From owner-freebsd-security@freebsd.org Sun Jan 10 03:41:42 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 76B80A69C46 for ; Sun, 10 Jan 2016 03:41:42 +0000 (UTC) (envelope-from clint@clintarmstrong.net) Received: from mail-ig0-x233.google.com (mail-ig0-x233.google.com [IPv6:2607:f8b0:4001:c05::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4F9BE1CDA for ; Sun, 10 Jan 2016 03:41:42 +0000 (UTC) (envelope-from clint@clintarmstrong.net) Received: by mail-ig0-x233.google.com with SMTP id ik10so103171893igb.1 for ; Sat, 09 Jan 2016 19:41:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=clintarmstrong.net; s=google; h=mime-version:from:date:message-id:subject:to:content-type; bh=jI11xgEcXvohs9HGtnbTG+lxJeerVUDxVZ3Qjd4T9kk=; b=chl8igJFBnZxk+Res3oxsCJMKCt/m467TWu6uBzBl/izmbl/eoDKMwXLF452/fYbSi yqoL6ZnmC5NZmAjfBxcpZ6LIAMCwETnmkPZrr4uPuoTCgDGYx5PLoxWMo4bpwPauACj9 04Gdf23QMGMwmyTRA9Ef7kQtCrjqP8EPSIKFo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to :content-type; bh=jI11xgEcXvohs9HGtnbTG+lxJeerVUDxVZ3Qjd4T9kk=; b=Ce6zxNp+PqURac2k7CD5D+DIiCsL3Zs7vd+3S/PoDgi+3/uZUBxbzThJNGy9lZLzT3 b64YGV9pEzDHM2AS5yesXopz+diV3Ksr104iMnY4lb47wrH8lsU6q0+b2nmw9RKdYJsO 7nXDDbGCjo2KFUxOqDCpOboyD+M9vAYXjWNvvRP8kRdVi47XxBJVmXwkBrkbS/I2u0G5 HdsnlBScZmslim3Fxt60YjjznFzW/AMCs30dQHeYa0e1MSh+nB9iHziOVIcqU9tAhVn8 RCjHXNMWWKUi0YFi9trhK/DBAXZ6hP6emRfsYuexz+SFliP9LtWUzJeUsFbcJG1vrr/M lmvQ== X-Gm-Message-State: ALoCoQl2XuQTFVVlU8a54yJP9hGk0OWHxeie70p/CgRwiE/6bWbwl3/1XFNich1BDItxu9tc/QsGtP1t/g+un4Q6QTJ2w2ZBPg== X-Received: by 10.50.50.228 with SMTP id f4mr6153377igo.6.1452397301263; Sat, 09 Jan 2016 19:41:41 -0800 (PST) MIME-Version: 1.0 From: Clint Armstrong Date: Sun, 10 Jan 2016 03:41:31 +0000 Message-ID: Subject: Signed Checksums for release archives To: freebsd-security@freebsd.org X-Mailman-Approved-At: Sun, 10 Jan 2016 03:48:19 +0000 Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Jan 2016 03:41:42 -0000 The signed checksums at https://www.freebsd.org/releases/10.2R/signatures.html provide a way to verify installation sources, but there do not appear to be any signed checksums for the release archives at ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/amd64/10.2-RELEASE/. Is there another source of signed checksums hosted elsewhere or any other way to verify archive downloads? From owner-freebsd-security@freebsd.org Sun Jan 10 14:17:27 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 68006A6A4B9 for ; Sun, 10 Jan 2016 14:17:27 +0000 (UTC) (envelope-from marck@rinet.ru) Received: from woozle.rinet.ru (woozle.rinet.ru [195.54.192.68]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E8BA41C3E for ; Sun, 10 Jan 2016 14:17:25 +0000 (UTC) (envelope-from marck@rinet.ru) Received: from localhost (localhost [127.0.0.1]) by woozle.rinet.ru (8.14.5/8.14.5) with ESMTP id u0AEHNl6055294; Sun, 10 Jan 2016 17:17:23 +0300 (MSK) (envelope-from marck@rinet.ru) Date: Sun, 10 Jan 2016 17:17:23 +0300 (MSK) From: Dmitry Morozovsky To: Clint Armstrong cc: freebsd-security@freebsd.org Subject: Re: Signed Checksums for release archives In-Reply-To: Message-ID: References: User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) X-NCC-RegID: ru.rinet X-OpenPGP-Key-ID: 6B691B03 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (woozle.rinet.ru [0.0.0.0]); Sun, 10 Jan 2016 17:17:23 +0300 (MSK) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Jan 2016 14:17:27 -0000 On Sun, 10 Jan 2016, Clint Armstrong wrote: > The signed checksums at > https://www.freebsd.org/releases/10.2R/signatures.html provide a way to > verify installation sources, but there do not appear to be any signed > checksums for the release archives at > ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/amd64/10.2-RELEASE/. Is > there another source of signed checksums hosted elsewhere or any other way > to verify archive downloads? On the release page: https://www.freebsd.org/releases/10.2R/ -- Sincerely, D.Marck [DM5020, MCK-RIPE, DM3-RIPN] [ FreeBSD committer: marck@FreeBSD.org ] ------------------------------------------------------------------------ *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck@rinet.ru *** ------------------------------------------------------------------------ From owner-freebsd-security@freebsd.org Sun Jan 10 14:15:16 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D444BA6A3BE for ; Sun, 10 Jan 2016 14:15:16 +0000 (UTC) (envelope-from security@rinet.ru) Received: from woozle.rinet.ru (woozle.rinet.ru [195.54.192.68]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 615E61C02 for ; Sun, 10 Jan 2016 14:15:16 +0000 (UTC) (envelope-from security@rinet.ru) Received: from localhost (localhost [127.0.0.1]) by woozle.rinet.ru (8.14.5/8.14.5) with ESMTP id u0AEFDIr055267; Sun, 10 Jan 2016 17:15:13 +0300 (MSK) (envelope-from security@rinet.ru) Date: Sun, 10 Jan 2016 17:15:13 +0300 (MSK) From: "RiNet Security Dept." X-X-Sender: marck@woozle.rinet.ru To: Clint Armstrong cc: freebsd-security@freebsd.org Subject: Re: Signed Checksums for release archives In-Reply-To: Message-ID: References: User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) X-NCC-RegID: ru.rinet X-OpenPGP-Key-ID: 6B691B03 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (woozle.rinet.ru [0.0.0.0]); Sun, 10 Jan 2016 17:15:13 +0300 (MSK) X-Mailman-Approved-At: Sun, 10 Jan 2016 14:25:19 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Jan 2016 14:15:16 -0000 On Sun, 10 Jan 2016, Clint Armstrong wrote: > The signed checksums at > https://www.freebsd.org/releases/10.2R/signatures.html provide a way to > verify installation sources, but there do not appear to be any signed > checksums for the release archives at > ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/amd64/10.2-RELEASE/. Is > there another source of signed checksums hosted elsewhere or any other way > to verify archive downloads? https://www.freebsd.org/releases/10.2R/ -- Sincerely, D.Marck [DM5020, MCK-RIPE, DM3-RIPN] [ FreeBSD committer: marck@FreeBSD.org ] ------------------------------------------------------------------------ *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck@rinet.ru *** ------------------------------------------------------------------------ From owner-freebsd-security@freebsd.org Sun Jan 10 15:02:53 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6482AA6B62B for ; Sun, 10 Jan 2016 15:02:53 +0000 (UTC) (envelope-from clint@clintarmstrong.net) Received: from mail-ig0-x232.google.com (mail-ig0-x232.google.com [IPv6:2607:f8b0:4001:c05::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3AA2F1CEB for ; Sun, 10 Jan 2016 15:02:53 +0000 (UTC) (envelope-from clint@clintarmstrong.net) Received: by mail-ig0-x232.google.com with SMTP id z14so86066676igp.1 for ; Sun, 10 Jan 2016 07:02:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=clintarmstrong.net; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-type; bh=NClA0QvcJLmgY22AOwI3OYjZOJt8X3m39Se5TjkW1Vg=; b=p7ZjG1eD4hoDtbtxhbZUItVfE/Bk1FH7Iz82mcb1marBu22jUSgE6rhv4CbyWcKLF8 32CifCkSlZShLDo4+LBcmfY0ue6x9DxAMOZjULfZVNufOy6M9PdgRT6z1RXoPvaxAGZC m9ZeWvkYlF0BJkI4+7WcJmCGkedCuSuIZga0Q= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-type; bh=NClA0QvcJLmgY22AOwI3OYjZOJt8X3m39Se5TjkW1Vg=; b=k7tILR77DigmMHmqjI6XB5l+T9Q2DGfkCQsT7GEBrUvVsXd+cQmvEjMPnoJszbh1eu dwoS//YBYxa7wjF6MdsirIUGGLJvjuAac/JFuwBcVRTFr/05ddJFXnnZRL/648Kbqt3a 8XAA4CPsyNvyddBiPCj2/4YrBTpPh1aCA1FnQibvhn0UuENTTePjL3fvGjt12v6i7WS0 bZSd0LzZ4vOJI2g7E6Xbw67m+MXmSwY0CFWLhW+v/a7UlhmHNzBUrW2Vktw2iJfjWFuw