From owner-freebsd-security@FreeBSD.ORG Wed Dec 17 08:36:53 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 33E5E722; Wed, 17 Dec 2014 08:36:53 +0000 (UTC) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id CB05FD9B; Wed, 17 Dec 2014 08:36:52 +0000 (UTC) Received: from nine.des.no (smtp.des.no [194.63.250.102]) by smtp-int.des.no (Postfix) with ESMTP id 024359449; Wed, 17 Dec 2014 08:36:49 +0000 (UTC) Received: by nine.des.no (Postfix, from userid 1001) id E0059421C; Wed, 17 Dec 2014 09:36:43 +0100 (CET) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-14:30.unbound Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20141217083643.E0059421C@nine.des.no> Date: Wed, 17 Dec 2014 09:36:43 +0100 (CET) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Dec 2014 08:36:53 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:30.unbound Security Advisory The FreeBSD Project Topic: unbound remote denial of service vulnerability Category: contrib Module: unbound Announced: 2014-12-17 Affects: FreeBSD 10.0-RELEASE and later Credits: Florian Maury (ANSSI) Corrected: 2014-12-17 06:58:00 UTC (stable/10, 10.1-STABLE) 2014-12-17 06:59:47 UTC (releng/10.1, 10.1-RELEASE-p2) 2014-12-17 06:59:47 UTC (releng/10.0, 10.0-RELEASE-p14) CVE Name: CVE-2014-8602 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background Unbound is a validating, recursive, and caching DNS resolver. II. Problem Description By causing queries to be made against a maliciously-constructed zone or against a malicious DNS server, an attacker who is able to cause specific queries to be sent to a nameserver can trick unbound(8) resolver into following an endless series of delegations, which consumes a lot of resources. III. Impact Unbound will spend a lot of resources on this query, and this will impact unbound's CPU and network resources. Unbound may therefore lose some ability or timelines for the service of customer queries (a denial of service). Unbound will continue to respond normally for cached queries. IV. Workaround No workaround is available, but hosts not running unbound(8) are not vulnerable. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 10.x] # fetch https://security.FreeBSD.org/patches/SA-14:30/unbound.patch # fetch https://security.FreeBSD.org/patches/SA-14:30/unbound.patch.asc # gpg --verify unbound.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart the unbound(8) daemons, or reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/10/ r275853 releng/10.0/ r275854 releng/10.1/ r275854 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJUkTg1AAoJEO1n7NZdz2rn+iUP/3RP0KKn8B2SnSpSLbXws/eY GEOTYEsZJpGTtCyIg5eKmJ/AU7dKiD34da2uaL41Lt4hWa/Icyk13CtV6cK9TfN4 oSrrgDCbqErrFh74lhQX3v3bYHNMhZRVnaM9tHXHmpa9NAKhyTP+eyo+Ss7iK/am lVBW2xPv92OKyjo0Onp5h3o5QT6DHpPgW91f9He4GygYfShMXtOb+VhGpllxwbeM aS59yPkhGJLVhxQn2QtFpj67QxS5GIhK6iccwrRKo8Okij2mlRfR4fuD5Ol4L9TK sZKMGtgESPLGmfW1Pj/BRobyCWcs+cYLchZkxbomQBcH7ybpOMW+SqTB0FkZcscU ODMzvum2VZuSl5fAlu3F6V0/k+8cFiE4B/Xyioqa8aRsfYNfWjoETmfE7ld+zXqX 8cPizwGYdsuO4g6mNS0HFuuexkJem9qviRfnQUQ/EJQPNfXB33GYBoFquE0mvFUO WN5QiietSnNp4/TF+BjXlaeo/PtO+Q8xIdqgdSzouslx95a4j3N127k8Yoz55Nx+ 3mEeqvZRf5/7ieIgyHti/v/xKZOyGCs6NwlZ6xN+0kanNqMDfjpKnfzTJnnSTbj6 z6FCzXn986EqL8kpJisKZEJfntvZu4ft/KUo4qzZAtuNgnoUGFYXv5DfQrM75ZJ/ 9PFQzCA+8snPiCyUhAaC =fkvr -----END PGP SIGNATURE----- From owner-freebsd-security@FreeBSD.ORG Wed Dec 17 11:10:12 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A4CFD15FD; Wed, 17 Dec 2014 11:10:12 +0000 (UTC) Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mout.gmx.net", Issuer "TeleSec ServerPass DE-1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 373D967C; Wed, 17 Dec 2014 11:10:11 +0000 (UTC) Received: from [192.168.0.100] ([87.139.233.65]) by mail.gmx.com (mrgmx101) with ESMTPSA (Nemesis) id 0M0LtB-1Xmf4q30vN-00uabL; Wed, 17 Dec 2014 10:10:37 +0100 Message-ID: <5491488E.4020405@gmx.de> Date: Wed, 17 Dec 2014 10:10:38 +0100 From: olli hauer Reply-To: security-advisories@freebsd.org User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:31.0) Gecko/20100101 Thunderbird/31.3.0 MIME-Version: 1.0 To: FreeBSD Security Advisories Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:30.unbound