Date: Wed, 7 Mar 2018 06:45:08 +0000 (UTC) From: Gordon Tetlow <gordon@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r51463 - in head/share: security/advisories security/patches/EN-18:01 security/patches/EN-18:02 security/patches/SA-18:01 security/patches/SA-18:02 xml Message-ID: <201803070645.w276j8Gb013118@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: gordon (src,ports committer) Date: Wed Mar 7 06:45:08 2018 New Revision: 51463 URL: https://svnweb.freebsd.org/changeset/doc/51463 Log: Add SA-18:01, SA-18:02, EN-18:01, EN-18:02. Approved by: so Added: head/share/security/advisories/FreeBSD-EN-18:01.tzdata.asc (contents, props changed) head/share/security/advisories/FreeBSD-EN-18:02.file.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-18:01.ipsec.asc (contents, props changed) head/share/security/advisories/FreeBSD-SA-18:02.ntp.asc (contents, props changed) head/share/security/patches/EN-18:01/ head/share/security/patches/EN-18:01/tzdata-2018c.patch.asc (contents, props changed) head/share/security/patches/EN-18:02/ head/share/security/patches/EN-18:02/file-10.3.patch.asc (contents, props changed) head/share/security/patches/EN-18:02/file-10.4.patch.asc (contents, props changed) head/share/security/patches/EN-18:02/file-11.patch.asc (contents, props changed) head/share/security/patches/SA-18:01/ head/share/security/patches/SA-18:01/ipsec-10.patch.asc (contents, props changed) head/share/security/patches/SA-18:01/ipsec-11.patch.asc (contents, props changed) head/share/security/patches/SA-18:02/ head/share/security/patches/SA-18:02/ntp-10.3.patch.asc (contents, props changed) head/share/security/patches/SA-18:02/ntp-10.4.patch.asc (contents, props changed) head/share/security/patches/SA-18:02/ntp-11.1.patch.asc (contents, props changed) Modified: head/share/xml/advisories.xml head/share/xml/notices.xml Added: head/share/security/advisories/FreeBSD-EN-18:01.tzdata.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-EN-18:01.tzdata.asc Wed Mar 7 06:45:08 2018 (r51463) @@ -0,0 +1,149 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-18:01.tzdata Errata Notice + The FreeBSD Project + +Topic: Timezone database information update + +Category: contrib +Module: zoneinfo +Announced: 2018-03-07 +Credits: Philip Paeps +Affects: All supported versions of FreeBSD +Corrected: 2018-01-27 13:29:55 UTC (stable/11, 11.1-STABLE) + 2018-03-07 06:01:44 UTC (releng/11.1, 11.1-RELEASE-p7) + 2018-01-27 13:34:14 UTC (stable/10, 10.4-STABLE) + 2018-03-07 06:01:44 UTC (releng/10.4, 10.4-RELEASE-p6) + 2018-03-07 06:01:44 UTC (releng/10.3, 10.3-RELEASE-p27) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +The tzsetup(8) program allows the user to specify the default local timezone. +Based on the selected timezone, tzsetup(8) copies one of the files from +/usr/share/zoneinfo to /etc/localtime. This file actually controls the +conversion. + +II. Problem Description + +Several changes in Daylight Savings Time happened after previous FreeBSD +releases were released that would affect many people who live in different +countries. Because of these changes, the data in the zoneinfo files need to +be updated, and if the local timezone on the running system is affected, +tzsetup(8) needs to be run so the /etc/localtime is updated. + +III. Impact + +An incorrect time will be displayed on a system configured to use one of the +affected timezones if the /usr/share/zoneinfo and /etc/localtime files are +not updated, and all applications on the system that rely on the system time, +such as cron(8) and syslog(8), will be affected. + +IV. Workaround + +The system administrator can install an updated timezone database from the +misc/zoneinfo port and run tzsetup(8) to get the timezone database corrected. + +Applications that store and display times in Coordinated Universal Time (UTC) +are not affected. + +V. Solution + +Please note that some third party software, for instance PHP, Ruby, Java and +Perl, may be using different zoneinfo