sMQ1WLZGdiYJXqPTvE40s7u537VsRTq8binHSg7VqweoynA2WlSb/bDc67LxaARzgh6F UPwg== X-Gm-Message-State: ALoCoQl0LVMql3KX00MyZD2RfBNXxD62bbYjQTpzv4Wlf5s4HOkjcgStv2S7y9cEc/ArKvrx1USm86hOdHhKr7NKtJOcDr4d/Q== X-Received: by 10.50.134.129 with SMTP id pk1mr22887igb.11.1452438172524; Sun, 10 Jan 2016 07:02:52 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Clint Armstrong Date: Sun, 10 Jan 2016 15:02:42 +0000 Message-ID: Subject: Re: Signed Checksums for release archives To: Dmitry Morozovsky Cc: freebsd-security@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Jan 2016 15:02:53 -0000 The signed checksums linked on that page only include checksums for the .img and .iso images. Not for the .txz archives. On Sun, Jan 10, 2016 at 9:17 AM Dmitry Morozovsky wrote: > On Sun, 10 Jan 2016, Clint Armstrong wrote: > > > The signed checksums at > > https://www.freebsd.org/releases/10.2R/signatures.html provide a way to > > verify installation sources, but there do not appear to be any signed > > checksums for the release archives at > > ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/amd64/10.2-RELEASE/. Is > > there another source of signed checksums hosted elsewhere or any other > way > > to verify archive downloads? > > On the release page: https://www.freebsd.org/releases/10.2R/ > > > -- > Sincerely, > D.Marck [DM5020, MCK-RIPE, DM3-RIPN] > [ FreeBSD committer: marck@FreeBSD.org ] > ------------------------------------------------------------------------ > *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck@rinet.ru *** > ------------------------------------------------------------------------ > From owner-freebsd-security@freebsd.org Sun Jan 10 19:54:55 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A8E84A6A173 for ; Sun, 10 Jan 2016 19:54:55 +0000 (UTC) (envelope-from marck@rinet.ru) Received: from woozle.rinet.ru (woozle.rinet.ru [195.54.192.68]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3AAD51185 for ; Sun, 10 Jan 2016 19:54:54 +0000 (UTC) (envelope-from marck@rinet.ru) Received: from localhost (localhost [127.0.0.1]) by woozle.rinet.ru (8.14.5/8.14.5) with ESMTP id u0AJsi1C059356; Sun, 10 Jan 2016 22:54:45 +0300 (MSK) (envelope-from marck@rinet.ru) Date: Sun, 10 Jan 2016 22:54:44 +0300 (MSK) From: Dmitry Morozovsky To: Clint Armstrong cc: freebsd-security@freebsd.org Subject: Re: Signed Checksums for release archives In-Reply-To: Message-ID: References: User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) X-NCC-RegID: ru.rinet X-OpenPGP-Key-ID: 6B691B03 MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (woozle.rinet.ru [0.0.0.0]); Sun, 10 Jan 2016 22:54:45 +0300 (MSK) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Jan 2016 19:54:55 -0000 On Sun, 10 Jan 2016, Clint Armstrong wrote: > The signed checksums linked on that page only include checksums for the > .img and .iso images. Not for the .txz archives. Ah I see. But nevertheless, these .txz's are almost always accessed from the installer, which selects only approved mirror from well-defined list, and connects to them over TLS... -- Sincerely, D.Marck [DM5020, MCK-RIPE, DM3-RIPN] [ FreeBSD committer: marck@FreeBSD.org ] ------------------------------------------------------------------------ *** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck@rinet.ru *** ------------------------------------------------------------------------ From owner-freebsd-security@freebsd.org Sun Jan 10 20:01:37 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7E52CA6A52E for ; Sun, 10 Jan 2016 20:01:37 +0000 (UTC) (envelope-from jim@jimkeener.com) Received: from mail-qk0-x231.google.com (mail-qk0-x231.google.com [IPv6:2607:f8b0:400d:c09::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 39312175C for ; Sun, 10 Jan 2016 20:01:37 +0000 (UTC) (envelope-from jim@jimkeener.com) Received: by mail-qk0-x231.google.com with SMTP id r67so22093953qke.1 for ; Sun, 10 Jan 2016 12:01:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jimkeener-com.20150623.gappssmtp.com; s=20150623; h=user-agent:in-reply-to:references:mime-version:content-type :content-transfer-encoding:subject:from:date:to:cc:message-id; bh=wWUrmXnznU6E4NhrP7N6wRboWze8vUkY6R0VunpXNYc=; b=X2UeNIGFDBXaiBNlJr/fzKLkA/1CPdilCSGO1rhN90tZtWJXXKqJ35c7e3u2eH0GH1 8UJNhVFVFomxBpe+j5wKMo5W9JbTxZB4kONXmAaN7rRgTMfP6xIxDrwNMNMiZeM6Si/T 79zt5AWevZORJAA//oIwXNtTpKtTMM7KthQyr2fsN/i5F+Y3mFlSpFRj9pjDxQRntNT7 irHrQwZM7wCJaUCRAYnnSvbV0BbDcBKKgv1SwVKnylP7QbBcPNvjUQ9A9Oawuie2LtBi AUsrYzQSs11QmtpKwvWo/Hmldy2pSJvICR2I35BXsmezsam4zJcPGirthYMmAH4sW2ER F+/A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:user-agent:in-reply-to:references:mime-version :content-type:content-transfer-encoding:subject:from:date:to:cc :message-id; bh=wWUrmXnznU6E4NhrP7N6wRboWze8vUkY6R0VunpXNYc=; b=Kplb0uDc6AhYdNIHw7vTKXg9gFJPd5klNgpC1NALIRo/DczNwuQhYrX0X6PlXI4M62 PyZCzWIi96MVEB7bQ8xOf22TLhpTuVx0Asoa75MhPQU3CF6pqKozcgeLzWNUUmgEtm2J OWYskKv26q4+QBfRFqdO6+764e1mluxcPu2g86jFU+pZK8IfmoipHtXtMWoGf33eRWDk 8qcD/9W/hmIzap1pxv7LNOMjveUaf4JFPJkk4ReMPiiWrh4rCtm26lfKtiom0ewL5DvS xgdQ8K39EI7wKHGdnnidMnDyB9+6NKHReegwQxfpqCUKLPtUNWnXfmiWoFLmgFnJpQ97 KZIQ== X-Gm-Message-State: ALoCoQmmZlr0I3gAd1kEMItKfwJAPqW3EXxdrvwgk92hTuLRw2SUwNfk73MroPTaFIQmj1AnvvYmHSZTSAq6qSbIiwuemrMvoQ== X-Received: by 10.55.72.70 with SMTP id v67mr156747390qka.47.1452456096247; Sun, 10 Jan 2016 12:01:36 -0800 (PST) Received: from wendy.home (pool-71-112-137-21.pitbpa.east.verizon.net. [71.112.137.21]) by smtp.gmail.com with ESMTPSA id u78sm11412631qge.27.2016.01.10.12.01.34 (version=TLSv1/SSLv3 cipher=OTHER); Sun, 10 Jan 2016 12:01:35 -0800 (PST) User-Agent: K-9 Mail for Android In-Reply-To: References: MIME-Version: 1.0 Subject: Re: Signed Checksums for release archives From: James Keener Date: Sun, 10 Jan 2016 15:01:30 -0500 To: Dmitry Morozovsky , Clint Armstrong CC: freebsd-security@freebsd.org Message-ID: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Jan 2016 20:01:37 -0000 That doesn't help if a mirror is compromised or control is lost. Those already downloaded installers can't update their mirror list. Jim On January 10, 2016 2:54:44 PM EST, Dmitry Morozovsky wrote: >On Sun, 10 Jan 2016, Clint Armstrong wrote: > >> The signed checksums linked on that page only include checksums for >the >> .img and .iso images. Not for the .txz archives. > >Ah I see. But nevertheless, these .txz's are almost always accessed >from the >installer, which selects only approved mirror from well-defined list, >and >connects to them over TLS... > > >-- >Sincerely, >D.Marck [DM5020, MCK-RIPE, >DM3-RIPN] >[ FreeBSD committer: marck@FreeBSD.org >] >------------------------------------------------------------------------ >*** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- marck@rinet.ru >*** >------------------------------------------------------------------------ >_______________________________________________ >freebsd-security@freebsd.org mailing list >https://lists.freebsd.org/mailman/listinfo/freebsd-security >To unsubscribe, send any mail to >"freebsd-security-unsubscribe@freebsd.org" -- Sent from my Android device with K-9 Mail. Please excuse my brevity. From owner-freebsd-security@freebsd.org Sun Jan 10 21:07:42 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 13FBDA6A1BA for ; Sun, 10 Jan 2016 21:07:42 +0000 (UTC) (envelope-from clint@clintarmstrong.net) Received: from mail-ig0-x235.google.com (mail-ig0-x235.google.com [IPv6:2607:f8b0:4001:c05::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DCBF910FB for ; Sun, 10 Jan 2016 21:07:41 +0000 (UTC) (envelope-from