmcVLtk75WgjjkofCRCco8Dx3QlLfEUKxzNJFL+LwfE+zi5Pk//GJcr2 +V6RipeMNJGc60N/Zz2X95ut/43/tOBFh157oSXnVFdTbDJ7zc16EvjH99IIwlkEy +pasLr0i0XklormpAyUkddA3z57qy3580/sZf07QUHrQJQfy738qPf1QY6ejk560D +INBXdJk5FNJAYiogMrHyK0N1xX5WHk6qbbiAOmSefFCKcB7uL5CPcu6l8D0sAtyP +CbzuTLGqCWiDBT0aLK1xn1MNQMPT4PL7JhWqrSJnQpicgibqAsg= +=8oNH +-----END PGP SIGNATURE----- |