From owner-freebsd-security@freebsd.org Sun Oct 13 16:28:34 2019 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D6F22135FEF for ; Sun, 13 Oct 2019 16:28:34 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mx1.sbone.de (cross.sbone.de [195.201.62.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx1.sbone.de", Issuer "SBone.DE" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 46rnDy0Zd5z4Hq4; Sun, 13 Oct 2019 16:28:33 +0000 (UTC) (envelope-from bzeeb-lists@lists.zabbadoz.net) Received: from mail.sbone.de (mail.sbone.de [IPv6:fde9:577b:c1a9:31::2013:587]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.sbone.de (Postfix) with ESMTPS id 4877B8D4A165; Sun, 13 Oct 2019 16:28:26 +0000 (UTC) Received: from content-filter.sbone.de (content-filter.sbone.de [IPv6:fde9:577b:c1a9:31::2013:2742]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPS id C7091E707C6; Sun, 13 Oct 2019 16:28:25 +0000 (UTC) X-Virus-Scanned: amavisd-new at sbone.de Received: from mail.sbone.de ([IPv6:fde9:577b:c1a9:31::2013:587]) by content-filter.sbone.de (content-filter.sbone.de [fde9:577b:c1a9:31::2013:2742]) (amavisd-new, port 10024) with ESMTP id EkSGpX0FgqHa; Sun, 13 Oct 2019 16:28:24 +0000 (UTC) Received: from [192.168.2.110] (unknown [IPv6:fde9:577b:c1a9:31:a54b:4d4:3ca7:f628]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.sbone.de (Postfix) with ESMTPSA id AD966E707B3; Sun, 13 Oct 2019 16:28:23 +0000 (UTC) From: "Bjoern A. Zeeb" To: "Fernando Gont" Cc: freebsd-security@freebsd.org, "FreeBSD Security Advisories" Subject: Re: FreeBSD Security Advisory FreeBSD-SA-19:19.mldv2 Date: Sun, 13 Oct 2019 16:28:22 +0000 X-Mailer: MailMate (2.0BETAr6142) Message-ID: <5D4B64BF-72B4-4D69-9EC7-432773259958@lists.zabbadoz.net> In-Reply-To: <016f565b-9281-dc14-651a-bcd2245f0544@si6networks.com> References: <20190806183211.EE35BEE16@freefall.freebsd.org> <016f565b-9281-dc14-651a-bcd2245f0544@si6networks.com> MIME-Version: 1.0 Content-Type: text/plain X-Rspamd-Queue-Id: 46rnDy0Zd5z4Hq4 X-Spamd-Bar: ----- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of bzeeb-lists@lists.zabbadoz.net designates 195.201.62.131 as permitted sender) smtp.mailfrom=bzeeb-lists@lists.zabbadoz.net X-Spamd-Result: default: False [-5.12 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_COUNT_FIVE(0.00)[5]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; RCPT_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:195.201.62.131]; FROM_HAS_DN(0.00)[]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[zabbadoz.net]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; IP_SCORE(-2.82)[ip: (-8.74), ipnet: 195.201.0.0/16(-3.55), asn: 24940(-1.81), country: DE(-0.01)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:24940, ipnet:195.201.0.0/16, country:DE]; MID_RHS_MATCH_FROM(0.00)[] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Oct 2019 16:28:34 -0000 On 7 Aug 2019, at 1:05, Fernando Gont wrote: > Folks, > > Since FreeBSD ships with IPv6 support enabled by default, aren't all > systems affected, one way or another? No, you have to configure IPv6, otherwise processing is not done. See the ifconfig option (which is default if you do not configure any IPv6): ifdisabled Set a flag to disable all of IPv6 network communications on the specified interface. Note that if there are already configured IPv6 addresses on that interface, all of them are marked as "tentative" and DAD will be performed when this flag is cleared. /bz