From owner-freebsd-security@FreeBSD.ORG Sun Nov 17 09:52:45 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D0271F23 for ; Sun, 17 Nov 2013 09:52:45 +0000 (UTC) Received: from mail-wi0-x22f.google.com (mail-wi0-x22f.google.com [IPv6:2a00:1450:400c:c05::22f]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 5CFBA23D4 for ; Sun, 17 Nov 2013 09:52:45 +0000 (UTC) Received: by mail-wi0-f175.google.com with SMTP id hm11so2657243wib.8 for ; Sun, 17 Nov 2013 01:52:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=WmNKTIKofIN7q5i6iA+CJYNjmXzhQUsnUdFvzcL8Vls=; b=fqpDo6ri9Eu1kPBQsvQEjcrwzBOiwwQvT/wy6PEELgFmS8/YP1NrtEABjzPTwcVMp3 Bawj1cZFA16dCTykiVmE/YPXzjSOanjRGzchS3H7tBS5Qy2YxFx0nZm+gj+XLYFRL3yJ DR0AouYgj+rbiqFvdrI5vTHd/RBahzKiM7EpvxXmkq8+yPrDZUXO51dyhxC1Tn4EtIbQ g3l69tX2qJ1oN/qx/ipNTvKwSVxR+PcbkTelXTs//ChAHnz8W1nCYmvVD7zzw3JODDWk W6L7aKN4J3AXA57FJ+hs+gsdy9clX06+0mzJC5VPYd49ZD9BhYtnsFNcKLERuJJWcKHK O6rA== MIME-Version: 1.0 X-Received: by 10.181.12.75 with SMTP id eo11mr12790688wid.37.1384681963799; Sun, 17 Nov 2013 01:52:43 -0800 (PST) Received: by 10.217.141.3 with HTTP; Sun, 17 Nov 2013 01:52:43 -0800 (PST) Date: Sun, 17 Nov 2013 10:52:43 +0100 Message-ID: Subject: openssl padlock problem ? From: Berislav Purgar To: freebsd-security@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.16 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Nov 2013 09:52:46 -0000 Hello i have VIA eden cpu and problem with padlock .. system is freebsd 10-beta2 on igel 3/4 (via eden 600MHz cpu) .. when i build openssl with padlock and i386 (not 486+) openssl don't find libpadlock (it doesent build it).. root@igel:~ # /usr/local/bin/openssl WARNING: can't open config file: /usr/local/openssl/openssl.cnf OpenSSL> engine padlock 675466668:error:260B606D:engine routines:DYNAMIC_LOAD:init failed:eng_dyn.c:521: 675466668:error:2606A074:engine routines:ENGINE_by_id:no such engine:eng_list.c:417:id=padlock OpenSSL> quit root@igel:~ # ls -al /usr/local/lib/engines total 280 drwxr-xr-x 2 root wheel 512 Nov 17 03:33 . drwxr-xr-x 11 root wheel 4608 Nov 17 03:33 .. -r-xr-xr-x 1 root wheel 18341 Nov 17 03:33 lib4758cca.so -r-xr-xr-x 1 root wheel 18309 Nov 17 03:33 libaep.so -r-xr-xr-x 1 root wheel 13976 Nov 17 03:33 libatalla.so -r-xr-xr-x 1 root wheel 3929 Nov 17 03:33 libcapi.so -r-xr-xr-x 1 root wheel 24282 Nov 17 03:33 libchil.so -r-xr-xr-x 1 root wheel 20411 Nov 17 03:33 libcswift.so -r-xr-xr-x 1 root wheel 3928 Nov 17 03:33 libgmp.so -r-xr-xr-x 1 root wheel 99336 Nov 17 03:33 libgost.so -r-xr-xr-x 1 root wheel 11917 Nov 17 03:33 libnuron.so -r-xr-xr-x 1 root wheel 3932 Nov 17 03:33 libpadlock.so -r-xr-xr-x 1 root wheel 24389 Nov 17 03:33 libsureware.so -r-xr-xr-x 1 root wheel 18603 Nov 17 03:33 libubsec.so root@igel:~ # this is build for i386 and here is build for i486+ where i got problem that openssl crash with ilegal istruction but padlock is supported .. root@igel:~ # /usr/local/bin/openssl WARNING: can't open config file: /usr/local/openssl/openssl.cnf OpenSSL> engine padlock (padlock) VIA PadLock: RNG ACE2 PHE PMM OpenSSL> quit root@igel:~ # /usr/local/bin/openssl speed -evp aes-128-cbc -engine padlock WARNING: can't open config file: /usr/local/openssl/openssl.cnf engine "padlock" set. Doing aes-128-cbc for 3s on 16 size blocks: 5699935 aes-128-cbc's in 2.99s Doing aes-128-cbc for 3s on 64 size blocks: 4724568 aes-128-cbc's in 2.99s Doing aes-128-cbc for 3s on 256 size blocks: 2744851 aes-128-cbc's in 2.98s Doing aes-128-cbc for 3s on 1024 size blocks: 1023765 aes-128-cbc's in 2.98s Doing aes-128-cbc for 3s on 8192 size blocks: 146337 aes-128-cbc's in 2.93s Illegal instruction root@igel:~ # Illegal instruction root@igel:~ # dmesg | more Copyright (c) 1992-2013 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 10.0-BETA2 #0 r257419: Thu Oct 31 17:21:52 UTC 2013 root@snap.freebsd.org:/usr/obj/usr/src/sys/GENERIC i386 FreeBSD clang version 3.3 (tags/RELEASE_33/final 183502) 20130610 CPU: VIA Eden Processor 600MHz (598.52-MHz 