clint@clintarmstrong.net) Received: by mail-ig0-x235.google.com with SMTP id t15so83751451igr.0 for ; Sun, 10 Jan 2016 13:07:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=clintarmstrong.net; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-type; bh=b14QpoQR1xRyYYbM4Ff47ctB4FYvnbZpFGmLgMZjaU4=; b=IECt4KaXUkBiJ4mgzoi0xxtIyO94WeAGHfCCoajYozNeAZIwpskS1xCEp7qK8UdWpk GGWXP/FFSjgM0vVnSUGjqyYYdnrJiTfih//DJWFBD+frzIohIVwLnrs5ZQDZlIbIqYhx KiCJyjHRsEymAORK2Iyc3VdhvG2wZb5OqBUZs= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-type; bh=b14QpoQR1xRyYYbM4Ff47ctB4FYvnbZpFGmLgMZjaU4=; b=GY5nAvV6TJLc8vNYe79hL+JafHgBL82Az0Nyv1M0e/wuDbrDYwR7WcXak0/yDIZb5t cIEXMz7oevfYWEqGd316dvFLhecVInnPnONtFM4ayaF/HURPdlEQwl1ru2r/l3rcTfGV xGPA8zPABWgy6BDJYHy0NWuAy/vvHfHVwYKSPOQ9tYXCnDAsW/W24zdGtCwCIuzS7jBF X3tUz1v0WmjMe3LujN1ci8eEuU8Iz6rUFoOu6BosObne4YAqZRZeZZEIMxVyOmDi6eZU +gn2tMoU/sUe4x16QXEzCM1ZKYApbP7zUv4TcL5S0vC3R1kiARN/uKgXxvdaTvf5duEe 6jWQ== X-Gm-Message-State: ALoCoQl+r0xRk2577WftDrvAmdplljmWQ+xD7hlcJhgxM67Yqrv6oiGoW2qNx5n5PBRgI+KYlvkJhTLSyVWSF28jwLGquj4CCA== X-Received: by 10.50.73.66 with SMTP id j2mr8862681igv.12.1452460060625; Sun, 10 Jan 2016 13:07:40 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Clint Armstrong Date: Sun, 10 Jan 2016 21:07:31 +0000 Message-ID: Subject: Re: Signed Checksums for release archives To: James Keener , Dmitry Morozovsky Cc: freebsd-security@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 10 Jan 2016 21:07:42 -0000 My use case is for creating Jails. I'm trying to script downloading and extracting an archive for a jail and would like to be able to verify the download. On Sun, Jan 10, 2016 at 3:01 PM James Keener wrote: > That doesn't help if a mirror is compromised or control is lost. Those > already downloaded installers can't update their mirror list. > > Jim > > > On January 10, 2016 2:54:44 PM EST, Dmitry Morozovsky > wrote: >> >> On Sun, 10 Jan 2016, Clint Armstrong wrote: >> >> The signed checksums linked on that page only include checksums for the >>> .img and .iso images. Not for the .txz archives. >>> >> >> Ah I see. But nevertheless, these .txz's are almost always accessed from the >> installer, which selects only approved mirror from well-defined list, and >> connects to them over TLS... >> >> > -- > Sent from my Android device with K-9 Mail. Please excuse my brevity. > From owner-freebsd-security@freebsd.org Mon Jan 11 16:53:29 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0905BA6BDD7 for ; Mon, 11 Jan 2016 16:53:29 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D5FDA17D0 for ; Mon, 11 Jan 2016 16:53:28 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 89F2220D77 for ; Mon, 11 Jan 2016 11:53:27 -0500 (EST) Received: from web6 ([10.202.2.216]) by compute2.internal (MEProxy); Mon, 11 Jan 2016 11:53:27 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=zRjO6YZuh6JE3BC v3TNHpBpVvVE=; b=QMOrElfDss+Pt1X2PLgRTbRLXwdZXFdRsnn/HtwiqZSigdm Ex6Elfg1v8zkrXIGHl0lY0EgCDQwHS8na62ENV60iHxWO/JVTkP0dinPmiOoGDxv tG+pcM7FVIpVXBwbkMNok4U6gYjAC7MPtWp2Oa3xQtWwf4FglSMBt/AAijHU= Received: by web6.nyi.internal (Postfix, from userid 99) id 51232536D6; Mon, 11 Jan 2016 11:53:27 -0500 (EST) Message-Id: <1452531207.3689878.488878698.796CA033@webmail.messagingengine.com> X-Sasl-Enc: ezLWpO/GShqLGNV8JHQKpgG8UvaQ4J8SWi1xlE8upCvt 1452531207 From: Mark Felder To: Clint Armstrong , James Keener , Dmitry Morozovsky Cc: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain X-Mailer: MessagingEngine.com Webmail Interface - ajax-6cda141f Subject: Re: Signed Checksums for release archives Date: Mon, 11 Jan 2016 10:53:27 -0600 In-Reply-To: References: X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Jan 2016 16:53:29 -0000 On Sun, Jan 10, 2016, at 15:07, Clint Armstrong wrote: > My use case is for creating Jails. I'm trying to script downloading and > extracting an archive for a jail and would like to be able to verify the > download. > After you have the txz extracted to the jail, use freebsd-update to update it and then IDS to verify it. If you have a 10.2-RELEASE host and a 9.3-RELEASE jail you would do this: $ UNAME_r=9.3-RELEASE freebsd-update -d /path/to/jail fetch install $ UNAME_r=9.3-RELEASE freebsd-update -d /path/to/jail IDS -- Mark Felder ports-secteam member feld@FreeBSD.org From owner-freebsd-security@freebsd.org Thu Jan 14 10:04:33 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F3E8FA80AF5 for ; Thu, 14 Jan 2016 10:04:32 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id E6F4D1768; Thu, 14 Jan 2016 10:04:32 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 1025) id E625C1464; Thu, 14 Jan 2016 10:04:32 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-16:01.sctp Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20160114100432.E625C1464@freefall.freebsd.org> Date: Thu, 14 Jan 2016 10:04:32 +0000 (UTC) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jan 2016 10:04:33 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-16:01.sctp Security Advisory The FreeBSD Project Topic: SCTP ICMPv6 error message vulnerability Category: core Module: SCTP Announced: 2016-01-14 Credits: Jonathan T. Looney Affects: All supported versions of FreeBSD Corrected: 2016-01-14 09:11:42 UTC (stable/10, 10.2-STABLE) 2016-01-14 09:10:46 UTC (releng/10.2, 10.2-RELEASE-p9) 2016-01-14 09:11:16 UTC (releng/10.1, 10.1-RELEASE-p26) 2016-01-14 09:11:48 UTC (stable/9, 9.3-STABLE) 2016-01-14 09:11:26 UTC (releng/9.3, 9.3-RELEASE-p33) CVE Name: CVE-2016-1879 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The Stream Control Transmission Protocol (SCTP) protocol provides reliable, flow-controlled, two-way transmission of data. The Internet Control Message Protocol for IPv6 (ICMPv6) provides a way for hosts on the Internet to exchange control information. Among other uses, a host or router can use ICMPv6 to inform a host when there is an error delivering a packet sent by that host. II. Problem Description A lack of proper input checks in the ICMPv6 processing in the SCTP stack can lead to either a failed kernel assertion or to a NULL pointer dereference. In either case, a kernel panic will follow. III. Impact A remote, unauthenticated attacker can reliably trigger a kernel panic in a vulnerable system running IPv6. Any kernel compiled with both IPv6 and SCTP support is vulnerable. There is no requirement to have an SCTP socket open. IPv4 ICMP processing is not impacted by this vulnerability. IV. Workaround No workaround is available, but systems using a kernel compiled without SCTP support or IPv6 support are not vulnerable. In addition, some stateful firewalls may block ICMPv6 messages that are not responding to a legitimate connection. (However, this may not completely block the problem, as an ICMPv6 message could still be sent in response to a legitimate SCTP connection.) V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Rebooting to the new kernel is required. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install Rebooting to the new kernel is required. 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-16:01/sctp.patch # fetch https://security.FreeBSD.org/patches/SA-16:01/sctp.patch.asc # gpg --verify sctp.