References: <20141217083643.E0059421C@nine.des.no> In-Reply-To: <20141217083643.E0059421C@nine.des.no> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit X-Provags-ID: V03:K0:9TlOlzXVojqwjCumCe1mf6TOz0TdYUMtTC1+H8/wk5f5OPwA6zw rLJDgIwCH66Y+tsMekyp7EV2uW8zsNImBmeMg6KYAev3VH73oAYfcqgzQjPpm0Ye0Bcs0iR GlV4OBl+6qhqgHqEIOfm1N/kwmItuXrFjpIGk9fnbqE3fGtxbYPjCzQgWALrVu6bVzhSkwb LMAzXCq3KYsDCiG4fwHPw== X-UI-Out-Filterresults: notjunk:1; Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Dec 2014 11:10:12 -0000 On 2014-12-17 09:36, FreeBSD Security Advisories wrote: > ============================================================================= > FreeBSD-SA-14:30.unbound Security Advisory > The FreeBSD Project > > Topic: unbound remote denial of service vulnerability > > Category: contrib > Module: unbound > Announced: 2014-12-17 > Affects: FreeBSD 10.0-RELEASE and later > Credits: Florian Maury (ANSSI) > Corrected: 2014-12-17 06:58:00 UTC (stable/10, 10.1-STABLE) > 2014-12-17 06:59:47 UTC (releng/10.1, 10.1-RELEASE-p2) > 2014-12-17 06:59:47 UTC (releng/10.0, 10.0-RELEASE-p14) > CVE Name: CVE-2014-8602 > ... Is there an issue with freebsd-update or an special reason the update wants to install lib32? On a 10.1 (amd64) system: $ $ find /usr/lib32/ /usr/lib32/ /usr/lib32/dtrace /usr/lib32/private /usr/lib32/i18n But the update wants to install additional /usr/lib32 files $ freebsd-update fetch Looking up update.FreeBSD.org mirrors... none found. Fetching metadata signature for 10.1-RELEASE from update.FreeBSD.org... done. Fetching metadata index... done. Fetching 2 metadata patches.. done. Applying metadata patches... done. Inspecting system... done. Preparing to download files... done. Fetching 8 patches..... done. Applying patches... done. Fetching *461* files... [0] 0:phttpget* The following files will be added as part of updating to 10.1-RELEASE-p2: /libexec/ld-elf32.so.1 /usr/bin/ldd32 /usr/lib32/Scrt1.o /usr/lib32/crt1.o ... /usr/lib32/private/libyaml.so.1 /usr/lib32/private/libyaml_p.a /usr/libexec/ld-elf32.so.1 From owner-freebsd-security@FreeBSD.ORG Wed Dec 17 15:21:13 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 091C3EB0; Wed, 17 Dec 2014 15:21:13 +0000 (UTC) Received: from mail-wg0-x22a.google.com (mail-wg0-x22a.google.com [IPv6:2a00:1450:400c:c00::22a]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 912A9CBF; Wed, 17 Dec 2014 15:21:12 +0000 (UTC) Received: by mail-wg0-f42.google.com with SMTP id k14so4452598wgh.29 for ; Wed, 17 Dec 2014 07:21:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=OKvsxJJ1MU7jr/b1Moesa9VHm8I5bh/xOCE7C4niwyQ=; b=aUQsDOBOhSt/jotD52Iz6GNxWr+KE/eWqcAGFS9XxK2sgiUfuSdrh2j1fnBQWpJBsO 3Lz3j/O1n8XfovLzYAo/aVM4tj+H7KePbjXHKspjwWAsXS6DElsIkLShzGTjY9tDaVbS D1SsFqq1Rt48kRjymrvNRy/I+IqPNO5kDYJmV9M7wgGqnktHpp9cBJxUScyClQibQB+L LAsRfz6ItHzHa10jON3F2aacURvRhPdZnw850pvHr/JRIwEpf5ZsW0E6PLvzmTG4Ku3U 25isms+cGpkmdDSzmkjCaCFOGoKsI+Tnn+brI7kvVWDI8USsFeUvppBzCVudMUUivLXz FJ9A== MIME-Version: 1.0 X-Received: by 10.180.81.7 with SMTP id v7mr15413650wix.74.1418829670856; Wed, 17 Dec 2014 07:21:10 -0800 (PST) Received: by 10.194.222.169 with HTTP; Wed, 17 Dec 2014 07:21:10 -0800 (PST) In-Reply-To: <5491488E.4020405@gmx.de> References: <20141217083643.E0059421C@nine.des.no> <5491488E.4020405@gmx.de> Date: Wed, 17 Dec 2014 16:21:10 +0100 Message-ID: Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:30.unbound From: "C. L. Martinez" To: security-advisories@freebsd.org Content-Type: text/plain; charset=UTF-8 Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Dec 2014 15:21:13 -0000 On Wed, Dec 17, 2014 at 10:10 AM, olli hauer wrote: > On 2014-12-17 09:36, FreeBSD Security Advisories wrote: >> ============================================================================= >> FreeBSD-SA-14:30.unbound Security Advisory >> The FreeBSD Project >> >> Topic: unbound remote denial of service vulnerability >> >> Category: contrib >> Module: unbound >> Announced: 2014-12-17 >> Affects: FreeBSD 10.0-RELEASE and later >> Credits: Florian Maury (ANSSI) >> Corrected: 2014-12-17 06:58:00 UTC (stable/10, 10.1-STABLE) >> 2014-12-17 06:59:47 UTC (releng/10.1, 