686-class CPU) Origin = "CentaurHauls" Id = 0x6d0 Family = 0x6 Model = 0xd Stepping = 0 Features=0xa7c9b9ff Features2=0x4181 AMD Features=0x100000 VIA Padlock Features=0xffcc real memory = 536870912 (512 MB) avail memory = 485093376 (462 MB) kbd1 at kbdmux0 random: initialized acpi0: on motherboard acpi0: Power Button (fixed) acpi0: reservation of 0, a0000 (3) failed acpi0: reservation of 100000, 1ede0000 (3) failed cpu0: on acpi0 root@igel:~ # kldstat Id Refs Address Size Name 1 6 0xc0400000 1275b60 kernel 2 1 0xc7965000 4000 padlock.ko 3 1 0xc7969000 21000 crypto.ko root@igel:~ # and gdb of core $ gdb /usr/local/bin/openssl openssl.core GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-marcel-freebsd"...(no debugging symbols found)... Core was generated by `openssl'. Program terminated with signal 4, Illegal instruction. Reading symbols from /usr/local/lib/libssl.so.8...(no debugging symbols found)...done. Loaded symbols for /usr/local/lib/libssl.so.8 Reading symbols from /usr/local/lib/libcrypto.so.8...(no debugging symbols found)...done. Loaded symbols for /usr/local/lib/libcrypto.so.8 Reading symbols from /lib/libthr.so.3...(no debugging symbols found)...done. Loaded symbols for /lib/libthr.so.3 Reading symbols from /lib/libc.so.7...(no debugging symbols found)...done. Loaded symbols for /lib/libc.so.7 Reading symbols from /usr/local/lib/engines/libpadlock.so...(no debugging symbols found)...done. Loaded symbols for /usr/local/lib/engines/libpadlock.so Reading symbols from /libexec/ld-elf.so.1...(no debugging symbols found)...done. Loaded symbols for /libexec/ld-elf.so.1 #0 0x28447a4f in padlock_sha1_final () from /usr/local/lib/engines/libpadlock.so [New Thread 28c03080 (LWP 100123/openssl)] (gdb) bt #0 0x28447a4f in padlock_sha1_final () from /usr/local/lib/engines/libpadlock.so #1 0x00000044 in ?? () (gdb) bt full #0 0x28447a4f in padlock_sha1_final () from /usr/local/lib/engines/libpadlock.so No symbol table info available. #1 0x00000044 in ?? () No symbol table info available. (gdb) quit $ rm *.core any ideas ? Beri From owner-freebsd-security@FreeBSD.ORG Sun Nov 17 17:00:59 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0FB61C4D for ; Sun, 17 Nov 2013 17:00:59 +0000 (UTC) Received: from kib.kiev.ua (kib.kiev.ua [IPv6:2001:470:d5e7:1::1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 5D185280E for ; Sun, 17 Nov 2013 17:00:58 +0000 (UTC) Received: from tom.home (kostik@localhost [127.0.0.1]) by kib.kiev.ua (8.14.7/8.14.7) with ESMTP id rAHH0nmj038558; Sun, 17 Nov 2013 19:00:49 +0200 (EET) (envelope-from kostikbel@gmail.com) DKIM-Filter: OpenDKIM Filter v2.8.3 kib.kiev.ua rAHH0nmj038558 Received: (from kostik@localhost) by tom.home (8.14.7/8.14.7/Submit) id rAHH0n6A038557; Sun, 17 Nov 2013 19:00:49 +0200 (EET) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: tom.home: kostik set sender to kostikbel@gmail.com using -f Date: Sun, 17 Nov 2013 19:00:49 +0200 From: Konstantin Belousov To: Berislav Purgar Subject: Re: openssl padlock problem ? Message-ID: <20131117170049.GM59496@kib.kiev.ua> References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="qlc8gLDNRPNV/U4Q" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.22 (2013-10-16) X-Spam-Status: No, score=-2.0 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_ADSP_CUSTOM_MED,FREEMAIL_FROM,NML_ADSP_CUSTOM_MED autolearn=no version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on tom.home Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Nov 2013 17:00:59 -0000 --qlc8gLDNRPNV/U4Q Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Nov 17, 2013 at 10:52:43AM +0100, Berislav Purgar wrote: > Core was generated by `openssl'. > Program terminated with signal 4, Illegal instruction. =2E.. > #0 0x28447a4f in padlock_sha1_final () > from /usr/local/lib/engines/libpadlock.so >=20 =2E.. > any ideas ? Start with dissassembling the faulted instruction and see what is