data source, in such cases this +software must be updated separately. For software packages that is installed +via binary packages, they can be upgraded by executing `pkg upgrade'. + +Following the instructions in this Errata Notice will update all of the +zoneinfo files to be the same as what was released with FreeBSD release. + +Perform one of the following: + +1) Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. Restart all the affected +applications and daemons, or reboot the system. + +2) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +Restart all the affected applications and daemons, or reboot the system. + +3) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch https://security.FreeBSD.org/patches/EN-18:01/tzdata-2018c.patch +# fetch https://security.FreeBSD.org/patches/EN-18:01/tzdata-2018c.patch.asc +# gpg --verify tzdata-2018c.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart all the affected applications and daemons, or reboot the system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/10/ r328476 +releng/10.3/ r330568 +releng/10.4/ r330568 +stable/11/ r328475 +releng/11.1/ r330568 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-18:01.tzdata.asc>; +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlqfhfZfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cJp7Q//fHWkVYNLtrjtWwhWdklnNdJq16V4Jnvd4bniw9O9tlWBZlQPwFB4Ez/l +GNLqamLhgakaFXFE9oISjqn1LvNZOoaIDKHVs9KRkTEWpGZaIVRVPyHkZsGImG4A +ale+8grJBcyepZPxXGbmEcPsrGPlOs5M3LsQabwEvuPW8yf9CLAh5IOkmD7r7qMJ +zbhLKW/rKQOq9Weka3XZSuVXXi1h536tmGPkQoj0S+k73d0X67E5jlFCOFo8Q/yh +qqsIXRNrvvfieVujUtTRwYrbCi6Omngj6lNZWCOO7QUNKd0YoEgsdj/tAxZ+cwwn +Z7J55ARBD+/dkRAFbZaqryPFuznDA3+bPS/oKJfyVdIDWC4gT38L8WUFMSRpeFbr +BdZMUdoxvj2NRjRejgO/kii7JDzg2+nztGmt8hw0z4lNt5ZXIc2W4+ou7oEaAr5i +YoM95ZxwnNe5JEgYXWOJ8f4krB1GICLk0KQZ38P1kP2jQRs52OtQKNBRw3UVZLEV +SnFSACTNYSQzE3CajEgVQ/cfg3+KMA0fYbYdmA5ZXekQqjSMPeqrui/z+9C57Bjm +6+4qTpzST8oJbNBOGlU2uncIcYllaWSrMQ2kRWmq73O/PUMhoPhukahPeYEMj8PR +STD8RLoN9Rp+6GdZfLndLBl6ZJHOFKY0yd6NYsGlj7AsjJwsgKw= +=mVpJ +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-EN-18:02.file.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-EN-18:02.file.asc Wed Mar 7 06:45:08 2018 (r51463) @@ -0,0 +1,144 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-EN-18:02.file Errata Notice + The FreeBSD Project + +Topic: Version and security update of file(1) and libmagic(3) + +Category: contrib +Module: file +Announced: 2018-03-07 +Affects: All supported versions of FreeBSD. +Corrected: 2018-02-05 08:20:11 UTC (stable/11, 11.1-STABLE) + 2018-03-07 06:04:25 UTC (releng/11.1, 11.1-RELEASE-p7) + 2018-02-05 08:50:34 UTC (stable/10, 10.4-STABLE) + 2018-03-07 06:04:25 UTC (releng/10.4, 10.4-RELEASE-p6) + 2018-03-07 06:04:25 UTC (releng/10.3, 10.3-RELEASE-p27) +CVE Name: CVE-2017-1000249 + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +<URL:https://security.FreeBSD.org/>. + +I. Background + +The file(1) utility attempts to classify file system objects based on +filesystem, magic number and language tests. + +The libmagic(3) library provides most of the functionality of file(1) and +may be used by other applications. + +II. Problem Description + +The file(1) utility contains a stack based buffer overflow when parsing +a specially crafted input file. + +III. Impact + +The issue lets an attacker overwrite a fixed 20 bytes stack buffer with +with a specially crafted .notes section in an ELF binary file. + +IV. Workaround + +No workaround is available, but systems where file(1) and other applications +using libmagic(3) are never run on untrusted input are not vulnerable. + +V. Solution + +Perform one of the following: + +1) Upgrade your system to a supported FreeBSD stable or release / security +branch (releng) dated after the correction date. + +2) To update your system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +3) To update your system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 10.3] +# fetch https://security.FreeBSD.org/patches/EN-18:02/file-10.3.patch +# fetch https://security.FreeBSD.org/patches/EN-18:02/file-10.3.patch.asc +# gpg --verify file-10.3.patch.asc + +[FreeBSD 10.4] +# fetch https://security.FreeBSD.org/patches/EN-18:02/file-10.4.patch +# fetch https://security.FreeBSD.org/patches/EN-18:02/file-10.4.patch.asc +# gpg --verify file-10.4.patch.asc + +[FreeBSD 11.1] +# fetch https://security.FreeBSD.org/patches/EN-18:02/file-11.patch +# fetch https://security.FreeBSD.org/patches/EN-18:02/file-11.patch.asc +# gpg --verify file-11.