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/9/ r293898 releng/9.3/ r293896 stable/10/ r293897 releng/10.1/ r293894 releng/10.2/ r293893 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJWl2j1AAoJEO1n7NZdz2rnIfoQAOZTLX3VovQPGj9wr7PspLQi Tazu6vRnjzdOdjpeWwSgYlq6DJGjT71c/BRyCWCoijr2uyBWRlANqzMO64thuTzx gc6juRlChLDF4sNVWbNDMRwuHTfCpgDH2/4hQeR/9CmiQxHJyqL0gXc889D206i9 KzgmYrSALEVK0E2kDBeRMsadtqPIEzCw4LygWd4qrtYNPjAfBR/a9U4rg7ZN0ICZ RCPnkAF6qI09B931QfHaI4C9wdBF8DJ6nKN/2aU9ATdOJJb7oUkpaHht8kmbdZS+ Tn12nEXkQvNxuAKT7Fb87M14s7LUR12V5wgDeMd2UtOfkeSpGEDFACdhYW3IpKan gD+2IlzLRhoQTJ7lQWMRTKh3OiDDR2kLwvbEU7BGecDSG6fVkgumn6NlHYybdH7L axpDOxPz8ITfcdRipIXLOQEC308ckdmaEwqi4ikgBGwEkSgIwj1flGStswvcMrim vT0xof2dv1y6RW5xYnJF7Mtn/rEcqrql/BeBp/kxJZ2Qt3hkppQnjWD6kvrEj00s CajzxdBTM7J3buDzu++RL2GL9p5Cwo1kDmUJdWimIbSecL62J9+PwFCDYp/dOy25 GAPGnf7gk8YhwM8pHwLtcX0b9UundkXLWnLBN7R12fL7Ch2CmPbgPcoFc5CSbcIx TBRU+4TGcNGxigXyzIHT =G0DD -----END PGP SIGNATURE----- From owner-freebsd-security@freebsd.org Thu Jan 14 10:04:37 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EE109A80B6F for ; Thu, 14 Jan 2016 10:04:36 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id E50E417A9; Thu, 14 Jan 2016 10:04:36 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 1025) id E40A9146F; Thu, 14 Jan 2016 10:04:36 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-16:02.ntp Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20160114100436.E40A9146F@freefall.freebsd.org> Date: Thu, 14 Jan 2016 10:04:36 +0000 (UTC) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jan 2016 10:04:37 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-16:02.ntp Security Advisory The FreeBSD Project Topic: ntp panic threshold bypass vulnerability Category: contrib Module: ntp Announced: 2016-01-14 Credits: Network Time Foundation Affects: All supported versions of FreeBSD. Corrected: 2016-01-11 01:09:50 UTC (stable/10, 10.2-STABLE) 2016-01-14 09:10:46 UTC (releng/10.2, 10.2-RELEASE-p9) 2016-01-14 09:11:16 UTC (releng/10.1, 10.1-RELEASE-p26) 2016-01-11 01:48:16 UTC (stable/9, 9.3-STABLE) 2016-01-14 09:11:26 UTC (releng/9.3, 9.3-RELEASE-p33) CVE Name: CVE-2015-5300 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The ntpd(8) daemon is an implementation of the Network Time Protocol (NTP) used to synchronize the time of a computer system to a reference time source. II. Problem Description The ntpd(8) daemon has a safety feature to prevent excessive stepping of the clock called the "panic threshold". If ever ntpd(8) determines the system clock is incorrect by more than this threshold, the daemon exits. There is an implementation error within the ntpd(8) implementation of this feature, which allows the system time be adjusted in certain circumstances. III. Impact When ntpd(8) is started with the '-g' option specified, the system time will be corrected regardless of if the time offset exceeds the panic threshold (by default, 1000 seconds). The FreeBSD rc(8) subsystem allows specifying the '-g' option by either including '-g' in the ntpd_flags list or by enabling ntpd_sync_on_start in the system rc.conf(5) file. If at the moment ntpd(8) is restarted, an attacker can immediately respond to enough requests from enough sources trusted by the target, which is difficult and not common, there is a window of opportunity where the attacker can cause ntpd(8) to set the time to an arbitrary value. IV. Workaround No workaround is available, but systems not running ntpd(8), or running ntpd(8) but do not use ntpd_sync_on_start="YES" or specify the '-g' option in ntpd_flags are not affected. Neither of these are set by default. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. The ntpd service has to be restarted after the update. A reboot is recommended but not required. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install The ntpd service has to be restarted after the update. A reboot is recommended but not required. 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. [FreeBSD 10.1 and 10.2] # fetch https://security.FreeBSD.org/patches/SA-16:02/ntp-10.patch # fetch https://security.FreeBSD.org/patches/SA-16:02/ntp-10.patch.asc # gpg --verify ntp-10.patch.asc [FreeBSD 9.3] # fetch https://security.FreeBSD.org/patches/SA-16:02/ntp-9.patch # fetch https://security.FreeBSD.org/patches/SA-16:02/ntp-9.patch.asc # gpg --verify ntp-9.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . Restart the applicable daemons, or reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/9/ r293652 releng/9.3/ r293896 stable/10/ r293650 releng/10.1/ r293894 releng/10.2/ r293893 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJWl2j2AAoJEO1n7NZdz2rnyg4QAJ/x3xs+pNGXxTT63hbBqLcB NTSljW5+hFpL94Nr+rHrelvcT3HkvdWUC+7BvMksoUYCZv0vClp5W7tsfuojDPr0 GechK1BpLwxeLnRexulWEuvDQpbr6BN9ABdfSl4h3AaUwGYbBVLMY8aT5JpTiE3I UZg/5iPXVGFPcfdFhzaPgCpZxQtGI3QV7m5jx+Pf8r0ifuTNi8bAbwHCRzmOV8rA 1LM4fvlCPd6TiP3UANWM7PFGbX8UArgzXlb8jSwkxEVC02oZitol4UhcLgacwVrO 0/0q71pyn8W3NBQ1QPUaUg1M81sE501NCTCP3rEg+o6g7oxiq+GpgB0FKwCJxrTk n3EL7tyhbvVcsglPLRkIXkGz3o5XdelFJ66+qS+mZAiPozkzEFUIdxd8rHKsA1e4 ZIFARDvDgi8iTArbJnPsQH0CgK8+/2RV2ILFW00Zcu7batvSWJtAUNNFqTSN34tk JJzHWYwKfGwRIMyEABsy9wLez9K2tRIG0fX75p82dVbRcRZwwSfPmFdfDPuMRRmc dsNF3133TA92uxwZ177cZk537g+Q0/0I6bts8us3GlCdY2HBuIc+HvRJQyEEqGEv v1GfEdnwGLp4rmPI8uY+JQ87now7KYhAK1SVil9AXm3tLrIqJsHYayA9nI8mjxfY Mh1utEeP+TMuievDMQNo =il8c -----END PGP SIGNATURE----- From owner-freebsd-security@freebsd.org Thu Jan 14 10:04:42 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8DCBEA80BFD for ; Thu, 14 Jan 2016 10:04:42 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 7432C18B9; Thu, 14 Jan 2016 10:04:42 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 1025) id 721A314C9; Thu, 14 Jan 2016 10:04:42 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-16:03.linux Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20160114100442.721A314C9@freefall.freebsd.org> Date: Thu, 14 Jan 2016 10:04:42 +0000 (UTC) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jan 2016 10:04:42 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-16:03.linux Security Advisory The FreeBSD Project Topic: Linux compatibility layer incorrect futex handling Category: core Module: kernel Announced: 2016-01-14 Credits: Mateusz Guzik Affects: All supported versions of FreeBSD. Corrected: 2016-01-14 09:11:42 UTC (stable/10, 10.2-STABLE) 2016-01-14 09:10:46 UTC (releng/10.2, 10.2-RELEASE-p9) 2016-01-14 09:11:16 UTC (releng/10.1, 10.1-RELEASE-p26) 2016-01-14 09:11:48 UTC (stable/9, 9.3-STABLE) 2016-01-14 09:11:26 UTC (releng/9.3, 9.3-RELEASE-p33) CVE Name: CVE-2016-1880 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background FreeBSD is binary-compatible with the Linux operating system through a loadable kernel module/optional kernel component. The support is provided on amd64 and i386 machines. II. Problem Description A programming error in the handling of Linux futex robust lists may result in incorrect memory locations being accessed. III. Impact It is possible for a local attacker to read portions of kernel memory, which may result in a privilege escalation. IV. Workaround No workaround is available, but systems not using the Linux binary compatibility layer are not vulnerable. The following command can be used to test if the Linux binary compatibility layer is loaded: # kldstat -m linuxelf V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Reboot the system or unload and reload the linux.ko kernel module. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install Reboot the system or unload and reload the linux.ko kernel module. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch http://security.FreeBSD.org/patches/SA-16:03/linux.patch # fetch http://security.FreeBSD.org/patches/SA-16:03/linux.patch.asc b) Apply the patch. # cd /usr/src # patch < /path/to/patch # cd /usr/src/amd64/linux32 # make sysent # cd /usr/src/i386/linux # make sysent c) Recompile your kernel and modules as described in . Reboot the system or unload and reload the linux.ko kernel module. VI. Correction details The following list contains the revision numbers of each file that was corrected in FreeBSD. Subversion: Branch/path Revision - --------------------------------------------------------------------------- stable/9/ r293898 releng/9.3/ r293896 stable/10/ r293897 releng/10.1/ r293894 releng/10.2/ r293893 - --------------------------------------------------------------------------- VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJWl2j2AAoJEO1n7NZdz2rngkcQAJ8yxlxYd+qZPf+pbP+0Kj6w +Sy8BrSUrYLMFynrs4vRPTJobLnVGpwkp6I6ZCDL/yoI/7Xkl3ld7HWfH7MAJ6WP x0j5/bC+AlWGpKfL6wqeddxjHgmaAlDznN1MyO+3byVfP1Y8VVppbzqPNw9AW17Q kNqNAMsVuk3OMpoE7CYEsaH6rzHzbMGAPuR+KN5J55Mth6dNkIYSIFJ0sCae5cnv P6SoMKjn7ffcHymmX/Yj7K0FTOrJOePR0eLbTITivJT1uZ3bYbbYyK1bYslE6bwF EQ3Ij+LhZdM5D7GBOpILBZ9ojvVMq8PiW9yY3zo7DRrwWajBy8pe/3ow0u7igoOK /0XUFmRT0Q0iCxlGhXPxEGcc40g6oE6oVz1m3Ewgqc2+iZm+w6N/w88dRqiBHNgL AiCqleI10eRNgP1uq7XT/5PEslmQLxSCrDPFDOgmSZc3uY7H5LBb6O9fb7YTpn6J bfL7yyJFei/lAlY1s2b+4/DW9PE1OwxNw/R85mSUpbP5my5wwZR+s3mGTLI2JAlk 74Nw/OR9HLLHoEO5JlagfEclKp7O+JzhHYkAcBm7yRMRr1LV+7JZQEaTCeWTkm6L YvL8Ca1PAL6qNLZbxQ26Gjka7KCrFhhNfR22c3Lz4pLtkg9YmDRb4sy6i+q3ellG 0mLi0OqTu2gn+25xhidf =OQft -----END PGP SIGNATURE----- From owner-freebsd-security@freebsd.org Thu Jan 14 10:04:45 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2FB79A80C20 for ; Thu, 14 Jan 2016 10:04:45 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 27D4A1987; Thu, 14 Jan 2016 10:04:45 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 1025) id 274631528; Thu, 14 Jan 2016 10:04:45 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-16:04.linux Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20160114100445.274631528@freefall.freebsd.org> Date: Thu, 14 Jan 2016 10:04:45 +0000 (UTC) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jan 2016 10:04:45 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-16:04.linux Security Advisory The FreeBSD Project Topic: Linux compatibility layer setgroups(2) system call vulnerability Category: core Module: kernel Announced: 2016-01-14 Credits: Dmitry Chagin Affects: All supported versions of FreeBSD Corrected: 2016-01-14 09:11:42 UTC (stable/10, 10.2-STABLE) 2016-01-14 09:10:46 UTC (releng/10.2, 10.2-RELEASE-p9) 2016-01-14 09:11:16 UTC (releng/10.1, 10.1-RELEASE-p26) 2016-01-14 09:11:48 UTC (stable/9, 9.3-STABLE) 2016-01-14 09:11:26 UTC (releng/9.3, 9.3-RELEASE-p33) CVE Name: CVE-2016-1881 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background FreeBSD is binary-compatible with the Linux operating system through a loadable kernel module/optional kernel component. The support is provided on amd64 and i386 machines. II. Problem Description A programming error in the Linux compatibility layer setgroups(2) system call can lead to an unexpected results, such as overwriting random kernel memory contents. III. Impact It is possible for a local attacker to overwrite portions of kernel memory, which may result in a privilege escalation or cause a system panic. IV. Workaround No workaround is available, but systems not using the Linux binary compatibility layer are not vulnerable. The following command can be used to test if the Linux binary compatibility layer is loaded: # kldstat -m linuxelf V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. Reboot the system or unload and reload the linux.ko kernel module. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install Reboot the system or unload and reload the linux.ko kernel module. 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-16:04/linux.patch # fetch https://security.FreeBSD.org/patches/SA-16:04/linux.patch.asc # gpg --verify linux.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch # cd /usr/src/amd64/linux32 # make sysent # cd /usr/src/i386/linux # make sysent c) Recompile your kernel as described in . Reboot the system or unload and reload the linux.ko kernel module. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/9/ r293898 releng/9.3/ r293896 stable/10/ r293897 releng/10.1/ r293894 releng/10.2/ r293893 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJWl2j3AAoJEO1n7NZdz2rnstMP/jddSJehSXe9rlL2qhYfRrQY XZSuoOtolvcl2xSQCZYprXN95/i890VOdJ9x4+iYJA2IQO55a8MjS1DcJjjonV7J zJa7Apnu1jaK1jDx+RL6C3eVDff0ss1B7NvZTXmjHn+nIsIRxd6vzxDp2NujTnWS XHNinNAPcVK9Hy/AJh1W+mClvgLg+lyMICuraMjTDc5ML3+fxUmXfDUWq1mm2Chq uYXMXcIBXBJx1mnnm9n2izExr7j7AHaVJywe/UYk+KCNbSeags76pt1vuPfoOjdE BaSlX9KNMouYU0JNfv/wC7/UnuQ/BY1XzxheVpIqmXwlFstAmSiKYIQkpIuypVF1 yUmf8CjN6AOx9P5CjxX88eeY3F6J1yohch1AI4IMqT3F3fd5LbJ5WqOjritt0J96 hDjnsiVhw4ozQE6SWTY8TKlokOOEfJC+yhNIJ0cNaHnkLSCUuDDErtGzp1CYoYmt Q8D1VJ1UEaVPaKcaNAo4+sjiE1uK6svPiWa1+W9VbKGvc3Y7PbcuVIzU0aI4ySgj VecEFM1O5wr3WXIYnDQNwkWVxbCQdxOIPyW0rqMGQVpu1h7MKk0oMboY1bLcQYFy Aa9okOl+D7ItpEpRUgnIT06B6krC5sUQuzkUxnVIBPKtcl1OZ4B8KidLjEqu4BSx 3qOQSGqZzr8TFcwPIJv4 =JKVW -----END PGP SIGNATURE----- From owner-freebsd-security@freebsd.org Thu Jan 14 10:04:51 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6AFB8A80CD6 for ; Thu, 14 Jan 2016 10:04:51 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 486281AB6; Thu, 14 Jan 2016 10:04:51 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 1025) id 394D615B9; Thu, 14 Jan 2016 10:04:51 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-16:05.tcp Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20160114100451.394D615B9@freefall.freebsd.org> Date: Thu, 14 Jan 2016 10:04:51 +0000 (UTC) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jan 2016 10:04:51 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-16:05.tcp Security Advisory The FreeBSD Project Topic: TCP MD5 signature denial of service Category: core Module: kernel Announced: 2016-01-14 Credits: Ryan Stone, Jonathan T. Looney Affects: All supported versions of FreeBSD. Corrected: 2016-01-14 09:11:42 UTC (stable/10, 10.2-STABLE) 2016-01-14 09:10:46 UTC (releng/10.2, 10.2-RELEASE-p9) 2016-01-14 09:11:16 UTC (releng/10.1, 10.1-RELEASE-p26) 2016-01-14 09:11:48 UTC (stable/9, 9.3-STABLE) 2016-01-14 09:11:26 UTC (releng/9.3, 9.3-RELEASE-p33) CVE Name: CVE-2016-1882 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The Transmission Control Protocol (TCP) of the TCP/IP protocol suite provides a connection-oriented, reliable, sequence-preserving data stream service. An optional extension to TCP described in RFC 2385 allows protecting data streams against spoofed packets with MD5 signature. Support for TCP MD5 signatures is not enabled in default kernel. II. Problem Description A programming error in processing a TCP connection with both TCP_MD5SIG and TCP_NOOPT socket options may lead to kernel crash. III. Impact A local attacker can crash the kernel, resulting in a denial-of-service. A remote attack is theoretically possible, if server has a listening socket with TCP_NOOPT set, and server is either out of SYN cache entries, or SYN cache is disabled by configuration. IV. Workaround No workaround is available, but installations running a default kernel, or a custom kernel without TCP_SIGNATURE option are not vulnerable. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. System reboot is required. 2) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-16:05/tcp.patch # fetch https://security.FreeBSD.org/patches/SA-16:05/tcp.patch.asc # gpg --verify tcp.