From owner-freebsd-security@FreeBSD.ORG Wed Dec 17 15:21:13 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 091C3EB0; Wed, 17 Dec 2014 15:21:13 +0000 (UTC) Received: from mail-wg0-x22a.google.com (mail-wg0-x22a.google.com [IPv6:2a00:1450:400c:c00::22a]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 912A9CBF; Wed, 17 Dec 2014 15:21:12 +0000 (UTC) Received: by mail-wg0-f42.google.com with SMTP id k14so4452598wgh.29 for ; Wed, 17 Dec 2014 07:21:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=OKvsxJJ1MU7jr/b1Moesa9VHm8I5bh/xOCE7C4niwyQ=; b=aUQsDOBOhSt/jotD52Iz6GNxWr+KE/eWqcAGFS9XxK2sgiUfuSdrh2j1fnBQWpJBsO 3Lz3j/O1n8XfovLzYAo/aVM4tj+H7KePbjXHKspjwWAsXS6DElsIkLShzGTjY9tDaVbS D1SsFqq1Rt48kRjymrvNRy/I+IqPNO5kDYJmV9M7wgGqnktHpp9cBJxUScyClQibQB+L LAsRfz6ItHzHa10jON3F2aacURvRhPdZnw850pvHr/JRIwEpf5ZsW0E6PLvzmTG4Ku3U 25isms+cGpkmdDSzmkjCaCFOGoKsI+Tnn+brI7kvVWDI8USsFeUvppBzCVudMUUivLXz FJ9A== MIME-Version: 1.0 X-Received: by 10.180.81.7 with SMTP id v7mr15413650wix.74.1418829670856; Wed, 17 Dec 2014 07:21:10 -0800 (PST) Received: by 10.194.222.169 with HTTP; Wed, 17 Dec 2014 07:21:10 -0800 (PST) In-Reply-To: <5491488E.4020405@gmx.de> References: <20141217083643.E0059421C@nine.des.no> <5491488E.4020405@gmx.de> Date: Wed, 17 Dec 2014 16:21:10 +0100 Message-ID: Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:30.unbound From: "C. L. Martinez" To: security-advisories@freebsd.org Content-Type: text/plain; charset=UTF-8 Cc: freebsd-security@freebsd.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Dec 2014 15:21:13 -0000 On Wed, Dec 17, 2014 at 10:10 AM, olli hauer wrote: > On 2014-12-17 09:36, FreeBSD Security Advisories wrote: >> ============================================================================= >> FreeBSD-SA-14:30.unbound Security Advisory >> The FreeBSD Project >> >> Topic: unbound remote denial of service vulnerability >> >> Category: contrib >> Module: unbound >> Announced: 2014-12-17 >> Affects: FreeBSD 10.0-RELEASE and later >> Credits: Florian Maury (ANSSI) >> Corrected: 2014-12-17 06:58:00 UTC (stable/10, 10.1-STABLE) >> 2014-12-17 06:59:47 UTC (releng/10.1, 10.1-RELEASE-p2) >> 2014-12-17 06:59:47 UTC (releng/10.0, 10.0-RELEASE-p14) >> CVE Name: CVE-2014-8602 >> > ... > > Is there an issue with freebsd-update or an special reason the update wants to install lib32? > > > On a 10.1 (amd64) system: > > $ $ find /usr/lib32/ > /usr/lib32/ > /usr/lib32/dtrace > /usr/lib32/private > /usr/lib32/i18n > > > But the update wants to install additional /usr/lib32 files > > $ freebsd-update fetch > Looking up update.FreeBSD.org mirrors... none found. > Fetching metadata signature for 10.1-RELEASE from update.FreeBSD.org... done. > Fetching metadata index... done. > Fetching 2 metadata patches.. done. > Applying metadata patches... done. > Inspecting system... done. > Preparing to download files... done. > Fetching 8 patches..... done. > Applying patches... done. > Fetching *461* files... > [0] 0:phttpget* > > The following files will be added as part of updating to 10.1-RELEASE-p2: > /libexec/ld-elf32.so.1 > /usr/bin/ldd32 > /usr/lib32/Scrt1.o > /usr/lib32/crt1.o > ... > /usr/lib32/private/libyaml.so.1 > /usr/lib32/private/libyaml_p.a > /usr/libexec/ld-elf32.so.1 > Same here: Looking up update.FreeBSD.org mirrors... 5 mirrors found. Fetching metadata signature for 10.1-RELEASE from update5.freebsd.org... done. Fetching metadata index... done. Fetching 2 metadata patches.. done. Applying metadata patches... done. Inspecting system... done. Preparing to download files... done. Fetching 8 patches..... done. Applying patches... done. Fetching 461 files... done. The following files will be removed as part of updating to 10.1-RELEASE-p2: / The following files will be added as part of updating to 10.1-RELEASE-p2: /libexec/ld-elf32.so.1 /usr/bin/ldd32 /usr/lib32/Scrt1.o /usr/lib32/crt1.o /usr/lib32/crtbegin.o /usr/lib32/crtbeginS.o /usr/lib32/crtbeginT.o /usr/lib32/crtend.o /usr/lib32/crtendS.o .... Why all lib32 are needed for amd64 now??