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart all daemons that use the library, or reboot the system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/10/ r328875 +releng/10.3/ r330569 +releng/10.4/ r330569 +stable/11/ r328874 +releng/11.1/ r330569 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000249>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-18:02.file.asc>; +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlqfhmJfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cLAmg/+Ls59X/iLsmZiRvMiqfxI78P7FYuvTZ/6It0oaElmbswoaIDs3NF1c+II +lcKYwFyXPs4ge/9P4k4pz9bWN7IZcMlGuzDalWSpywF2y3I/6zCNOU2Xyzz4LLVx +wrLuWbTYqXFq6bgYsT8BBOANIadH5tjCfvO7DXOtRHyfUK5DJqsT+xMyv6R4Kncv +VnwjyBNkutT/kAkWYYdqJYLR7uhW2NmVk/57Un6lnGxsLUMgfL8jxzsTlGOa90q9 +0fmGVTwkHxqfxqVSd9+lymISuuw4pg2Ar8bY0AKzMjhQTVMhEtLEsn0N+VbLg6Ns +6HCuPsYwDtGLJ8hd44JPCfbzxzOAW08flUwgu1U5E4e+sUIlKMTOhKxt/HrH+JFk +OyzLDytuv2364lMepThzO4++vWZkErxfa5uJFjjrax5w+WECyEddrUJG3HovOxMd +YXD/dBSulgxaAgVQLXhn1AI+BUR5rD59wsmi6rEYFDXhAfTxNtrHXp1vIoHiW4CO +a8jVPHfFcSuNzLfi+hE/QV8q2RWVOseYlOey0vme4h0upzi3HKQ8WPvUQUrHmDLw +D0Hmr6m9PpyoKFnh2UlM4RiEMf3RO4o4nkRHzPp40LPawzmOmilSmPwv/HasBe2z +X49GD/ortXLxn7UmGqjkIEApOo9me8lHxCYtODQC73BwZdFNrP4= +=PpWQ +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-18:01.ipsec.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-18:01.ipsec.asc Wed Mar 7 06:45:08 2018 (r51463) @@ -0,0 +1,144 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-18:01.ipsec Security Advisory + The FreeBSD Project + +Topic: ipsec validation and use-after-free + +Category: core +Module: ipsec +Announced: 2018-03-07 +Credits: Maxime Villard +Affects: All supported versions of FreeBSD. +Corrected: 2018-02-24 13:04:02 UTC (stable/11, 11.1-STABLE) + 2018-03-07 05:53:35 UTC (releng/11.1, 11.1-RELEASE-p7) + 2018-03-07 05:47:48 UTC (stable/10, 10.4-STABLE) + 2018-03-07 05:53:35 UTC (releng/10.4, 10.4-RELEASE-p6) + 2018-03-07 05:53:35 UTC (releng/10.3, 10.3-RELEASE-p27) +CVE Name: CVE-2018-6916 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +The IPsec suite of protocols provide network level security for IPv4 and IPv6 +packets. FreeBSD includes software originally developed by the KAME project +which implements the various protocols that make up IPsec. + +In IPsec, the IP Authentication Header (AH) is used to provide protection +against replay attacks and connectionless integrity and data origin +authentication for IP datagrams. + +II. Problem Description + +Due to a lack of strict checking, an attacker from a trusted host can +send a specially constructed IP packet that may lead to a system crash. + +Additionally, a use-after-free vulnerability in the AH handling code could +cause unpredictable results. + +III. Impact + +Access to out of bounds or freed mbuf data can lead to a kernel panic or +other unpredictable results. + +IV. Workaround + +No workaround is available, but systems not using IPsec are not vulnerable. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. +And reboot the system. + +2) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install +And reboot the system + +3) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 10.x] +# fetch https://security.FreeBSD.org/patches/SA-18:01/ipsec-10.patch +# fetch https://security.FreeBSD.org/patches/SA-18:01/ipsec-10.patch.asc +# gpg --verify ipsec-10.patch.asc + +[FreeBSD 11.1] +# fetch https://security.FreeBSD.org/patches/SA-18:01/ipsec-11.patch +# fetch https://security.FreeBSD.org/patches/SA-18:01/ipsec-11.patch.asc +# gpg --verify ipsec-11.