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile your kernel as described in and reboot the system. VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/9/ r293898 releng/9.3/ r293896 stable/10/ r293897 releng/10.1/ r293894 releng/10.2/ r293893 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJWl2j3AAoJEO1n7NZdz2rnrWcQAN+QX6wEvC7FkTXyX2LHFWas CVOI/KkxkHSVwYMMScmorG27OxDsHTkvrGfqyVbYDczmC5NY+AorMiZMoo7CHn5J gYmS8NZvBPeMKmFt45lBTBDnKT6mOvHBz6UPhyyHruvR6VZ2h3fyLqYzbMKcy12i Onmk/nm3vgrqOCmnqYQN8Xo2v2x4KcKU3/jegK+pdfOwd9Q1bmxzBWwFx8yc7pZ0 3YItalkiMsuRppSuNS9fGoRSoB/Ybf/8pu6SDnhvJnw4CIRGAl3IDKpBanB7F/9E sofcI499s+uyOHPY8TrQ62L4UjteEukwaV8EJh6vPaLm3pns0cSURzKczgytTH3G Nz9GcI3hYdfbXRBgJvwtZv9JY5s3ZtPiqqTwHta7AdplXwiOJJ1Ylso5lZ4beiJh q7Sv+YMJr9cNfnYmSGv33rKN4hdae7XfJm+Ipde4bpgCLFpKkb/aQaGxGlowjDaW 0C77qCg+se3TzwGl0A7ClEq4dLaadTsiShQCpZGQOgc6Wgz9QUBGxU811e3KQHLo 3XQgxGSB9+3d7YiK/ZNkzi8d89VXMgUOx4HoOZ7+SkVBg1+qpbiYnk8VJjLmXyOz dPtDbzWG68wluWcSc7TD5yIYx2Lw4E9ZMWzh2boOxEWrcd9mxCUPiU9nsF+PIAPG kTcLnX0+iXijpKMnQpgP =UjjC -----END PGP SIGNATURE----- From owner-freebsd-security@freebsd.org Thu Jan 14 10:04:55 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5B649A80D0F for ; Thu, 14 Jan 2016 10:04:55 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 539431BA6; Thu, 14 Jan 2016 10:04:55 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 1025) id 52C3A1623; Thu, 14 Jan 2016 10:04:55 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-16:06.bsnmpd Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20160114100455.52C3A1623@freefall.freebsd.org> Date: Thu, 14 Jan 2016 10:04:55 +0000 (UTC) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jan 2016 10:04:55 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-16:06.bsnmpd Security Advisory The FreeBSD Project Topic: Insecure default bsnmpd.conf permissions Category: contrib Module: bsnmpd Announced: 2016-01-14 Credits: Pierre Kim Affects: All supported versions of FreeBSD. Corrected: 2016-01-14 09:11:42 UTC (stable/10, 10.2-STABLE) 2016-01-14 09:10:46 UTC (releng/10.2, 10.2-RELEASE-p9) 2016-01-14 09:11:16 UTC (releng/10.1, 10.1-RELEASE-p26) 2016-01-14 09:11:48 UTC (stable/9, 9.3-STABLE) 2016-01-14 09:11:26 UTC (releng/9.3, 9.3-RELEASE-p33) CVE Name: CVE-2015-5677 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background The bsnmpd daemon serves the Internet SNMP (Simple Network Management Protocol). It is intended to serve only the absolute basic MIBs and implements all other MIBs through loadable modules. II. Problem Description The SNMP protocol supports an authentication model called USM, which relies on a shared secret. The default permission of the bsnmpd configuration file, /etc/bsnmpd.conf, is weak and does not provide adequate protection against local unprivileged users. III. Impact A local user may be able to read the shared secret, if configured and used by the system administrator. IV. Workaround No workaround is available, but systems that do not use bsnmpd with its USM authentication model are not vulnerable. V. Solution This vulnerability can be fixed by modifying the permission on /etc/bsnmpd.conf to owner root:wheel and permission 0600. The patch is provided mainly for third party vendors who deploy FreeBSD and provide a safe default. The patch itself DOES NOT fix the permissions for existing installations. The patch can be applied by performing one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. The system administrator should change the permission on /etc/bsnmpd.conf to root:wheel and 0600. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install The system administrator should change the permission on /etc/bsnmpd.conf to root:wheel and 0600. 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-16:06/bsnmpd.patch # fetch https://security.FreeBSD.org/patches/SA-16:06/bsnmpd.patch.asc # gpg --verify bsnmpd.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/9/ r293898 releng/9.3/ r293896 stable/10/ r293897 releng/10.1/ r293894 releng/10.2/ r293893 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJWl2j4AAoJEO1n7NZdz2rnkaQP/3K9kqYY1YoHQ++uzFPnfuZQ mkGPJ0frGG46pTL806QJidky6D0LP0zNCzhtU45ZlFMguJ3B3QYp/62Cw61dBG22 x0uEkvI2F2F39IPA/clspyUHg3Y1RYgTpJrxey0JLrK0yxelyI8vMwB4tCB2eEDW ZGVU6rvFQcWJOWHABXVYcc+4Yy5ucudp0QbJsVHAKLtF7MLuntVlUj+x4Nncog5k kmGt6W7tzFn2gNsWcmntmG/LWyPkPURWhYfIj3fgcRrpMTVIDFX5PTgQyJR7DwOM /beIoQxxKBUwTW1ZRgvcCqFBu7DKSCMABoHgpqLj1gdeiJ1LaO4dErtWXvdBEAAP +XLi5OkRG3OKzIAIRnkz/SrkAUoRkzHEK1dI0coyw7AdXXjDBWtX+n9lzRXs7hqT LC3riK/Km9OYVn3+T7tCWnvKN45f+FnD8zxZDE+33Jv9wI8X+CCs9GjJdoJ0HDSd b6rg8E4gGPzfwFxSNXZQKfDSSuVBECIp3av1gp6hN3qZNOX/sadMsxro8VVGFLPg 81rC+JfKNTeVtxF8oJi9eg3FQ/eupxQv4RvC2c37R7LcErAU1KKxZyNrwv6xDEMx QVnx74o+luxXSirLxq276pfBQJdMjxYzWCj6E8ztcAZenz3M4WNiRFlt7hdq/3YO bDBdQPe4eYSHHSGyGcz/ =LDPU -----END PGP SIGNATURE----- From owner-freebsd-security@freebsd.org Thu Jan 14 14:31:19 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5C87BA82014 for ; Thu, 14 Jan 2016 14:31:19 +0000 (UTC) (envelope-from wout@canodus.be) Received: from mail1.canodus2.canodus.be (mail1.canodus2.canodus.be [83.149.89.38]) by mx1.freebsd.org (Postfix) with ESMTP id 27BBC1883 for ; Thu, 14 Jan 2016 14:31:18 +0000 (UTC) (envelope-from wout@canodus.be) Received: by mail1.canodus2.canodus.be (Postfix, from userid 65534) id 9B8B6336499; Thu, 14 Jan 2016 15:22:51 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on mail1.canodus2.canodus.be X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham autolearn_force=no version=3.4.1 Received: from t440s (94-224-208-153.access.telenet.be [94.224.208.153]) by mail1.canodus2.canodus.be (Postfix) with ESMTPSA id 5748F33645D for ; Thu, 14 Jan 2016 15:22:51 +0100 (CET) Message-ID: <1452781370.12138.3.camel@canodus.be> Subject: Re: FreeBSD Security Advisory FreeBSD-SA-16:06.bsnmpd From: Wout =?ISO-8859-1?Q?Decr=E9?= To: freebsd-security@freebsd.org Date: Thu, 14 Jan 2016 15:22:50 +0100 In-Reply-To: <20160114100455.52C3A1623@freefall.freebsd.org> References: <20160114100455.52C3A1623@freefall.freebsd.org> Organization: Canodus Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.12.9-1+b1 Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jan 2016 14:31:19 -0000 > The system administrator should change the permission on /etc/bsnmpd.conf > to root:wheel and 0600. Shouldn't this be /etc/snmpd.conf? From owner-freebsd-security@freebsd.org Thu Jan 14 15:36:42 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 09704A8275E for ; Thu, 14 Jan 2016 15:36:42 +0000 (UTC) (envelope-from az@azsupport.com) Received: from as1.azsupport.com (azsupport.com [74.52.186.194]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "azsupport.com", Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E9A1413CC for ; Thu, 14 Jan 2016 15:36:41 +0000 (UTC) (envelope-from az@azsupport.com) Date: Thu, 14 Jan 2016 16:28:16 +0100 From: Andrei To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-16:06.bsnmpd Message-ID: <20160114162816.256ee39c@azsupport.com> In-Reply-To: <1452781370.12138.3.camel@canodus.be> References: <20160114100455.52C3A1623@freefall.freebsd.org> <1452781370.12138.3.camel@canodus.be> Organization: azsupport.com X-Mailer: Claws Mail 3.13.1 (GTK+ 2.24.29; amd64-portbld-freebsd11.0) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jan 2016 15:36:42 -0000 > > The system administrator should change the permission > > on /etc/bsnmpd.conf to root:wheel and 0600. > > Shouldn't this be /etc/snmpd.conf? Or even /etc/snmpd.config :) From owner-freebsd-security@freebsd.org Thu Jan 14 16:28:32 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C2241A82C3D for ; Thu, 14 Jan 2016 16:28:32 +0000 (UTC) (envelope-from wout@canodus.be) Received: from mail1.canodus2.canodus.be (mail1.canodus2.canodus.be [83.149.89.38]) by mx1.freebsd.org (Postfix) with ESMTP id 89DAE1A7D for ; Thu, 14 Jan 2016 16:28:32 +0000 (UTC) (envelope-from wout@canodus.be) Received: by mail1.canodus2.canodus.be (Postfix, from userid 65534) id 8A3A03364A7; Thu, 14 Jan 2016 17:28:29 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on mail1.canodus2.canodus.be X-Spam-Level: X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham autolearn_force=no version=3.4.1 Received: from t440s (94-224-208-153.access.telenet.be [94.224.208.153]) by mail1.canodus2.canodus.be (Postfix) with ESMTPSA id 5CFC23364A3 for ; Thu, 14 Jan 2016 17:28:29 +0100 (CET) Message-ID: <1452788908.12138.26.camel@canodus.be> Subject: Re: FreeBSD Security Advisory FreeBSD-SA-16:06.bsnmpd From: Wout =?ISO-8859-1?Q?Decr=E9?