10.1-RELEASE-p2) >> 2014-12-17 06:59:47 UTC (releng/10.0, 10.0-RELEASE-p14) >> CVE Name: CVE-2014-8602 >> > ... > > Is there an issue with freebsd-update or an special reason the update wants to install lib32? > > > On a 10.1 (amd64) system: > > $ $ find /usr/lib32/ > /usr/lib32/ > /usr/lib32/dtrace > /usr/lib32/private > /usr/lib32/i18n > > > But the update wants to install additional /usr/lib32 files > > $ freebsd-update fetch > Looking up update.FreeBSD.org mirrors... none found. > Fetching metadata signature for 10.1-RELEASE from update.FreeBSD.org... done. > Fetching metadata index... done. > Fetching 2 metadata patches.. done. > Applying metadata patches... done. > Inspecting system... done. > Preparing to download files... done. > Fetching 8 patches..... done. > Applying patches... done. > Fetching *461* files... > [0] 0:phttpget* > > The following files will be added as part of updating to 10.1-RELEASE-p2: > /libexec/ld-elf32.so.1 > /usr/bin/ldd32 > /usr/lib32/Scrt1.o > /usr/lib32/crt1.o > ... > /usr/lib32/private/libyaml.so.1 > /usr/lib32/private/libyaml_p.a > /usr/libexec/ld-elf32.so.1 > Same here: Looking up update.FreeBSD.org mirrors... 5 mirrors found. Fetching metadata signature for 10.1-RELEASE from update5.freebsd.org... done. Fetching metadata index... done. Fetching 2 metadata patches.. done. Applying metadata patches... done. Inspecting system... done. Preparing to download files... done. Fetching 8 patches..... done. Applying patches... done. Fetching 461 files... done. The following files will be removed as part of updating to 10.1-RELEASE-p2: / The following files will be added as part of updating to 10.1-RELEASE-p2: /libexec/ld-elf32.so.1 /usr/bin/ldd32 /usr/lib32/Scrt1.o /usr/lib32/crt1.o /usr/lib32/crtbegin.o /usr/lib32/crtbeginS.o /usr/lib32/crtbeginT.o /usr/lib32/crtend.o /usr/lib32/crtendS.o .... Why all lib32 are needed for amd64 now?? From owner-freebsd-security@FreeBSD.ORG Wed Dec 17 15:32:49 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id CEAD622F for ; Wed, 17 Dec 2014 15:32:49 +0000 (UTC) Received: from smtp05.citynetwork.se (mail.citynetwork.se [IPv6:2a00:16d8:0:4::200]) (using TLSv1.1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6F833DF2 for ; Wed, 17 Dec 2014 15:32:48 +0000 (UTC) Received: from localhost (smtp05.citynetwork.se [127.0.0.1]) by smtp05.citynetwork.se (Postfix) with ESMTP id 0AB6F8018EA for ; Wed, 17 Dec 2014 16:32:37 +0100 (CET) X-Virus-Scanned: amavisd-new at citynetwork.se Received: from smtp05.citynetwork.se ([127.0.0.1]) by localhost (smtp05.citynetwork.se [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ATTIgOXGSNXs for ; Wed, 17 Dec 2014 16:32:35 +0100 (CET) Received: from mba.lan (h-148-89.a328.priv.bahnhof.se [81.170.148.89]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: pasi@kanalje.se) by smtp05.citynetwork.se (Postfix) with ESMTPSA id 5F2D5800806 for ; Wed, 17 Dec 2014 16:32:35 +0100 (CET) From: Pasi Koivisto Message-Id: <1C981B17-2014-446E-8DDB-266385C871A8@kanalje.se> Mime-Version: 1.0 (Mac OS X Mail 8.1 \(1993\)) Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:30.unbound Date: Wed, 17 Dec 2014 16:32:34 +0100 References: <20141217083643.F0027421F@nine.des.no> To: freebsd-security@freebsd.org In-Reply-To: <20141217083643.F0027421F@nine.des.no> X-Mailer: Apple Mail (2.1993) X-Mailman-Approved-At: Wed, 17 Dec 2014 16:06:47 +0000 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Dec 2014 15:32:49 -0000 Hi, I am curios why the installer wants to delete "/". This is from when I ran the update: [root@seed ~]# freebsd-update fetch Looking up update.FreeBSD.org mirrors... none found. Fetching metadata signature for 10.1-RELEASE from update.FreeBSD.org... = done. Fetching metadata index... done. Fetching 2 metadata patches.. done. Applying metadata patches... done. Inspecting system... done. Preparing to download files... done. Fetching 5 patches... done. Applying patches... done. Fetching 10 files... done. The following files will be removed as part of updating to = 10.1-RELEASE-p2: / The following files will be updated as part of updating to = 10.1-RELEASE-p2: /bin/freebsd-version /usr/lib/private/libunbound.a /usr/lib/private/libunbound.so.5 /usr/lib/private/libunbound_p.a /usr/lib32/libc.a /usr/lib32/libc.so.7 /usr/lib32/libc_p.a /usr/lib32/libc_pic.a /usr/lib32/libmagic.a /usr/lib32/libmagic.so.4 /usr/lib32/libmagic_p.a /usr/lib32/private/libunbound.a /usr/lib32/private/libunbound.so.5 /usr/lib32/private/libunbound_p.a /usr/sbin/unbound [root@seed ~]# freebsd-update install Installing updates...rmdir: ///: Is a directory done. On a consequent reboot and running freebsd-update fetch again [root@seed ~]# freebsd-version=20 10.1-RELEASE-p2 [root@seed ~]# freebsd-update fetch Looking up update.FreeBSD.org mirrors... none found. Fetching metadata signature for 10.1-RELEASE from update.FreeBSD.org... = done. Fetching metadata index... done. Inspecting system... done. Preparing to download files... done. The following files will be removed as part of updating to = 10.1-RELEASE-p2: / [root@seed ~]#=20 > On 17 Dec 2014, at 09:36, FreeBSD Security Advisories = wrote: >=20 > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 >=20 > = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D > FreeBSD-SA-14:30.unbound Security = Advisory > The FreeBSD = Project >=20 > Topic: unbound remote denial of service vulnerability >=20 > Category: contrib > Module: unbound > Announced: 2014-12-17 > Affects: FreeBSD 10.0-RELEASE and later > Credits: Florian Maury (ANSSI) > Corrected: 2014-12-17 06:58:00 UTC (stable/10, 10.1-STABLE) > 2014-12-17 06:59:47 UTC (releng/10.1, 10.1-RELEASE-p2) > 2014-12-17 06:59:47 UTC (releng/10.0, 10.0-RELEASE-p14) > CVE Name: CVE-2014-8602 >=20 > For general information regarding FreeBSD Security Advisories, > including descriptions of the fields above, security branches, and the > following sections, please visit . >=20 > I. Background >=20 > Unbound is a validating, recursive, and caching DNS resolver. >=20 > II. Problem Description >=20 > By causing queries to be made against a maliciously-constructed zone = or > against a malicious DNS server, an attacker who is able to cause > specific queries to be sent to a nameserver can trick unbound(8) = resolver > into following an endless series of delegations, which consumes a lot = of > resources. >=20 > III. Impact >=20 > Unbound will spend a lot of resources on this query, and this will = impact > unbound's CPU and network resources. Unbound may therefore lose some > ability or timelines for the service of customer queries (a denial of > service). Unbound will continue to respond normally for cached = queries. >=20 > IV. Workaround >=20 > No workaround is available, but hosts not running unbound(8) are not > vulnerable. >=20 > V. Solution >=20 > Perform one of the following: >=20 > 1) Upgrade your vulnerable system to a supported FreeBSD stable or > release / security branch (releng) dated after the correction date. >=20 > 2) To update your vulnerable system via a binary patch: >=20 > Systems running a RELEASE version of FreeBSD on the i386 or amd64 > platforms can be updated via the freebsd-update(8) utility: >=20 > # freebsd-update fetch > # freebsd-update install >=20 > 3) To update your vulnerable system via a source code patch: >=20 > The following patches have been verified to apply to the applicable > FreeBSD release branches. >=20 > a) Download the relevant patch from the location below, and verify the > detached PGP signature using your PGP utility. >=20 > [FreeBSD 10.x] > # fetch https://security.FreeBSD.org/patches/SA-14:30/unbound.patch > # fetch = https://security.FreeBSD.org/patches/SA-14:30/unbound.patch.asc > # gpg --verify unbound.patch.asc >=20 > b) Apply the patch. Execute the following commands as root: >=20 > # cd /usr/src > # patch < /path/to/patch >=20 > c) Recompile the operating system using buildworld and installworld as > described in . >=20 > Restart the unbound(8) daemons, or reboot the system. >=20 > VI. Correction details >=20 > The following list contains the correction revision numbers for each > affected branch. >=20 > Branch/path = Revision > - = ------------------------------------------------------------------------- > stable/10/ = r275853 > releng/10.0/ = r275854 > releng/10.1/ = r275854 > - = ------------------------------------------------------------------------- >=20 > To see which files were modified by a particular revision, run the > following command, replacing NNNNNN with the revision number, on a > machine with Subversion installed: >=20 > # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base >=20 > Or visit the following URL, replacing NNNNNN with the revision number: >=20 > >=20 > VII. References >=20 > >=20 > >=20 > The latest revision of this advisory is available at > = = > -----BEGIN PGP SIGNATURE----- >=20 > iQIcBAEBCgAGBQJUkTg1AAoJEO1n7NZdz2rn+iUP/3RP0KKn8B2SnSpSLbXws/eY > GEOTYEsZJpGTtCyIg5eKmJ/AU7dKiD34da2uaL41Lt4hWa/Icyk13CtV6cK9TfN4 > oSrrgDCbqErrFh74lhQX3v3bYHNMhZRVnaM9tHXHmpa9NAKhyTP+eyo+Ss7iK/am > lVBW2xPv92OKyjo0Onp5h3o5QT6DHpPgW91f9He4GygYfShMXtOb+VhGpllxwbeM > aS59yPkhGJLVhxQn2QtFpj67QxS5GIhK6iccwrRKo8Okij2mlRfR4fuD5Ol4L9TK > sZKMGtgESPLGmfW1Pj/BRobyCWcs+cYLchZkxbomQBcH7ybpOMW+SqTB0FkZcscU > ODMzvum2VZuSl5fAlu3F6V0/k+8cFiE4B/Xyioqa8aRsfYNfWjoETmfE7ld+zXqX > 8cPizwGYdsuO4g6mNS0HFuuexkJem9qviRfnQUQ/EJQPNfXB33GYBoFquE0mvFUO > WN5QiietSnNp4/TF+BjXlaeo/PtO+Q8xIdqgdSzouslx95a4j3N127k8Yoz55Nx+ > 3mEeqvZRf5/7ieIgyHti/v/xKZOyGCs6NwlZ6xN+0kanNqMDfjpKnfzTJnnSTbj6 > z6FCzXn986EqL8kpJisKZEJfntvZu4ft/KUo4qzZAtuNgnoUGFYXv5DfQrM75ZJ/ > 9PFQzCA+8snPiCyUhAaC > =3Dfkvr > -----END PGP SIGNATURE----- > _______________________________________________ > freebsd-security-notifications@freebsd.org mailing list > = http://lists.freebsd.org/mailman/listinfo/freebsd-security-notifications > To unsubscribe, send any mail to = "freebsd-security-notifications-unsubscribe@freebsd.org" From owner-freebsd-security@FreeBSD.ORG Wed Dec 17 18:12:28 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B66AA5F6; Wed, 17 Dec 2014 18:12:28 +0000 (UTC) Received: from luigi.brtsvcs.net (luigi.brtsvcs.net [IPv6:2607:fc50:1000:1f00::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 92C7D1EC; Wed, 17 Dec 2014 18:12:28 +0000 (UTC) Received: from chombo.houseloki.net (c-71-59-211-166.hsd1.or.comcast.net [71.59.211.166]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by luigi.brtsvcs.net (Postfix) with ESMTPSA id 5C87F2D4F8E; Wed, 17 Dec 2014 18:12:27 +0000 (UTC) Received: from [IPv6:2601:7:2580:181:baca:3aff:fe83:bd29] (unknown [IPv6:2601:7:2580:181:baca:3aff:fe83:bd29]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by chombo.houseloki.net (Postfix) with ESMTPSA id 3ED731966; Wed, 17 Dec 2014 10:12:25 -0800 (PST) Message-ID: <5491C783.8060303@bluerosetech.com> Date: Wed, 17 Dec 2014 10:12:19 -0800 From: Darren Pilgrim Reply-To: freebsd-security@freebsd.org User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0 MIME-Version: 1.0 To: freebsd-security@freebsd.org, FreeBSD Security Advisories Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:30.unbound References: <20141217083643.E0059421C@nine.des.no> In-Reply-To: <20141217083643.E0059421C@nine.des.no> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Dec 2014 18:12:28 -0000 On 12/17/2014 12:36 AM, FreeBSD Security Advisories wrote: > IV. Workaround > > No workaround is available, but hosts not running unbound(8) are not > vulnerable. The first part of that statement is false. The dns/unbound port was fixed for CVE-2014-8602 on 9 December. Thus a valid work around is to disable local_unbound and use ports/dns/unbound. From owner-freebsd-security@FreeBSD.ORG Wed Dec 17 20:47:13 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 94142EB2; Wed, 17 Dec 2014 20:47:13 +0000 (UTC) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id 552A71A21; Wed, 17 Dec 2014 20:47:13 +0000 (UTC) Received: from nine.des.no (smtp.des.no [194.63.250.102]) by smtp-int.des.no (Postfix) with ESMTP id 7DA019323; Wed, 17 Dec 2014 20:47:12 +0000 (UTC) Received: by nine.des.no (Postfix, from userid 1001) id 5ECA442C8; Wed, 17 Dec 2014 21:47:00 +0100 (CET) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: olli hauer Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:30.unbound References: <20141217083643.E0059421C@nine.des.no> <5491488E.4020405@gmx.de> Date: Wed, 17 Dec 2014 21:47:00 +0100 In-Reply-To: <5491488E.4020405@gmx.de> (olli hauer's message of "Wed, 17 Dec 2014 10:10:38 +0100") Message-ID: <86k31qovgb.fsf@nine.