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +<URL:https://www.FreeBSD.org/handbook/kernelconfig.html>; and reboot the +system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/10/ r330565 +releng/10.3/ r330566 +releng/10.4/ r330566 +stable/11/ r329907 +releng/11.1/ r330566 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6916>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-18:01.ipsec.asc>; +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlqfhClfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cISCQ//f9bjAzuou4wlbaoVBp+csfE8qwJl0PJAs/guwO9dO/TMLrVzJ+oNtAIR +VO6T7j2uC/eLD80PFsGoTpDAm4O1gqcGGX4OZm/6rE/OdqC3/UhhqpMYke0ZdNuh +ugUyztXZkHuvsLgoR/peW9QqAxRRABTUWL0NPQU4YvtEpa5iOOkzNYuPQ9+dltQC +SXkbGDrHgHwMHSyoZ14eRffrlwOU+bYH7tdMvDzPyr3z4NhJSTJvKBy4dohCal9F +bQRjZSqsGGZ4D0T0BW88RpD3wRBj9s23bSgbcrR8tQvtwEN897S/oL0wtbFYVOQ+ +p/ZgiVgV2JvB17m6Dnmt8+CQLEri+21l1NCF2rVMvMBUcZioiO3L43Z3dZNZfRb5 +pknuSB6q0HEF5qE1sRIlT2WwH/6rd6VASQOb0NQRTBKNVM7ZU6+Q1PN56KjPhZmw +uVREGJ6fHz/MB58fOLkyhbhvcmL7Hz1CGQwQz1Qi05Gp5T2OYP9POJyK8e/EW+Gs +hiiErWezEWpVtHHfUpbudVlqlLp/Mc8LHlVOCIhnrEWH1zhgBX2Bx/WmELUerJz/ +RjOKUdPTQwn8IVkXJfpj42IbxdCG8xvQN/NKWf01maa+Y2xLCtlg8H0I9/9zT80Q +bLdFKjj+M5ysz+bcSR4jl3pd2WMqpidXPvOjph5JcfNWDA5131I= +=Uzqo +-----END PGP SIGNATURE----- Added: head/share/security/advisories/FreeBSD-SA-18:02.ntp.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/advisories/FreeBSD-SA-18:02.ntp.asc Wed Mar 7 06:45:08 2018 (r51463) @@ -0,0 +1,200 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +============================================================================= +FreeBSD-SA-18:02.ntp Security Advisory + The FreeBSD Project + +Topic: Multiple vulnerabilities of ntp + +Category: contrib +Module: ntp +Announced: 2018-03-07 +Credits: Network Time Foundation +Affects: All supported versions of FreeBSD. +Corrected: 2018-02-28 09:01:03 UTC (stable/11, 11.1-STABLE) + 2018-03-07 05:58:24 UTC (releng/11.1, 11.1-RELEASE-p7) + 2018-03-01 04:06:49 UTC (stable/10, 10.4-STABLE) + 2018-03-07 05:58:24 UTC (releng/10.4, 10.4-RELEASE-p6) + 2018-03-07 05:58:24 UTC (releng/10.3, 10.3-RELEASE-p27) +CVE Name: CVE-2018-7182, CVE-2018-7170, CVE-2018-7184, CVE-2018-7185, + CVE-2018-7183 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit <URL:https://security.FreeBSD.org/>. + +I. Background + +The ntpd(8) daemon is an implementation of the Network Time Protocol (NTP) +used to synchronize the time of a computer system to a reference time +source. + +II. Problem Description + +The ctl_getitem() function is used by ntpd(8) to process incoming "mode 6" +packets. A malicious "mode 6" packet can be sent to an ntpd instance, and +if the ntpd instance is from 4.2.8p6 through 4.2.8p10, ctl_getitem() will +read past the end of its buffer. [CVE-2018-7182] + +The ntpd(8) service can be vulnerable to Sybil attacks. If a system is +configured to use a trustedkey and if one is not using the feature introduced +in ntp-4.2.8p6 allowing an optional 4th field in the ntp.keys file to specify +which IPs can serve time, a malicious authenticated peer, i.e., one where the +attacker knows the private symmetric key, can create arbitrarily-many +ephemeral associations in order to win the clock selection of ntpd and modify +a victim's clock. [CVE-2018-7170] + +The fix for NtpBug2952 was incomplete, and while it fixed one problem it +created another. Specifically, it drops bad packets before updating the +"received" timestamp. This means a third-party can inject a packet with +a zero-origin timestamp, meaning the sender wants to reset the association, +and the transmit timestamp in this bogus packet will be saved as the most +recent "received" timestamp. The real remote peer does not know this +value and this will disrupt the association until the association resets. +[CVE-2018-7184] + +The NTP Protocol allows for both non-authenticated and authenticated +associations, in client/server, symmetric (peer), and several broadcast +modes. In addition to the basic NTP operational modes, symmetric mode and +broadcast servers can support an interleaved mode of operation. In +ntp-4.2.8p4, a bug was inadvertently introduced into the protocol engine that +allows a non-authenticated zero-origin (reset) packet to reset an +authenticated interleaved peer association. If an attacker can send a packet +with a zero-origin timestamp and the source IP address of the "other side" of +an interleaved association, the 'victim' ntpd will reset its association. +The attacker must continue sending these packets in order to maintain the +disruption of the association. [CVE-2018-7185] + +The ntpq(8) utility is a monitoring and control program for ntpd. The +internal decodearr() function of ntpq(8) that is used to decode an array in +a response string when formatted data is being displayed. This is a problem +in affected versions of ntpq if a maliciously-altered ntpd returns an array +result that will trip this bug, or if a bad actor is able to read an ntpq(8) +request on its way to a remote ntpd server and forge and send a response +before the remote ntpd sends its response. It is potentially possible that +the malicious data could become injectable/executable code. [CVE-2017-7183] + +III. Impact + +Malicious remote attackers may be able to break time synchornization, +or cause the ntpq(8) utility to crash. + +IV. Workaround + +No workaround is available, but systems not running ntpd(8) or ntpq(8) are +not affected. Network administrators are advised to implement BCP-38 which +helps to reduce risk associated with the attacks. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to a supported FreeBSD stable or +release / security branch (releng) dated after the correction date. + +The ntpd service has to be restarted after the update. A reboot is +recommended but not required. + +2) To update your vulnerable system via a binary patch: + +Systems running a RELEASE version of FreeBSD on the i386 or amd64 +platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +The ntpd service has to be restarted after the update. A reboot is +recommended but not required. + +3) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to the applicable +FreeBSD release branches. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 11.1] +# fetch https://security.FreeBSD.org/patches/SA-18:02/ntp-11.1.patch +# fetch https://security.FreeBSD.org/patches/SA-18:02/ntp-11.1.patch.asc +# gpg --verify ntp-11.1.patch.asc + +[FreeBSD 10.4] +# fetch https://security.FreeBSD.org/patches/SA-18:02/ntp-10.4.patch +# fetch https://security.FreeBSD.org/patches/SA-18:02/ntp-10.4.patch.asc +# gpg --verify ntp-10.4.patch.asc + +[FreeBSD 10.3] +# fetch https://security.FreeBSD.org/patches/SA-18:02/ntp-10.3.patch +# fetch https://security.FreeBSD.org/patches/SA-18:02/ntp-10.3.patch.asc +# gpg --verify ntp-10.3.patch.asc + +b) Apply the patch. Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system using buildworld and installworld as +described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>. + +Restart the applicable daemons, or reboot the system. + +VI. Correction details + +The following list contains the correction revision numbers for each +affected branch. + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/10/ r330141 +releng/10.3/ r330567 +releng/10.4/ r330567 +stable/11/ r330106 +releng/11.1/ r330567 +- ------------------------------------------------------------------------- + +To see which files were modified by a particular revision, run the +following command, replacing NNNNNN with the revision number, on a +machine with Subversion installed: + +# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base + +Or visit the following URL, replacing NNNNNN with the revision number: + +<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>; + +VII. References + +<URL:http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S>; + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7182>; + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7170>; + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7184>; + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7185>; + +<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7183>; + +The latest revision of this advisory is available at +<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc>; +-----BEGIN PGP SIGNATURE----- + +iQKTBAEBCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlqfhYNfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cL9GQ/+PLffyegsvxKngL83XWG9UuHbcGG5aWbNwCecTEzNoCI72TI03aga0ge5 +iLz5kW3SQvl8tsq778U4YbfFcCw6ifq2ws8asqNviv+u4AcJh7oD8CS3/kFuA9xM +zjAIrScdNR2taBJhBW3nwlb7RmDeKqydQ3OIxHVvs9Fj5Alc5ZEGezUjC2dueB+M +UdORg6GvHGMYQ+4AtBFRgZHAU3BFkwmgqsIICywYnUVH+AxKj34shs/pMMeJd/d9 +a+BIu/tUjAIlQp23VunNAfq7r2eZik9LOV8Y5l1Ww7+K1IwlwezxI+Iw18BMFEVn +L9baBY9RFh8v/yrZCBqUc7Prhs3ExU/lnAb05Va7TYeD4RXVmSU0jNXi/przN3y2 +PR7Z3JCm60mFKyp0/Hz2MmS1XPBVBrW4P6g9hH8TZmOHb2mZlK3zDXmil7HKp5DK +UhtMJpPEWV9k5rfP8iijHJnwkPr0ALntMUAAKUyw/6isVtHT6BZLaYsZvRYIm8YY +Mn2RUl74m+XoIhQ8R4mxRcaAHwKKXyeyP5nlAs6TQVb9QJukoRiNDr3g8TwbtT54 +iTswVu+z/a89/YIwJoc6Ud7eCZSDYe6qfuC19TVuledayjjy/ZPMH0ZkNWFWJ3AE +VAvdyvoUuNbmsv42o4AUtpE/1CmDqOjwBRZZbtV4CONCDFpk26o= +=D2ov +-----END PGP SIGNATURE----- Added: head/share/security/patches/EN-18:01/tzdata-2018c.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-18:01/tzdata-2018c.patch.asc Wed Mar 7 06:45:08 2018 (r51463) @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlqfhhBfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cIvlxAAhTIfNoLtwN+UJxpf6IX74iSYuN2xgaF5qm8iJ2Zhox+ix7EnPDzla9As +xnyuprVjU07f5JrkI2N49bf8axp4txLRkxcdm8yfin/M+XPMjcWhjG+iqwp0ipOn +qF2hHTSm70AREzZe9Lo5shQtVbotGG4yUxnb/M5+MYfhSFGBR//YF9p3kmVd7tPA +TuU7x4W7d4EbBoHBsVZb1q/Zei0ksCutg2Y0Jk8b+zjsdeFHP8sv5XyTFibZfTyg +Se64DVvwxoctZuucdnf+b83C6P2dH5m6MQC8TTK8BkHnRJALfxrlV+pwiBeJrqWZ +EMlKv6ZYoaRut1DbEIcY5ddNEajrbRB/uK8M/RNVdlw9ykE9nUqHozs8ZgAcj+EV +IQJIvKK9t11tZ5V+0Ctu6EYPXVxmmmiIWG5HA/bD5BjYuGxpf8tpLgVysUW89mYd +XP1cbWdXXSlb1bz2Op7PrsErI9K1tzB117i7DPNby1Pe6C0y7Oz8e6Dq5/hvxgAT +hvHAOPOonIZrJiQUxKPFW4fUdClJU9v2Xz4TjiBbCSOBaZNa03Nhzo+Scw+ZpwvC +BRketOTM/Vc8jmVP5gk3ROG8q1VUeBtO23iZTuYJIu5ON6EnMBf2xOBEGfqu3Nho +GSSteXDAAWLXT2G484IVDLESQheeugLuIQOMTJaBIlqkvbU6MhE= +=/Wzs +-----END PGP SIGNATURE----- Added: head/share/security/patches/EN-18:02/file-10.3.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-18:02/file-10.3.patch.asc Wed Mar 7 06:45:08 2018 (r51463) @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlqfhmlfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cKL4BAAo/it8SSAmCG+oS/VgCuPNDw6zOIM9qDEA5X5jWxp/uOMlCpQOuKlzOgf +qaOGfGPAoTkKPQnmCnDWIwYJWVkTRVnNi7qkKUMg3pBLCsc0HHcBhe3jsfBgfQYl +J4nJvSz3mc3+tBm0C4idX/fprzZhBNJXQ2lgxzsBPK6+DWXyBCWVyjEllIttynky +lYkPnUPRxl75Cbd0XtzDZKROobpJkch9RQnkcEHmn63QSzjHovqYdtUalJVBYGJy +yGie3CmEeYymUxjMnDowZtJJXXttzySyJwwRaRohEDf46sDDIdZaDL3Qp1hUfDH8 +16Op/fTSSUdEgL4Xoxil2oQ/9hT4VbE1pYKqHdB1Ii35KXpceNIV3PHYf5PmVt37 +2i8VUGrfBUtbpE71dPmVZ9pTw/3tsmVHFzBm5d4+qqcfgrTeyWLyQwISfsq3Wmj6 +swUmOUFGXn+P7lRrUXR+3NppwCT3J4hOrvq3/PMScsP+toSsa7ibbtjDr0ssUcv0 +IduTu22+OpKF+qxT1+17Se8Jcv30HngzEAERdICexqM76KtsA00lUGuWH4pzF4ta +uWSq3x8M93p+CO0HxEKnA3fR6hNazJsqvo8CX6oUgrjX2hKqMTsiWKkwKeTAbEVO +R3KWVB5fAXMxaLtIz3/iBZ11x+aSiWQr+N1UHOzjt/iUg/fYad0= +=l4Y6 +-----END PGP SIGNATURE----- Added: head/share/security/patches/EN-18:02/file-10.4.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-18:02/file-10.4.patch.asc Wed Mar 7 06:45:08 2018 (r51463) @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlqfhmpfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cIUYA/6Aky+p3kYOQx1W6Xl3QmOEzy1sTc9kBXHbOgilyYzwC9qh0JLC1xCz1he +S06EG6BCoJCJ460FAb7qIG4KRREwyc5zHoWRlNfzfoGB+ablScZzJ7fGP25Rgtv0 +WvwObJwQQI/qL4xT/LsYgDzD5p1Qq6c81NzmArGpqMu7LCV9MwvS9aTqDVsqmIyV +mmrQAFYUrObVeFAYEAF6YbmsQCAygt/LwmoJNbD7cT+gnJXjf0tkdReEKFR+WGdI +X7a2xKSvNshPGOCNrOzDd25VpibgM3vEqaZx3AVTDjBX0TQQdrCsWVrd4pFvE7Nv +rCqJ/JwhtYT6ZrQnPpPEIVVw02KZX1XVzjBDEhSyOWkJ02zS4vIv5qWzedRCe1Oc +C4qHrB6tZTfXBjv/3wAbiZWlhObaWSOvfQSvnwdPP71mAXauId56xB/Nd8vbP0yP +oYuvtrPhX375wwph66zwjh1Qv6CxMelHmcPfKeiJUeewIOno2oOc0+fvPEAt4ONy +TH9ih92JxWpftq/EYjclQW5qQRIDUAquBh/RoFMJFD2PhATz/XwCdd574Wnl4sv8 +C+k/vhnNSD4TG8Zv8Pn6A8KQZeK3WU8oTvnVjJTOmjap60L1TiSHqToC0kb9Fufz +T/TEFlUPhmjpyUurF4ro3tyxfKI5hZl/9bF57nEssd18qeyO2AY= +=my4y +-----END PGP SIGNATURE----- Added: head/share/security/patches/EN-18:02/file-11.