= To: freebsd-security@freebsd.org Date: Thu, 14 Jan 2016 17:28:28 +0100 In-Reply-To: <20160114162816.256ee39c@azsupport.com> References: <20160114100455.52C3A1623@freefall.freebsd.org> <1452781370.12138.3.camel@canodus.be> <20160114162816.256ee39c@azsupport.com> Organization: Canodus Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.12.9-1+b1 Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jan 2016 16:28:32 -0000 On Thu, 2016-01-14 at 16:28 +0100, Andrei wrote: > > > The system administrator should change the permission > > > on /etc/bsnmpd.conf to root:wheel and 0600. > > > > Shouldn't this be /etc/snmpd.conf? > > Or even /etc/snmpd.config :) Argh, you're right :) > _______________________________________________ > freebsd-security@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" From owner-freebsd-security@freebsd.org Thu Jan 14 18:03:31 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 44F0AA839E4 for ; Thu, 14 Jan 2016 18:03:31 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1FCB115BB for ; Thu, 14 Jan 2016 18:03:30 +0000 (UTC) (envelope-from feld@FreeBSD.org) Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 4AF40221AC for ; Thu, 14 Jan 2016 13:03:18 -0500 (EST) Received: from web6 ([10.202.2.216]) by compute6.internal (MEProxy); Thu, 14 Jan 2016 13:03:18 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=Z6qo01Zm3N+Z0K4 TVUJ/RyRRExs=; b=pgtyqiOAfhS2bJJSxLbRwIh4fF1A7Vm3E79BoJz21evcj0u FfLpIuqVT9saWDLHR4VFxIpLxhzyMyX20rLoeW7YlCa+fSGZG+5bFs4Yqa4RDBba whxMcZuhV8Zp7L25cmHHXteyNFcIGZpxv0StBhZNM0vmuVejolVdupmWVq8M= Received: by web6.nyi.internal (Postfix, from userid 99) id 2787E4651A; Thu, 14 Jan 2016 13:03:18 -0500 (EST) Message-Id: <1452794598.3272417.492278658.0BA706B8@webmail.messagingengine.com> X-Sasl-Enc: IUE6LUP+FrGng7pV4f7gAAqH1Z2vU53h1hRUlRW8HTJI 1452794598 From: Mark Felder To: freebsd-security@freebsd.org, FreeBSD Security Advisories MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain X-Mailer: MessagingEngine.com Webmail Interface - ajax-6cda141f In-Reply-To: <20160114100455.52C3A1623@freefall.freebsd.org> References: <20160114100455.52C3A1623@freefall.freebsd.org> Subject: Re: FreeBSD Security Advisory FreeBSD-SA-16:06.bsnmpd Date: Thu, 14 Jan 2016 12:03:18 -0600 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Jan 2016 18:03:31 -0000 On Thu, Jan 14, 2016, at 04:04, FreeBSD Security Advisories wrote: > > V. Solution > > This vulnerability can be fixed by modifying the permission on > /etc/bsnmpd.conf to owner root:wheel and permission 0600. > > The patch is provided mainly for third party vendors who deploy FreeBSD > and provide a safe default. The patch itself DOES NOT fix the > permissions > for existing installations. > Are we paranoid of breaking someone's special snowflake install, or is freebsd-update unable to only do a permissions change? -- Mark Felder ports-secteam member feld@FreeBSD.org From owner-freebsd-security@freebsd.org Fri Jan 15 05:44:55 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A075DA83A80 for ; Fri, 15 Jan 2016 05:44:55 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 98FE71AC6; Fri, 15 Jan 2016 05:44:55 +0000 (UTC) (envelope-from security-advisories@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 1025) id 981ED1D10; Fri, 15 Jan 2016 05:44:55 +0000 (UTC) From: FreeBSD Security Advisories To: FreeBSD Security Advisories Subject: FreeBSD Security Advisory FreeBSD-SA-16:07.openssh Reply-To: freebsd-security@freebsd.org Precedence: bulk Message-Id: <20160115054455.981ED1D10@freefall.freebsd.org> Date: Fri, 15 Jan 2016 05:44:55 +0000 (UTC) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Jan 2016 05:44:55 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-16:07.openssh Security Advisory The FreeBSD Project Topic: OpenSSH client information leak Category: contrib Module: openssh Announced: 2016-01-14 Credits: Qualys Security Advisory Team Affects: All supported versions of FreeBSD. Corrected: 2016-01-14 22:42:43 UTC (stable/10, 10.2-STABLE) 2016-01-14 22:45:33 UTC (releng/10.2, 10.2-RELEASE-p10) 2016-01-14 22:47:54 UTC (releng/10.1, 10.1-RELEASE-p27) 2016-01-14 22:50:35 UTC (stable/9, 9.3-STABLE) 2016-01-14 22:53:07 UTC (releng/9.3, 9.3-RELEASE-p34) CVE Name: CVE-2016-0777 For general information regarding FreeBSD Security Advisories, including descriptions of the fields above, security branches, and the following sections, please visit . I. Background OpenSSH is an implementation of the SSH protocol suite, providing an encrypted and authenticated transport for a variety of services, including remote shell access. The ssh(1) is client side utility used to login to remote servers. II. Problem Description The OpenSSH client code contains experimental support for resuming SSH connections (roaming). The matching server code has never been shipped, but the client code was enabled by default and could be tricked by a malicious server into leaking client memory to the server, including private client user keys. III. Impact A user that authenticates to a malicious or compromised server may reveal private data, including the private SSH key of the user. IV. Workaround The vulnerable code in the client can be completely disabled by adding 'UseRoaming no' to the global ssh_config(5) file, or to user configuration in ~/.ssh/config, or by passing -oUseRoaming=no on the command line. All current remote ssh(1) sessions need to be restared after changing the configuration file. V. Solution Perform one of the following: 1) Upgrade your vulnerable system to a supported FreeBSD stable or release / security branch (releng) dated after the correction date. 2) To update your vulnerable system via a binary patch: Systems running a RELEASE version of FreeBSD on the i386 or amd64 platforms can be updated via the freebsd-update(8) utility: # freebsd-update fetch # freebsd-update install 3) To update your vulnerable system via a source code patch: The following patches have been verified to apply to the applicable FreeBSD release branches. a) Download the relevant patch from the location below, and verify the detached PGP signature using your PGP utility. # fetch https://security.FreeBSD.org/patches/SA-16:07/openssh.patch # fetch https://security.FreeBSD.org/patches/SA-16:07/openssh.patch.asc # gpg --verify openssh.patch.asc b) Apply the patch. Execute the following commands as root: # cd /usr/src # patch < /path/to/patch c) Recompile the operating system using buildworld and installworld as described in . VI. Correction details The following list contains the correction revision numbers for each affected branch. Branch/path