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.4 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: FreeBSD Security Advisories , freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Dec 2014 20:47:13 -0000 olli hauer writes: > Is there an issue with freebsd-update or an special reason the update > wants to install lib32? Yes. The freebsd-update distribution for 10.1 was incorrectly built without lib32; as a result, freebsd-update deletes lib32 when upgrading from older releases (see https://bugs.freebsd.org/195302). The only way to fix that was to reintroduce lib32 in the next patch release. Unfortunately, freebsd-update is not able to tell that a newly created file belongs to a distribution which is not installed or disabled in freebsd-update.conf. We decided that this was the lesser of two evils. I will make an announcement later regarding this and the "rm /" issue. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no From owner-freebsd-security@FreeBSD.ORG Wed Dec 17 20:48:16 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id EA54BE0 for ; Wed, 17 Dec 2014 20:48:16 +0000 (UTC) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id AD8CF1A48 for ; Wed, 17 Dec 2014 20:48:16 +0000 (UTC) Received: from nine.des.no (smtp.des.no [194.63.250.102]) by smtp-int.des.no (Postfix) with ESMTP id D4DDC9334; Wed, 17 Dec 2014 20:48:15 +0000 (UTC) Received: by nine.des.no (Postfix, from userid 1001) id 19CFC42CA; Wed, 17 Dec 2014 21:48:04 +0100 (CET) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Pasi Koivisto Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:30.unbound References: <20141217083643.F0027421F@nine.des.no> <1C981B17-2014-446E-8DDB-266385C871A8@kanalje.se> Date: Wed, 17 Dec 2014 21:48:04 +0100 In-Reply-To: <1C981B17-2014-446E-8DDB-266385C871A8@kanalje.se> (Pasi Koivisto's message of "Wed, 17 Dec 2014 16:32:34 +0100") Message-ID: <86d27iovej.fsf@nine.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.4 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Dec 2014 20:48:17 -0000 Pasi Koivisto writes: > Hi, I am curios why the installer wants to delete "/". This is a (fortunately harmless) bug in freebsd-update. We are looking into it, but for now you can safely ignore it. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no From owner-freebsd-security@FreeBSD.ORG Thu Dec 18 16:19:52 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8EAAC51F for ; Thu, 18 Dec 2014 16:19:52 +0000 (UTC) Received: from mproxy19.sbb.rs (mproxy19.sbb.rs [89.216.2.104]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "smtp.sbb.rs", Issuer "PositiveSSL CA 2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 10720128A for ; Thu, 18 Dec 2014 16:19:51 +0000 (UTC) Received: from knossos (cable-178-148-99-16.dynamic.sbb.rs [178.148.99.16]) by mproxy19.sbb.rs (8.14.4/8.14.4) with ESMTP id sBIGD9RQ011219 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 18 Dec 2014 17:13:09 +0100 X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.97.6 at SBB mail Received: from localhost (1000@localhost [local]); by localhost (OpenSMTPD) with ESMTPA id fbd63843; for ; Thu, 18 Dec 2014 17:13:07 +0100 (CET) Date: Thu, 18 Dec 2014 17:13:07 +0100 From: Zoran Kolic To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:30.unbound Message-ID: <20141218161306.GA21957@knossos> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on mproxy19.sbb.rs X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Dec 2014 16:19:52 -0000 > The first part of that statement is false. The dns/unbound port was > fixed for CVE-2014-8602 on 9 December. Thus a valid work around is to > disable local_unbound and use ports/dns/unbound. To ask explicitelly: this does not affect 9.3? I see no unbound nor local_unbound on stock install. Best regards Zoran From owner-freebsd-security@FreeBSD.ORG Thu Dec 18 16:24:59 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 808C36A7 for ; Thu, 18 Dec 2014 16:24:59 +0000 (UTC) Received: from sender1.zohomail.com (sender1.zohomail.com [74.201.84.155]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5EE0713CA for ; Thu, 18 Dec 2014 16:24:59 +0000 (UTC) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=bsdjunk; d=bsdjunk.com; h=date:from:to:cc:message-id:in-reply-to:references:subject:mime-version:content-type:user-agent; b=MdQs5i3xDix7YsmaGtVzdTWM3DSBhJW47tEmjfAyW+TcK7Jnsf7NMc/S3IGFAZfp2Co4thOR4jY2 IsdpWUysP3LHqyQaRD/nxz4kPS2SjaRANRFa3PZOj8I761DtIgAgv9TArkWcKg1gALHksX4GsTVw YGktMYJC//55K4+y3KE= Received: from mail.zoho.com by mx.zohomail.com with SMTP id 1418919884850354.70222450970573; Thu, 18 Dec 2014 08:24:44 -0800 (PST) Date: Thu, 18 Dec 2014 10:23:43 -0600 From: chris To: Zoran Kolic Message-Id: <14a5e364840.d7cf188633233.7838236330435139778@bsdjunk.com> In-Reply-To: <20141218161306.GA21957@knossos> References: <20141218161306.GA21957@knossos> Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:30.unbound MIME-Version: 1.0 User-Agent: Zoho Mail X-Mailer: Zoho Mail Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: freebsd-security@freebsd.org, cpet@sdf.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Dec 2014 16:24:59 -0000 This is weird as I now get a thing that "Directory's required to be removed ..." and that directory is "/" will this be fixed as this is kinda scary seeing "Directory couldn't be removed "rmdir /////" or something it showed. ---- On Thu, 18 Dec 2014 10:13:07 -0600 zkolic@sbb.rs wrote ---- > The first part of that statement is false. The dns/unbound port was > fixed for CVE-2014-8602 on 9 December. Thus a valid work around is to > disable local_unbound and use ports/dns/unbound. To ask explicitelly: this does not affect 9.3? I see no unbound nor local_unbound on stock install. Best regards Zoran _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" From owner-freebsd-security@FreeBSD.ORG Thu Dec 18 16:40:21 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8A293AA5 for ; Thu, 18 Dec 2014 16:40:21 +0000 (UTC) Received: from mail-wi0-f170.google.com (mail-wi0-f170.google.com [209.85.212.170]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 1E84A166B for ; Thu, 18 Dec 2014 16:40:20 +0000 (UTC) Received: by mail-wi0-f170.google.com with SMTP id bs8so2169369wib.5 for ; Thu, 18 Dec 2014 08:40:12 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; bh=+EHgC/9aFOxx/UZD8co0tBK/h5qnE5H1U3lYEBGeUC4=; b=RwzMqnhBicgGE9fjVr+B50mLAle2/n8fTdA33LzxNMx65DCbVCM5E5E7hQQUeveh7s 2gjl4keCVOz8MwMfRtsTyDhRCo/HBvPGFyGyFvaCqTb59y4BY8G8BKSM9foimGLVF+dh UCWsJpJeQNh7cGrQbOaB6QOHr0RqffPE1cybg3by/4ZjEj/E5HJrsTM/XYoRG0gJIeQB iYOS/4mWkGCGI749duQmCzZHkgBe6/K2kMc4rsUoB0KkSomBhTATqaenc8tvD0WQEW6r 1p/CLmva6AIC3cmfP6LCrO97K6AyYsxLt0I21VeJG1o2oB0YPRnRJ4jhN2LZRdnmH+cJ NmPA== X-Gm-Message-State: ALoCoQnElODyG4YUDgQUJLT5YQ84y5E2n62jxXO7BAiwkFU5/n0P+tJXccS9q0wtkxHhgLQsVvEQ X-Received: by 10.180.103.6 with SMTP id fs6mr25530914wib.11.1418920812434; Thu, 18 Dec 2014 08:40:12 -0800 (PST) Received: from [10.10.1.68] (82-69-141-170.dsl.in-addr.zen.co.uk. [82.69.141.170]) by mx.google.com with ESMTPSA id r3sm25372262wic.10.2014.12.18.08.40.11 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 18 Dec 2014 08:40:11 -0800 (PST) Message-ID: <5493034B.7020102@multiplay.co.uk> Date: Thu, 18 Dec 2014 16:39:39 +0000 From: Steven Hartland User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:31.0) Gecko/20100101 Thunderbird/31.3.0 MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:30.unbound References: <20141218161306.GA21957@knossos> In-Reply-To: <20141218161306.GA21957@knossos> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Dec 2014 16:40:21 -0000 Nope unbound was the replacement for bind in 10.x+ On 18/12/2014 16:13, Zoran Kolic wrote: >> The first part of that statement is false. The dns/unbound port was >> fixed for CVE-2014-8602 on 9 December. Thus a valid work around is to >> disable local_unbound and use ports/dns/unbound. > To ask explicitelly: this does not affect 9.3? > I see no unbound nor local_unbound on stock install. > Best regards > > Zoran > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" From owner-freebsd-security@FreeBSD.ORG Thu Dec 18 16:48:07 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id BB5AB14A for ; Thu, 18 Dec 2014 16:48:07 +0000 (UTC) Received: from mproxy8.sbb.rs (mproxy8.sbb.rs [89.216.2.99]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "smtp.sbb.rs", Issuer "PositiveSSL CA 2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3CC51188A for ; Thu, 18 Dec 2014 16:48:06 +0000 (UTC) Received: from knossos (cable-178-148-99-16.dynamic.sbb.rs [178.148.99.16]) by mproxy8.sbb.rs (8.14.4/8.14.4) with ESMTP id sBIGgA1r019123 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 18 Dec 2014 17:42:11 +0100 X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.97.6 at SBB mail Received: from localhost (1000@localhost [local]); by localhost (OpenSMTPD) with ESMTPA id 68c749a8; Thu, 18 Dec 2014 17:42:08 +0100 (CET) Date: Thu, 18 Dec 2014 17:42:08 +0100 From: Zoran Kolic To: chris Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:30.unbound Message-ID: <20141218164208.GA4695@knossos> References: <20141218161306.GA21957@knossos> <14a5e364840.d7cf188633233.7838236330435139778@bsdjunk.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <14a5e364840.d7cf188633233.7838236330435139778@bsdjunk.com> X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on mproxy8.sbb.rs Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Dec 2014 16:48:07 -0000 > This is weird as I now get a thing that "Directory's required to be removed ..." and that directory is "/" will this be fixed as this is kinda scary seeing "Directory couldn't be removed "rmdir /////" or something it showed. I had a problem using freebsd-update to 9.3-p6. I had to use it twice to product what was intended. An issue on branch 10 might be different than on 9. For me, unbound is in ports. I have to do nothing, right? Zoran From owner-freebsd-security@FreeBSD.ORG Thu Dec 18 19:27:25 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 53282D35 for ; Thu, 18 Dec 2014 19:27:25 +0000 (UTC) Received: from mail-qc0-x230.google.com (mail-qc0-x230.google.com [IPv6:2607:f8b0:400d:c01::230]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 08A9112FF for ; Thu, 18 Dec 2014 19:27:25 +0000 (UTC) Received: by mail-qc0-f176.google.com with SMTP id i17so1412538qcy.35 for ; Thu, 18 Dec 2014 11:27:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=XWH8GiimtP3cuiHxzAgwPJEmYJKsQi8ZS0AXwXrF0sU=; b=pI8gQWDDmSLr19sjH4kGvMAgd04zTkcxPIXJnuUjLpL18S4qCAquBfrjRYrGz6mQin ds3y/rh62nO6fSfjlmPCdLwEa2+OSXvTlkay69HTgQhk/irQEVaokB4O312iDoqwj05n 8vlq7bqXarTrlXqFSiMD/7f1D0YXHsV2XDv7eVEzDe6W8X0oOm64iooFlBEmu1SmB/8Y MOtuYPyVNuZYheTZ4mCVcKNc5XEnPcOaD6vXJ/j3stBlW5Fq6dIkIGXddjlu5eAm6rG5 38EtOaP2IAQHBsVdsnkxR1LEpuyS4Rp93/VNfq7vHh6ZvbmmrpKf9RnxYkRRcomVKM+G Em2w== MIME-Version: 1.0 X-Received: by 10.140.102.144 with SMTP id w16mr6269836qge.59.1418930833464; Thu, 18 Dec 2014 11:27:13 -0800 (PST) Received: by 10.96.118.66 with HTTP; Thu, 18 Dec 2014 11:27:13 -0800 (PST) In-Reply-To: <20141218164208.GA4695@knossos> References: <20141218161306.GA21957@knossos> <14a5e364840.d7cf188633233.7838236330435139778@bsdjunk.com> <20141218164208.GA4695@knossos> Date: Thu, 18 Dec 2014 13:27:13 -0600 Message-ID: Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:30.unbound From: Matt Donovan To: Zoran Kolic Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: chris , "freebsd-security@freebsd.org" X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Dec 2014 19:27:25 -0000 On Thursday, December 18, 2014, Zoran Kolic wrote: > > This is weird as I now get a thing that "Directory's required to be > removed ..." and that directory is "/" will this be fixed as this is kinda > scary seeing "Directory couldn't be removed "rmdir /////" or something it > showed. > > I had a problem using freebsd-update to 9.3-p6. > I had to use it twice to product what was intended. > An issue on branch 10 might be different than on 9. > For me, unbound is in ports. I have to do nothing, > right? > > Zoran > > 9.x is not effected as it uses bind in base and not unbound as for the directory / this is harmless and they are already working on a fix for freebsd-update per this thread. > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org > " > -- Technological progress is like an ax in the hands of a pathological criminal. - *Albert EinsteinBreadth of Unix experience and depth of knowledge in the world of servers.*