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/EN-18:02/file-11.patch.asc Wed Mar 7 06:45:08 2018 (r51463) @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlqfhmpfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cIUYA/6Aky+p3kYOQx1W6Xl3QmOEzy1sTc9kBXHbOgilyYzwC9qh0JLC1xCz1he +S06EG6BCoJCJ460FAb7qIG4KRREwyc5zHoWRlNfzfoGB+ablScZzJ7fGP25Rgtv0 +WvwObJwQQI/qL4xT/LsYgDzD5p1Qq6c81NzmArGpqMu7LCV9MwvS9aTqDVsqmIyV +mmrQAFYUrObVeFAYEAF6YbmsQCAygt/LwmoJNbD7cT+gnJXjf0tkdReEKFR+WGdI +X7a2xKSvNshPGOCNrOzDd25VpibgM3vEqaZx3AVTDjBX0TQQdrCsWVrd4pFvE7Nv +rCqJ/JwhtYT6ZrQnPpPEIVVw02KZX1XVzjBDEhSyOWkJ02zS4vIv5qWzedRCe1Oc +C4qHrB6tZTfXBjv/3wAbiZWlhObaWSOvfQSvnwdPP71mAXauId56xB/Nd8vbP0yP +oYuvtrPhX375wwph66zwjh1Qv6CxMelHmcPfKeiJUeewIOno2oOc0+fvPEAt4ONy +TH9ih92JxWpftq/EYjclQW5qQRIDUAquBh/RoFMJFD2PhATz/XwCdd574Wnl4sv8 +C+k/vhnNSD4TG8Zv8Pn6A8KQZeK3WU8oTvnVjJTOmjap60L1TiSHqToC0kb9Fufz +T/TEFlUPhmjpyUurF4ro3tyxfKI5hZl/9bF57nEssd18qeyO2AY= +=my4y +-----END PGP SIGNATURE----- Added: head/share/security/patches/SA-18:01/ipsec-10.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-18:01/ipsec-10.patch.asc Wed Mar 7 06:45:08 2018 (r51463) @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlqfhGpfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cKa+BAAg4G75ea9cM88a8lYwbYhkJtBXtFKI0ct0k0cur083WGBfwiAjvLvulas +wTC4agKfFYViZpk7/gXNtfwNsSwM25mA5qTUOgDErA1SbdQqKcZc+bH3NfeMdSwa +eeQ6xC4qBqgTINE8waXNal1IktqOy3/i/K/Glx6w2UDQrrH1s8PrHDjZBOm0cVlv +n3jM5jVUjIM4otfJxmdleMaF/NEWCbe6JoPxx5/rrPWjm/ZKa+t3Cbz4FNzl4PHO +IInFo6k0u9SKtdaAkGuEIOLtEwfULGcGATONxTGj62T7Yd+3NsmqKsj4eXQv2Aoo +Ez+GRws+QQcQqTHDnqNtAMuRfNXyHnmgKDTxH9DS4uWKIJjjungRJ2OCySSRelPX +GJmnljcuEr0zOx2JkRRKm3opOWRruqh2juFZr2vUD3eiWApqouWt2Jv4ddzuSBBZ +6uFdZJtrvwKIUhEE30V6XRIQOXc/QSQygfPgJ4lGNKMyv/IKOmZeT1JtYoU8a74I +3aX5grnV/fDQgjP6Ks2jwKuMrm9jcJYWEhnhg/rJFaHKcOFmdBde0I4RCraIhCgA +GX3uCFZRotYerNP2DeLhRuWsn4N6S3bAvAO/ICO2NYQEQe4WbVPF9TJNoXf3MBDd +HEAL5iNSD3PYCxmD7m2jAVb+Y0oDMlnsLxpM5eZZQtpNy2QWrjc= +=9maD +-----END PGP SIGNATURE----- Added: head/share/security/patches/SA-18:01/ipsec-11.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-18:01/ipsec-11.patch.asc Wed Mar 7 06:45:08 2018 (r51463) @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlqfhGpfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cLA2g/5AVOghpXVRDHm4763KS/M3PudEMuXyZfeRYB9pg1KyQOffJvIrTlIYcel +tJA+bf1AbQ9cawmV/vXaEJAY8weBSSrQcmn2ixlygb1dBc2HVxeQgiI9rcBSCs0M +LcHpEke2oKsqqmAbIUjRlfA5zEwBtWjI93bpDALsdqR0gLMqPOaK7aixVdnfjF9a +LWMnpQvOQto0klCNBoItsJn90FR9PtkcnyftnsI1nPV/bTszFmGL3tDHWMTV88bo +p+fZLayXX2Axcxy0FZl1p1Ufh2FmOkipR9c/i1KF6qqhPB7Y9INutJime3vuwLBQ +LVPLpH5gJwktKdRQIpkH4FMzGkA6vlXzNYV4W7oV7YCjUhV5ZzxiGOtMtU/K2RWE +kyA7mueqN3rh530EZ+ot1XiQkVCDHe/CHxxMjfs8wWkcLEUllIEma8toFvLqa3pE +qGAaQG54owj7MuZfs5TAYJsZmZ4FAcTpyC6zf5cOOTRdy786T206j04ID1tAzsbx +HcITdMnxRCKOKOzZXBpad4zwxnPHhZfuJ/mIG4IAYVJkiGlimdQ2V2E3h5TqSxKP +df+XFc21ESmy1EuWuZ6su1qQmLrPoJFqor/lJ/tSR4V8SuSUjRmB8YX8/3NZHCuK +eBE3uCX9Sm+Ef3b0En6izidwLZiSR+E/iNSvuftU75J0AB2SI/w= +=ZkFm +-----END PGP SIGNATURE----- Added: head/share/security/patches/SA-18:02/ntp-10.3.