Revision - ------------------------------------------------------------------------- stable/9/ r294053 releng/9.3/ r294054 stable/10/ r294049 releng/10.1/ r294051 releng/10.2/ r294052 - ------------------------------------------------------------------------- To see which files were modified by a particular revision, run the following command, replacing NNNNNN with the revision number, on a machine with Subversion installed: # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base Or visit the following URL, replacing NNNNNN with the revision number: VII. References The latest revision of this advisory is available at -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJWmH8uAAoJEO1n7NZdz2rnZ3MQAMPm2/+gM/83HbibOzRXfo7v 4D3j93BOEGltCQx8y+Stu3Y/CNA6eRYVPvD0u65DeO2bevQcYPQbfHSa5fxYgjWQ yqmLAvB+KZyGxAWZZhXsOWS6oUsK6y75jaWho3Oq19VLps8CWqHauvIyk0b1z/KA IlYYcXOdAvDgLoZHVcLbKU0jdOvMmc/iwxhx0aPVu4D2LXIr59xQcA/AsbKobk5V oqWt5CaaiZCXmVaw9eQhqNuXYC3zoY2/eh8FKG6IkIH9eyL6qQUIxumluxcui1MZ 25tZjp+OsmpVLgWxUyKKyQOVj3rRjaiRBwyUMUk+87GwmW+5b71UYjtVfQw9KHf1 KjGfylhu1oFcw5vCiul9xMm5jtBweqly1U1GEigybkDzaRNM3wheaOjWJVplU9Ku pNYZJo7cBi19KztUUyF9AUroAdVGVO4fzRtHxWUPIBxXFpgvlXijw/AMckTGcqWy TcEh45zSs2TScP1F8GeLPvmWUFbcChTCYWUIzFVUakEVeM5iRmx6B9qMFcN7YUS7 aFiraTIJFhaYrBbKK95CMfFvDAXwe+tBoGfLjXIfZdHcrmB6jkDyUue8ItopsAS0 hozJQUgcnZzzG+KcWODEB2xMdZSqldUoztDXJII3aisCf39ZXN5IFNJHti13tc8l Lw/p7lOx/U4SIq+QNqqy =EApM -----END PGP SIGNATURE----- From owner-freebsd-security@freebsd.org Fri Jan 15 13:33:23 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6D4CFA82E78 for ; Fri, 15 Jan 2016 13:33:23 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id 35DEA1F93; Fri, 15 Jan 2016 13:33:23 +0000 (UTC) (envelope-from des@des.no) Received: from desk.des.no (smtp.des.no [194.63.250.102]) by smtp.des.no (Postfix) with ESMTP id 5F28DEA53; Fri, 15 Jan 2016 13:33:22 +0000 (UTC) Received: by desk.des.no (Postfix, from userid 1001) id 1B1D64632E; Fri, 15 Jan 2016 14:33:18 +0100 (CET) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Mark Felder Cc: freebsd-security@freebsd.org, FreeBSD Security Advisories Subject: Re: FreeBSD Security Advisory FreeBSD-SA-16:06.bsnmpd References: <20160114100455.52C3A1623@freefall.freebsd.org> <1452794598.3272417.492278658.0BA706B8@webmail.messagingengine.com> Date: Fri, 15 Jan 2016 14:33:18 +0100 In-Reply-To: <1452794598.3272417.492278658.0BA706B8@webmail.messagingengine.com> (Mark Felder's message of "Thu, 14 Jan 2016 12:03:18 -0600") Message-ID: <867fjb55nl.fsf@desk.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Jan 2016 13:33:23 -0000 Mark Felder writes: > Are we paranoid of breaking someone's special snowflake install, or is > freebsd-update unable to only do a permissions change? The latter - it can only add, delete or modify. It will set the correct permissions when adding a file, but will not modify those of an existing one. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no From owner-freebsd-security@freebsd.org Sat Jan 16 05:34:26 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7C204A83907 for ; Sat, 16 Jan 2016 05:34:26 +0000 (UTC) (envelope-from robertames@hotmail.com) Received: from BLU004-OMC3S21.hotmail.com (blu004-omc3s21.hotmail.com [65.55.116.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "*.outlook.com", Issuer "MSIT Machine Auth CA 2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 24C7D114A for ; Sat, 16 Jan 2016 05:34:25 +0000 (UTC) (envelope-from robertames@hotmail.com) Received: from BLU177-W48 ([65.55.116.74]) by BLU004-OMC3S21.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.23008); Fri, 15 Jan 2016 21:34:18 -0800 X-TMN: [OlETRlDnvpN7jGr1ngiguZ3ia41ledw4] X-Originating-Email: [robertames@hotmail.com] Message-ID: From: Robert Ames To: "freebsd-security@freebsd.org" Subject: SA-16:03 and SA-16:04 on 9.3-RELEASE Date: Sat, 16 Jan 2016 00:34:18 -0500 Importance: Normal Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginalArrivalTime: 16 Jan 2016 05:34:19.0197 (UTC) FILETIME=[8BE90ED0:01D1501F] X-Mailman-Approved-At: Sat, 16 Jan 2016 12:16:06 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Jan 2016 05:34:26 -0000 Both SA-16:03 and SA-16:04 give the following instructions:=0A= =0A= # cd /usr/src=0A= # patch < /path/to/patch=0A= # cd /usr/src/amd64/linux32=0A= # make sysent=0A= # cd /usr/src/i386/linux=0A= # make sysent=0A= =0A= On my 9.3-RELEASE machine I don't have /usr/src/amd64 or /usr/src/i386.=0A= Are the correct directories /usr/src/sys/amd64/linux32 and=0A= /usr/src/sys/i386/linux?=0A= =0A= = From owner-freebsd-security@freebsd.org Sat Jan 16 17:48:12 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F3050A856B2 for ; Sat, 16 Jan 2016 17:48:12 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id BE6371A66 for ; Sat, 16 Jan 2016 17:48:12 +0000 (UTC) (envelope-from des@des.no) Received: from desk.des.no (smtp.des.no [194.63.250.102]) by smtp.des.no (Postfix) with ESMTP id BA483E95D; Sat, 16 Jan 2016 17:48:11 +0000 (UTC) Received: by desk.des.no (Postfix, from userid 1001) id 0216446428; Sat, 16 Jan 2016 18:48:10 +0100 (CET) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Robert Ames Cc: "freebsd-security\@freebsd.org" Subject: Re: SA-16:03 and SA-16:04 on 9.3-RELEASE References: Date: Sat, 16 Jan 2016 18:48:09 +0100 In-Reply-To: (Robert Ames's message of "Sat, 16 Jan 2016 00:34:18 -0500") Message-ID: <861t9he7qe.fsf@desk.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Jan 2016 17:48:13 -0000 Robert Ames writes: > On my 9.3-RELEASE machine I don't have /usr/src/amd64 or /usr/src/i386. > Are the correct directories /usr/src/sys/amd64/linux32 and > /usr/src/sys/i386/linux? Yes. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no From owner-freebsd-security@freebsd.org Sat Jan 16 18:10:55 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 53E3FA84251 for ; Sat, 16 Jan 2016 18:10:55 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from cell.glebi.us (glebi.us [96.95.210.25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "cell.glebi.us", Issuer "cell.glebi.us" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4072B1E2A for ; Sat, 16 Jan 2016 18:10:54 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from cell.glebi.us (localhost [127.0.0.1]) by cell.glebi.us (8.15.2/8.15.2) with ESMTPS id u0GIAraN009282 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sat, 16 Jan 2016 10:10:54 -0800 (PST) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.glebi.us (8.15.2/8.15.2/Submit) id u0GIAr9U009281; Sat, 16 Jan 2016 10:10:53 -0800 (PST) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.glebi.us: glebius set sender to glebius@FreeBSD.org using -f Date: Sat, 16 Jan 2016 10:10:53 -0800 From: Gleb Smirnoff To: Robert Ames Cc: "freebsd-security@freebsd.org" Subject: Re: SA-16:03 and SA-16:04 on 9.3-RELEASE Message-ID: <20160116181053.GC1059@FreeBSD.org> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.24 (2015-08-30) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 16 Jan 2016 18:10:55 -0000 Robert, On Sat, Jan 16, 2016 at 12:34:18AM -0500, Robert Ames wrote: R> # cd /usr/src R> # patch < /path/to/patch R> # cd /usr/src/amd64/linux32 R> # make sysent R> # cd /usr/src/i386/linux R> # make sysent R> R> On my 9.3-RELEASE machine I don't have /usr/src/amd64 or /usr/src/i386. R> Are the correct directories /usr/src/sys/amd64/linux32 and R> /usr/src/sys/i386/linux? Sorry for the mistake, Robert. And thanks for noticing and reporting that. Fixed advisories are put on the website. -- Totus tuus, Glebius.