it. --qlc8gLDNRPNV/U4Q Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQIcBAEBAgAGBQJSiPZAAAoJEJDCuSvBvK1Bk18P/iumHHGIXd7U0ddMxp4hheht zwhmmdmaEIcHCZJbPk5CRd/Gi2yNf+Tkg72VWlNL2VJqsQGNhE+DOJY7HYliMmvV L6JzRPW/GnrY2c+WG/r2owr26ymEU8lcyoXhB5Pg4RtCGoE9QnBp0ZcnXtzDkmKY O4g394hcoK7krQC0j/5nhro6wcxqQFtzLFNCKkENi5oZjpGynaGJN2An1BTEyJwy 1kcMZJV8r+wYRvlePGmxEXARMsfPdG3qNbK2qoVZzgta+3ODrmf3aQ4vDQjQ35mJ /gT2oz91/bQxaowmOLE6Wu/wRfO9ozh64PCN5W5peWX9ZGEugXL+b5BW51UmnYZ3 CyuZa9WLHFz7IvyYKPz41v0ULVky8pbAtY+fbF82XfhdaiAdkp2LDSxV3SZU7SrA F4/0EoVBfPNWCP4Uo1J9WhlFsaN4RnBWyjlcghGx/dTtTIken8DyCVgrlAHrX8i9 7DF+UdUleHnxUPP5m6cXKFYIPxVo02gp8qBwM5YvXvCJJTxvqZ7VPHNTwPLa1cRH zUZV0BWYT9RxMZiDqBHuNokQJJ6tJsKxUtYciicqbOGzMqAkMHQSbMSGgDzEgXyk 3HpT+hqjzO1KHOO5zOmaJWtLTNGamNF4ra/fkwJnk1iGOatNhhoOfYhiQXlv07EZ nt2JTAGlzsGAAVJnTD4H =coSV -----END PGP SIGNATURE----- --qlc8gLDNRPNV/U4Q-- From owner-freebsd-security@FreeBSD.ORG Tue Nov 19 10:21:30 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id DF19CE49; Tue, 19 Nov 2013 10:21:30 +0000 (UTC) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id 854362362; Tue, 19 Nov 2013 10:21:30 +0000 (UTC) Received: from nine.des.no (smtp.des.no [194.63.250.102]) by smtp-int.des.no (Postfix) with ESMTP id 8620762EC; Tue, 19 Nov 2013 10:21:29 +0000 (UTC) Received: by nine.des.no (Postfix, from userid 1001) id 98E0A1A3C; Tue, 19 Nov 2013 11:21:30 +0100 (CET) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-13:14.openssh Precedence: bulk Message-Id: <20131119102130.98E0A1A3C@nine.des.no> Date: Tue, 19 Nov 2013 11:21:30 +0100 (CET) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.16 Reply-To: freebsd-security@freebsd.org List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Nov 2013 10:21:30 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-13:14.openssh Security Advisory The FreeBSD Project Topic: OpenSSH AES-GCM memory corruption vulnerability Category: contrib Module: openssh Announced: 2013-11-19 Affects: FreeBSD 10.0-BETA Corrected: 2013-11-19 09:35:20 UTC (stable/10, 10.0-STABLE) 2013-11-19 09:35:20 UTC (stable/10, 10.0-BETA3-p1) 2013-11-19 09:35:20 UTC (stable/10, 10.0-BETA2-p1) 2013-11-19 09:35:20 UTC (stable/10, 10.0-BETA1-p2) CVE Name: CVE-2013-4548 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background OpenSSH is an implementation of the SSH protocol suite, providing an encrypted and authenticated transport for a variety of services, including remote shell access. AES-GCM (Galois/Counter Mode) is a mode of operation for AES block cipher that combines the counter mode of encryption with the Galois mode of authentication which can offer throughput rates for state of the art, high speed communication channels. OpenSSH supports the AES-GCM algorithm as specified in RFC 5647. II. Problem Description A memory corruption vulnerability exists in the post-authentication sshd process when an AES-GCM cipher (aes128-gcm@openssh.com or aes256-gcm@openssh.com) is selected during key exchange. III. Impact If exploited, this vulnerability might permit code execution with the privileges of the authenticated user, thereby allowing a malicious user with valid credentials to bypass shell or command restrictions placed on their account. IV. Workaround Disable AES-GCM in the server configuration. This can be accomplished by adding the following /etc/sshd_config option, which will disable AES-GCM while leaving other ciphers active: Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc Systems not running the OpenSSH server daemon (sshd) are not affected. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-13:14/openssh.patch # fetch http://security.FreeBSD.org/patches/SA-13:14/openssh.patch.asc # gpg --verify openssh.patch.asc b) Execute the following commands as root: # cd /usr/src # patch < /path/to/patch Recompile the operating system using buildworld and installworld as described in . Restart the sshd daemon, or reboot the system. 3) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/10/ r258335 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (FreeBSD) iQIcBAEBAgAGBQJSizUhAAoJEO1n7NZdz2rn6VcQALriII/5f2ipZQeOt41p5oBi r3qQ3uoZc705MGhld/Zz/RjmB8N+NSZUCZQP0sjaEUkksykZNQhmlbvJXB0ywDHP ggIpq++7r2igXMwqqj+7SEtOkQc/rP8/pDjAn0CJKDGIItgpYuqB34sEJNNuYjiM f/bdfXN3zU4VOiIjCjfGuOamGPXCyRdEAm9HKMVWuDqXIjBHdOxhkw2TnyrC77Vd IxOEYsD97XYuJF++55uHBMv+jynrlQfJF9s3+rQVGOqs14KXYJ+HeqFwxJkhIzyg BrxotPNcO6i5lFOiZrCcmEkf3SRh3Ok3CFFFdn9EhOTxrfGKRm/7R+WB0NKT4+ll sAWfhCCMHkhE/j/0L/DCGL8wD6zH1bzpFWn6efAlih4N5YXSJfGlZdkPw0zl/ZgD umYiwpr9PMnPtocfpV51HITNf0T+CUUHJ5bI3Do9cKZyr3yt869r2MNH6PLT0Lyl 4YTcN6IC1K+2JXxvjry7wuJWaPUDS/Hl7Rb3vivdyFJsOF6cddCq1uoU/COXjEE7 KF2+KXNKyCZvfPYxzaljvQjEEGZFswN21YrG4dk3JbaOEo0/+s06DJe/YDhagRgQ h1DtzesRuV8Mlxf0kCX5dmMEjIYX0ZtsZT7aueoSD0zGDFpiOjMQ2DQ3O9S3UhFz ScAFXjtFwMqy8RkwNzIp =Nkc2 -----END PGP SIGNATURE----- From owner-freebsd-security@FreeBSD.ORG Tue Nov 19 11:59:25 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 50D8737E for ; Tue, 19 Nov 2013 11:59:25 +0000 (UTC) Received: from fate.ctgameinfo.com (ns1.ctgameinfo.com [184.172.20.152]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 2B3F12ACF for ; Tue, 19 Nov 2013 11:59:24 +0000 (UTC) Received: from [192.168.2.10] (S0106687f749dc87e.vs.shawcable.net [184.65.77.230]) by fate.ctgameinfo.com (Postfix) with ESMTPA id 5EC9745091 for ; Tue, 19 Nov 2013 03:52:55 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.97.8 at spamass Message-ID: <528B5118.2010605@ctgameinfo.com> Date: Tue, 19 Nov 2013 03:52:56 -0800 From: Cstdenis User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-13:14.openssh References: <20131119102130.90E5C1A3B@nine.des.no> In-Reply-To: <20131119102130.90E5C1A3B@nine.des.no> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Tue, 19 Nov 2013 12:43:13 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Nov 2013 11:59:25 -0000 I think the file in workaround should actually be /etc/ssh/sshd_config unless I am mistaken. On 11/19/2013 2:21 AM, FreeBSD Security Advisories wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > ============================================================================= > FreeBSD-SA-13:14.openssh Security Advisory > The FreeBSD Project > > Topic: OpenSSH AES-GCM memory corruption vulnerability > > Category: contrib > Module: openssh > Announced: 2013-11-19 > Affects: FreeBSD 10.0-BETA > Corrected: 2013-11-19 09:35:20 UTC (stable/10, 10.0-STABLE) > 2013-11-19 09:35:20 UTC (stable/10, 10.0-BETA3-p1) > 2013-11-19 09:35:20 UTC (stable/10, 10.0-BETA2-p1) > 2013-11-19 09:35:20 UTC (stable/10, 10.0-BETA1-p2) > CVE Name: CVE-2013-4548 > > For general information regarding FreeBSD Security Advisories, > including descriptions of the fields above, security branches, and the > following sections, please visit . > > I. Background > > OpenSSH is an implementation of the SSH protocol suite, providing an > encrypted and authenticated transport for a variety of services, > including remote shell access. > > AES-GCM (Galois/Counter Mode) is a mode of operation for AES block > cipher that combines the counter mode of encryption with the Galois > mode of authentication which can offer throughput rates for state of > the art, high speed communication channels. > > OpenSSH supports the AES-GCM algorithm as specified in RFC 5647. > > II. Problem Description > > A memory corruption vulnerability exists in the post-authentication sshd > process when an AES-GCM cipher (aes128-gcm@openssh.com or > aes256-gcm@openssh.com) is selected during key exchange. > > III. Impact > > If exploited, this vulnerability might permit code execution with the > privileges of the authenticated user, thereby allowing a malicious > user with valid credentials to bypass shell or command restrictions > placed on their account. > > IV. Workaround > > Disable AES-GCM in the server configuration. This can be accomplished by > adding the following /etc/sshd_config option, which will disable AES-GCM > while leaving other ciphers active: > > Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc > > Systems not running the OpenSSH server daemon (sshd) are not affected. > > V. Solution > > Perform one of the following: > > 1) Upgrade your vulnerable system to a supported FreeBSD stable or > release / security branch (releng) dated after the correction date. > > 2) To update your vulnerable system via a source code patch: > > The following patches have been verified to apply to the applicable > FreeBSD release branches. > > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. > > # fetch http://security.FreeBSD.org/patches/SA-13:14/openssh.patch > # fetch http://security.FreeBSD.org/patches/SA-13:14/openssh.patch.asc > # gpg --verify openssh.patch.asc > > b) Execute the following commands as root: > > # cd /usr/src > # patch < /path/to/patch > > Recompile the operating system using buildworld and installworld as > described in . > > Restart the sshd daemon, or reboot the system. > > 3) To update your vulnerable system via a binary patch: > > Systems running a RELEASE version of FreeBSD on the i386 or amd64 > platforms can be updated via the freebsd-update(8) utility: > > # freebsd-update fetch > # freebsd-update install > > VI. Correction details > > The following list contains the correction revision numbers for each > affected branch. > > Branch/path Revision > - ------------------------------------------------------------------------- > stable/10/ r258335 > - ------------------------------------------------------------------------- > > To see which files were modified by a particular revision, run the > following command, replacing NNNNNN with the revision number, on a > machine with Subversion installed: > > # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base > > Or visit the following URL, replacing NNNNNN with the revision number: > > > > VII. References > > > > The latest revision of this advisory is available at > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.15 (FreeBSD) > > iQIcBAEBAgAGBQJSizUhAAoJEO1n7NZdz2rn6VcQALriII/5f2ipZQeOt41p5oBi > r3qQ3uoZc705MGhld/Zz/RjmB8N+NSZUCZQP0sjaEUkksykZNQhmlbvJXB0ywDHP > ggIpq++7r2igXMwqqj+7SEtOkQc/rP8/pDjAn0CJKDGIItgpYuqB34sEJNNuYjiM > f/bdfXN3zU4VOiIjCjfGuOamGPXCyRdEAm9HKMVWuDqXIjBHdOxhkw2TnyrC77Vd > IxOEYsD97XYuJF++55uHBMv+jynrlQfJF9s3+rQVGOqs14KXYJ+HeqFwxJkhIzyg > BrxotPNcO6i5lFOiZrCcmEkf3SRh3Ok3CFFFdn9EhOTxrfGKRm/7R+WB0NKT4+ll > sAWfhCCMHkhE/j/0L/DCGL8wD6zH1bzpFWn6efAlih4N5YXSJfGlZdkPw0zl/ZgD > umYiwpr9PMnPtocfpV51HITNf0T+CUUHJ5bI3Do9cKZyr3yt869r2MNH6PLT0Lyl > 4YTcN6IC1K+2JXxvjry7wuJWaPUDS/Hl7Rb3vivdyFJsOF6cddCq1uoU/COXjEE7 > KF2+KXNKyCZvfPYxzaljvQjEEGZFswN21YrG4dk3JbaOEo0/+s06DJe/YDhagRgQ > h1DtzesRuV8Mlxf0kCX5dmMEjIYX0ZtsZT7aueoSD0zGDFpiOjMQ2DQ3O9S3UhFz > ScAFXjtFwMqy8RkwNzIp > =Nkc2 > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-announce@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-announce > To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freebsd.org" From owner-freebsd-security@FreeBSD.ORG Tue Nov 19 15:44:43 2013 Return-Path: Delivered-To: FreeBSD-security@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C329D406 for ; Tue, 19 Nov 2013 15:44:43 +0000 (UTC) Received: from hoffman.proper.com (IPv6.Hoffman.Proper.COM [IPv6:2605:8e00:100:41::81]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id A04AA28DD for ; Tue, 19 Nov 2013 15:44:43 +0000 (UTC) Received: from [10.20.30.90] (50-0-66-41.dsl.dynamic.sonic.net [50.0.66.41]) (authenticated bits=0) by hoffman.proper.com (8.14.7/8.14.7) with ESMTP id rAJFifms082377 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) for ; Tue, 19 Nov 2013 08:44:42 -0700 (MST) (envelope-from phoffman@proper.com) X-Authentication-Warning: hoffman.proper.com: Host 50-0-66-41.dsl.dynamic.sonic.net [50.0.66.41] claimed to be [10.20.30.90] From: Paul Hoffman Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Subject: Question about "FreeBSD Security Advisory FreeBSD-SA-13:14.openssh" Date: Tue, 19 Nov 2013 07:44:40 -0800 References: <20131119102130.90E5C1A3B@nine.des.no> To: FreeBSD-security@FreeBSD.org Message-Id: Mime-Version: 1.0 (Mac OS X Mail 7.0 \(1822\)) X-Mailer: Apple Mail (2.1822) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Nov 2013 15:44:43 -0000 Greetings again. Why does this announcement only apply to:=20 > Affects: FreeBSD 10.0-BETA That might be the only version where aes128-gcm and aes256-gcm are in = the defaults, but other versions of FreeBSD allow you to specify cipher = lists in /etc/ssh/sshd_config. I would think that you would need to = update all systems running OpenSSH 6.2 and 6.3, according to the CVE. = FWIW, when I did a freebsd-update on my 9.2-RELEASE system, sshd (6.2) = was not updated. --Paul Hoffman= From owner-freebsd-security@FreeBSD.ORG Tue Nov 19 15:54:25 2013 Return-Path: Delivered-To: FreeBSD-security@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D4F5168F for ; Tue, 19 Nov 2013 15:54:25 +0000 (UTC) Received: from yoshi.bluerosetech.com (yoshi.bluerosetech.com [174.136.100.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id C06FA296D for ; Tue, 19 Nov 2013 15:54:25 +0000 (UTC) Received: from chombo.houseloki.net (unknown [IPv6:2601:7:1680:365:21c:c0ff:fe7f:96ee]) by yoshi.bluerosetech.com (Postfix) with ESMTPSA id B1442E606C; Tue, 19 Nov 2013 07:54:19 -0800 (PST) Received: from [IPv6:2601:7:1680:365:6948:f8a5:e3c:7d9d] (unknown [IPv6:2601:7:1680:365:6948:f8a5:e3c:7d9d]) by chombo.houseloki.net (Postfix) with ESMTPSA id 8DD64E2E; Tue, 19 Nov 2013 07:54:18 -0800 (PST) Message-ID: <528B89A8.1090605@bluerosetech.com> Date: Tue, 19 Nov 2013 07:54:16 -0800 From: Darren Pilgrim User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.1.0 MIME-Version: 1.0 To: Paul Hoffman , FreeBSD-security@FreeBSD.org Subject: Re: Question about "FreeBSD Security Advisory FreeBSD-SA-13:14.openssh" References: <20131119102130.90E5C1A3B@nine.des.no> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Nov 2013 15:54:25 -0000 On 11/19/2013 7:44 AM, Paul Hoffman wrote: > Greetings again. Why does this announcement only apply to: > >> Affects: FreeBSD 10.0-BETA > > That might be the only version where aes128-gcm and aes256-gcm are in > the defaults, but other versions of FreeBSD allow you to specify > cipher lists in /etc/ssh/sshd_config. I would think that you would > need to update all systems running OpenSSH 6.2 and 6.3, according to > the CVE. FWIW, when I did a freebsd-update on my 9.2-RELEASE system, > sshd (6.2) was not updated. The other requirement for being vulnerable is OpenSSH must be compiled with TLS 1.2 support (i.e., linked to OpenSSL v1.0.1 or later). FreeBSD 9.2 only has OpenSSL 0.9.8.y. From owner-freebsd-security@FreeBSD.ORG Tue Nov 19 16:14:38 2013 Return-Path: Delivered-To: FreeBSD-security@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 9EA0EABB for ; Tue, 19 Nov 2013 16:14:38 +0000 (UTC) Received: from hoffman.proper.com (IPv6.Hoffman.Proper.COM [IPv6:2605:8e00:100:41::81]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 795B12AA0 for ; Tue, 19 Nov 2013 16:14:38 +0000 (UTC) Received: from [10.20.30.90] (50-0-66-41.dsl.dynamic.sonic.net [50.0.66.41]) (authenticated bits=0) by hoffman.proper.com (8.14.7/8.14.7) with ESMTP id rAJGEWIP083201 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Tue, 19 Nov 2013 09:14:34 -0700 (MST) (envelope-from phoffman@proper.com) X-Authentication-Warning: hoffman.proper.com: Host 50-0-66-41.dsl.dynamic.sonic.net [50.0.66.41] claimed to be [10.20.30.90] Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 7.0 \(1822\)) Subject: Re: Question about "FreeBSD Security Advisory FreeBSD-SA-13:14.openssh" From: Paul Hoffman In-Reply-To: <528B89A8.1090605@bluerosetech.com> Date: Tue, 19 Nov 2013 08:14:31 -0800 Content-Transfer-Encoding: quoted-printable Message-Id: References: <20131119102130.90E5C1A3B@nine.des.no> <528B89A8.1090605@bluerosetech.com> To: Darren Pilgrim X-Mailer: Apple Mail (2.1822) Cc: FreeBSD-security@FreeBSD.