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-18:02/ntp-10.3.patch.asc Wed Mar 7 06:45:08 2018 (r51463) @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlqfhYhfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cKJxRAAhyl9KM4ZY0lA6JpeYUu8xRAu2cskH7c4jydBhIkjSl/vW31+R12IWiCO +oql6km8dSpLKXEbWKDxJPIlUHjZVTQNxJpv4Hlee+IFH2y/0xQ6Dx1nn8HE8xl23 +j62wCtJcHTorShWZXWLo4Jb+0mi91c8LZ8SO3XwXqfULfj0XLtilKVH/Sv4/58KC +csYmyGf3gQwPD/lWyMCH5r7/zdoHv3tJDM2klhDY4Wf2jFKtVj68iu5cTaco6saV +lxnbxTSX1r2SbZi3uIhJBgUKdJHuI6l4p/F0SwdDXu6tBWfYNF/ul1ZjCgFM28yA +fiXuHa+KQlxzkNnQ4RxMD+Wtw83WADGabFfzTBXmVbdGKt8gAd9l81c3HohQgDQw +dRSZmHq/QR8kFNQfBixo+JgzqLFgM6lryrPoVBo5Oh8MEmKY9796YJt2932Ki6BA +ctkIaoRuBERPTYtjE30zMaVkeQY8UEQjVAw4aoTHglUFEddAilY1/bRL3psL3I3U +YN4wnbL1QqAwnicFE2r43iGr+eYn5jXm9dwAf31E2al4/2yQxrSa/Lc6GyH1jeC6 +KNZ9shnhKhyK8Azk7p8mKWL2t557GMdX7tzU7tJ5I6pOF9d+OChcnQ6Gtu2EJ7wP +uf4CKXSLsu9J2Xiwig9X8MFQA2TfxCg8q1I/JucRGLbbRxzxEq8= +=iYV1 +-----END PGP SIGNATURE----- Added: head/share/security/patches/SA-18:02/ntp-10.4.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-18:02/ntp-10.4.patch.asc Wed Mar 7 06:45:08 2018 (r51463) @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlqfhYhfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cK/dRAAk2pm/ZGwjquO0bC93OyWgdqzraNBTWl1QuHa3w4g3dDuJ0zOVyWe1fMf +YQLItXv57xjA14FUdNorz/0Zb0Sd8X+hE6adghHtoP00mdYxAGlTQlmn73T1hwHs +k633aBdp3gJ0R87fspeBl6nZNhrIN4Th273U7VTrQOh2RTY90KkFS1GZGIFFVeOc +dhxcJS4pYdggoH4SIVnhyGmRtdy4UINit2QgBI7IH8JqZQXWKkYWKhvEBTRs+BbF +RzxWUSRrZtfW1IBJ0u0+g0b8tFAexNt3xgRxOxTguAGcQ/AjrWmt6Tic/T5i65gl ++Jny0XdH67n66IZk5G2qUHYvGcaEw7vCjzRPGyKMYCt57LbBt1dxDFrm0Se1D7vI +T/UPHSgkACp+LurkWNsykGFyG+WIecQq+MyHjt6cE2IXZVVzmE6v6XfMMQcuUlq2 +6Box2Y/1fS+A6B9fN7uD1lsSicHMZ1m03UH9t4dsMqrrwlorki8+6FV88Kalf2Mb +xqaxaPhg7VJlDZ8SVqUJMRHwiaig2b5U75E+WzSyl13KUCbWnrM71ndG9q+2Pujl +n9G3oUQ5cR9cFV0Ow5br/+XLyQn1saP+ipQ9U04KC2pq1XIGRX1BJV+l2Ijz3O5B +Tj96N/g6yOwbqmZo102kJSwIGEXImscKBXRT7+ldOoHoFCJ1jYE= +=fnry +-----END PGP SIGNATURE----- Added: head/share/security/patches/SA-18:02/ntp-11.1.patch.asc ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/share/security/patches/SA-18:02/ntp-11.1.patch.asc Wed Mar 7 06:45:08 2018 (r51463) @@ -0,0 +1,18 @@ +-----BEGIN PGP SIGNATURE----- + +iQKTBAABCgB9FiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAlqfhYhfFIAAAAAALgAo +aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEZD +MEU4NzhBRTVBRkU3ODgwMjhENjM1NUQzOTc5MkY0OUVBN0U1QzIACgkQ05eS9J6n +5cKuYBAAn/SwhJm6JonngCaPLNI/Ak8y8layW2KJGQ01wJBntFDbiIScGe+SMfUm +KpeKCtzrwyWxs+8kAEaDgpclovFD7pMSKcPMROC4z1TK9cHgZxY5naWnUnKMl0j2 +XSSbqCg+w3KYJSbDo2bkF/yJEM8nkS2Cj0pTNHvUvIyAE5Ph6mAQcX38uDUUJhg2 +R3AVFY5SKBW0v3ZMcmOTPmj6IjLe59cZh9qgbmY6f4wJx8ywAawkjRNHyf2w9z7O +jdgqFfVU8fYl9r4/whKkqyPk3HbjqPPoq3YZ4uX4DpkMFBixwpitG1C8oRRRTEgc +MW5Manq4PYXeC7zX9cRPAn66sjWoZQN3R41JHCGN9YxzSpZEK9oIp6XnO9i22KzE +RUMU+CXaT2OAmdjIHXB+GpxRzq1WGFbsYfRGTAkdxi4uDc12YCzumCXKFXhuqne9 +G1tfDWk091DbFlRJFB6w44Bq4/t3PEETAJKrrJRDyGWBp38/D9Kzwxuf/LzYFGv6 +Ip3ccbXkbDNafE4JOgK0VjWfRgHfeSG1VVMhdGGhHPnw7vTl0NW82XVUmaS2mMUm +9CY/5dYq/d9MIgZybg7xrBKHfbazI5IWK0cdmHfYvPL5rSrdtmNJgTa6zJ4Hw1d9 +In40AnGJFBKSdCkcW1itABPIKYGHtwbISI251TaVJSgj6TweOFI= +=OQFZ +-----END PGP SIGNATURE----- Modified: head/share/xml/advisories.xml ============================================================================== --- head/share/xml/advisories.xml Tue Mar 6 12:55:31 2018 (r51462) +++ head/share/xml/advisories.xml Wed Mar 7 06:45:08 2018 (r51463) @@ -5,6 +5,26 @@ </cvs:keyword> <year> + <name>2018</name> + + <month> + <name>3</name> + + <day> + <name>7</name> + + <advisory> + <name>FreeBSD-SA-18:01.ipsec</name> + </advisory> + + <advisory> + <name>FreeBSD-SA-18:02.ntp</name> + </advisory> + </day> + </month> + </year> + + <year> <name>2017</name> <month> Modified: head/share/xml/notices.xml ============================================================================== --- head/share/xml/notices.xml Tue Mar 6 12:55:31 2018 (r51462) +++ head/share/xml/notices.xml Wed Mar 7 06:45:08 2018 (r51463) @@ -5,6 +5,26 @@ </cvs:keyword> <year> + <name>2018</name> + + <month> + <name>3</name> + + <day> + <name>7</name> + + <notice> + <name>FreeBSD-EN-18:01.tzdata</name> + </notice> + + <notice> + <name>FreeBSD-EN-18:02.file</name> + </notice> + </day> + </month> + </year> + + <year> <name>2017</name> <month>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201803070645.w276j8Gb013118>