FreeBSD bhyve, OpenSSL, GEOM/libfetch security fix released - nixCraft

All supported versions of FreeBSD are affected by various security bugs that need to be applied ASAP. For example, a memory corruption bug exists in the bhyve hypervisor. Another overwrite the stack of ggatec and potentially execute arbitrary code. There are two issues fixed for OpenSSL in this security advisory too. Let us see what and how to fix these security vulnerabilities on FreeBSD.

The excellent news is fixed are released for FreeBSD version 11, 12 and 13 for bhyve, openssl, GEOM and libfetch.

FreeBSD bhyve, openssl, GEOM and libfetch security fixes released

The missing error handling in bhyve hypervisor device models exists. Specific VirtIO-based device models failed to handle errors when fetching I/O descriptors. As a result, a malicious guest could trigger such errors. In addition, as a result, the device model code could be tricked into operating on uninitialized I/O vectors, leading to memory corruption. A malicious guest VM may be able to crash the bhyve process. It may be possible to exploit the memory corruption bugs to achieve arbitrary code execution in the bhyve process.

Remote code execution in ggatec

FreeBSD users can remotely use devices, such as disks, CD-ROMs, files, and more, using GEOM Gate Network Devices (ggated). A malicious ggated server or an attacker in a privileged network position can overwrite the stack with crafted content and potentially execute arbitrary code on the FreeBSD box.

libfetch out of bounds read error

The libfetch(3) is a multi-protocol file transfer library included with FreeBSD and used by the fetch command and pkg command package manager, and others. A malicious FTP server can control the connection buffer size because the size is increased until a newline is encountered (or no more characters are read). This also allows moving the buffer into more interesting areas within the address space, potentially parsing relevant numbers for the attacker.

Multiple OpenSSL vulnerabilities under FreeBSD

FreeBSD operating system includes software from the OpenSSL Project for the Transport Layer Security (TLS) protocol and cryptography library. There are two issues fixed in this security advisory.

How to apply security fix on FreeBSD

There is no workaround available. However, security patches were released. Therefore, one needs to upgrade the vulnerable system to a supported FreeBSD stable or releng.

Finding FreeBSD version and patch level number

Open the terminal application and then execute the following command at FreeBSD shell or over ssh prompt for remote server hosted at AWS cloud:
$ uname -mrs
FreeBSD 13.0-RELEASE-p3 amd64
$ freebsd-version
13.0-RELEASE-p3
I am going to use the freebsd-update command as follows to fetch update and install them:
sudo freebsd-update fetch

Password:
src component not installed, skipped
Looking up update.FreeBSD.org mirrors... 2 mirrors found.
Fetching metadata signature for 13.0-RELEASE from update1.freebsd.org... done.
Fetching metadata index... done.
Fetching 2 metadata patches.. done.
Applying metadata patches... done.
Inspecting system... done.
Preparing to download files... done.
Fetching 32 patches.....10....20....30. done.
Applying patches... done.
The following files will be updated as part of updating to
13.0-RELEASE-p4:
/bin/freebsd-version
/boot/kernel/kernel
/boot/kernel/virtio_blk.ko
/lib/libcrypto.so.111
/rescue/[
/rescue/bectl
/rescue/bsdlabel
....
..
......
/usr/lib32/libfetch_p.a
/usr/lib32/libssl.a
/usr/lib32/libssl.so.111
/usr/lib32/libssl_p.a
/usr/sbin/bhyve
/usr/sbin/hostapd
/usr/sbin/ntp-keygen
/usr/sbin/wpa_cli
/usr/sbin/wpa_supplicant

Install those updates, execute:
sudo freebsd-update install
Make sure you restart all daemons that use the library, or reboot the system. I decided to reboot the FreeBSD server using the reboot command:
$ sudo reboot

Verification

After reboot, let us verify the FreeBSD version:
$ freebsd-version

Optionally use the pkg command to apply package upgrades to the FreeBSD system too, if any available:
$ sudo pkg update
$ sudo pkg upgrade

Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Checking for upgrades (1 candidates): 100%
Processing candidates (1 candidates): 100%
Checking integrity... done (0 conflicting)
Your packages are up to date.

See how to applying security updates using pkg/freebsd-update on FreeBSD for more information.

Summing up

Fixing security issues under FreeBSD is essential to avoid data loss or system getting owned by bugs. For example, I patched all my FreeBSD 13.x boxes. Please visit the FreeBSD website for general information regarding FreeBSD Security Advisories, including descriptions of the fields above and security branches.

ADVERTISEMENT