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Nov 2013 16:14:38 -0000 On Nov 19, 2013, at 7:54 AM, Darren Pilgrim = wrote: > On 11/19/2013 7:44 AM, Paul Hoffman wrote: >> Greetings again. Why does this announcement only apply to: >>=20 >>> Affects: FreeBSD 10.0-BETA >>=20 >> That might be the only version where aes128-gcm and aes256-gcm are in >> the defaults, but other versions of FreeBSD allow you to specify >> cipher lists in /etc/ssh/sshd_config. I would think that you would >> need to update all systems running OpenSSH 6.2 and 6.3, according to >> the CVE. FWIW, when I did a freebsd-update on my 9.2-RELEASE system, >> sshd (6.2) was not updated. >=20 > The other requirement for being vulnerable is OpenSSH must be compiled = with TLS 1.2 support (i.e., linked to OpenSSL v1.0.1 or later). FreeBSD = 9.2 only has OpenSSL 0.9.8.y. Very clear explanation, thanks! (I note that this wasn't even hinted at = in the CVE...) --Paul Hoffman= From owner-freebsd-security@FreeBSD.ORG Wed Nov 20 06:22:46 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id EEC63561 for ; Wed, 20 Nov 2013 06:22:46 +0000 (UTC) Received: from anubis.delphij.net (anubis.delphij.net [IPv6:2001:470:1:117::25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id D26A72FCB for ; Wed, 20 Nov 2013 06:22:46 +0000 (UTC) Received: from delphij-macbook.local (unknown [IPv6:2001:470:83bf:0:8c5c:eb2:25f2:687]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by anubis.delphij.net (Postfix) with ESMTPSA id 595CE1F600; Tue, 19 Nov 2013 22:22:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=delphij.net; s=anubis; t=1384928566; bh=B8Waro3yuJ4VaotsDSJLayN5HCScExsOlRlCzwRjrCE=; h=Date:From:Reply-To:To:Subject:References:In-Reply-To; b=3vP+0yv3cwISADLhZF8m5n/T8m4AkOTCT5Ufaw2L3QZ+2vqo38X3Q113aUgoIpD2W HglRKXBq+HG9bWVIY2Jkwp/ymZZ87YnH9m/lF3miSyopT1MzYRl2uMyCWMH2LEfWlj /gKKqE3AuQ9LE9Yadq1jhTSQDxXGbTNh+m6QLOoM= Message-ID: <528C5535.2070203@delphij.net> Date: Tue, 19 Nov 2013 22:22:45 -0800 From: Xin Li Organization: The FreeBSD Project MIME-Version: 1.0 To: Cstdenis , freebsd-security@freebsd.org Subject: Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-13:14.openssh References: <20131119102130.90E5C1A3B@nine.des.no> <528B5118.2010605@ctgameinfo.com> In-Reply-To: <528B5118.2010605@ctgameinfo.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list Reply-To: d@delphij.net List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Nov 2013 06:22:47 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 11/19/13, 3:52 AM, Cstdenis wrote: > I think the file in workaround should actually be > /etc/ssh/sshd_config unless I am mistaken. Ah you are right, that's my fault. Cheers, -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJSjFU1AAoJEJW2GBstM+nspsEP/0kD9mLOVjQOaoVat4Y8SvLg Oz8MOfLbxjtOzh6+fuQS/9N/VXCvrCQ9A55ovIAIkp0kQ1WkbcrLm8y8K1N7IM+Q 1uNRGpK6oqqa/lrichBFbMi+UC/uws7+1lOlO1x+1Kb5lYcVrwJaPwh04D53vDTx 0wVtV0kkUAS6yqeOx24TWWE0tBtl55AYPT9zcgMWlO4SRxAFuPgWROxcvaTIK1uc 5JeR/AEq2gethKwruaANDD2N5izncT9jw8ivU9DP97JlHcxKtsyokKSZ4pJkJSkM fol/175Xov2D83wiCgIVdsBvYUnloIhnBlMwZcYouMLrOdMPdmH1XA5fMB2swnfG fSfNknCVX8Wapc1tlA/t/wqQ2uNOPGdb+MHPZDKUdYaikHv44xG1hhQPUkIdgLUy DuxFDFYvoeWCYqHvbUM9R2GDoj+Z+xbNwVnSEHEaVp+XMKkqU/p+aC5D0Ud0WHXb FzMNX4wxkoGLONADbQa8Cd4YbE//MJEstpp5jG3iaVt/Y8F1PMjIkkvPwuw8TR/f Vy0ZPxyhbaStNaBByoabsYnfhoppg2PrO2VexQtFicSDpa6oLZIxQCLVZMTPAvfh ZsnA2YZZ9o4bHs+YQXTDHhx/G6c05nfpWS92e2aIZpNIAfP1dswcLgni3abHDKcJ hE4051WwkRlvrPUGY2No =LL/Y -----END PGP SIGNATURE----- From owner-freebsd-security@FreeBSD.ORG Wed Nov 20 15:09:52 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E894EF55 for ; Wed, 20 Nov 2013 15:09:52 +0000 (UTC) Received: from hoffman.proper.com (IPv6.Hoffman.Proper.COM [IPv6:2605:8e00:100:41::81]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id C3EBF21BA for ; Wed, 20 Nov 2013 15:09:52 +0000 (UTC) Received: from [10.20.30.90] (50-0-66-41.dsl.dynamic.sonic.net [50.0.66.41]) (authenticated bits=0) by hoffman.proper.com (8.14.7/8.14.7) with ESMTP id rAKF9oTP024758 