From owner-freebsd-security@FreeBSD.ORG Tue Sep 16 17:25:36 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 03AEF637 for ; Tue, 16 Sep 2014 17:25:36 +0000 (UTC) Received: from mx1.rsle.net (mx1.rsle.net [IPv6:2607:ff40:b0b::4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B5074F20 for ; Tue, 16 Sep 2014 17:25:35 +0000 (UTC) Received: from CLASSIFIED (CLASSIFIED [IPv6:2607:ff40:b0b::3:1415]) (authenticated bits=0) by mx1.rsle.net (8.14.9/8.14.9) with ESMTP id s8GHPYfc059932 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO) for ; Tue, 16 Sep 2014 13:25:34 -0400 (EDT) (envelope-from freebsd-security@rsle.net) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.98.4 at antivirus.rsle.net Message-ID: <54187289.8030604@rsle.net> Date: Tue, 16 Sep 2014 13:25:29 -0400 From: "R. Scott Evans" User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.1.0 MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-14:19.tcp References: <20140916164257.GA1277@faust.sbb.rs> In-Reply-To: <20140916164257.GA1277@faust.sbb.rs> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.4.3 (mx1.rsle.net [IPv6:2607:ff40:b0b::2]); Tue, 16 Sep 2014 13:25:34 -0400 (EDT) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Sep 2014 17:25:36 -0000 On 09/16/14 12:42, Zoran Kolic wrote: >> The advisory solution offers 3 options... freebsd-update is the binary >> approach (option #3) that provides you a new updated generic kernel >> already compiled. If you aren't using a generic kernel or want to patch >> and recompile your own, then you would use the option #2. > > Hm! I use custom kernel. Here is what I did using > freebsd-update: > I fetched and installed. Then I recompiled the kernel. > Did I miss the security patch doing this? > > Zoran Unfortunately, I don't think your custom kernel got the patch. In your case you will want to follow option 2 with: " a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-14:19/tcp.patch # fetch http://security.FreeBSD.org/patches/SA-14:19/tcp.patch.asc # gpg --verify tcp.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in http://www.FreeBSD.org/handbook/kernelconfig.html and reboot the system. " -scott