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) for ; Wed, 20 Nov 2013 08:09:51 -0700 (MST) (envelope-from phoffman@proper.com) X-Authentication-Warning: hoffman.proper.com: Host 50-0-66-41.dsl.dynamic.sonic.net [50.0.66.41] claimed to be [10.20.30.90] Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 7.0 \(1822\)) Subject: Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-13:14.openssh From: Paul Hoffman In-Reply-To: <528C5535.2070203@delphij.net> Date: Wed, 20 Nov 2013 07:09:50 -0800 Content-Transfer-Encoding: quoted-printable Message-Id: <291BB9DD-1ABE-4B0B-972B-63C65038907E@proper.com> References: <20131119102130.90E5C1A3B@nine.des.no> <528B5118.2010605@ctgameinfo.com> <528C5535.2070203@delphij.net> To: freebsd-security@freebsd.org X-Mailer: Apple Mail (2.1822) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Nov 2013 15:09:53 -0000 On Nov 19, 2013, at 10:22 PM, Xin Li wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 >=20 > On 11/19/13, 3:52 AM, Cstdenis wrote: >> I think the file in workaround should actually be >> /etc/ssh/sshd_config unless I am mistaken. >=20 > Ah you are right, that's my fault. I was wondering about that, but figured it might have moved in FreeBSD = 10. Good to hear that it is not moving. --Paul Hoffman= From owner-freebsd-security@FreeBSD.ORG Wed Nov 20 17:14:59 2013 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C098C475 for ; Wed, 20 Nov 2013 17:14:59 +0000 (UTC) Received: from anubis.delphij.net (anubis.delphij.net [64.62.153.212]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id A664A2A65 for ; Wed, 20 Nov 2013 17:14:59 +0000 (UTC) Received: from delphij-macbook.local (unknown [IPv6:2001:470:83bf:0:68ef:c481:fa37:e7a0]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by anubis.delphij.net (Postfix) with ESMTPSA id 8FA241EC24; Wed, 20 Nov 2013 09:14:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=delphij.net; s=anubis; t=1384967698; bh=oYSqs+JRZX4HgtXynWDckFgSEs4BeUaYefvbR3j47dM=; h=Date:From:Reply-To:To:Subject:References:In-Reply-To; b=RPJpzlMqK8Pf1jK8vhEeZo0jZ3vy4dRG/QEIhbQ4ID6kmbS9AOEBAbAYUJPb+WyNE F+JwtJM0eZ0tu8o+QQwE2l1siXWgv14Pon5eyvqsaev957jjrs7CEwO2YDQYjy/8iv l1ad0J0QCpO6U3ptpWChuJJwg+TDj8Yzgt2UVo1U= Message-ID: <528CEE12.60606@delphij.net> Date: Wed, 20 Nov 2013 09:14:58 -0800 From: Xin Li Organization: The FreeBSD Project MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Re: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-13:14.openssh References: <20131119102130.90E5C1A3B@nine.des.no> <528B5118.2010605@ctgameinfo.com> <528C5535.2070203@delphij.net> <291BB9DD-1ABE-4B0B-972B-63C65038907E@proper.com> In-Reply-To: <291BB9DD-1ABE-4B0B-972B-63C65038907E@proper.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.16 Precedence: list Reply-To: d@delphij.net List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Nov 2013 17:14:59 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 11/20/13, 7:09 AM, Paul Hoffman wrote: > I was wondering about that, but figured it might have moved in > FreeBSD 10. Good to hear that it is not moving. No, it's not moving. We try our best to keep POLA even with .0 releases whenever possible. Cheers, -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJSjO4SAAoJEJW2GBstM+nsqIwP/Anjs0I3Q7vxGz0ModWmap3Z 0TwsN+aizWi9vI6GmjrsT+jznah0SaAtzIihsW4Fnpglhz8VHQYu8JlLfb9CMR5R U3X74k2CXGBDn01TEdD4TOzyd69+yaoQXxlGudOYWXh+hGno6HyifIk9E1P8URCs eoar1f+CXV2rnvsxuQzNS0NT7UnooMU4LpRT2R/6f9N+3K18SRyecd9GtmayKgLa VX8N51pRFZO+b82FXhQuyFsj3omA9QdRR+4i3LBIRGOt7Dey8YDTDUzpLyX6LQUL LfX49KELMMnBGJ7w+YeOyBD7KCqxq3g+4t180VdRtrNcyKeRbDd/mcgLfgcXyO3m AEnKl6USyGXhNHwvsAObOIfGBNY+wLlJsCfNAGINPeBFI946uA3jG4YFhrogZPOn HsAlVCasYvOpwsxlZOD7h4p45M4GhPe+2g+8YwJSupSQHk/HNBE5Is/MI4Z9FR7l VcglnX1Sprs6oaToMJotwKbu1/K8X9NzebxGV2xJR2t+cHN4G2sgi/YcB/0hF6hN rTnH8ivMrSLMewQVCSws27moE6/2QwOYhLwFvRBaUR7MpISj4sBT49hSaf4dNTwy vyPPY6MgPefg7ypipO9YbFrRPQsreM5OHyq+USYbNGf950SHEQ6UBq3xwcjvaqS1 hcGlg6D2LLvJFydB0SOj =gDxX -----END PGP SIGNATURE-----